Master site Static IP - alternative solutions
Moderator: Queue Moderator
Master site Static IP - alternative solutions
Has anyone here played with alternative solutions other then having to pay your ISP for a static IP ?
As we all know there are alternatives for paying to have a "static IP" when dealing with other computer related operations and yet achieving the same "static IP" result. Just wondering if the same will work for TRBO Site connect? Or has Motorola made this more complicated ?
I did not want to attempt this until I heard some input from people that may have been already playing with this..
As we all know there are alternatives for paying to have a "static IP" when dealing with other computer related operations and yet achieving the same "static IP" result. Just wondering if the same will work for TRBO Site connect? Or has Motorola made this more complicated ?
I did not want to attempt this until I heard some input from people that may have been already playing with this..
Keep the flames to yourself.
- blackwater
- Posts: 50
- Joined: Fri Dec 03, 2010 12:45 pm
- What radios do you own?: XTS-5000, APX 7000 8/U
Re: Master site Static IP - alternative solutions
Take it for what its worth, but from my research I was under the impression that you could do DHCP to the router, then set a static from the router to repeater and that would cover the issue.
Re: Master site Static IP - alternative solutions
The only unit that requires a static IP address is the master.
You can also buy a product like Rayfield's C-Bridge which you can put in a data center and will act as a master. The rest of the devices that connect will not need static's as mentioned above.
cBridge is a very cool product and they are actively improving and adding features as they go. There are a number of ham trbo networks which are experimenting with it now.
The Yahoo! group Mototrbo and MTUSA I believe are the two very active lists.
Alex
You can also buy a product like Rayfield's C-Bridge which you can put in a data center and will act as a master. The rest of the devices that connect will not need static's as mentioned above.
cBridge is a very cool product and they are actively improving and adding features as they go. There are a number of ham trbo networks which are experimenting with it now.
The Yahoo! group Mototrbo and MTUSA I believe are the two very active lists.
Alex
The Radio Information Board: http://www.radioinfoboard.com
Your source for information on: Harris/Ma-Comm/EFJ/RELM/Kenwood/ICOM/Thales, equipment.
Your source for information on: Harris/Ma-Comm/EFJ/RELM/Kenwood/ICOM/Thales, equipment.
Re: Master site Static IP - alternative solutions
blackwater wrote:Take it for what its worth, but from my research I was under the impression that you could do DHCP to the router, then set a static from the router to repeater and that would cover the issue.
Yes that was my impression also, but a few other people are telling me that wouldn't work.
Has anyone here actually done it?
Keep the flames to yourself.
Re: Master site Static IP - alternative solutions
Alex. I understand what you are saying and I am aware of the C-Bridge technology. But what I am trying to do is come up with a alternative other then "PAYING" the monthly fee for a static IP for the Master.
I know there are several ways to accomplish the loophole around "static IP" with servers but unsure if those methods will work with Site connect or not. I guess I am looking for input on someone that has already tried this and give me some guidance before I proceed.
I know there are several ways to accomplish the loophole around "static IP" with servers but unsure if those methods will work with Site connect or not. I guess I am looking for input on someone that has already tried this and give me some guidance before I proceed.
Keep the flames to yourself.
Re: Master site Static IP - alternative solutions
That's easy then.
Build a VPN between all sites. Setup your own IP addressing scheme within the VPN tunnel. Most VPN devices will allow you to make connections based off of DNS queries (unlike Trbo) so if the tunnels change IP's there should be very little interuption on the actual network.
This will probably also increase your security ten fold as the radio network will be isolated from the internet.
When you need to run tools like RDAC or other applications you can VPN in and connect to the network.
Alex
Build a VPN between all sites. Setup your own IP addressing scheme within the VPN tunnel. Most VPN devices will allow you to make connections based off of DNS queries (unlike Trbo) so if the tunnels change IP's there should be very little interuption on the actual network.
This will probably also increase your security ten fold as the radio network will be isolated from the internet.
When you need to run tools like RDAC or other applications you can VPN in and connect to the network.
Alex
The Radio Information Board: http://www.radioinfoboard.com
Your source for information on: Harris/Ma-Comm/EFJ/RELM/Kenwood/ICOM/Thales, equipment.
Your source for information on: Harris/Ma-Comm/EFJ/RELM/Kenwood/ICOM/Thales, equipment.
Re: Master site Static IP - alternative solutions
Nice idea, Alex. I've used the UT-3300, from Datacom-for-Business (dcbnet.net), for setting up simple, solid, and fast VPN connections. They should work well for this application, and they'll support Dynamic DNS. Use this with a service like DynDNS (dyndns.com) and you've got a nice, easy-to-setup, and easy-to-maintain, VPN network.
John Rayfield, Jr.
John Rayfield, Jr.
Re: Master site Static IP - alternative solutions
I have used the Linksys/Cisco branded RV042 for this very purpose. It took me a great deal of hair-pulling in their counter-intuitive labeling of the key setting to get it to work, but once I did it worked swimmingly. In fact, once I saved the proper dynamic DNS setting the thing set up the tunnel before I even knew what had happened and things just started working. This was for a RoIP project with a couple gateways on either end of the VPN tunnel. If you're interested I'll look up the setting name to use, because it's not the obvious choice in the drop-down listbox.
The routers go for about $180 each at last check.
They even have a PC client that supposedly lets you access the VPN from, say, a laptop out on the road, but I never could get that to work. Maybe I'll take another whack at that.
The routers go for about $180 each at last check.
They even have a PC client that supposedly lets you access the VPN from, say, a laptop out on the road, but I never could get that to work. Maybe I'll take another whack at that.
Re: Cisco/Linksys RV042 VPN settings
Here are the crucial settings that I found to work in the RV042 for setting up a VPN using dynamic DNS names instead of i.p. addresses. The settings that I don't list here are obvious and dependent on your local needs.
Local Group Setup
- Local security gateway type = IP + Domain name(FQDN) authentication
- Domain name = abc.dnsalias.com (whatever name you reserved at dyndns.com)
- set whatever private i.p. range or full subnet you use at the local end (the end where you will put this box)
Remote Group Setup
- Remote security gateway type = IP + Domain name(FQDN) authentication
- Below that, select "IP by DNS Resolved" and type in the dynamic domain name of the other end of the VPN link, like xyz.dnsalias.com
- Domain name = xyz.dnsalias.com
- set whatever private i.p. range or full subnet you use at the remote end (the other end where the other box will be)
IPSec Setup
Keying mode = IKE with Preshared Key
- Phase 1 DH group = group 1
- Phase 1 encryption = AES-256
- Phase 1 authentication = SHA1
- Phase 1 SA life time = 28800 seconds
- Perfect Forward Secrecy = checked
- Phase 2 DH group = group 1
- Phase 2 encryption = AES-256
- Phase 2 authentication = NULL
- Phase 2 SA life time = 3600
- Preshared key = a really long, non-obvious string of numbers and mixed case letters, then store it in a safe place in case you need it in the future if this thing loses its cookies
Click "Advanced" button to open up some more settings
Keep-alive = checked
Dead peer detection = checked
Dead peer detection interval = 10 seconds
Local Group Setup
- Local security gateway type = IP + Domain name(FQDN) authentication
- Domain name = abc.dnsalias.com (whatever name you reserved at dyndns.com)
- set whatever private i.p. range or full subnet you use at the local end (the end where you will put this box)
Remote Group Setup
- Remote security gateway type = IP + Domain name(FQDN) authentication
- Below that, select "IP by DNS Resolved" and type in the dynamic domain name of the other end of the VPN link, like xyz.dnsalias.com
- Domain name = xyz.dnsalias.com
- set whatever private i.p. range or full subnet you use at the remote end (the other end where the other box will be)
IPSec Setup
Keying mode = IKE with Preshared Key
- Phase 1 DH group = group 1
- Phase 1 encryption = AES-256
- Phase 1 authentication = SHA1
- Phase 1 SA life time = 28800 seconds
- Perfect Forward Secrecy = checked
- Phase 2 DH group = group 1
- Phase 2 encryption = AES-256
- Phase 2 authentication = NULL
- Phase 2 SA life time = 3600
- Preshared key = a really long, non-obvious string of numbers and mixed case letters, then store it in a safe place in case you need it in the future if this thing loses its cookies
Click "Advanced" button to open up some more settings
Keep-alive = checked
Dead peer detection = checked
Dead peer detection interval = 10 seconds