M!DGE/MG102i units support several VPN types. Based on your application, number of clients, topology and other factors, the most suitable option should be selected.
RACOM recommends using either OpenVPN or IPsec. Both are very secure and robust solutions. IPsec is very common for point-to-point tunneling or it’s typically used with some bigger VPN concentrator such as CISCO. OpenVPN is very common for interconnecting large environments and M!DGE/MG102i can serve as the VPN server for up to 25 clients. If higher number of clients is required, a special VPN concentrator needs to be installed.
A special software feature key (Server extension) must be ordered to provide the support for 25 OpenVPN clients. Our routers support up to 10 OpenVPN clients without this key.
PPTP is a very common solution, usually for connecting Windows PC to the M!DGE/MG102i, but should be used only if other options are not possible. The PPTP security algorithms have already been broken and it’s not as secure as IPsec or OpenVPN. GRE tunnel is useful for routing subnets among the units, because it also creates a special “greX” interface and it’s possible to define as many routes as needed. Keep in mind that GRE is not encrypted, the packets are just wrapped into the GRE header and they can be easily eavesdropped. These notes are not issues of RACOM, but they come from general implementation of those protocols.
Refer to our Introduction application note for APN and IP differences obtained from your mobile operator. In general, VPN or any other service can work over Mobile connection smoothly, but take into account several “must-have” requirements. In case of public APN, the VPN server must have a public IP address. It can be a static IP (optimal solution) or dynamic IP, but in such a case Dynamic DNS service has to be configured and set in M!DGE2 and third party service provider. All the VPN clients can have dynamic IP addresses, but the server hast to be accessible from the Internet – i.e. it has to have a public IP address. Another option is to have a closed and private APN (no Internet access) in which all your devices can “see” each other. Talk to your operator about services and options they can offer you. All the examples within this application note use our private RACOM APN.
See the following examples for details.