I have a BR1 (with Verizon WAN connection) in a race car to facilitate remote telemetry and streaming video.
Local in the race car are a few devices that are on the local network (the race car LAN). I’d like to be able to directly access these devices from a remote computer (in the pits) as if it was connected to the race car LAN. Right now, I get around this by using VNC to connect to a Raspberry pi in the race car and on the same race car LAN. Once I remote into the Pi using VNC, I can use a browser on the Pi to connect to local LAN resources. Nonetheless, I’d also like L2 access from the pits lan to the race car LAN so I can also connect to resources in the race car from Apps on mobile devices in the pits and on the Pit lan.
So, I picked up a SURF SOHO with the intention of using PEPVPN or L2TP/IPsec to create a tunnel between the Pits network and the Race Car Network. Unfortunately, as both the Race Car router and the Pits router use cellular connections and thus do not have static public IP addresses. Thus, I am looking for suggestions as to how to work around this. I should note that I do have a Synology NAS running a VPN server at home; perhaps I could connect from each of the Pits router and Race Car router to the Synology in order to gain access between the two. Unfortunately, the Synology is a L2TP/IPsec VPN and I don’t think the SOHO can join this - only PEPVPN appears supported. Thus, I am ‘stuck’.
Easiest, quickest way is to run a Fusionhub in the cloud. The BR1 and the SOHO can then create a PepVPN tunnel to its Fixed IP address and you can have L2 or L3 routing between their LANs via the Fusionhub.
However, you will need a Fusionhub Essential license to do this with one FusionHub as the Free FusionHub Solo only supports a single remote Peer. (or you could host two FusionHub Solos in Vultr I suppose and connect their virtual LAN ports there I suppose).
Or you could use a third party application layer VPN running on the Raspberry Pi, a hosted server (for the fixed IP) and your trackside devices but that will take a moment to configure and won’t be as reliable as a router based VPN solution.
The following may not be relevant as it requires the purchase of more equipment:
The FusionHub Solo allows for more than one peer as long as the additional ones are all PrimeCare devices. Thus if you replace the SOHO with (e.g.) a Balance 20X then the FusionHub Solo can connect with both the BR1 in the car and the B20X in the pit.
@David_Barron:
The situation with the FusionHub Solo is that only a single device can be connected – except, as @zegor_mjol and @MartinLangmaid point out, unless one or more of the devices are PrimeCare. Essentially, the latter can be thought of as bringing their own licenses with them. So, you can connect any single router but if you want to use a Solo license anything more then one must be a PrimeCare device.
As long as the BR1 is the only device not on PrimeCare.
As an operational proof by example: We have one community subnet with a single FusionHub Solo, a whole bunch of 20X units and a single BR1 tied together using the FH Solo.
Apologies David - this isn’t clear yet. Lets see if I can help clarify things.
Currently you have a BR1 in the car and a SOHO in the pits both on cellular. Because of CGNAT neither will accept inbound vpn connections so you need something with a public IP in the middle that those routers can connect to.
Peplink have a virtual appliance called FusionHub. You can think of it as a virtual vpn router that you can host in the cloud (AWS, AZURE, dreamhost etc). My personal favourite place to host is on vultrI made a video showing how to do that.
FusionHub is a licensed product. It comes in a number of different flavours that determine how many peers (remote Peplink devices) can connect to it. You can get a free FusionHub Solo license (for one remote peer), then the rest are paid for commercial licenses like FusionHub Essential (for 5 remote peers) then there are larger peer licences (100-4000) as you grow.
However to confuse things a little more - Peplink have a product group they call Primecare, and PrimeCare includes (for an annual fee) a SpeedFusion peer license - as well as lots of other good stuff…
So lets get back to your situation and options.
Your BR1 in the car combined with a FusionHub Solo in the cloud (in vultr it costs $6USD/month for 1TB) will give you a fixed static IP (the cloud servers IP) that you can port forward from to devices on the LAN of the BR1. You can also build a client VPN to that fusionhub and route traffic securely back to devices on the LAN of the BR1 that way.
Your BR1 and your SOHO connected to a FusionHub Essential (get the price here) this creates a secure VPN from soho to BR1 via the Fusionhub AND this can be a layer 2 VPN if you like.
Your BR1 a free FusionHub Solo license hosted in Vultr and a Balance 20X (which is a PrimeCare device) to replace your SOHO.
Lots of other ways that are non Peplink only approaches, so a bit messier and really not a preference if you just want this stuff to work.
Thank you for the summary.
I’m thinking the Balance 20x approach is the right one for me.
I just tried to create an account on InControl2 and I added the BR1 and FusionHub solo as devices.
I’m pretty sure InControl2 sees the Br1 since it shows its event log. However, InControl also shows the FusionHub and Br1 as Offline. I should note that the Br1 is fully operational and currently connected to Verizon and hosting a Wifi network.
So -
Why are the ‘devices’ offline?
How do I configure FusionHub Solo?
Do I need a 3rd party host for FusionHubSolo like vultr or will Pepwave host the instance for me?
Anything else I can do to get started while I await a Balance 20x?
The FusionHub is offline until you host it somewhere by installing it and starting it as a virtual server. IF the BR1 has an internet connection it should show as green and online in InControl.
I show how to get the Fusionhub up and running in that video I linked to earlier.
You need to host it yourself on vultr (or similar), or get a Peplink partner to do that for you. Peplink host the SpeedFusion Cloud but that is for general internet access not custom inbound configurations like this.
Get FusionHub hosted and online, get the BR1 connected to the FusionHub. then create a remote user VPN to the Fusionhub and you’ll be able to access all BR1 LAN IPs from anywhere.
Is your BR1 out of warranty by chance? Your device can still be added and will acknowledge IC2, but will not show online, and configurable through IC2 if it is out of warranty.
I know absolutely nothing about racing cars but have been into ham radio etc. For what it’s worth, I always assumed those links from the cars were done with a local VHF or UHF radio rather than public cellular but … I could well be talking nonsense.
No you’re right - that is how data and Audio Video was sent from the cars to receivers in the pits.
The modern approach though is to use IP networks. These are either fully meshed (often CoFDM) wireless installs with nodes around the track providing coverage, or for those on the cutting edge its bonded 4G/5G cellular - maybe with a little WIFI mixed in to infill coverage holes.
Yes! The BR1 is well out of warranty.
I’m a bit confused as to why the online management tool would require a warranty for the underlying device. Nonetheless, is there any way around this? Will this impede my ability to ultimately configure the system? I imagine I can just use the standard web interface locally for the BR1 and then the 20x and FusionHub would be ‘in warranty’ and configurable via InControl.
When in warranty IC2 is bundled with the device, once out of warranty you either buy an extended warranty / support contract or for some models (mostly the lower end stuff) you can pay for just IC2 on its own.
You are of course able to still mange the device locally, but for the minimal cost here I’d say it is worth it as IC2 has some nice features for monitoring and remote access to devices.
Done! I bought the subscription to InControl2 for the BR1 and InControl2 immediately showed the BR1 as ‘on-line’ with all relevant options and data now active!
Next on to installing FusionHub Solo instance on vultr.
So I installed FusionHub on vultr and created a VPN between the BR1 and FusionHub - all lights green.
I can ping the LAN side of each from the other so it appears traffic is being routed over the tunnel.
I then created a VPN from my Macbook to the FusionHub and it connects fine. However, although the mac can ping the public IP address on the FusionHub, I can’t ping all the way through to devices on the BR1 LAN.
What IP address does the MAC VPN connection get? ON the Fusionhub in Network > DHCP Server is that enabled? If you tick the ‘NAT remote Connection’ can you then get to the BR1 LAN?
Great thoughts don’t stand by myself. In other phrases, you can’t point out your inspiration once and expect it to be adopted. To see a trade, you’ll want to champion your plan and sell its merits. In addition, you need to be willing to get up Fire TV Sticks to scrutiny and criticism and be prepared to give an explanation for your innovation in exceptional ways for various audiences
The MAC VPN gets 169.254.131.10.
DHCP Server was enabled (and the range was 169.254.131.10/255.255.0/24)
I ticked NAT remote Connection, but the BR1 LAN still does not respond.