Ok so a little background. I work at a crematorium and our cremation machine (Retort) has an IPAD that uses a web based app to control the functions of the machine. We just setup a Business Star link account and added an Ethernet adapter to it. We have a cat6 cable running from the Starlink WiFi router to the retort and all it working fine.
When I am on the WiFi network with either my laptop or phone, I can open a browser and type in the IP for the retort. (ie. 192.168.x.x) and prompted for a username and password and then I have control of the machine
We now want to be able to control the machine and view the cremation status remotely. My understanding is I need to purchase a better Wireless Router that supports VPN (The Starlink one is very lacking in features). Disconnect the ethernet cable going from retort to Starlink router and connect it to New router and set the Starlink Router to 'Pass-Through- to an external router.
My question is, I know I need a laptop to setup the new router and the VPN service, but once it is setup, do I still need a laptop at the cremation building or will the router control everything.
Am I missing any thing?
How is the machine actually connecting to the Ipad?
You have a couple of options, depending on your technical abilities and number of people using the VPN as well. You could get a new router/gateway with a VPN built in, depending on what you go for these can sometimes be limited. Generally the more you pay the better options you’ll get.
Personally I’d go with a basic device like a Raspberry Pi/Orange Pi plug this via ethernet into the existing router. This can then have a VPN installed on it. PiVPN provides a script that can install Wireguard or OpenVPN, both have advantages and disadvantages, probably best to read up about them to see what fits your needs. You can add users via the command line and then put the access keys on the laptops/phones.
You’ll need to enable port forwarding on the router to forward the chosen VPN port to the new VPN.
Whichever option you choose you’ll also either need a static IP address or a dynamic DNS to access your VPN. DuckDNS provide this for free as a starter option, yocan put a script on the Pi to update DuckDNS each time your external IP address changes. Some routers also have a DynamicDNS option included to integrate with other Dynamic DNS providers.
There are more advanced options available for higher level security and configuration but it depends on your experience and requirements really.
If you connect to work network with a vpn you dont have to open ports and it will be like your sitting there using your phone so you will just enter the 192.168 address like normal into your browser and it will come up
You dont need the laptop for this once you have setup the router
I highly recommend you flash your own openwrt router or buy a preflashed openwrt router
This will give you lots of options for how you setup your vpn and vlans and firewalls and its secure
I think you could setup the vpn on the laptop and do it all that way but thst would not be nearly as good as having a vpn router or wrt router
Also you dont have to use passthru/bridgemode if its not available you can also just plug the second router in lan to wan, this is less preferred but it does work if needed
Via ethernet cable to an input on the machine.
Thanks for the rundown… The Starlink Business account includes a static IP. We needed the static IP as apparently the way Starlink specifies an IP, Dynamic DNS services don’t work… Anyways… I’ve always wanted to delve into the Raspberriy Pi world, but just dont have the time to research and learn it as we need this up and running ASAP. Hence why I figured a ASus or Tp-Link higher end model router would do the job as they support OpenVPN.