Posted: Mon Feb 11, 2013 5:12 pm
by ChrisUK

We build industrial machines that are shipped all over the world. The machines have a LAN with a bunch of static IP's. The machines are identical so they have the same static IP's.
We need to occasionally connect to these machines remotely from our office to perform updates or do some diagnostics. In the past we've used the 'ewon' product and the 'Talk2M' service which lists all the machines and makes it very easy to create an ethernet bridge to one machine at a time. The ewon essentially is a router and VPN client which makes an out going connection via the customers router to the Talk2M servers on the internet. 9 times out of 10 this avoids the need to make any changes to the customers router. This solution as good as it is prohibitively expensive for our application.

I can see RouterOS is very powerful and I've managed to set up a VPN between 2 routers easily enough. However I can't figure out an easy way of managing several machines. I need to be able to bridge only one machine at a time to my local PC. What is the best way of achieving this? The best solution I can come up with is a router in my office with many VPN servers, one for each machine. Can say an RB450 host 30+ VPN servers?

Am I totally off the track with this?


Posted: Mon Feb 11, 2013 6:17 pm
by nickshore
Just get the remote routers to pptp back to your central router and then you can bridge the interface as needed.

The 450G can easily handle that many connections especially as they won't all be in use at the same time.


Posted: Mon Feb 11, 2013 6:44 pm
by ChrisUK
Hi Nick,

That makes sense. I'll give it a go.

Thanks for the advice.

Posted: Thu Mar 07, 2013 2:24 pm
by ChrisUK

I've had moderate success but it's not yet the perfect solution.

I've got 3 RB450's in machines as PPTP clients all talking back to my RB450G. These PPTP connections link to Bridge1 which is bridged to the LAN side of the RB450G. My windows PC is connected to the RB450G LAN. I'm just enabling/disabling the secret for the machine I want to talk to. This is OK but not great.

The next thing I tried was to have my Windows PC also connect with PPTP instead of directly to the RB450G LAN sockets so I can work remotely. If I link this PPTP connection to the bridge I can see whichever machine is also linked to the same bridge which is great BUT only if there is something connected to one of the LAN ports. In other words if I have two PPTP clients connected to a bridge the clients can only see each other if that bridge is linked to a physical LAN port and the port is active.

Ideally I want the RB450G to simply link together pairs of PPTP clients, so PPTP client A links to PPTP client B and then client C to D etc etc... 'A' would be a machine and B would be a Windows PC. A and B would be isolated from C and D.
I've had a go but I just can't get it to work unless I start bridging to physical ports. Any ideas?