Satellite Internet

Satellite Internet Forum.

Welcome, Guest.
Welcome to this satellite broadband discussion forum. Wherever you are and whatever your problem we are here to help each other. Connecting to the internet via satellite is not always easy but is critically important to those in remote places or with poor terrestrial infrastructure. Both service providers and customers are encouraged to contribute. Register at the bottom of the forum home page if you wish to contribute or ask question. May 2018: GDPR: Updates to Privacy and Cookies policies: As you may know, a new EU data protection law called GDPR will apply from Friday 25th May 2018. As part of satsig's commitment to protecting the privacy of site visitors and forum members, I have therefore updated the Privacy and Cookie policies. There are now links leading to these policies: Disclaimer, Terms of Use and Privacy, Forum User Agreement, Forum Rules and Cookies at the bottom of the home page and all forum pages. Read the Forum rules.
      Satellite internet forum          
Pages: 1

VPN Over HX200

(Read 4034 times)
Ex Member
Ex Member


Jun 12th, 2012 at 7:36am  
Dear Mr.Eric

Hi,

our HUB is in Germany and we are providing internet services in middle east we have to design vpn for 20 sites is it possible if we put internet backbone from Germany to customer head office and than run 3rd party vpn.

Will this work and what is the best vpn solution for this please guide.

Back to top
 
 
IP Logged
 
Eric Johnston
Senior Member
***
Offline


Personal text from Profile,
Options, Top line

Posts: 2108
Reply #1 - Jun 12th, 2012 at 9:37am  
I don't know how to set up a VPN over HX 200 system.

I suggest you contact HughesNet tech support for your hub and ask them for help.  Do their hub manuals and training course give you any guide ?

Maybe others in this forum can also help you.

Best regards, Eric.
Back to top
 
 
IP Logged
 
Ex Member
Ex Member


Reply #2 - Jun 12th, 2012 at 5:24pm  
The biggest bane to VPN over satellite is latency. That's because it's a secure protocol, where each and every packet must be ack'd before the next is sent. On conventional Ku-band consumer accounts, it's aggravating to the point of unusable. Those with business accounts however, can pay extra for VPN acceleration. Nothing can change the physics that account for satellite lag, but the acceleration servers go a long way to countering the effects.

Short version; establish a business account and order VPN acceleration service.

//greg//
Back to top
 
 
IP Logged
 
Eric Johnston
Senior Member
***
Offline


Personal text from Profile,
Options, Top line

Posts: 2108
Reply #3 - Jun 12th, 2012 at 7:50pm  
As I said above, I don't know how a VPN might be implemented or might work over HX.

Does HX allow a network of 15 remote sites and the teleport hub site to be configured with 16 of the customers private IP addresses ?

This seems equivalent to a small iDirect or Comtech network with private LAN IP addresses for all remote sites, plus the teleport hub site and then have the VPN tunnel only on the terrestrial link from the customers head office to the teleport. That way the traffic over the satellite would get the benefit of the VSAT traffic compression/ acceleration processing.

Best regards, Eric
Back to top
 
 
IP Logged
 
Ex Member
Ex Member


Reply #4 - Jun 13th, 2012 at 12:38am  
A Virtual Private network is independent of the transmission media. The VPN hub can be anywhere, ideally somewhat equidistant among nodes (sites). The 20 nodes could be scattered anywhere in the world where there is Internet connectivity. But nodes with a GEO satellite segment anywhere in the path to the hub would be slow without VPN acceleration over the satellite segment. Connectivity between two nodes that each had a satellite segment might even be unusable. It would be an inefficient network without VPN acceleration. Satellite segment acceleration is otherwise transparent to the network.  

//greg//
Back to top
 
 
IP Logged
 
Eric Johnston
Senior Member
***
Offline


Personal text from Profile,
Options, Top line

Posts: 2108
Reply #5 - Jun 13th, 2012 at 10:18am  
I was trying to get across the idea of avoiding having a VPN over the satellite.

If each of the 15 remote antennas is physically at a remote office premises then each terminal can have a private IP address, within the company HQ office LAN IP address range.

If the VSAT hub (iDirect or Comtech) were at the HQ office location then the VSAT hub could have a private IP address also.  So no need for a VPN at all.

If the VSAT hub must be at the teleport in Germany and the HQ office location is some distance away over the public internet, then a terrestrial VPN tunnel from the HQ office location to the teleport is all that is needed.

Anyone with a similar problem to the above, but who is not constrained by a prior decision to use a big HX or Viasat hub should consider using all private IP addreses in their own VSAT network rather than VPN.

Best regards, Eric.
Back to top
 
 
IP Logged
 
Ex Member
Ex Member


Reply #6 - Jun 13th, 2012 at 12:00pm  
Eric Johnston wrote on Jun 13th, 2012 at 10:18am:
I was trying to get across the idea of avoiding having a VPN over the satellite.
My impression was that the satellite network itself is already in place, and that the goal was to provide VPN over that network. Hence the need for VPN acceleration. But that's where my contribution has to end. I'm not in a position to source VPN acceleration hardware.

//greg//
Back to top
 
 
IP Logged
 
Pages: 1