Remote access via VPN initiated by HD2 to s/w client on a laptop/PC

eguttridge · June 25, 2013, 9:15am

Kurt_See · June 25, 2013, 8:01pm

Ummm… initiated by HD2 to software client to laptop/PC. This is interesting. Could you please share more of your application? I am trying put this use case in context.

eguttridge · June 26, 2013, 12:52am

Goal is remote access when using cellular as backhaul. Since cellular networks provide their clients with private IPs which are not NAT’d for incoming traffic I cannot use DYNDNS. Only option AFAIK is to use a VPN tunnel. I could either buy a Pepwave end point, or preferably have the HD2 establish a VPN connection to a specified DYNDNS address that could terminate the VPN tunnel using a software client.

Kurt_See · June 26, 2013, 7:44pm

Got you. You are right. In this case we need the HD2 to initiate the VPN connection.

The HD2 supports SpeedFusion VPN, IPsec (network-to-network) and PPTP (as a server not a client) so two options we have.

IPsec. We can have the HD2 to initiate an IPsec VPN to a Cisco or Juniper gateway at the other end. HD2 supports IPsec in aggressive mode so we don’t need a public IP at the HD2. We only need a public IP at the other end.

The downside of IPsec is its unreliability. If one cellular breaks, IPsec breaks and there will be downtime re-establishing an IPsec tunnel over the other cellular network. That is the way IPsec is designed to be. Also the Cisco or Juniper gateway at the other end has to have a static IP as well. DYNDNS is not supported.

And frankly speaking IPsec is not the easiest VPN technology there is. The config is pretty messy.

Or we can use SpeedFusion. We do not need a public IP at the HD2. And we can use DYNDNS at the Peplink / Pepwave device at other end. If one cellular network has problem, traffic can seamlessly “hot failover” to the other cellular network with zero down time.

There are about 6 parameters you need to set, all done on web UI.

I personally prefer this route instead of IPsec.

eguttridge · June 27, 2013, 1:04am

Kurt:

Got you. You are right. In this case we need the HD2 to initiate the VPN connection.

The HD2 supports SpeedFusion VPN, IPsec (network-to-network) and PPTP (as a server not a client) so two options we have.

IPsec. We can have the HD2 to initiate an IPsec VPN to a Cisco or Juniper gateway at the other end. HD2 supports IPsec in aggressive mode so we don’t need a public IP at the HD2. We only need a public IP at the other end.

The downside of IPsec is its unreliability. If one cellular breaks, IPsec breaks and there will be downtime re-establishing an IPsec tunnel over the other cellular network. That is the way IPsec is designed to be. Also the Cisco or Juniper gateway at the other end has to have a static IP as well. DYNDNS is not supported.

And frankly speaking IPsec is not the easiest VPN technology there is. The config is pretty messy.

Or we can use SpeedFusion. We do not need a public IP at the HD2. And we can use DYNDNS at the Peplink / Pepwave device at other end. If one cellular network has problem, traffic can seamlessly “hot failover” to the other cellular network with zero down time.

There are about 6 parameters you need to set, all done on web UI.

I personally prefer this route instead of IPsec.

Thanks for these suggestions. However the goal is to connect to a laptop/PC endpoint - rather than relying on a Pepwave or Cisco/Juniper. Is this possible?

Kurt_See · July 2, 2013, 5:24pm

This will be difficult because the only VPN clients (client in the sense that it will actively establish a connection compared to a server which will listen to incoming connection) HD2 supports are IPsec and SpeedFusion, and that none of the two is available as a software that we can install to a laptop/PC endpoint to act as a server.

We have to work around this by having a Peplink/Pepwave device say a Balance 210/380 on the other side, and connect the laptop/PC to the Balance 210/380 LAN. How many laptop/PC endpoints do we want to connect to the HD@? Just one? One extra benefit of having a Balance 210/380 on the other end is that we can seamlessly connect multiple laptop/PC endpoints with the MAX HD2.

eguttridge · July 3, 2013, 3:59am

Understood on using the Balance, I have this setup successfully using port forward. However the core feature request is to have remote access without needing hardware for the end point. There are various s/w IPSEC clients, would these work?

eguttridge · November 4, 2013, 5:37am

Chasing a response please.

rocknolds · December 10, 2013, 12:15pm

You can always experiment with your IPSec software client to establish with the IPSec as a server on HD2. Let us know if this works.

eguttridge · December 10, 2013, 12:54pm

For a better user experience, why not implement something similar to your remote assistance, where there is always a connection HD2->Peplink HQ Endpoint which the customer accesses via a Peplink HQ IP - aka Cloud.

nardencart · December 11, 2013, 10:58am

<a href=“http://it.onsalestiffany.com/”>tiffany co</a> <a href=“http://tiffanyandco72.webs.com”>tiffany co</a> <a href=“JAPANESE日本护士XXXX18一19|小少妇BBBBBBBBBBBB|少妇AAA级久久久无码精品片|熟妇女人妻丰满少妇中文字幕|亚洲熟女少妇一区二区三区|少妇精品无码一区二区三区”>tiffany co</a> <a href=“http://tiffanyandco72.webs.com”>tiffany co</a> <a href=“http://it.onsalestiffany.com/”>tiffany</a> <a href=“http://tiffanyandco72.webs.com”>tiffany</a> 
tiffany co
tiffany co****tiffany

tiffany
tiffany
tiffany co
tiffany co
tiffany co
tiffany co

tiffany anelli
tiffany anelli

gioielli blog

<a href=“http://swissMechanicalmovementreplicawatches38.webs.com”> gioielli </a>

About onsalestiffany.com blog

Kenneth_Kwan · December 11, 2013, 3:13pm

If laptop/PC has a public IP, may setup FusionHub(VM) at the laptop/PC and let the HD2 connect to the Hub