Topics

Deployment Question for the group


Mike AE4ML
 

I have a site at a local hospital. I have recently obtained a wired internet connection for the Quantar and RMS Gateway on their guest network. Because of hipa and other issues I found that I can pass traffic out to the talkgroups but nothing is making it back to me.
Q1. Has anyone run into this before and what was the solution ?
Q2. has anyone attempted to run a VPN tunnel on the pi that is handling QB, MMDVM & P25gateway ? 
I don't even know if I can establish a VPN over this network. I decided its worth a try.

Mike


David Uzzell
 




On 30 Jan 2019, at 10:56 am, Mike AE4ML <mike.lussier@...> wrote:

I have a site at a local hospital. I have recently obtained a wired internet connection for the Quantar and RMS Gateway on their guest network. Because of hipa and other issues I found that I can pass traffic out to the talkgroups but nothing is making it back to me.
Q1. Has anyone run into this before and what was the solution ?
Q2. has anyone attempted to run a VPN tunnel on the pi that is handling QB, MMDVM & P25gateway ? 
I don't even know if I can establish a VPN over this network. I decided its worth a try.


I have a Satellite 2 way link that is on a nat’ed private range ip’s so I can’t route traffic in. I have a cloud machine on Vultr.com for $5/m that is my VPN server running OpenVPN using iptables to route the needed ports over the VPN and have no problems at all with IRLP, about to build ASL and do the same thing, at least there are less ports to forward. 

David 




Mike


Ben Fogt
 

This should work. Essentially the VPN will be an extension of your network where people would connect inbound. I will use a cloud server as an example

INTERNET <-> Cloud server <-> VPN <-> Hospital site
On your cloud server you can manually add static routes to the VPN network so when traffic comes in on X port, it routes to the VPN network. This will be much simpler I think, using a router or a gateway device as you can simply configure all your routes in there to immediately forward to the VPNs first hop address.

INTERNET <-> Gateway/Router <-> LAN <-> VPN Server <-> Hospital device
                                       |                                          |
                                       |-----------------------------------|
                                             Static route to VPN

pseudo routes/port forward would look like:

UDP port 62031 forwards to 10.0.1.13 (IP of device at hosp)
UDP port 10100 forwards to 10.0.1.13 (IP of device at hosp)
etc etc etc ....
10.0.1.0/24 routes to 172.16.32.1 (VPN IP local on your side, aka next hop)

This is rough, but hopefully it gives you an idea. 




On Tue, Jan 29, 2019 at 6:56 PM Mike AE4ML <mike.lussier@...> wrote:
I have a site at a local hospital. I have recently obtained a wired internet connection for the Quantar and RMS Gateway on their guest network. Because of hipa and other issues I found that I can pass traffic out to the talkgroups but nothing is making it back to me.
Q1. Has anyone run into this before and what was the solution ?
Q2. has anyone attempted to run a VPN tunnel on the pi that is handling QB, MMDVM & P25gateway ? 
I don't even know if I can establish a VPN over this network. I decided its worth a try.

Mike



--
Ben Fogt
N5AMD