Advertisment: Broadband via satellite
Advertisment: Worldwide satellite services from Ground Control Company

www.satsig.net

Satellite Internet Forum.

Welcome, Guest.        Forum rules.
      Home            Login            Register          
Pages: 1

VPN Over HX200

(Read 4974 times)
akki
Member
★★
Offline



Posts: 25
Jun 12th, 2012 at 7:36am  
Dear Mr.Eric

Hi,

our HUB is in Germany and we are providing internet services in middle east we have to design vpn for 20 sites is it possible if we put internet backbone from Germany to customer head office and than run 3rd party vpn.

Will this work and what is the best vpn solution for this please guide.

Back to top
 
 
IP Logged
 
Eric Johnston
Senior Member
★★★
Offline



Posts: 2109
Reply #1 - Jun 12th, 2012 at 9:37am  
I don't know how to set up a VPN over HX 200 system.

I suggest you contact HughesNet tech support for your hub and ask them for help.  Do their hub manuals and training course give you any guide ?

Maybe others in this forum can also help you.

Best regards, Eric.
Back to top
 
 
IP Logged
 
USN - Retired
YaBB Moderator
★★★★★
Offline



Posts: 837
Kentucky (USA)
Reply #2 - Jun 12th, 2012 at 5:24pm  
The biggest bane to VPN over satellite is latency. That's because it's a secure protocol, where each and every packet must be ack'd before the next is sent. On conventional Ku-band consumer accounts, it's aggravating to the point of unusable. Those with business accounts however, can pay extra for VPN acceleration. Nothing can change the physics that account for satellite lag, but the acceleration servers go a long way to countering the effects.

Short version; establish a business account and order VPN acceleration service.

//greg//
Back to top
 

USN (Ret)
 
IP Logged
 
Eric Johnston
Senior Member
★★★
Offline



Posts: 2109
Reply #3 - Jun 12th, 2012 at 7:50pm  
As I said above, I don't know how a VPN might be implemented or might work over HX.

Does HX allow a network of 15 remote sites and the teleport hub site to be configured with 16 of the customers private IP addresses ?

This seems equivalent to a small iDirect or Comtech network with private LAN IP addresses for all remote sites, plus the teleport hub site and then have the VPN tunnel only on the terrestrial link from the customers head office to the teleport. That way the traffic over the satellite would get the benefit of the VSAT traffic compression/ acceleration processing.

Best regards, Eric
Back to top
 
 
IP Logged
 
USN - Retired
YaBB Moderator
★★★★★
Offline



Posts: 837
Kentucky (USA)
Reply #4 - Jun 13th, 2012 at 12:38am  
A Virtual Private network is independent of the transmission media. The VPN hub can be anywhere, ideally somewhat equidistant among nodes (sites). The 20 nodes could be scattered anywhere in the world where there is Internet connectivity. But nodes with a GEO satellite segment anywhere in the path to the hub would be slow without VPN acceleration over the satellite segment. Connectivity between two nodes that each had a satellite segment might even be unusable. It would be an inefficient network without VPN acceleration. Satellite segment acceleration is otherwise transparent to the network.  

//greg//
Back to top
 

USN (Ret)
 
IP Logged
 
Eric Johnston
Senior Member
★★★
Offline



Posts: 2109
Reply #5 - Jun 13th, 2012 at 10:18am  
I was trying to get across the idea of avoiding having a VPN over the satellite.

If each of the 15 remote antennas is physically at a remote office premises then each terminal can have a private IP address, within the company HQ office LAN IP address range.

If the VSAT hub (iDirect or Comtech) were at the HQ office location then the VSAT hub could have a private IP address also.  So no need for a VPN at all.

If the VSAT hub must be at the teleport in Germany and the HQ office location is some distance away over the public internet, then a terrestrial VPN tunnel from the HQ office location to the teleport is all that is needed.

Anyone with a similar problem to the above, but who is not constrained by a prior decision to use a big HX or Viasat hub should consider using all private IP addreses in their own VSAT network rather than VPN.

Best regards, Eric.
Back to top
 
 
IP Logged
 
USN - Retired
YaBB Moderator
★★★★★
Offline



Posts: 837
Kentucky (USA)
Reply #6 - Jun 13th, 2012 at 12:00pm  
Quote:
I was trying to get across the idea of avoiding having a VPN over the satellite.
My impression was that the satellite network itself is already in place, and that the goal was to provide VPN over that network. Hence the need for VPN acceleration. But that's where my contribution has to end. I'm not in a position to source VPN acceleration hardware.

//greg//
Back to top
 

USN (Ret)
 
IP Logged
 
Pages: 1