VPN ( Virtual Private Network)

What is a VPN?

Virtual Private Network, VPN, is an encrypted tunnel to allow secure communications and is used to extend a private network over a public network. This allows two private networks to communicate with one another securely without needing to use Network Address Translation.  

A VPN or Virtual Private Network is a method used to add security and privacy to private and public networks, like WiFi Hotspots and the Internet.

 VPNs are most often used by corporations to protect sensitive data.

VPN tunneling creates a point-to-point connection between two networks. The purpose of the VPN for our mobile connectivity is to establish a VPN from our network to yours, which would provide security of traffic and to allow you to route traffic back towards the Private IP address assigned to our SIM card.

There are two types of VPNs to allow communication with your SIMs: 

  • Client Access VPN – used for temporary access from a PC, laptop or mobile device (Smartphone / Tablet). The VPN is temporary in nature, only established when required. The private subnet allocated to your SIM cards is reachable through this VPN tunnel. 

  • IPSEC – Site to Site VPN – used to permanently connect two networks to each other. Typically a Customer’s network, which might be an office location, physical datacentre or a Cloud Platform. Using the Site to Site VPN, the SIM subnet is able to reach a customer’s network (and vice versa) using private IP addressing. 

The VPN tunnel encapsulates the transmitted data into standard TCP/IP packets and safely transfers it across the internet. Because the data is encrypted, hackers, governments and even Internet Service providers cannot see or gain control of your information.

We offer access to the following networks through the VPN service: 

  • USA:  T-Mobile & AT&T

  • Canada:  Rogers

  • Global: UKJ Profile and ROTN

Essentially a SIM card on our network, is assigned a Private IP address when it connects to a data session.  This traffic is routed through our network to our POPs.  From there we ordinarily break-out traffic to the Internet. As the SIM card is assigned with a non-routable Private IP address, we perform NAPT. Translating the Private IP assigned to each SIM to the Public IP address of our network. 

  • Public IP address are used to communicate on the Public Internet. By definition these addresses are unique. 

  • Private IP addresses are not unique, so can’t be used to communicate directly on the Internet, and are normally used only for LAN (local) communications, e.g. home, office, datacentre or cloud platform. 

  • Public IP address makes your equipment accessible to everyone on the internet whereas with Private IP address is for private use within the network. 

  • Public IP is used for routing, Private IP’s are never used for routing. 

An Internet Protocol (IP) address is a numerical id that is assigned to any device connected to the Internet and so that different devices can communicate with each other. It is similar in concept to a telephone number. 

IP addresses are how computers on the internet communicate with one another. The IP address for your SIM card will be assigned by our network. For customer’s networks these are assigned locally by your network (or system administrator) and Public IP addresses by your Internet Service Provider.

Depending on the number of subscribers you will want to add in your VPN you will need a smaller of bigger IP Subnet so that we can allocate dedicated IPs to each SIM card, making them individually addressable.  

Find here IP Subnet Size examples with different numbers of hosts considered (subscribers/ SIM cards):

/16 –> 65534 hosts
/18–> 16382 hosts
/19–> 8190 hosts
/20–>4094 hosts
/21 –> 2046 hosts
/22–> 1022 hosts
/23–> 510 hosts
/24–> 254 hosts
/25–> 126 hosts
/28–> 14 hosts

The IP assigned on the VPN will be from a small pool of IPs which are linked to your VPN credentials. It will support a small number of multiple users concurrently.

Yes, this is possible. You will need to be given your own ip subnet, as we would do for a VPN. Within our network we would create an access list / security policy.  

We just need a list of permitted IPs from you, and confirmation if it is TCP or UDP communication or both.

VPNs can offer an extra layer of protection, but it is not sufficient on its own. Every organization needs a comprehensive security policy which covers password protocol and physical devices as well as remote connections.

When using a VPN data is still routed over the Internet (a public network) and is therefore still exposed to security threats.

There are several threats which they can’t protect against such as: Out of Date Devices that Could Be Putting Your Network at Risk, Physical Breaches (Such as infected devices having access to you network) and Bad Password Protocol (Weak passwords and human errors).

What is the solution? Set up a Metro Ethernet Connection, an enhanced connectivity solution designed for security-sensitive applications such as healthcare, banking, or government services. Unlike a VPN, it links directly from our network into your data center or a cloud service, without ever touching the internet. 

If you have a Security Service such as a VPN configured in your account, under the “Subscribers section”  you have an option in the “Advanced Filters” to select to display the sims that are inside a VPN. If you have multiple VPNS you can choose from the dropdown options.

The icon to “customize your columns” offers a column called “Security Services”, choose to display this one so that you can see the name of the Security service the SIM is part of. You can also display the “Fixed IP” and the “Last IP” used.

Under the “All Subscribers” section customize your columns to display both the “Security Service” and “Fixed IP” columns. The IP assigned to the Subscriber as well as the name of the Security Service it is part of will display.

When running a Sim Diagnostics, the information will also be available.

 

Yes you can! If you have a Security Service such as a VPN configured in your account you have the option to allocate/ deallocate Fixed IPs from the dedicated IP Range pool in your VPN.

Select the subscriber you would like to update the IP for, then hit the “Reassign a New IP” button.

You can perform the following actions:

  • If your sim has a Dynamic IP → Assign a Fixed IP from your VPN

  • If your sim has a Fixed IP from your VPN but you want to remove it from your VPN → Assign a Dynamic IP

  • If your sim has a Fixed IP from your VPN but you want to assign a different IP → You can assign a new IP from within the dedicated IP Range pool in your VPN. The system will choose a new IP for you

Please note the changes will be reflected upon a new data session, if the sim is running a live session at the moment if it will continue having the last IP until the session has ended.

Types of VPNs

Client Access VPN

The Client-to-Site (or Remote Access) VPN offers single user connections to your SIM card network. This is normally used to create a one-way tunnel connection. 

This VPNs are normally used for remote ad-hoc connections.

  • Easy to set up

  • Easy to maintain

The device private subnet will only be accessible from your Client access VPN.  Access within this subnet from one device to another is blocked, and access from the Internet is blocked by default. From the Internet, traffic is only allowed inbound (NAPT) in response to outbound communications initiated from your device.

IPSEC VPN

A Site-to-Site (or Gateway-to-Gateway) VPN is designed for a permanent connection between two end-points to allow communications on an ongoing basis.  

If you need to interconnect a centralised network to remotely reach your devices, and optionally include user traffic, then a Site-to-Site VPN will provide the required connectivity.  

This VPN type offers a two-way traffic communication between your SIM subnet(s) and your network. 

  • Permanently maintained connection.

  • Interconnect different units, with various users in different sites /locations.

  • No need for your users to have a VPN Client configured individually.

An IPSEC VPN is setup following completion of a configuration form to capture the customer network VPN endpoints, and remote network details.