minfarm
DD-WRT Novice
Joined: 08 Jan 2014
Posts: 21
|
 Posted: Wed May 02, 2018 13:54 Post subject: bridging two routers with VPN using cellular service |
 |
I would like to provide temporary remote access to a site using a cellular data connection.
This site (site one) has networked HVAC equipment at it that, from time to time, needs the control program updated or changed. The technician that performs this service is quite a long distance away so I would like for him to be able to do it remotely instead of having to drive to the site. Besides the HVAC equipment there is only a single PC on the Ethernet network. There is no Internet or router. My first thought was to add a DD-WRT router in (wireless) Client mode with a PPTP server set up on it and use this along with a mobile hotspot like a Verizon JetPack when I needed to provide remote access. From what I found out though, it is impossible to set up port forwarding unless you purchase a static IP address from Verizon. The WAN IP address that is given to the JetPack is private and not public.
My next thought was to use another site (site two) that has a public IP address and DD-WRT router as a PPTP VPN server. The router at site one would be set up as a PPTP client and still utilize the mobile hotspot for Internet. The service technician would also log in as a client to the VPN server at site two. Because I have not done this before I would like to know if this would be the best way, or if there is a better simpler way. Ideally I would not involve the second site. I do need the connection method to be easy and simple for the technician.
I realize that PPTP is not considered very secure but I will probably only be using this a few times a year for only a few hours per time and I would like to use it for simplicity's sake.
I did just now see a post saying that DD-WRT has a bug that prevents a DD-WRT PPTP client and DD-WRT PPTP server from connecting. So I guess I do need another way to get this accomplished 
Thanks in advance for the help! |
|
minfarm
DD-WRT Novice
Joined: 08 Jan 2014
Posts: 21
|
| Posted: Thu May 03, 2018 13:57 Post subject: |
|
Thank you for your reply. I did not intentionally try and leave details out. I will try and provide more details in this reply.
| eibgrad wrote: | | One of the reasons I tend to stick w/ Broadcom based routers is because they usually are also supported by Tomato. And one way to get around the problem would be to use at least one Tomato router on either side, or even both sides (my preference). AFAIK, Tomato does NOT have this problem. And frankly, I find it easier to manage VPNs on Tomato routers anyway. Switching between the two (dd-wrt and Tomato) isn't very hard. The GUI layouts differ, but the same concepts apply. |
I took it from this post https://www.dd-wrt.com/phpBB2/viewtopic.php?p=993811 that the bug is active when dd-wrt is the server, but I may be reading that into it. I could use Tomato on the client side (because I do not have a router at site one at all yet), but it would not be as simple on the server side (at site two). Site two is a small business site with a handful of PC’s and other devices with a functioning dd-wrt router (Linksys E1200 v2). It would be nice to know if someone has a PPTP Tomato client working with a dd-wrt server.
| eibgrad wrote: | | You also mentioned a PC, but no specifics. Could this be used as a PPTP client. If so, can it support bi-directional access? |
So the PC at site one that has the HVAC equipment is just a simple workstation PC. As I mentioned currently there is no router at this site. All of the equipment, including the PC, are on static IP addresses. A web browser on this PC is used to access a GUI for the HVAC equipment and is the only thing it is currently used for. This PC does not have the special programming software that is needed to program or update the controllers. This PC could easily be set up as a PPTP client. I may be missing something, but I am not sure how that would help. I have already used a remote desktop connection for the HVAC technician to access the PC at the site, but to program or update the controllers direct access to the Ethernet network is needed. For the remote desktop connection I used TeamViewer along with a USB wireless adapter on the PC and a Personal Hotspot on an iPad as the access point.
| eibgrad wrote: | | I'm assuming you plan to keep the hotspot running 24/7. Not sure whether there might be a reliability issue, but that's something you'll have to consider. I know some cellular providers have been cracking down on those *only* using their devices for hotspot purposes. |
Actually I would only setup the hotspot whenever access is needed by the technician. So, the few times a year that it is needed I would schedule a time with the technician that site one would be available on the VPN and just have the hotspot setup for that time.
| eibgrad wrote: | | Another possibility (unique to dd-wrt) is EoIP (Ethernet over IP) tunneling. |
Wouldn't I need a public IP address for each router in order for this option to work? For reasons you mentioned, I probably don't want to use this method anyway.
Thanks again, eibgrad! |
|
