Help requested on interesting networking challenge (vpn, nat, etc).


  • Hi,

    I figured this would be a good forum to ask for help on…

    I have some constraints when trying to deploy a small 2 camera system at a remote site.  Maybe someone can fill in the gap I've not yet figured out...

    My system looks like the one pictured in the attachment, but the system in green is what I'm trying to add in.

    I have a few challenges...  My internet connection is Wifi only, whereas my video recorder has no method of getting internet via wifi.  The current plan is to run a direct ethernet cable from the video recorder to the remote Windows PC's spare nic, and use the built in internet sharing system to share the wifi connection over to the ethernet with the video box connected.

    Assuming I get that working, the video box now has "internet", but it is behind 2 NAT firewalls and knows nothing of the VPN connection.  The Windows PC however does know about the VPN connection.

    I feel like what I need is a proxy so that I can request resources from the Windows PC, and it forwards the requests over to the video recorder instead... streaming and web traffic, etc.

    Anyone have any ideas how I can get this double NAT-firewalled closed source video box on the virtual VPN network at my local site?

    Some sort of relay or proxy on the remote Windows PC?  Add a raspberry pi between the 4G puck and the video box?  What technologies can help?

    Thanks.
    ![2015-01-30 16_00_42-Camera VPN_ Lucidchart.png](/public/imported_attachments/1/2015-01-30 16_00_42-Camera VPN_ Lucidchart.png)
    ![2015-01-30 16_00_42-Camera VPN_ Lucidchart.png_thumb](/public/imported_attachments/1/2015-01-30 16_00_42-Camera VPN_ Lucidchart.png_thumb)


  • The ideal solution would be to use something like a hardware wireless client that also has several ethernet adapters that you can plug your cameras into.

    Why are you wireless only?  Are you double NATed?

    (sorry - pic didn't load at first)

    Looks like your VPN server is in the wrong place to make this happen unless its a bridged network?

  • LAYER 8 Netgate

    I would see if I could get a 4G adapter working reliably under pfSense, let pfSense open the VPN client connection (if not a site-to-site) and just put the windows PC and the camera host on the LAN.

    ETA: Please clarify.  Is your remote WAN Wi-Fi (802.11 /a/b/g/n/ac) or 4G/cellular?


  • @Derelict:

    I would see if I could get a 4G adapter working reliably under pfSense, let pfSense open the VPN client connection (if not a site-to-site) and just put the windows PC and the camera host on the LAN.

    ETA: Please clarify.  Is your remote WAN Wi-Fi (802.11 /a/b/g/n/ac) or 4G/cellular?

    My actual 'LAN' is very limited, controlled by the client company.  I have limited physical space as well, and no other computer (though I could maybe fit an R-Pi).

    The WAN system is 4G cellular radio with a built in NAT router / AP that broadcasts its own SSID / WLAN.  Consumer grade stuff basically, not actual WiFi based WAN.


  • @kejianshi:

    The ideal solution would be to use something like a hardware wireless client that also has several ethernet adapters that you can plug your cameras into.

    Why are you wireless only?  Are you double NATed?

    (sorry - pic didn't load at first)

    Looks like your VPN server is in the wrong place to make this happen unless its a bridged network?

    The VPN server is at my local site.  So, I guess technically a site-to-site setup would work, but would require another pfSense box on hand and in the same cabinet.  Then I would need a small private LAN for the Windows PC and the Camera Recorder.

    I am single NAT'ed by the 4G <-> Wifi unit, which is my only access to the outside world (internet).  To solve the "no wifi on the video box" problem, I can share the wifi internet on my Windows PC, which then becomes double NAT'd.  I don't think that is a problem if I could VPN client out of that NAT system into my local pfsense server, as it would tunnel through both NATs I assume.

    I am trying to achieve this without additional hardware, the best I have come up with is a Raspberry pi in a bridge mode, but with a VPN Client connection included that "dials home" to the home office.

    This, plus VPN connection:
    https://rbnrpi.wordpress.com/project-list/wifi-to-ethernet-adapter-for-an-ethernet-ready-tv/