Mark Rogers wrote:
Suppose I have a network device (not a PC, but it talks TCP/IP - eg a printer, although in this case it'll be some industrial hardware), and I want to install it on a customer's site in such a way that I want to be able to securely access it remotely with minimal changes at the customer's site.
One option is to have a little black box which makes an outbound connection through the site's Internet connection to connect to a VPN, and in doing so providing access to the network device.
Any suggestions for that little black box, and for how to configure it?
I am assuming of-course that the little black box will be Linux based.
I have seen some industrial solutions which (I think) allow both the client (some block in an office at his PC) and the device to set up a small peer-to-peer secure network using a third party mediation server to allow the connections to establish (similar to the ways that stuff like Skype, Hamachi, etc work). However they're very expensive (typically £500+ at each end) and I'd rather have something I have more control over anyway. (If that means running my own mediation server that's not necessarily a problem.)
However, there may be simpler options: the black box connects to the office's PPTP VPN, and creates a local NAT'ed subnet with port forwarding through the NAT router to allow device access, etc. (If it sounds like I'm waffling it's because I don't really know what I'm talking about :-)
This might do it, although it seems to have far too much functionality: http://www.ebox-platform.com
It supports OpenVPN, which will do all you want and more.
Cheers, Laurie.