|
|
|
#1
|
|||
|
|||
Computer question - setting up a VPN
I have a question for you computer networking experts out there...
I have 3 pieces of industrial equipment that are networked together. They need to be monitored remotely over the internet. The location in which they are installed does not have a dedicated wired internet connection but has access to a building-wide public wireless network. I don't want these 3 industrial devices to be able to access the internet, get viruses, etc. What I want is to be able to remotely connect my PC as another node on their private network (over the internet), monitor them, and then disconnect. I'm not in the same building - I'm miles away. My initial thought was to use: 1) a VPN router, either with some sort of client software on my PC, or a matching router at my end, whatever is necessary, AND 2) a wireless bridge (to connect the VPN router to the public wireless network) Here is a drawing of what I was picturing: Code:
REMOTE LOCATION: .----------. [Device 1]----+ | .----------. .-----. | VPN | | Wireless | public | | [Device 2]----+ Router +-----+ Bridge +-) ) ) -wireless- ( ( (-+ ? +---< INTERNET | | | Linksys | network | | [Device 3]----+ | | WET610N | '-----' '----------' '----------' AT MY OFFICE: .------------. .----------. | Cable | | Firewall | INTERNET >----+ Modem +-----+ Router +-----[ My Computer ] | Dynamic IP | | | '------------' '----------' I've been reading manuals for VPN routers all day but I'm not really seeing how to configure them to implement something like this. I could probably convince the appropriate people to make some minor changes to the configuration of the building wireless network if necessary, but I'd need to be certain of what had to be done before I ask. If anyone has any pointers/suggestions on this, I would be very appreciative!
__________________
1989 250TD Wagon 5-speed, 160,000mi ::: Dark gray metallic / black cloth 1984 190D-2.2 5-speed, 287,000mi ::: Silver-blue metallic / black MB-tex ::: SOLD |
#2
|
||||
|
||||
What OS are they on? If windows, you can use logmein which works well. Just set the firewall to accept your workstation ip and no others. In order for any VPN to work, the servers are going to have to have some sort of internet access.
__________________
99 ML320 94 SL600 92 SL500 95 E320 Cabriolet 87 560SEC 86 300SDL Grease Car 80 380SLC Euro 13 Fiat Abarth 02 Maserati Spyder Cambiocorsa 00 BMW Z3 90 Rolls Royce Silver Spur 80 Ferrari 308 GTSI 88 Jaguar XJS12 H&E Edition 99 Land Rover Discovery |
#3
|
|||
|
|||
Thanks for the reply. Unfortunately, I can't install anything on the 3 pieces of equipment (or otherwise modify them), which makes it harder. They run an old version of windows embedded (not a full implementation of windows).
So, the new piece of networking gear I introduce (a VPN router or whatever) needs to take care of the details somehow... I don't need to get onto those pieces of equipment (so a remote login or remote desktop kind of approach is not what I'm looking for) - I just need to be on their network. They are monitored through proprietary software over TCP/IP so I just have to be able to see them on the network. I will run the software on my PC and it will talk to these devices and do whatever it is that it needs to do.
__________________
1989 250TD Wagon 5-speed, 160,000mi ::: Dark gray metallic / black cloth 1984 190D-2.2 5-speed, 287,000mi ::: Silver-blue metallic / black MB-tex ::: SOLD |
#4
|
||||
|
||||
Just a wild stab and I know when PP has the time he will know what to do but I think you can use SSH Sentinel to connect to the VPN on the older Winders boxes.
|
#5
|
||||
|
||||
Good call. I was going to mention SSH, but he still has to have it installed on the host boxes. Give me a day and I'll figure something out.
__________________
99 ML320 94 SL600 92 SL500 95 E320 Cabriolet 87 560SEC 86 300SDL Grease Car 80 380SLC Euro 13 Fiat Abarth 02 Maserati Spyder Cambiocorsa 00 BMW Z3 90 Rolls Royce Silver Spur 80 Ferrari 308 GTSI 88 Jaguar XJS12 H&E Edition 99 Land Rover Discovery |
#6
|
|||
|
|||
Any further info on the older Windoz version ??
Most had some limited remote desktop capabilites. The VPN router only provides the connection, you would need to put some form of PC at the remote site. Got an old laptop/PC laying around ?? You'd need a pretty basic setup. Then you'd connect into it and use it to monitor the remote site. LogMeIN, RDP or any other remote connection products, do a Google search Does the remote site see the internet with a fixed IP ?? A lot of points have IPs that change, mine does but rarely, then look at DynDNS or some other product to monitor it.
__________________
KLK, MCSE 1990 500SL I was always taught to respect my elders. I don't have to respect too many people anymore. |
#7
|
|||
|
|||
Quote:
While it would technically work to buy another computer, put it on the remote network, and then RDP into it, for a variety of reasons I can't put another computer at the remote site (mainly, there is no place to put one, either from a space standpoint or from a security standpoint, and some political resistance to this idea as well). The industrial equipment can't be RDP-ed into either. So, for this particular scenario, assume for now that it's not possible to RDP into a computer that is at the remote location. Instead, I want my own computer in my office to act as if it is located at the remote site (not all the time, just when I need to check on things). I think the VPN router will do this for me; in the manual for the Cisco RV082 VPN router, they say (I'm paraphrasing a bit): The VPN capability creates encrypted “tunnels” through the Internet, allowing traveling users to securely connect into your office network from offsite. Users connecting through a VPN tunnel are attached to your company’s network just as if they were in the building. My wife VPNs into her office from our house, and it does exactly this. Start the connection, and all of our local home network devices (printers, NAS, PCs) disappear, and her work network is there instead (office printers, other computers, network shares, etc.). It's like being at her office, but less boring . Disconnect and things are back to normal. This is exactly what I want - for my computer in my office to appear as if it's in the same building, on the same network as these three pieces of industrial equipment. The monitoring software I need to use can then run on my office PC. So I think I'm on the right track with a device like this. But, I'm not sure how to hook it up with the wireless network in the middle (vs. having the VPN router on a static IP directly exposed to the internet, which I think I could bumble my way through from the examples in the router manuals). My best guess at the moment is to:
I have no idea if this will actually work though... I've never had to do any networking this elaborate before. I really appreciate all of the responses; I know this is a weird / complicated situation with a lot of restrictions - that's why I feel fortunate to have your help!
__________________
1989 250TD Wagon 5-speed, 160,000mi ::: Dark gray metallic / black cloth 1984 190D-2.2 5-speed, 287,000mi ::: Silver-blue metallic / black MB-tex ::: SOLD |
#8
|
|||
|
|||
re DynDNS there are other alternatives too, one of the router companies provides it built in, never used it.
I've had good luck with DynDNS so I don't bother. I still think you don't quite understand something, the VPN device/router whatever creates the doorway for YOUR PC to connect to a DEVICE on the other side. It does not transfer network traffic from the other side through the tunnel to your PC. You need to connect to something there, a device, a PC something to see the local traffic. (There may be specialized VPN / routers that do this, I've never seen on, but it will not be your normal VPN/Router. I set up a lot of VPNs, I usually call them remote users. Many of my clients have one or several people that work predominately remote. I also support most of those clients through the same connection. For me to manage that VPN router remotely (I turn off remote administration), I have to remote into a server on the inside, and use it to administrate the router itself. Now here's a fun thing, somewhat unrelated, but think it through. When I set these up I need to test them, but you can't properly test them from within the network. So I VPN into my home/office network logging into a desktop there, then I fire up VPN on it back into the client and Remote desktop into another machine at the client.
__________________
KLK, MCSE 1990 500SL I was always taught to respect my elders. I don't have to respect too many people anymore. |
#9
|
|||
|
|||
I somewhat understand the situation and I'm sorry it's outside of my skill set.
I think you're saying you small LAN of old quasi-MS machines are on their own TCP/IP network. I believe a competent IT guy (or gal) could take care of it & it sounds like there is at least one person, probably more who know what they are doing and are helping you already on this thread. |
#10
|
|||
|
|||
I don’t think this is going to work.
For a VPN you need a public IP address on your VPN, witch means that the ports you use (probably TCP/UDP 500 and 4500) are forwarded from the public network gateway to your VPN router. Administrators of public networks are not likely to do that. A workaround can be to set up a computer in the remote location with a remote access program (like Teamviewer). Rob |
#11
|
|||
|
|||
Quote:
The thing that made me think I could do this was that my wife's work VPN operates in this way. When she connects to her office from home, we're still working on our home PC, but have access to all of her office's network resources. It doesn't appear as if we connect to a specific device in her office - we're just somehow on her office's network from home. But I don't know what equipment exists in her office to make this all happen. Thanks for having the patience to explain things to me!
__________________
1989 250TD Wagon 5-speed, 160,000mi ::: Dark gray metallic / black cloth 1984 190D-2.2 5-speed, 287,000mi ::: Silver-blue metallic / black MB-tex ::: SOLD |
#12
|
|||
|
|||
Quote:
She is connecting to devices on the corporate network, shares, printers, E-mail server ... But she cannot she general network traffic occuring behind their router, it does not allow that traffic out. Only the traffic specific to Her VPN connection.
__________________
KLK, MCSE 1990 500SL I was always taught to respect my elders. I don't have to respect too many people anymore. |
#13
|
|||
|
|||
Quote:
So there's this software I need to run on my PC to monitor these pieces of equipment. It doesn't need to 'spy' on the general network traffic or anything like that - instead, it makes TCP connections with each piece of equipment, queries them, and they send a response, and then the connection closes. I need to put my PC on the same network as the industrial devices so that it can see the devices in order to query them (e.g. so that they show up if I do a "net view" from a command prompt on my PC). I also need to be able to create network shares to access files on them (e.g. with a "net use" command from a command prompt on my PC). I apologize for being unclear earlier; as you've probably guessed, this is outside the realm of my networking knowledge. Thank you again for your helpfulness!
__________________
1989 250TD Wagon 5-speed, 160,000mi ::: Dark gray metallic / black cloth 1984 190D-2.2 5-speed, 287,000mi ::: Silver-blue metallic / black MB-tex ::: SOLD |
#14
|
|||
|
|||
First, My Pleasure.
I think you're getting it now. You will need to Share those directories on the PCs too. You can only 'Net Use' to a share. But if that gets you the info you need it might do it.
__________________
KLK, MCSE 1990 500SL I was always taught to respect my elders. I don't have to respect too many people anymore. |
#15
|
||||
|
||||
Sounds like your wife is using Citrix or similar. You're going to have to setup a client server (telnet) or other way to VPN in.
__________________
99 ML320 94 SL600 92 SL500 95 E320 Cabriolet 87 560SEC 86 300SDL Grease Car 80 380SLC Euro 13 Fiat Abarth 02 Maserati Spyder Cambiocorsa 00 BMW Z3 90 Rolls Royce Silver Spur 80 Ferrari 308 GTSI 88 Jaguar XJS12 H&E Edition 99 Land Rover Discovery |
Bookmarks |
|
|