Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 | 3
4568 posts

Uber Geek

Trusted

  #801804 18-Apr-2013 18:27
Send private message

Probably not a huge benefit in using OpenVPN to a SSH tunnel. I guess the main benefit is the VPN bridges the entire subnet as opposed to just connecting to a single host. but then when I think about it there is only one host behind the router anyway so probably no point.
The Draytek 2130 has all the VPN stuff built in so need to have any extra stuff on your *nix box. You can have it connected in a site-to-site configuration but then that might use 3G data unnecessarily. So at the end of the day, once i actually think it all through, the only thing you really want the router to do it the DynDNS... which can be done on the box anyway with 'ddclient'. So then lets just plug the USB stick straight in to the box lol...

Where are the linux boys at? They will know heaps heaps more.

991 posts

Ultimate Geek


  #802073 19-Apr-2013 09:10
Send private message

Oh, you're running debian?

OpenVPN is what you want.  If you're running debian on the PC in Vanuatu, you can get it to initiate the openvpn connection and use a relatively dumb 3G router.  This has the advantage that you can ask someone in Vanuatu to buy a new 3g router and plug the PC into it, and you'll have access again, no complex configuration required.

OpenVPN can run over both TCP and UDP.  Use UDP if you can -- google "TCP over TCP" to find out why you want to avoid running a VPN over TCP.

You'll need to run an OpenVPN server at your end, on a public IP.  Because OpenVPN uses UDP/TCP you can run the server behind NAT and forward the appropriate port from your router.  And you could do this on a dynamic IP if you used a dyndns hostname for the server.

 
 
 
 




42 posts

Geek


  #802268 19-Apr-2013 13:36
Send private message

At the moment, the device will be an "appliance" that just has an ethernet port that can be set with a internal static IP or via DHCP.

But...we are working on an open-source project that boots debian off an SD card, and uses certificates issued our own CA to authenticate what we call SolarNodes (the low-power computer booting debian). all that traffic is over SSL as well. having an OpenVPN layer might be worth exploring, thanks.

question on 3G modems - if the carrier uses 900MHz (sounds like that with Digicel Vanuatu) is it likely that a 3G modem like the Huawei 160G will work on their network? I know to ask them - but in general are they compatible? trying to find a modem that has an optional external antenna - might run into faraday cage issues with this deployment - metal enclosures etc..

991 posts

Ultimate Geek


  #802361 19-Apr-2013 16:10
Send private message

jwgorman: At the moment, the device will be an "appliance" that just has an ethernet port that can be set with a internal static IP or via DHCP.


Then get a device you can run a VPN client on, too.  A router than can run OpenWRT would do -- maybe one with a USB port that you can plug your 3G modem into?  An always on VPN will use a little bit of traffic, you can do some testing if you need to know how much.



42 posts

Geek


  #802407 19-Apr-2013 17:29
Send private message

Cool OK, sounds like the TL-MR3020 is not quite supported by a stable version of OpenWRT:

http://wiki.openwrt.org/toh/tp-link/tl-mr3020

but worth trying the snapshot? 

1 post

Wannabe Geek

Trusted
Digicel Vanuatu

  #806010 26-Apr-2013 17:00
Send private message

Kia ora, our public APN is web.digicelpacific.com. 




Jessica Hill

 

Marketing Executive

 

Digicel Vanuatu



42 posts

Geek


  #807156 29-Apr-2013 10:52
Send private message

Thank you, that's great. We are probably going to be using USB 3G modems in Santo central but understand that we may need a USB 2.5G modem in areas that are slightly outside the centre. Do you see any issues using a router in these cases? Thanks again.

 
 
 
 




42 posts

Geek


  #812125 6-May-2013 16:13
Send private message

Hi Jessica,

we are able to use the 3G modem configured with the APN:

web.digicelpacific.com

to dial out to the internet. However, our router that has DYNDNS enabled exposes the domain we set up:



as a number 10.10.130.129

which I understand is a private subnet number right? We did get a public IP number though our browser when visiting the site:

www.whatismyip.com

from our 3G conenction, which we were able to reverse DNS to show that it was part of Top Level Domain: "digicelpacific.com"

but were not able to route the port we would like to use to this device, even if we used the IP number directly.

Anything we need to consider? thanks, John

543 posts

Ultimate Geek


  #812137 6-May-2013 16:33
Send private message

You will need to find if digicel can offer a public ip. A number of NZ carriers (2degrees and telecom at least) do this using the "direct" as opposed to "internet" APNs.



42 posts

Geek


  #812143 6-May-2013 16:42
Send private message

Yes I know what you mean, there is one called "direct" rather than "internet" when you're dealing with 2Degrees in NZ for example that allows inbound traffic. we tested the exact same hardware here in NZ and it worked fine with redirected inbound ports.

but the public APN for Digicel Vanuatu was listed above in this post as:

web.digicelpacific.com

and we are technically able to see the internet - so it does work at least in one direction. what I am puzzled by is how the router picks a private number for its external IP number when using dyndns.org. and why we cannot route traffic inbound to the device using the 3G modem that uses the public APN.




543 posts

Ultimate Geek


  #812147 6-May-2013 16:51
Send private message

They will probably be using carrier grade NAT. I.e. they will be NATTING one public ip to many private ips one of which your 3G modem is picking up.

I am not sure there is a solution apart from getting a public ip somehow.

543 posts

Ultimate Geek


  #812150 6-May-2013 16:56
Send private message

Supplementary question, when it was on 2degrees did it work both on "direct" and "internet" or just on "direct". My understanding is that on "internet" 2degrees uses carrier grade NAT so you should have seen something similar to what you describe on digicel.



42 posts

Geek


  #812158 6-May-2013 17:14
Send private message

Ah OK. I understand now - yes on 2degrees it only worked on "direct" and not on the "internet" APN, as the NAT service was just handing out internal IPs mapped to one public IP. that makes sense now. what I will need is a public IP at the modem level.

991 posts

Ultimate Geek


  #813911 8-May-2013 19:38
Send private message

jwgorman: Hi Jessica,

as a number 10.10.130.129



This is where a VPN would be useful...

If you don't have a server with a static IP you can acquire a Linux VPS quite cheaply to run one on.



42 posts

Geek


  #814699 9-May-2013 18:25
Send private message

I definitely agree - the VPN is the way to go, but - if I understand correctly - it still requires that the 3G modems be given public IP addresses right, so that DYNDNS can identify them staticly with a URL? the VPN is created with that dynamic IP, and then the devices behind the remote router can exist on a private subnet, with all communication going through the tunnel that the VPN defines?

question about carrier grade NATTING: can't the carrier use the SIM card or the MAC address of the USB 3G modem to determine the IP address it gets? can the private IP numbers that they give out going through a public IP gateway be static?

1 | 2 | 3
View this topic in a long page with up to 500 replies per page Create new topic




News »

Freeview On Demand app launches on Sony Android TVs
Posted 6-Aug-2020 13:35


UFB hits more than one million connections
Posted 6-Aug-2020 09:42


D-Link A/NZ extends COVR Wi-Fi EasyMesh System series with new three-pack
Posted 4-Aug-2020 15:01


New Zealand software Rfider tracks coffee from Colombia all the way to New Zealand businesses
Posted 3-Aug-2020 10:35


Logitech G launches Pro X Wireless gaming headset
Posted 3-Aug-2020 10:21


Sony Alpha 7S III provides supreme imaging performance
Posted 3-Aug-2020 10:11


Sony introduces first CFexpress Type A memory card
Posted 3-Aug-2020 10:05


Marsello acquires Goody consolidating online and in-store marketing position
Posted 30-Jul-2020 16:26


Fonterra first major customer for Microsoft's New Zealand datacentre
Posted 30-Jul-2020 08:07


Everything we learnt at the IBM Cloud Forum 2020
Posted 29-Jul-2020 14:45


Dropbox launches native HelloSign workflow and data residency in Australia
Posted 29-Jul-2020 12:48


Spark launches 5G in Palmerston North
Posted 29-Jul-2020 09:50


Lenovo brings speed and smarter features to new 5G mobile gaming phone
Posted 28-Jul-2020 22:00


Withings raises $60 million to enable bridge between patients and healthcare
Posted 28-Jul-2020 21:51


QNAP integrates Catalyst Cloud Object Storage into Hybrid Backup solution
Posted 28-Jul-2020 21:40



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.