223 lines
9.9 KiB
HTML
223 lines
9.9 KiB
HTML
|
|
<!doctype HTML public "-//W3C//DTD HTML 4.0 Frameset//EN">
|
|
<html>
|
|
<head>
|
|
<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<meta name="generator" content="Adobe RoboHelp 9">
|
|
<title>Using HiQnet London Architect Across a VPN</title>
|
|
<!--[if lt IE 5.5000]><style type="text/css">@import "/wiki/skins/monobook/IE50Fixes.css";</style><![endif]-->
|
|
<!--[if IE 5.5000]><style type="text/css">@import "/wiki/skins/monobook/IE55Fixes.css";</style><![endif]-->
|
|
<!--[if IE 6]><style type="text/css">@import "/wiki/skins/monobook/IE60Fixes.css";</style><![endif]-->
|
|
<!--[if IE 7]><style type="text/css">@import "/wiki/skins/monobook/IE70Fixes.css?1";</style><![endif]-->
|
|
<!--[if lt IE 7]><script type="text/javascript" src="/wiki/skins/common/IEFixes.js"></script>
|
|
<meta http-equiv="imagetoolbar" content="no" /><![endif]-->
|
|
<!-- Head Scripts -->
|
|
<link rel="stylesheet" href="HtmlHelp.css" type="text/css">
|
|
<style title="hcp" type="text/css">
|
|
<!--
|
|
img.hcp1 { border-width:2px;
|
|
border-style:solid;
|
|
margin-top:0px;
|
|
margin-bottom:0px;
|
|
margin-left:0px;
|
|
margin-right:0px; }
|
|
span.hcp2 { font-weight:bold; }
|
|
-->
|
|
</style>
|
|
</head>
|
|
|
|
<body class="ns-0 ltr">
|
|
<div id="globalWrapper">
|
|
<div id="column-content">
|
|
<div id="content">
|
|
<h1 class="firstHeading">Using HiQnet London Architect Across
|
|
a VPN</h1>
|
|
<div id="bodyContent">
|
|
<h2 id="siteSub">Configuration</h2>
|
|
<p>In order to be able to communicate with Soundweb London
|
|
devices over a VPN connection the IP addresses of all
|
|
devices within the Soundweb London network must be known
|
|
and specified within HiQnet London Architect. The reason
|
|
for this is that the device discovery procedure used by
|
|
HiQnet London Architect will not work over the VPN connection
|
|
as it uses broadcast IP packets. We therefore have to
|
|
perform the 'discovery' manually by specifying a list
|
|
of static IP addresses.</p>
|
|
<p> <br>
|
|
First the VPN connection must be established.</p>
|
|
<p> </p>
|
|
<ul>
|
|
<li class="p"><p>Provide the user name and password
|
|
allocated for your VPN account by the VPN network
|
|
administrator as shown in the diagram below :-</p></li>
|
|
</ul>
|
|
<p> <br>
|
|
<img src="VPN6.jpg" alt="Image:VPN6.jpg" title="Image:VPN6.jpg" width="275" height="293" border="2" class="hcp1"></p>
|
|
<p> </p>
|
|
<ul>
|
|
<li class="p"><p>Set up the network interface that
|
|
you wish to use for communication to the Soundweb
|
|
London devices (this should be the VPN connection
|
|
interface).</p></li>
|
|
</ul>
|
|
<p> <br>
|
|
<img src="VPN7.jpg" alt="Image:VPN7.jpg" title="Image:VPN7.jpg" width="378" height="531" border="2" class="hcp1"></p>
|
|
<p> </p>
|
|
<h2>Static Routes Configuration</h2>
|
|
<ul>
|
|
<li class="p"><p>Once the VPN connection is established,
|
|
the static routes must be entered into HiQnet London
|
|
Architect File Preferences. The Static Routes preferences
|
|
dialog can also be accessed from the 'Network' pane:
|
|
-</p></li>
|
|
</ul>
|
|
<p> <br>
|
|
<img src="VPN8.jpg" alt="Image:VPN8.jpg" title="Image:VPN8.jpg" width="476" height="182" border="2" class="hcp1"></p>
|
|
<p> </p>
|
|
<ul>
|
|
<li class="p"><p>Static routes are then entered using
|
|
the Static Routes entry dialog :-</p></li>
|
|
</ul>
|
|
<p> <br>
|
|
<img src="VPN9.jpg" alt="Image:VPN9.jpg" title="Image:VPN9.jpg" width="335" height="329" border="2" class="hcp1"></p>
|
|
<p> </p>
|
|
<ul>
|
|
<li class="p"><p>Click on the <span class="hcp2">Add</span>
|
|
button, the <span class="hcp2">Add Static
|
|
Route</span> dialog will open.</p></li>
|
|
</ul>
|
|
<p> <br>
|
|
<img src="VPN10.jpg" alt="Image:VPN10.jpg" title="Image:VPN10.jpg" width="403" height="206" border="2" class="hcp1"></p>
|
|
<p> </p>
|
|
<ul>
|
|
<li class="p"><p>Type in the IP address of the Soundweb
|
|
London device on the VPN network.</p></li>
|
|
<li class="p"><p>Add a text description for the static
|
|
route, click the <span class="hcp2">OK</span>
|
|
button.</p></li>
|
|
<li class="p"><p>Repeat the last three steps for each
|
|
Soundweb London device with which you wish to communicate
|
|
on the VPN.</p></li>
|
|
</ul>
|
|
<p> </p>
|
|
<h2>Dynamic IP Addresses and Dynamic DNS</h2>
|
|
<p>Depending on the broadband provider and account type,
|
|
the VPN server will either be allocated a fixed IP address
|
|
or a dynamic IP address. If it has a fixed IP address
|
|
then you can connect to the VPN easily by using that IP
|
|
address. However, if the VPN server is allocated a dynamic
|
|
IP address then you must make some other provision for
|
|
discovering the IP address when connecting to the VPN.
|
|
The easiest way to achieve this is to use a third party
|
|
dynamic DNS service provider such as no-ip or DYNdns.
|
|
These allow you to register a DNS entry for your router
|
|
and then refer to this instead of the IP address when
|
|
connecting to the VPN.</p>
|
|
<p>If you plan on using a dynamic IP address for your VPN
|
|
server, then you should ensure that it supports one of
|
|
the many dynamic DNS services available.</p>
|
|
<p> </p>
|
|
<h2>Potential Problems</h2>
|
|
<p>Since the configuration of static routes within HiQnet
|
|
London Architect assumes that the IP addresses of each
|
|
Soundweb London device will be fixed, problems may arise
|
|
if the IP addresses have been allocated by a DHCP server
|
|
or Auto IP. This could result in a Soundweb London device
|
|
being allocated a different IP address (e.g. from the
|
|
DHCP server) if it undergoes a power cycle. Keeping track
|
|
of such automatic allocation of IP addresses would be
|
|
most impractical when using static routes. In order to
|
|
avoid this type of problem, it is recommended that Soundweb
|
|
London devices are allocated fixed IP addresses where
|
|
the project includes scope for a VPN connection in the
|
|
design.</p>
|
|
<p> </p>
|
|
<h2>Performance</h2>
|
|
<p>The use of HiQnet London Architect over a VPN may be
|
|
limited by the connection speed for the VPN, especially
|
|
if a slow connection is used. Typically, upload speeds
|
|
at the VPN client end will be the limiting factor and
|
|
on a typical broadband connection this may be 256 kBit/s.</p>
|
|
<p>The upload will get utilised during the transfer of
|
|
firmware and design files from HiQnet London Architect
|
|
to the Soundweb London devices.</p>
|
|
<p> </p>
|
|
<h2>Firmware Loading Times</h2>
|
|
<p>To update the firmware in a Soundweb London device,
|
|
HiQnet London Architect must transfer the firmware file
|
|
to each device. This process will take considerably longer
|
|
over a broadband connection than a 100Mbit Ethernet connection
|
|
(a regular ADSL connection is about 300 times slower than
|
|
100Mbit Ethernet when uploading). Please be aware that
|
|
it can take several minutes to upload a firmware file
|
|
to a device and will depend on the speed of your broadband
|
|
connection. If you load firmware to several Soundweb London
|
|
devices simultaneously it will take proportionately longer
|
|
to send the firmware file.</p>
|
|
<p><span style="font-style: italic;"><span class="hcp2">When
|
|
loading firmware over a broadband connection, the loading
|
|
progress bar may not move for several minutes. This behaviour
|
|
is normal and the loading will progress as normal once
|
|
the firmware transfer is complete.</span></span></p>
|
|
<p> </p>
|
|
<h2>Ports required for VPN:</h2>
|
|
<ul type="disc">
|
|
<li><p>3804 TCP</p></li>
|
|
<li><p>3804 UDP</p></li>
|
|
<li><p>21 TCP - done</p></li>
|
|
<li><p>49152 to 50152 TCP</p></li>
|
|
</ul>
|
|
<p style="color: #17365D; mso-ansi-language: EN-US; font-family: Arial, sans-serif;"><span
|
|
lang="EN-US" xml:lang="EN-US">FTP transfers (used when
|
|
loading configurations and firmware) use ports 49152-50152.
|
|
However, if there is only one PC online, then it will
|
|
always use 49152.  If there are 2 pcs online, then
|
|
it will use 49152 and 49153.</span></p>
|
|
<h2> </h2>
|
|
<h2>Conclusion</h2>
|
|
<p>Use of 'Virtual Private Network' to connect to Soundweb
|
|
London installations provides a convenient way of remotely
|
|
configuring, controlling and monitoring a Soundweb London
|
|
installation while maintaining security through use of
|
|
privileged user authentication and encryption of data
|
|
packets.</p>
|
|
<p>Provided that the Soundweb London installation is VPN
|
|
capable and that the connecting user has the HiQnet London
|
|
Architect design file available, the user should be able
|
|
to interact with the Soundweb London install anywhere
|
|
where there is an Internet connection available with a
|
|
reasonable bandwidth.</p>
|
|
<p>In order to maximise the probability of successful remote
|
|
operation of Soundweb London installation over a VPN,
|
|
the following guidelines are recommended: -</p>
|
|
<p> </p>
|
|
<ul>
|
|
<li class="p"><p>Choose a VPN server router which is
|
|
Microsoft VPN Client (PPTP) compatible for ease of
|
|
configuration</p></li>
|
|
<li class="p"><p>Use Firewalls / Routers / Proxy Servers
|
|
which are 'VPN aware'</p></li>
|
|
<li class="p"><p>Use Firewalls which are 'FTP aware'</p></li>
|
|
<li class="p"><p>Configure Static Routes in HiQnet
|
|
London Architect to Soundweb London devices</p></li>
|
|
<li class="p"><p>Configure 'passive' FTP in HiQnet
|
|
London Architect</p></li>
|
|
<li class="p"><p>Use fixed IP addresses for the devices
|
|
within the Soundweb London installation (no DHCP or
|
|
AutoIP)</p></li>
|
|
</ul>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
<p style="margin-bottom: 0;"> </p>
|
|
</body>
|
|
</html>
|