This simple and easy solution is feasible for small networks with up to about 20 M!DGE/MG102i units. Note that the center reliability in this arrangement is limited by the reliability of the GPRS/UMTS/HSPA service in the central location.
This solution is possible if
you have your own APN within the defined private IP subnet.
all the units within the general “internet” APN have public IP addresses which are given statically or dynamically (usage of Dynamic DNS is a must in this case).
The central unit must be reachable from all clients. The central unit must have the public IP address which can either be static or dynamic. In case of dynamic IP address, the dynamic DNS functionality has to be configured and enabled.
The clients can have static or dynamic IP address even within the private range, thus not reachable from “Internet”. After establishing the VPN tunnel with the server, the subnets between the server and clients are reachable as required.
VPN Tunnels have to be initialized from remotes to the center. The M!DGE/MG102i in the center is capable to simultaneously handle up to 10 OpenVPN tunnels (or up to 25 with Server feature key) and 4 IPsec tunnels. This means that up to 25 remote units are possible for the first application and other four units for the second application.
VPN tunnels bring some additional overhead which causes higher data volume. Keep this in mind if paying to the service provider per data volume and not a fixed sum of money.
When a higher number of tunnels (i.e. a higher number of remote units) is required, VPN concentrator has to be used – a special router (e.g. CISCO) for IPsec tunnels or an ordinary PC (Linux/Windows) for OpenVPN tunnels.
Two M!DGE/MG102i units with Virtual Router Redundancy Protocol (VRRP) functionality can be used. The VRRP creates one virtual IP address for both units and this IP address is active for the local LAN. Two independent SIM cards (one in each unit) are used for obtaining public mobile IP addresses. The OpenVPN tunnel is the recommended tunnel type.
In the picture above, there is an additional VPN concentrator as a VPN server. We can also use M!DGE units to be the OpenVPN servers and configure clients to connect to one of them primarily and use the second one as a backup solution.[nový obrázek, kde nebude VPN concentrator – tam bude místo toho switch. A u M!DGE jednotek bude VPN server (primary, backup).
This solution increases the hardware reliability of the center. A redundant VPN concentrator (cluster) solution may be used to further improve the reliability. However a leased line to the GSM operator center is more reliable solution and it is recommended whenever the reliability of the network really matters.