Project summer home: The Network
Finally I managed to get network setup running. So here is the journal of my network setup that was filled with pain of bad consumer products and incompatible network devices.
Background
The idea of adding network to the summer is to enable remote control and able to do remote work while sitting in the pier.
However, there are few technical and physical requirements for the network setup:
- Devices should take as little space as possible: I don’t want to fill the cottage up with all the devices visible like my home
- WAN connection has to be LTE Cat4 800Mhz: No other WAN connections available
- The network has to support VPN connection to Home: I want all the devices be routed as “LAN” for easier access and good integration to existing Home Assistant, since I’m not brining another instance of HA into the summer home
Because I want a VPN connection to home and my home network gear is filled with Unifi (UDM Pro as a router), I need to go with compatible devices. UDM Pro itself supports L2TP and OpenVPN site-to-site connections along with L2TP remote client, so one of those is a must from a VPN client.
Expirement #1: Telewell
I had old Telewell EAV510 AC/LTE lying in the closet so decided to try with that first. It has CAT4 LTE (150/50Mpbs) along with 1200MBPs AC-wifi. So enough for all the needs.
However, the VPN options were very limited (even though specifications clearly states that it supports both OpenVPN and L2TP). I actually managed to get the L2TP client to work, but access from home to the summer home did not work.. I could only call from cottage to home.
The OpenVPN connection did not work either, since there’s no site-to-site OpenVPN support in Telewell and UDM Pro does not support OpenVPN server.
Time to discard this approach..
Expirement #2: Asus RT-AC53U
Next I found a refurbished Asus RT-AC53U with CAT6 LTE and AC750 WiFi, again more than enough for the requirements.
However (again) the VPN options were very limited. Same as with Telewell that it should support both OpenVPN and L2TP. Again, L2TP was working nicely, but same issue with this one: I could not access the remote host ip from home. Looked like the firewall was either on or off with the Asus. By turning it completely off I did manage to get remote access, but then could the whole internet aswell! There’s no individual firewall configurations with the Asus at all.. 🙁
Time to discard this approach..
Expirement #3: Multidevice setup
Finally I decided to dump the single device solutions and try with a real router (my old trusty Edgerouter X-SFP) and Amplifi HD as wifi AP.
First I tried with the smaller Asus RT-AC53U as LTE connection point.. but as a “surprise”, it does not support bridged connection at all! What a piece of junk.. Time to return this device to the place I bought it.
Next step was to try with Telewell EAV510 AC/LTE that does support bridge mode. Works great by setting the device as a bridge and configuring Edgerouter to do OpenVPN site-to-site connection.
Great success! Now I have a site-to-site VPN connection between home network (UDM Pro) and cottage network (Edgerouter X-SFP). But I was still not happy: the old Telewell router is just too big to be placed in the cottage with these two devices around.
Time to discard this approach..
Experiment #4: Final working system
Finally I decided to keep two of the equipments: Amplifi HD WiFi AP and Edgerouter X-SFP. I only need to replace old (crappy) Telewell with a better one.
Requirements for the new LTE router was: Bridge mode, CAT4 and PoE support. A quick googling informed me about Teltonika devices. Finnish electronics store called verkkokauppa.com seemed to be selling those and found RUT240 straight from Verkkokauppa.com Oulu store so decided to give it a try (verkkokauppa.com also does offer you a 31 day free return so no risk there).
Teltonika RUT240 supports CAT4 LTE and PoE (24v) that is just what I needed, since Edgerouter X-SFP only supplies 24v. The device also had a n-class WiFi, but I disabled that as I’m using my Amplifi HD as a WiFi AP. The only set back is that Teltonika RUT240 only has 100Mbs ethernet so practically CAT4 LTE (150/50Mbps) is downgraded to 100/50Mbps. No worries there though, since 100Mbps is still enough.
That’s it! A working Site-to-site VPN with three devices where one is powered with PoE.
Conclusion
Connection has been stable for a week now and there’s enough networking capacity to record Full HD camera stream 24/7 to NVR at home. So I call it a success so far.
Note to my future self (and other that are reading this post): Stay away from crappy all-in-one consumer solutions and use ‘prosumer’ or business class devices.