Remote access via VPN initiated by HD2 to s/w client on a laptop/PC
Ummm… initiated by HD2 to software client to laptop/PC. This is interesting. Could you please share more of your application? I am trying put this use case in context.
Goal is remote access when using cellular as backhaul. Since cellular networks provide their clients with private IPs which are not NAT’d for incoming traffic I cannot use DYNDNS. Only option AFAIK is to use a VPN tunnel. I could either buy a Pepwave end point, or preferably have the HD2 establish a VPN connection to a specified DYNDNS address that could terminate the VPN tunnel using a software client.
Got you. You are right. In this case we need the HD2 to initiate the VPN connection.
The HD2 supports SpeedFusion VPN, IPsec (network-to-network) and PPTP (as a server not a client) so two options we have.
IPsec. We can have the HD2 to initiate an IPsec VPN to a Cisco or Juniper gateway at the other end. HD2 supports IPsec in aggressive mode so we don’t need a public IP at the HD2. We only need a public IP at the other end.
The downside of IPsec is its unreliability. If one cellular breaks, IPsec breaks and there will be downtime re-establishing an IPsec tunnel over the other cellular network. That is the way IPsec is designed to be. Also the Cisco or Juniper gateway at the other end has to have a static IP as well. DYNDNS is not supported.
And frankly speaking IPsec is not the easiest VPN technology there is. The config is pretty messy.
Or we can use SpeedFusion. We do not need a public IP at the HD2. And we can use DYNDNS at the Peplink / Pepwave device at other end. If one cellular network has problem, traffic can seamlessly “hot failover” to the other cellular network with zero down time.
There are about 6 parameters you need to set, all done on web UI.
I personally prefer this route instead of IPsec.
Thanks for these suggestions. However the goal is to connect to a laptop/PC endpoint - rather than relying on a Pepwave or Cisco/Juniper. Is this possible?
This will be difficult because the only VPN clients (client in the sense that it will actively establish a connection compared to a server which will listen to incoming connection) HD2 supports are IPsec and SpeedFusion, and that none of the two is available as a software that we can install to a laptop/PC endpoint to act as a server.
We have to work around this by having a Peplink/Pepwave device say a Balance 210/380 on the other side, and connect the laptop/PC to the Balance 210/380 LAN. How many laptop/PC endpoints do we want to connect to the HD@? Just one? One extra benefit of having a Balance 210/380 on the other end is that we can seamlessly connect multiple laptop/PC endpoints with the MAX HD2.
Understood on using the Balance, I have this setup successfully using port forward. However the core feature request is to have remote access without needing hardware for the end point. There are various s/w IPSEC clients, would these work?
Chasing a response please.
You can always experiment with your IPSec software client to establish with the IPSec as a server on HD2. Let us know if this works.
For a better user experience, why not implement something similar to your remote assistance, where there is always a connection HD2->Peplink HQ Endpoint which the customer accesses via a Peplink HQ IP - aka Cloud.
<br><strong><a href=“http://it.onsalestiffany.com/”>tiffany co</a></strong> <a href=“http://tiffanyandco72.webs.com”>tiffany co</a> <br><br><strong><a href=“http://www.onsalestiffany.com/it/”>tiffany co</a></strong> <a href=“http://tiffanyandco72.webs.com”>tiffany co</a> <br><strong><a href=“http://it.onsalestiffany.com/”>tiffany</a></strong> <a href=“http://tiffanyandco72.webs.com”>tiffany</a> <br><br><br><br><br><br><br><br>
<a href=“http://swissMechanicalmovementreplicawatches38.webs.com”> gioielli </a>
If laptop/PC has a public IP, may setup FusionHub(VM) at the laptop/PC and let the HD2 connect to the Hub