I’m an automation engineer, networks are baby steps to me.
So many industrial machines are kept offline, often we need to diagnose the PLC (machine computer) on site (ethernet connection + expensive engineering software. By murphy’s laws, often the bug happens when we’re off site or just to far to reach machine and diagnose it.
For those there are these “automation gateways”, its a LTE modem + router which creates a Cloud VPN (i guess) to connect to plc and diagnose.
I don’t have one of those nor boss wants to buy it, but I’ve a DRW-922 LTE router + RB951, cool.
I want to leave this RB + LTE connected to the machine, when it goes bad I can remotely connect and diagnose, nice, but HOW?
AFAIK the LTE won’t give me a public IP, so I cant make a simple VPN.
My RB is MIPS based, so no zerotier for me.
You will not be able to use wireguard since you dont have a public IP.
BTH wireguard a viable solution normally, but wont work either because you need an ARM or tile device.
Your best bet and would support ALL the devices you need to monitor is to one time buy a CHR license and then put that on a rented cloud server $7 a month or so.
Then you could connect the device via wireguard to the CHR and from any remote location you could connect to CHR and thus the device.
This is a useful and practical business model and practice and your boss is a phucking douchebag for not supporting your work.
Yeah ZeroTier works pretty well for these cases. While WireGuard and EoIP+IPSec be alternatives if you have a public IP someplace where you can do port forwarding… But without a public IP, you need another router someplace with a public IP that the MIPS RB951 will initiate a connection, and the remote engineer also connect VPN to same 2nd router to bridge them.
You’d likely be better off just buying a newer router, even some hEX refresh or hAPlite likely work fine if need is troubleshooting remote PLC devices since it’s likely not a lot of traffic. ZeroTier is pretty robust at punching firewalls, that’s hard to replicate IMO. And you’d spend more time trying to cobble some solution using a 2nd router (or cloud-based CHR router), than just upgrading the router to an ARM-based on…
The reason I recommend the CHR approach, or BTH VPN for that matter is for privacy.
Zerotier is still traffic going through their servers and some companies may be leery of someone tapping into their networks without complete assurances of privacy
Disagree with AMMO, CHR is easy peasy and works well. Perhaps not as easy as zerotier but I am not proficient at it to compare.
Agree with ammo above and jaclaz below, that a hex refresh is cheap and a new arm device and would allow you to do BTH VPN, no need for CHR, license or zerotier.
An ax-lite or hex refresh is 60 bucks or so, try converting that in minutes/hours/days (depending on where you are located) of engineer time, + minutes/hours/days of industrial machine production margin, usually (not always, but often enough) bosses are sensible to this way to present them technical solutions.
Most commercial VPN services (Nord, SurfShark, etc.) don’t allow port forwarding, so that not a viable options. I’ll offer that you can often host CHR at VPS, the CHR docs list tested providers, so are as cheap as $5-10/month, which on par with a VPN.
And there are no containers on the RB951 either, so that’s not an options. And, whether OpenWRT works or not, IDK, but recent fireware makes installing it harder/impossible AFAIK…
So if your stuck one the MIPS router, and have no public IP or port forwarding on either side of VPN, then options are pretty limited.
Now → purchase CHR license and rent cloud server ( using wireguard and will allow multiple connections from field devices and you ) Cost of CHR license one time, recurring $7 per month
Now → purchase ARM hex refresh and start accessing devices remotely using the built-in BTH wireguard VPN. $69 one time purchase. Can be used at any site with LTE modem/router so portable and reusable.
(depending on where you are located) of engineer time, + minutes/hours/days of industrial machine production margin, usually (not always, but often enough) bosses are sensible to this way to present them technical solutions.