7643 questions

9073 answers

14631 comments

12005 members

0 votes
373 views 2 comments
by

Dear All, I am experimenting to provide H24 monitoring to my customers.

The Idea would be that they have their fiber WAN and a secondary 4G WAN which will be provided by a RUT240.

 I have tried with normal 4G Data Sim but they don't work.
I suspect being in a shared WAN IP Scenario, here you can see I have this IP of 10.35.87.22, and if I try to get my IP from services it says my IP is 62.19.212.86.

Are there any solutions, or M2M SIMS, to have a VPN to connect to the remote network (where the RUT240 is present).

At the moment I cannot ping neither one of the public WAN IPs, even if I checked the option allowing ICMP traffic and set up the firewall rules to get the traffic.

Thanks for your help,
Appreciate it!

Bye
Matteo D

2 Answers

0 votes
by
Hi Matteo,

Your RUT240 has a private IP address, to create VPN server on this RUT240 first you'd need to acquire a public IP from your Mobile network operator. IP locator services always displays public IP address because private IP addresses aren't routed via internet.

62.19.212.86 public IP belongs to a router in your ISP's network, the only option to host VPN server on your RUT240 would require your ISP to do a port forward from its public IP specific port to your private IP.

If you have access to a VPN server with public IP/hostname then you can configure VPN client on your RUT240 without the need of public IP.
by
Thanks for your answer, so one possible way should be to connect to a VPN as a CLIENT and connect to a SERVER with fixed STATIC (or dynamic) public address.

I then would like all the network connected to the RUT240 being available from the server location. Do you think that this is possible?
 

I am trying to create develop a VPN server with OPENVPN, but that is not that easy.

I received another suggestion to create a L2TP tunnel, but have no experience with that.

Which is in your opinion the best choice?

Thanks

Matteo
by

Server has to have a static public IP or use DDNS service, otherwise if dynamic public IP is being used, once the public IP changes on the server, you'll need to update server's IP in client configuration.

Reaching all LAN clients of RUT240 from Server side is possible, I'd suggest you to use OpenVPN as we have a very detailed configuration guide.

OpenVPN is all around better option as it's more robust and provides better security compared to L2TP, the only downside is that configuration is a little bit more complex but by following our wiki guides you shouldn't experience any issues.

0 votes
by

I would recommend giving your engineers authorization to look at both VPN and Internet routing configurations on the device in question, just to make sure they are being configured correctly. In order for a VPN connection to be established (including L2TP over IPsec) you must have at least one S0/0 or a PPP interface connected. Furthermore, when setting up VPNs it is recommended that you assign static routes because the GRE tunnel dynamic routing protocols (RIP, OSPFv3 etc,) will not work with MPLS cloud deployments. If all of this sounds like Greek then I strongly suggest you assign an engineer who has been working on this type of configuration and place them on-call for a few days until they can verify.

See this article about the best VPN providers for Italy.