Using HiQnet London Architect Across a VPN

Configuration

In order to be able to communicate with Soundweb London devices over a VPN connection the IP addresses of all devices within the Soundweb London network must be known and specified within HiQnet London Architect. The reason for this is that the device discovery procedure used by HiQnet London Architect will not work over the VPN connection as it uses broadcast IP packets. We therefore have to perform the 'discovery' manually by specifying a list of static IP addresses.

 
First the VPN connection must be established.

 

  • Provide the user name and password allocated for your VPN account by the VPN network administrator as shown in the diagram below :-

 
Image:VPN6.jpg

 

  • Set up the network interface that you wish to use for communication to the Soundweb London devices (this should be the VPN connection interface).

 
Image:VPN7.jpg

 

Static Routes Configuration

  • Once the VPN connection is established, the static routes must be entered into HiQnet London Architect File Preferences. The Static Routes preferences dialog can also be accessed from the 'Network' pane: -

 
Image:VPN8.jpg

 

  • Static routes are then entered using the Static Routes entry dialog :-

 
Image:VPN9.jpg

 

  • Click on the Add button, the Add Static Route dialog will open.

 
Image:VPN10.jpg

 

  • Type in the IP address of the Soundweb London device on the VPN network.

  • Add a text description for the static route, click the OK button.

  • Repeat the last three steps for each Soundweb London device with which you wish to communicate on the VPN.

 

Dynamic IP Addresses and Dynamic DNS

Depending on the broadband provider and account type, the VPN server will either be allocated a fixed IP address or a dynamic IP address. If it has a fixed IP address then you can connect to the VPN easily by using that IP address. However, if the VPN server is allocated a dynamic IP address then you must make some other provision for discovering the IP address when connecting to the VPN. The easiest way to achieve this is to use a third party dynamic DNS service provider such as no-ip or DYNdns. These allow you to register a DNS entry for your router and then refer to this instead of the IP address when connecting to the VPN.

If you plan on using a dynamic IP address for your VPN server, then you should ensure that it supports one of the many dynamic DNS services available.

 

Potential Problems

Since the configuration of static routes within HiQnet London Architect assumes that the IP addresses of each Soundweb London device will be fixed, problems may arise if the IP addresses have been allocated by a DHCP server or Auto IP. This could result in a Soundweb London device being allocated a different IP address (e.g. from the DHCP server) if it undergoes a power cycle. Keeping track of such automatic allocation of IP addresses would be most impractical when using static routes. In order to avoid this type of problem, it is recommended that Soundweb London devices are allocated fixed IP addresses where the project includes scope for a VPN connection in the design.

 

Performance

The use of HiQnet London Architect over a VPN may be limited by the connection speed for the VPN, especially if a slow connection is used. Typically, upload speeds at the VPN client end will be the limiting factor and on a typical broadband connection this may be 256 kBit/s.

The upload will get utilised during the transfer of firmware and design files from HiQnet London Architect to the Soundweb London devices.

 

Firmware Loading Times

To update the firmware in a Soundweb London device, HiQnet London Architect must transfer the firmware file to each device. This process will take considerably longer over a broadband connection than a 100Mbit Ethernet connection (a regular ADSL connection is about 300 times slower than 100Mbit Ethernet when uploading). Please be aware that it can take several minutes to upload a firmware file to a device and will depend on the speed of your broadband connection. If you load firmware to several Soundweb London devices simultaneously it will take proportionately longer to send the firmware file.

When loading firmware over a broadband connection, the loading progress bar may not move for several minutes. This behaviour is normal and the loading will progress as normal once the firmware transfer is complete.

 

Ports required for VPN:

  • 3804 TCP

  • 3804 UDP

  • 21 TCP - done

  • 49152 to 50152 TCP

FTP transfers (used when loading configurations and firmware) use ports 49152-50152. However, if there is only one PC online, then it will always use 49152.  If there are 2 pcs online, then it will use 49152 and 49153.

 

Conclusion

Use of 'Virtual Private Network' to connect to Soundweb London installations provides a convenient way of remotely configuring, controlling and monitoring a Soundweb London installation while maintaining security through use of privileged user authentication and encryption of data packets.

Provided that the Soundweb London installation is VPN capable and that the connecting user has the HiQnet London Architect design file available, the user should be able to interact with the Soundweb London install anywhere where there is an Internet connection available with a reasonable bandwidth.

In order to maximise the probability of successful remote operation of Soundweb London installation over a VPN, the following guidelines are recommended: -

 

  • Choose a VPN server router which is Microsoft VPN Client (PPTP) compatible for ease of configuration

  • Use Firewalls / Routers / Proxy Servers which are 'VPN aware'

  • Use Firewalls which are 'FTP aware'

  • Configure Static Routes in HiQnet London Architect to Soundweb London devices

  • Configure 'passive' FTP in HiQnet London Architect

  • Use fixed IP addresses for the devices within the Soundweb London installation (no DHCP or AutoIP)