Setting up VPN, using cellular modem

Fastb

Fastb

Known around here
Feb 9, 2016
1,310
929
Seattle, Wa
All,

I'm making a system that will eventually be used on small residential construction sites. We'll use a cellular modem, and Verizon 4G service.

Today, I'm eliminating the P2P connection method (too many drawbacks). Instead, I'll use a VPN. I'll use port forwarding to reach the NVR that's connected to the Cradlepoint cellular modem.

Problem 1) Verizon issues a private IP address to my cellular modem. The public IP is quite different.
Solution 1) The VPN connection should take care of this, I hope.

My plan: Use a free hosted vpn service on the internet eg: totalVPN.com
That should maintain the vpn tunnel through Verizon and back to my cellular modem (which has vpn capabilities)
This should solve the private/public ip address translation from the Verizon NAT.
When we want to surf in to the Job Site NVR, we'll surf to the hosted VPN, which will connect us through Verizon to the cellular modem, and finally, the job site NVR.

Today's first step is to set up the VPN on my wired network, using my Comcast connection. Thankfully, Comcast issues public IPs
After the VPN is working on the wired system (using Comcast), then hopefully I can use the VPN through Verizon....

It will be a long day - if you see any pitfalls with me plan, plz speak up! I'll post notes on progress & findings!

Thanks,
Fastb
 
  • Like
Reactions: Billn
AT&T (and perhaps Verizon) has a service where they set you up with a fixed (static) IP address which may help you accomplish what your looking for. I set this up on our business AT&T wireless account and, as I remember, it cost $500.00 for the setup fee and then a nominal cost of something like $9.99 per month thereafter.
 
It isn't clear to me exactly what you are planning, but I have done similar with a remote location on cellular internet.

The problem is you can't receive incoming connections on a cellular modem unless you get the dedicated IP address like Q describes. I don't know if any hosted VPN service is going to give you the ability to accept incoming connections. Those services are mostly are designed to let people spoof their geographic location and hide their actual IP address from everyone else.

What I did, and what you could do also, is set up an OpenVPN server somewhere that has a decent internet connection with a public IP address. This can be your office, your home, or even some virtual private server in a datacenter somewhere. Set up an OpenVPN client at the remote site and have it connect to the server you set up. I can't really help you with the details of the VPN configuration, but you absolutely can use this to route traffic from your public address through your OpenVPN tunnel to the remote cameras. I use 3rd-party router firmware to do the OpenVPN server and client, specifically Tomato by Shibby: http://tomato.groov.pl/
 
  • Like
Reactions: Fastb
@Q2U, @bp2008,

Thanks for the replies.
Yes, hosted VPN Service didn't work out. And going down that path would have complicated things for my customers to remote connect (construction general contractors)

I'll bite the bullet and pay $500 for a static ip. Additional static ip's, for additional systems, are no charge. And there's no monthly static ip charge.

Once I get my Static IP, I'll set up the vpn.

Thanks again!
Fastb
 
Last edited by a moderator:
Fastb,

I have used Meraki Z1 routers for similar situations (remote sites). For example I set several of these up for pet ambulances so the vets had access to internal servers while on the move.

I am not familiar with Crandlepoint modems but if they have an internet Ethernet port, you will be golden.

The dynamic IP address issue, won't be an issue here. Meraki offers you a custom URL that points to your current IP address (xxxx.dynamic-m.com).

This will be a cheaper solution than paying $500 and will give you more visibility on whats happening. This router also offers VPN access so if you don't want to forward ports, you can easily do that.

If you do want to go this route I will be more than happy to help you out. I've got a ton of experience with the Meraki product range.

Edit:
I forgot to add that Meraki is now owned by Cisco. So you have a big name behind the product.

Dynamic DNS can be found here (this is the feature you are looking for / the solution to the problem you posted).
https://documentation.meraki.com/MX...NS)_On_The_Cisco_Meraki_MX_Security_Appliance
 
Last edited by a moderator:
If that is the case he can setup site-to-site VPN with the Meraki Z1 router and the Cradlepoint modem, and then connect to it via VPN.

With IPv6, I'm really surprised that Verizon would give out NAT'ed IP addresses. Guess they are trying to make a pretty penny!
 
Waynethebrain,

That Meraki router looks pretty slick.
I paid the $500 for the static IP, as a solution to Verizon's NAT'd private IP that is assigned when they connect to the 3G/4G modem.
A site-to-site VPN might have worked (with the cradlepoint or Meraki Z1 router). But it would have been complicated. Why?
My job site security video and system isn't part of a traditional corporate network. It's not connected to another network, as in your pet ambulance example. In your example, a site-to-site tunnel makes sense.
In my job site security system, which will be used by General Contractors to check on their job site, there isn't a site-to-site situation. Unless I were to outfit each GC with a VPN on the home PC.
Then there's the Android & iphone situation. If a burglar enters thee job site, email and SMS will be sent to the GC and his crew. They can surf in from their phone. Which would require me to set up VPNs on a myriad of devices.
One workaround would be to pay for VPN hosting somewhere, so the GC could surf to the vpn host, which would have the tunnel to the 3G/4G router.

So I took the simple path. I'll get a static ip. The GC and his crew will have a straightforward method to monitor the job site cameras.

Thanks,
Fastb

Edit: And the $500 is a one time fee. Additional IP addresses, for additional job sites w/ 3G/4G routers, are no-charge.
 
Last edited by a moderator:
That makes sense. Given that the $500 is a one off fee and you won't have to mess around with setting up VPN tunnels, I can see why you went the route you did.

Without an inbound public IP address, it's the only viable option in terms of simplicity.
 
@Fastb,

Can you provide me some extra info on how you set up the site-to-site vpn?

At the customer site I have a TL-MR6400 installed.
But I have never setup a VPN connection.

Thx in advance.
 
Last edited by a moderator:
Jelle,

I never did set up a site to site VPN.
The General Contractor flaked out. He didn't want wires to the cameras, even power cables (for a WiFi cam). He wants something that doesn't exist yet, ie: the technology hasn't been invented.

So I don't support a remote site at the moment. I use port forwarding on my home system. Someday, I'll implement VPN.

These links might be helpful. Good luck!

Fastb

https://www.ipcamtalk.com/archive/index.php/t-10925.html
https://www.ipcamtalk.com/showthrea...bie-understand-VPN-and-the-best-route-to-take
 
dont worry, im sure nuclear powered IP Cameras with hyperspace communications is just right around the corner.. and so cheap you can get em for the price of a nice dinner.
 
You must log in or register to reply here.
Top Bottom