View previous topic :: View next topic |
Author |
Message |
Guest
|
Posted: Sat Mar 20, 2004 3:15 pm Post subject: Connecting Firstspot via the Internet |
|
|
Hey guys,
I think question has been semi asked in these forums but never fully answered. Can i have a setup like this? AP>Router>DSL modem>Internet>DSL modem>Router>FirstSpot>Router>DSL modem>Internet? In this senario all the traffic will be comming in from the internet, passing through the FirstSpot then out therough the internet and to the hotspots so the hotspots will only need normal connections but the connections at FirstSpot will need to have large bandwidth. Obviously all Internet connections will have static IP addresses but how would the users be able to authenticate with their IP addresses given to them by the DHCP in the AP? Is it ok to have each site with one public IP and then each AP give out private IP addresses? The only reason this is economical is there are some ISPs here that don't charge for megabytes passed between connections on its network. Setting up a VPN with an ISP would be unechnomical for us as they cost too much. Also is it possable for firstspot to authenticate over the internet and once it has, the internet is passed into the userfrom the internet connection at the hotspot and not from the internet connection at FirstSpot?
thanks
david... |
|
Back to top |
|
|
kevin Forum facilitator
Joined: 26 Sep 2003 Posts: 442
|
Posted: Sun Mar 21, 2004 4:26 am Post subject: |
|
|
Hello David,
If you're planning to have one copy of FirstSpot installed to take care ALL of different hotspot locations. The below would be the easiest one:
At each hotspot location:
client machines == APs == router with VPN function == INTERNET
At the centralized site:
INTERNET == VPN router == FirstSpot server == an uplink pipe to the Internet
A few points to note:
1) you don't have to ask your ISP to set up the VPN connection for you, simply get some VPN appliances. Then you can use a normal DSL/ cable connection to form a tunnel from each hotspot to the centralized FirstSpot.
2) point 1 is possible because in FirstSpot Adv Edition, it supports Multiple Network Segment; which makes FirstSpot identifies correctly the right IP address range assigned to clients from different network segments of hotspots. You need to use the ip-based session handling instead of MAC-based in this case.
3) if you want FirstSpot to distribute all ip addresses to clients from different network segments, please also make sure the VPN router supports DHCP relay so that dhcp request from your client machines CAN passthrough the router to reach FirstSpot machine. Or you can use a DHCP server at each hotspot router to take care of the ip address distribution.
4) for minimal spending, you only need ONE fixed public ip for the centralized site. Each hotspot location requires only dynamic ip, if the VPN tunnel is established from the hotspot end.
People may think the ideal case would be having traffic passing through the centralized FirstSpot ONLY for authentication purpose and then go out directly at each hotspot location. But this would require some control at your router or client machines at each hotspot location. E.g. asking the router to pass authentication request to FirstSpot via VPN tunnel and then all others out to the Internet directly. But then the router would also need built-in logics to stop a user request when his airtime credit is used up, after idle timeout is over, etc. This explains such topology would require a very proprietary equipment at each location and the backend site. We haven't seen a viable one in the market yet; even there's one, it would be very expensive and creates a lock-in to their proprietary brand and models.
If you don't want to create VPN tunnels at each location; you can consider installing FirstSpot Std Ed at each location and having each talking to a centralized MySQL user database. We're having customers doing this quite happily too.
~ Patronsoft Limited ~
Last edited by kevin on Mon Jan 03, 2005 2:25 am; edited 1 time in total |
|
Back to top |
|
|
xnp
Joined: 02 Jun 2004 Posts: 20 Location: Los Angeles
|
Posted: Sun Jan 02, 2005 8:52 pm Post subject: |
|
|
Hi,
I have a couple of questions regarding the setup at the centralized topology above.
At each hotspot location:
client machines == APs == low-cost router with VPN function == INTERNET
I have an all in one AP/VPN router. Do I turn the DHCP on or off?
At the centralized site:
INTERNET == VPN router == FirstSpot server == an uplink pipe to the Internet
I have an VPN router with 8 ports, wan1 port, and wan2/dmz port.
Do I connect the INTERNET into the WAN port of the VPN router?
From the VPN router, do I connect to the private NIC or public NIC of FirstSpot Server from one of the 8 ports or from the DMZ port?
From the FirstSpot server, from which NIC (private or public) do I connect it back to the uplink pipe to the internet? (what device do you recommend for the uplink pipe?)
Thank you |
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
|
Powered by phpBB © 2001, 2005 phpBB Group
| |