Thursday, March 14, 2019

Looking for a VPN router, but not the "normal" kind. Not even sure of the correct terminology for what I need.

Sorry in advance for the wall of text, but I don't know how better to explain what I'm looking for than to explain how and why I need it.

I work for an HVAC controls and building automation company. We install and maintain control systems in commercial and industrial buildings. In order to support these systems, we need to remotely access our controllers, and that means opening ports. As you can imagine, the IT departments in these buildings are pushing back harder and harder against this. I understand why they don't want to do it, and they're not wrong, but their bosses and my bosses still expect me to do my job, and that requires access. In a perfect world, they would get a separate internet connection for our controllers so we don't have to deal with their network security at all, but the world isn't perfect and management usually doesn't want to pay for a separate connection.

Teamviewer is helpful to get around some of the issues. As long as we have a PC on their network that has internet access (some of our installations require a windows machine as a server anyway), we can remote in and do some of what we need to do. But sometimes we need direct access to the individual controllers, and teamviewer only gets us into the PC. Plus, not every site has one of "our" computers as part of the installation where we can install teamviewer.

This seems like the perfect situation for a VPN router, but not the sort you find when you google "VPN router".

I need to separate out our equipment onto a separate network, and be able to connect to that network remotely without having to beg/bribe/threaten network administrators to open any ports. I know teamviewer can do this (to establish a VPN connection to the PC, at least), so there must be an actual router that does it. I believe it's called tunneling. As far as the building's network is concerned, all it would see is our router sending regular old encrypted web traffic on normal web ports. I assume the router would have to connect to some sort of server to be told when to allow incoming connections, since without any open ports, I wouldn't be able to initiate a connection remotely.

What is this sort of setup even called? Are there any off-the-shelf routers/services that do this in a relatively plug-and-play fashion, or will it need to be hacked together? Is any of this even plausible, or should I just give up and go back to wrestling with IT admins?

For those that slogged through all that, thank you.



No comments:

Post a Comment