glados.no/_files/sound/bss/london/manual/MAIN/Using HiQnet London Architect Across a VPN.html

<!doctype HTML public "-//W3C//DTD HTML 4.0 Frameset//EN">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">







 <meta name="generator" content="Adobe RoboHelp 9">
<title>Using HiQnet London Architect Across a VPN</title>
<!--[if lt IE 5.5000]><style type="text/css">@import "/wiki/skins/monobook/IE50Fixes.css";</style><![endif]-->
<!--[if IE 5.5000]><style type="text/css">@import "/wiki/skins/monobook/IE55Fixes.css";</style><![endif]-->
<!--[if IE 6]><style type="text/css">@import "/wiki/skins/monobook/IE60Fixes.css";</style><![endif]-->
<!--[if IE 7]><style type="text/css">@import "/wiki/skins/monobook/IE70Fixes.css?1";</style><![endif]-->
<!--[if lt IE 7]><script type="text/javascript" src="/wiki/skins/common/IEFixes.js"></script>
                <meta http-equiv="imagetoolbar" content="no" /><![endif]-->
<!-- Head Scripts -->
<link rel="stylesheet" href="HtmlHelp.css" type="text/css">
<style title="hcp" type="text/css">
<!--
img.hcp1 { border-width:2px;
border-style:solid;
margin-top:0px;
margin-bottom:0px;
margin-left:0px;
margin-right:0px; }
span.hcp2 { font-weight:bold; }
-->
</style>
</head>

<body class="ns-0 ltr">
<div id="globalWrapper">
	<div id="column-content">
		<div id="content">
			<h1 class="firstHeading">Using HiQnet London Architect Across 
			 a VPN</h1>
			<div id="bodyContent">
				<h2 id="siteSub">Configuration</h2>
				<p>In order to be able to communicate with Soundweb London 
				 devices over a VPN connection the IP addresses of all 
				 devices within the Soundweb London network must be known 
				 and specified within HiQnet London Architect. The reason 
				 for this is that the device discovery procedure used by 
				 HiQnet London Architect will not work over the VPN connection 
				 as it uses broadcast IP packets. We therefore have to 
				 perform the 'discovery' manually by specifying a list 
				 of static IP addresses.</p>
				<p>&#160;<br>
				First the VPN connection must be established.</p>
				<p>&#160;</p>
				<ul>
					<li class="p"><p>Provide the user name and password 
					 allocated for your VPN account by the VPN network 
					 administrator as shown in the diagram below&#160;:-</p></li>
				</ul>
				<p>&#160;<br>
				<img src="VPN6.jpg" alt="Image:VPN6.jpg" title="Image:VPN6.jpg" width="275" height="293" border="2" class="hcp1"></p>
				<p>&#160;</p>
				<ul>
					<li class="p"><p>Set up the network interface that 
					 you wish to use for communication to the Soundweb 
					 London devices (this should be the VPN connection 
					 interface).</p></li>
				</ul>
				<p>&#160;<br>
				<img src="VPN7.jpg" alt="Image:VPN7.jpg" title="Image:VPN7.jpg" width="378" height="531" border="2" class="hcp1"></p>
				<p>&#160;</p>
				<h2>Static Routes Configuration</h2>
				<ul>
					<li class="p"><p>Once the VPN connection is established, 
					 the static routes must be entered into HiQnet London 
					 Architect File Preferences. The Static Routes preferences 
					 dialog can also be accessed from the 'Network' pane: 
					 -</p></li>
				</ul>
				<p>&#160;<br>
				<img src="VPN8.jpg" alt="Image:VPN8.jpg" title="Image:VPN8.jpg" width="476" height="182" border="2" class="hcp1"></p>
				<p>&#160;</p>
				<ul>
					<li class="p"><p>Static routes are then entered using 
					 the Static Routes entry dialog&#160;:-</p></li>
				</ul>
				<p>&#160;<br>
				<img src="VPN9.jpg" alt="Image:VPN9.jpg" title="Image:VPN9.jpg" width="335" height="329" border="2" class="hcp1"></p>
				<p>&#160;</p>
				<ul>
					<li class="p"><p>Click on the <span class="hcp2">Add</span> 
					 button, the <span class="hcp2">Add Static 
					 Route</span> dialog will open.</p></li>
				</ul>
				<p>&#160;<br>
				<img src="VPN10.jpg" alt="Image:VPN10.jpg" title="Image:VPN10.jpg" width="403" height="206" border="2" class="hcp1"></p>
				<p>&#160;</p>
				<ul>
					<li class="p"><p>Type in the IP address of the Soundweb 
					 London device on the VPN network.</p></li>
					<li class="p"><p>Add a text description for the static 
					 route, click the <span class="hcp2">OK</span> 
					 button.</p></li>
					<li class="p"><p>Repeat the last three steps for each 
					 Soundweb London device with which you wish to communicate 
					 on the VPN.</p></li>
				</ul>
				<p>&#160;</p>
				<h2>Dynamic IP Addresses and Dynamic DNS</h2>
				<p>Depending on the broadband provider and account type, 
				 the VPN server will either be allocated a fixed IP address 
				 or a dynamic IP address. If it has a fixed IP address 
				 then you can connect to the VPN easily by using that IP 
				 address. However, if the VPN server is allocated a dynamic 
				 IP address then you must make some other provision for 
				 discovering the IP address when connecting to the VPN. 
				 The easiest way to achieve this is to use a third party 
				 dynamic DNS service provider such as no-ip or DYNdns. 
				 These allow you to register a DNS entry for your router 
				 and then refer to this instead of the IP address when 
				 connecting to the VPN.</p>
				<p>If you plan on using a dynamic IP address for your VPN 
				 server, then you should ensure that it supports one of 
				 the many dynamic DNS services available.</p>
				<p>&#160;</p>
				<h2>Potential Problems</h2>
				<p>Since the configuration of static routes within HiQnet 
				 London Architect assumes that the IP addresses of each 
				 Soundweb London device will be fixed, problems may arise 
				 if the IP addresses have been allocated by a DHCP server 
				 or Auto IP. This could result in a Soundweb London device 
				 being allocated a different IP address (e.g. from the 
				 DHCP server) if it undergoes a power cycle. Keeping track 
				 of such automatic allocation of IP addresses would be 
				 most impractical when using static routes. In order to 
				 avoid this type of problem, it is recommended that Soundweb 
				 London devices are allocated fixed IP addresses where 
				 the project includes scope for a VPN connection in the 
				 design.</p>
				<p>&#160;</p>
				<h2>Performance</h2>
				<p>The use of HiQnet London Architect over a VPN may be 
				 limited by the connection speed for the VPN, especially 
				 if a slow connection is used. Typically, upload speeds 
				 at the VPN client end will be the limiting factor and 
				 on a typical broadband connection this may be 256 kBit/s.</p>
				<p>The upload will get utilised during the transfer of 
				 firmware and design files from HiQnet London Architect 
				 to the Soundweb London devices.</p>
				<p>&#160;</p>
				<h2>Firmware Loading Times</h2>
				<p>To update the firmware in a Soundweb London device, 
				 HiQnet London Architect must transfer the firmware file 
				 to each device. This process will take considerably longer 
				 over a broadband connection than a 100Mbit Ethernet connection 
				 (a regular ADSL connection is about 300 times slower than 
				 100Mbit Ethernet when uploading). Please be aware that 
				 it can take several minutes to upload a firmware file 
				 to a device and will depend on the speed of your broadband 
				 connection. If you load firmware to several Soundweb London 
				 devices simultaneously it will take proportionately longer 
				 to send the firmware file.</p>
				<p><span style="font-style: italic;"><span class="hcp2">When 
				 loading firmware over a broadband connection, the loading 
				 progress bar may not move for several minutes. This behaviour 
				 is normal and the loading will progress as normal once 
				 the firmware transfer is complete.</span></span></p>
				<p>&#160;</p>
				<h2>Ports required for VPN:</h2>
				<ul type="disc">
					<li><p>3804 TCP</p></li>
					<li><p>3804 UDP</p></li>
					<li><p>21 TCP - done</p></li>
					<li><p>49152 to 50152 TCP</p></li>
				</ul>
				<p style="color: #17365D; mso-ansi-language: EN-US; font-family: Arial, sans-serif;"><span 
				 lang="EN-US" xml:lang="EN-US">FTP transfers (used when 
				 loading configurations and firmware) use ports 49152-50152. 
				 However, if there is only one PC online, then it will 
				 always use 49152. &#160;If there are 2 pcs online, then 
				 it will use 49152 and 49153.</span></p>
				<h2>&#160;</h2>
				<h2>Conclusion</h2>
				<p>Use of 'Virtual Private Network' to connect to Soundweb 
				 London installations provides a convenient way of remotely 
				 configuring, controlling and monitoring a Soundweb London 
				 installation while maintaining security through use of 
				 privileged user authentication and encryption of data 
				 packets.</p>
				<p>Provided that the Soundweb London installation is VPN 
				 capable and that the connecting user has the HiQnet London 
				 Architect design file available, the user should be able 
				 to interact with the Soundweb London install anywhere 
				 where there is an Internet connection available with a 
				 reasonable bandwidth.</p>
				<p>In order to maximise the probability of successful remote 
				 operation of Soundweb London installation over a VPN, 
				 the following guidelines are recommended: -</p>
				<p>&#160;</p>
				<ul>
					<li class="p"><p>Choose a VPN server router which is 
					 Microsoft VPN Client (PPTP) compatible for ease of 
					 configuration</p></li>
					<li class="p"><p>Use Firewalls / Routers / Proxy Servers 
					 which are 'VPN aware'</p></li>
					<li class="p"><p>Use Firewalls which are 'FTP aware'</p></li>
					<li class="p"><p>Configure Static Routes in HiQnet 
					 London Architect to Soundweb London devices</p></li>
					<li class="p"><p>Configure 'passive' FTP in HiQnet 
					 London Architect</p></li>
					<li class="p"><p>Use fixed IP addresses for the devices 
					 within the Soundweb London installation (no DHCP or 
					 AutoIP)</p></li>
				</ul>
			</div>
		</div>
	</div>
</div>
<p style="margin-bottom: 0;">&#160;</p>
</body>
</html>