A multi site VPN setup

Hi, I have a ongoing project to deploy containerized control systems to remote site.
Each container consists PLC, Ignition Edge and multiple other TCP/IP devices under local subnet.
I would like to install a 4g modem in each container, to allow the container to connect to a central VPN server, so all containers are within the VPN network.

Can anyone shine some light on how it can be achieved?

My initial thought is to purchase 4g modem with vpn server/client function, so I can define DDNS and OpenVPN to connect each container to the cloud VPN before dispatching to site.
I found the ASUS 4G-AC68U has the requirement function, but it’s very difficult to find it on the market.

All ignition edge devices are talking to the cloud via MQTT at the moment, it does not require VPN setup. But I would like to install ptz camera as well, once installed, the video files are too large to send to the cloud, they have to stay in local HDD, once under the same VPn, the ignition client should be able to view the files easily.

Talk with your ISP provider, most of them offer a PRIVATE VPN that can be setup and mine with VERIZON work great. Very affordable.

I maintain remote locations just as you describe, I setup a local LAN at each site and each site may have all kinds of other devices on the lan. I can manage every device just as if they were on my shop bench.

This is all done through our Private Cellular Network which is just a large scale VPN.

1 Like

Private cellular is the simplest to administer. If that isn’t an option for you, consider deploying OpenVPN yourself on the Ignition Edge system. If you are wise, that system is Linux, and OpenVPN on Linux can do just about anything.

1 Like

a private apn from a cellular provider will work well. Only downside is that you would have to setup port forwarding to access your devices. this may or may not work well in some instances. a vpn would get you direct access to every device behind your modem without the need for using port forwarding. Depending on your setup, this may be necessary.

At a minimum I would use a private apn so you dont have a device on a public IP.

1 Like

I am talking to cooperate IT to see any solution from the IT team.

TosiBox would work well for this and be very secure.

Does Tosibox have a 4g modem with VPN inbuilt? I couldn’t find the right device from their website.
What’s the price range I should be look at for each device?

@chaoliang,

We use the lock 500i (TBL5iCPS) model. Built in VPN that is plug and play. There are good videos on YouTube demonstrating how it works.

We have their Virtual Central Lock that resides on our server and then we connect the locks that are in various regions to it over generic 4G cellular. This setup allows that always on VPN connection for Ignition to receive/request data.

I’d recommended inquiring for info through TosiBox so they can set you up with the right team/Vendors for best support and pricing.

1 Like

Wonderful.

Thanks for sharing the information.

I will contact local sales for further discussion.

OpenVPN? Gross. Use wireguard.

I find OpenVPN much more reliably passes through others’ firewalls. Otherwise I’d be delighted to use wireguard.

The upside with wireguard is its less resource hungry that openvpn are.
I wish my router could do wireguard, but still it maxes out my 500/500 Mbit connection with openvpn tho.

You must be doing something else wrong. My OpenVPN infrastructure adds a few percent overhead to the traffic it carries.