Suggestions on accessing an embedded box

Hi All - Perhaps someone can provide a suggestion about
this problem. Apologies in advance if I haven't used the
correct terminology; I'm just trying to come up to speed
here...

Thanks in advance for any suggestions !
Best Regards, Dave

== Background ==
- Embedded boxes in the field need periodic remote access
from the factory to grab log files, install new software, etc.
- The boxes have minimal linux 2.4.23 kernal installed
- The boxes have a GPRS-capable modem
- Sending an SMS to the box can trigger the box to establish
a GPRS connection using PPP.
- The PPP server provided by the telecom carrier sits in back
of a NAT box of some sort and cannot be directly accessed
by the factory.
- The factory technician may be connected to the internet
in numerous ways but can often be behind a NAT as well.
- We need a defined method for the technician to access the
box; presumably a gateway/router at a known location
that both ends can connect to.

== Attempt1 ==
- StrongVPN.com advertises they can provide a tunnel with
- a static IP address for the box
- a different static IP address for the technician
- a bridge between these two
Unfortunately, haven't managed to get it working yet.

Ideas ???

On Tue, 18 Nov 2008 07:21:13 -0800 (PST), DRN <(E-Mail Removed)> wrote:
> Hi All - Perhaps someone can provide a suggestion about
> this problem. Apologies in advance if I haven't used the
> correct terminology; I'm just trying to come up to speed
> here...

> Thanks in advance for any suggestions !
> Best Regards, Dave

You do provide some details, but perhaps not enough to advise.
If you're looking at StrongVPN, then other VPN software such
as OpenVPN might also work, and be easier to install.

Some other questions/comments below.

> == Background ==
> - Embedded boxes in the field need periodic remote access
> from the factory to grab log files, install new software, etc.
> - The boxes have minimal linux 2.4.23 kernal installed
> - The boxes have a GPRS-capable modem
> - Sending an SMS to the box can trigger the box to establish
> a GPRS connection using PPP.

To where? To a central server on the factory LAN? Could it
then act as a gateway back from the LAN to the embedded box?

> - The PPP server provided by the telecom carrier sits in back
> of a NAT box of some sort and cannot be directly accessed
> by the factory.

Then what are the capabilities of the NAT box? Is it internet
addressable? Can it be set to route connections back to the
embedded box? Where is the PPP server (network-wise)? On the
factory LAN?

> - The factory technician may be connected to the internet
> in numerous ways but can often be behind a NAT as well.
> - We need a defined method for the technician to access the
> box; presumably a gateway/router at a known location
> that both ends can connect to.

Again, what are the embedded machines PPP-ing to?

> == Attempt1 ==
> - StrongVPN.com advertises they can provide a tunnel with
> - a static IP address for the box
> - a different static IP address for the technician
> - a bridge between these two
> Unfortunately, haven't managed to get it working yet.

As above, try OpenVPN.

> Ideas ???

Hire a consultant and give him a complete network diagram,
both physical and conceptual (what traffic is allowed to
flow over bridges/routers).

Connection details matter greatly when trying to determine
how to connect.

--
Dale Dellutri <(E-Mail Removed)> (lose the Q's)

On Nov 18, 2:22*pm, Dale Dellutri <ddelQQQl...@panQQQix.com> wrote:
> On Tue, 18 Nov 2008 07:21:13 -0800 (PST), DRN <d...@nadler.com> wrote:
> > Hi All - Perhaps someone can provide a suggestion about
> > this problem. Apologies in advance if I haven't used the
> > correct terminology; I'm just trying to come up to speed
> > here...
> > Thanks in advance for any suggestions !
> > Best Regards, Dave
>
> You do provide some details, but perhaps not enough to advise.
> If you're looking at StrongVPN, then other VPN software such
> as OpenVPN might also work, and be easier to install.

I am using OpenVPN with StrongVPN as the server provider.

> Some other questions/comments below.
>
> > == Background ==
> > - Embedded boxes in the field need periodic remote access
> > * from the factory to grab log files, install new software, etc.
> > - The boxes have minimal linux 2.4.23 kernal installed
> > - The boxes have a GPRS-capable modem
> > - Sending an SMS to the box can trigger the box to establish
> > * a GPRS connection using PPP.
>
> To where? *To a central server on the factory LAN? *Could it
> then act as a gateway back from the LAN to the embedded box?

As explained in the next bullet:
The PPP connection is to a server of the telecom provider.
The telecom providers are all different so its a bad place
to try do anything other than outbound PPP, which most
support for a GPRS connection.

> > - The PPP server provided by the telecom carrier sits in back
> > * of a NAT box of some sort and cannot be directly accessed
> > * by the factory.
>
> Then what are the capabilities of the NAT box? *Is it internet
> addressable?
No...

> Can it be set to route connections back to the embedded box?
No...

>*Where is the PPP server (network-wise)? *On the
> factory LAN?

As above, provided by the carrier...

> > - The factory technician may be connected to the internet
> > * in numerous ways but can often be behind a NAT as well.
> > - We need a defined method for the technician to access the
> > * box; presumably a gateway/router at a known location
> > * that both ends can connect to.
>
> Again, what are the embedded machines PPP-ing to?

Again, the carrier's PPP server.

> > == Attempt1 ==
> > - StrongVPN.com advertises they can provide a tunnel with
> > * - a static IP address for the box
> > * - a different static IP address for the technician
> > * - a bridge between these two
> > Unfortunately, haven't managed to get it working yet.
>
> As above, try OpenVPN.
>
> > Ideas ???
>
> Hire a consultant and give him a complete network diagram,
> both physical and conceptual (what traffic is allowed to
> flow over bridges/routers).
>
> Connection details matter greatly when trying to determine
> how to connect.

I'm looking for topology and connectivity suggestions...
Thanks !

On Tue, 18 Nov 2008 14:44:04 -0800 (PST), DRN <(E-Mail Removed)> wrote:
> On Nov 18, 2:22?pm, Dale Dellutri <ddelQQQl...@panQQQix.com> wrote:
> > On Tue, 18 Nov 2008 07:21:13 -0800 (PST), DRN <d...@nadler.com> wrote:
> > > Hi All - Perhaps someone can provide a suggestion about
> > > this problem. Apologies in advance if I haven't used the
> > > correct terminology; I'm just trying to come up to speed
> > > here...
> > > Thanks in advance for any suggestions !
> > > Best Regards, Dave
> >
> > You do provide some details, but perhaps not enough to advise.
> > If you're looking at StrongVPN, then other VPN software such
> > as OpenVPN might also work, and be easier to install.

> I am using OpenVPN with StrongVPN as the server provider.

> > Some other questions/comments below.
> >
> > > == Background ==
> > > - Embedded boxes in the field need periodic remote access
> > > ? from the factory to grab log files, install new software, etc.
> > > - The boxes have minimal linux 2.4.23 kernal installed
> > > - The boxes have a GPRS-capable modem
> > > - Sending an SMS to the box can trigger the box to establish
> > > ? a GPRS connection using PPP.
> >
> > To where? ?To a central server on the factory LAN? ?Could it
> > then act as a gateway back from the LAN to the embedded box?

> As explained in the next bullet:
> The PPP connection is to a server of the telecom provider.
> The telecom providers are all different so its a bad place
> to try do anything other than outbound PPP, which most
> support for a GPRS connection.

> > > - The PPP server provided by the telecom carrier sits in back
> > > ? of a NAT box of some sort and cannot be directly accessed
> > > ? by the factory.
> >
> > Then what are the capabilities of the NAT box? ?Is it internet
> > addressable?
> No...

If machines on the outside can't address the PPP server (because
its buried in the telecom provider network) and can't address the
NAT box, then you're describing a connection from the embedded
machines that can't go anywhere. If the NAT box isn't internet
addressable, then it can't get on the internet. So that's the end
point of the embedded machines connection. In this case, I don't
see what good an Open/StrongVPN connection to anywhere will do.

Or did you mean that you don't know the internet address of the
NAT box in a reliable way? In other words, you don't know what
address it will have when an embedded machine connects to it.
In this case, can it connect to a server you control? Once it does,
if it does, can you send commands back along the connection from
the server to the embedded machine?

I think I'll stop commenting. I just don't understand the physical
and conceptual topology of the networks you're describing.

Sorry

<snipped>

--
Dale Dellutri <(E-Mail Removed)> (lose the Q's)

On Nov 19, 1:29*pm, Dale Dellutri <ddelQQQl...@panQQQix.com> wrote:
> If machines on the outside can't address the PPP server (because
> its buried in the telecom provider network) and can't address the
> NAT box, then you're describing a connection from the embedded
> machines that can't go anywhere. *If the NAT box isn't internet
> addressable, then it can't get on the internet. *So that's the end
> point of the embedded machines connection.

Here's a good introduction to NAT, which explains why the
above is incorrect:

http://en.wikipedia.org/wiki/Network...ss_Translation

On Nov 18, 10:21*am, DRN <d...@nadler.com> wrote:
> Hi All - Perhaps someone can provide a suggestion about
> this problem. Apologies in advance if I haven't used the
> correct terminology; I'm just trying to come up to speed
> here...
>
> Thanks in advance for any suggestions !
> Best Regards, Dave
>
> == Background ==
> - Embedded boxes in the field need periodic remote access
> * from the factory to grab log files, install new software, etc.
> - The boxes have minimal linux 2.4.23 kernal installed
> - The boxes have a GPRS-capable modem
> - Sending an SMS to the box can trigger the box to establish
> * a GPRS connection using PPP.
> - The PPP server provided by the telecom carrier sits in back
> * of a NAT box of some sort and cannot be directly accessed
> * by the factory.
> - The factory technician may be connected to the internet
> * in numerous ways but can often be behind a NAT as well.
> - We need a defined method for the technician to access the
> * box; presumably a gateway/router at a known location
> * that both ends can connect to.
>
> == Attempt1 ==
> - StrongVPN.com advertises they can provide a tunnel with
> * - a static IP address for the box
> * - a different static IP address for the technician
> * - a bridge between these two
> Unfortunately, haven't managed to get it working yet.
>
> Ideas ???

A followup: With *excellent* assistance from StrongVPN.com
tech support, the above tunnelling solution is now working.

I'm still interested if anyone can think of a simpler/better
way of accomplishing this (other than using a 3rd party
service).

Thanks in advance,
Best Regards, Dave

PS: Note on the openvpn tunnel: As this establishes an
outbound connection from in back of the telecom NAT,
and on a single well-known port, it effectively gets the
telecom NAT gets out of the way... But is there an
easier solution ??