Initial Information on Setup

[wmtprojectsforum]

The Board has now approved the establishment of a VPN Server to allow remote access to the Pis, particularly during the COVID19 lockdown period. After the lockdown is finished (which may not be for a considerable time for some who have shielding individuals in their households), the decision will be taken whether to remove the Server or leave it to assist in ongoing maintenance and monitoring of the system going forwards.

Clearly, security is key to this and advice has been sought from Paul Tyson, (who most of us know) because he was an IT Manager and Administrator before retiring recently. A high level design has been agreed based around using a Raspberry Pi to act as the VPN Server. There are a number of Tutorials available on the Internet to describe how this could be done; the most recent of this that I've found is https://www.electromaker.io/tutorial/bl ... vpn-server. This includes a very detailed video explaining everything from the Raspbery Pi setup using OpenVPN (and a script called PiVPN to make installation and configuration easy) to the setting up of clients on Windows, MacOS, iOS, etc. The video is about 35 minutes long, but it is worth a look, partly because it throws up some questions which we will have to address. I'll do a separate Topic to cover the questions.

Even if you can't spare 35 minutes, then the following segments are worth a look:

• 9 Minutes - Dynamic DNS.
• 10 Minutes - Office Router setup.
• 19 Minutes - More Office Router setup.
• 22 Minutes - More Office Router setup.
• 25 Minutes - IOS setup.
• 26 Minutes - MacOS setup.

Office Router setup will need someone to be in the Office unfortunately.

[wmtprojectsforum]

A little more information about the configuration:

Network_Configuration.png (140.2 KiB) Viewed 1133 times

Any comments?

[TerryJC]

I just noticed that I accidentally created this thread while still logged in as Admin.

[Penri]

Terry

Thanks for the diagram, it makes things clearer but also raised question, particularly in regard to your statement about making WMT WiFi users accessible in the parallel post. Perhaps a videocon would help clarify things for me.

I'm about to go out but can make almost anytime with some warning. Could you let me know when might be good for you and I'll make myself available.



Penri

[TerryJC]

An updated version of the network configuration showing the software elements in a more logical arrangement and with better labelling of the Ethernet connectors.

Network_Configuration.png (148.84 KiB) Viewed 1109 times

[TerryJC]

Yet another iteration of the Network architecture at WMT; this time including IP Addresses and both Antennas.

Network_Setup.png (183.8 KiB) Viewed 1096 times

The Ethernet connector to the Office (eth1) is currently set by DHCP from the Office Router, but will have to have a Static IP address to work. This will depend on what the new Router allows us to do.