Jump to content
C4 Forums | Control4

Transferring data between Residences

South Africa C4 user
 Share

Recommended Posts

South Africa C4 user Grand Master

South Africa C4 user

Posted
Posted

I have Control4 set up at my main residence and my beach house.

I would like to update 15 or 20 register values (number variables) from one house to the other every 10 or 15 minutes.  I currently do this for one or two values (registers) in 3 different ways but all of these are clunky and definitely not elegant.  I also suspect that they are not very scalable. 

Does anyone have any recommendations on how best to do this?

Link to comment
Share on other sites

South Africa C4 user Grand Master

South Africa C4 user

Posted
  • Author
Posted
1 hour ago, Dueport said:

Isn’t there a driver that mirrors devices between houses? Would that do it? I can’t remember the details of the driver but I feel like I saw that somewhere…..

Thanks! I hadn’t thought of the Multisystem driver.  I had a quick look at the documentation and one problem (for my setup) is that it requires a secure tunnel (VPN) between the residences.  My routers are not capable of this… but it has sparked another thought. Maybe I should upgrade my routers as creating such a tunnel would open up various other ways of swapping data between the 2 residences.  I will give it some thought although I think it will be a bit too expensive for now.

Link to comment
Share on other sites
Popolou Enthusiast

Popolou

Posted
Posted
12 hours ago, South Africa C4 user said:

Thanks! I hadn’t thought of the Multisystem driver.  I had a quick look at the documentation and one problem (for my setup) is that it requires a secure tunnel (VPN) between the residences.  My routers are not capable of this… but it has sparked another thought. Maybe I should upgrade my routers as creating such a tunnel would open up various other ways of swapping data between the 2 residences.  I will give it some thought although I think it will be a bit too expensive for now.

Certainly one of the progressions in recent years which has come leaps and bounds is small form factor PC's. They pack quite a lot of grunt which (with a very rich feature set) should allow for both the ease and scale to set up VPNs and in more ways than have been available ever before (OpenVPN/Tailscale/WireGuard). If you are keen to keep your networks how they are without a complete revamp, you can set up a small VPN endpoint on each network and use them to route between the two locations.

All that would be required is to create a single static route on each firewall/router that points to the other network. Any local traffic will hit your internal gateway but then be told to go via the local VPN endpoint and tunnel the traffic to the other side. Each VPN endpoint could have a single LAN port in this case. Say $300 for two NUCs is quite reasonable.

Link to comment
Share on other sites
zaphod Grand Master

zaphod

Posted
Posted

You don't need routers to create VPNs, you can do that with other PCs that you may have on your LAN.  I used to run OpenVPN on my router, but now I use either OpenVPN in a docker on my unRAID server, or Wireguard which is built into unRAID.  I also use unRAID, which is a linux NAS-centric OS, as a file server and to run docker containers for stuff like my Unifi controller, Plex, etc.

Link to comment
Share on other sites
Popolou Enthusiast

Popolou

Posted
Posted
2 hours ago, zaphod said:

You don't need routers to create VPNs, you can do that with other PCs that you may have on your LAN.  I used to run OpenVPN on my router, but now I use either OpenVPN in a docker on my unRAID server, or Wireguard which is built into unRAID.  I also use unRAID, which is a linux NAS-centric OS, as a file server and to run docker containers for stuff like my Unifi controller, Plex, etc.

You don't need to, but it's always preferable to separate out the services especially when you consider the low price point and benefits of the kit even coming with dedicated hardware crypto.

Link to comment
Share on other sites
zaphod Grand Master

zaphod

Posted
Posted
4 hours ago, Popolou said:

You don't need to, but it's always preferable to separate out the services especially when you consider the low price point and benefits of the kit even coming with dedicated hardware crypto.

What do you mean by separate the services?  Do you mean run the VPN software on your router or on separate hardware?

Link to comment
Share on other sites
Andrew luecke Mentor

Andrew luecke

Posted
Posted

Even good VPN routers are fairly cheap these days, so I'd recommend just using a router honestly instead of shuffling data around your network back and forth and you're less likely to run into issues long time.

PC's also drain a lot more power, and need more maintenance. Furthermore, most routers have better traffic management, and some even have IPS and advanced network security technologies like anti-ransomware.

That being said, you can use PC's too

Link to comment
Share on other sites
zaphod Grand Master

zaphod

Posted
Posted
1 hour ago, Andrew luecke said:

Even good VPN routers are fairly cheap these days, so I'd recommend just using a router honestly instead of shuffling data around your network back and forth and you're less likely to run into issues long time.

PC's also drain a lot more power, and need more maintenance. Furthermore, most routers have better traffic management, and some even have IPS and advanced network security technologies like anti-ransomware.

That being said, you can use PC's too

But routers generally have CPUs that aren't all that fast and your bandwidth can be substantially limited when you have an active VPN connection, at least that used to be the case with OpenVPN.  I think Wireguard is less CPU intensive.  And my router is a Unifi USG and I don't  think Unifi supported VPN, although they have increased support in that area in recent years.

I have my unRAID server running 24x7 so adding VPN through that is not a big deal.  And it may be useful in other ways, like if you have two homes you may want to use a VPN or other connection to share media files between the two homes.

Link to comment
Share on other sites
Andrew luecke Mentor

Andrew luecke

Posted
Posted
9 minutes ago, zaphod said:

But routers generally have CPUs that aren't all that fast and your bandwidth can be substantially limited when you have an active VPN connection, at least that used to be the case with OpenVPN.  I think Wireguard is less CPU intensive.  And my router is a Unifi USG and I don't  think Unifi supported VPN, although they have increased support in that area in recent years.

I have my unRAID server running 24x7 so adding VPN through that is not a big deal.  And it may be useful in other ways, like if you have two homes you may want to use a VPN or other connection to share media files between the two homes.

Unifi does have VPN.. Both site to site and normal client. Not sure about the USG (as they're older), but the newer UDM's at least even support Wireguard for everything except site-to-site (although, there might be a way to make site-to-site work on it). In practice, even when I was an installer 3 years ago, we were pulling out the USG's

The original older USG's I'm fairly sure support both IPSEC and OpenVPN at least. However, its fairly slow (less than 50mbps). The USG's were released in 2014 though. There's some performance figures here: https://evanmccann.net/blog/2023/11/uxg-lite-preview comparing them.

The routers available from Snap (such as Araknis, which are also directly supported by snap), also have site-to-site (and the AN-520 looks like it supports up to 4.4gbps on IPSec: https://www.snapav.com/shop/en/snapav/an-520-rt )

Even the lowest end Watchguard NV5 supports 65mbps (and that is designed mainly for kiosks and small satellite offices).

Link to comment
Share on other sites
South Africa C4 user Grand Master

South Africa C4 user

Posted
  • Author
Posted

Thanks everyone! Some really useful feedback.

@Shoe - I have Luxul routers at both residences.  While they allow client VPN which I use regularly, they don’t allow site to site VPN AFAIK.

I suspect my best option is to stick with my clunky solution in the short term and change routers in both houses thereafter.  

Link to comment
Share on other sites
Popolou Enthusiast

Popolou

Posted
Posted
17 hours ago, zaphod said:

What do you mean by separate the services?  Do you mean run the VPN software on your router or on separate hardware?

Yup, by rather than having one system go down and it takes some of the more vital services with it. I'm all for efficient computing and a RAID box for multiple purposes (disk array, Plex - all very common) is fine but not for services such as site-to-site connections. If you need to swap out a failing disk from the RAID array and it is not a hot-swappable system, you are looking at both downtime and then a significant overhead afterwards when rebuilding/resilvering the array that it would affect everything else on that system.

16 hours ago, zaphod said:

But routers generally have CPUs that aren't all that fast and your bandwidth can be substantially limited when you have an active VPN connection, at least that used to be the case with OpenVPN.  I think Wireguard is less CPU intensive.  And my router is a Unifi USG and I don't  think Unifi supported VPN, although they have increased support in that area in recent years.

I have my unRAID server running 24x7 so adding VPN through that is not a big deal.  And it may be useful in other ways, like if you have two homes you may want to use a VPN or other connection to share media files between the two homes.

Partially true, but the router hardware is more suited for the throughput and packet management than your low-end RAID server. Especially when they will contain certain cryptographic elements in hardware that make the encryption/decryption a doddle rather than using up CPU cycles.

Link to comment
Share on other sites
Popolou Enthusiast

Popolou

Posted
Posted
5 hours ago, South Africa C4 user said:

Thanks everyone! Some really useful feedback.

@Shoe - I have Luxul routers at both residences.  While they allow client VPN which I use regularly, they don’t allow site to site VPN AFAIK.

I suspect my best option is to stick with my clunky solution in the short term and change routers in both houses thereafter.  

Is it the ABR-4500 model or similar?

Link to comment
Share on other sites
Popolou Enthusiast

Popolou

Posted
Posted

No problem, WG is a more modern & lightweight VPN service so it should run pretty well on that hardware. From what i gather, the existing VPN methods (PPTP, IPSEC) will be dropped in favour of WG so your existing connections will need to be remade. That video appears to go into it at some length.

Link to comment
Share on other sites
Andrew luecke Mentor

Andrew luecke

Posted
Posted

So basically..

1. PPTP should NEVER be used. It's totally insecure in every aspect. If you're using PPTP anywhere, switch IMMEDIATELY

2. IPSEC is fast, but is a lot of messing around with routing and such. It's been around for ages. It's very powerful.

3. OpenVPN tends to handle routers better, and is easier than IPSEC. imho, slower than IPSEC and possibly less flexible.

4. Wireguard is FAST, handles firewalls extremely well, very secure, and very efficient. This isn't a choose 2/3 thing (in this case, everything is better). The only limitation might be that less routers support it so far.

 

Link to comment
Share on other sites
zaphod Grand Master

zaphod

Posted
Posted
On 1/27/2024 at 10:09 AM, Popolou said:

Yup, by rather than having one system go down and it takes some of the more vital services with it. I'm all for efficient computing and a RAID box for multiple purposes (disk array, Plex - all very common) is fine but not for services such as site-to-site connections. If you need to swap out a failing disk from the RAID array and it is not a hot-swappable system, you are looking at both downtime and then a significant overhead afterwards when rebuilding/resilvering the array that it would affect everything else on that system.

Partially true, but the router hardware is more suited for the throughput and packet management than your low-end RAID server. Especially when they will contain certain cryptographic elements in hardware that make the encryption/decryption a doddle rather than using up CPU cycles.

But a RAID server doesn't have to have a low end CPU.  My unRAID server has a pretty decent CPU (i5-11400) as it isn't just a NAS, it is a media server as well so may do transcoding of video files, etc.

Link to comment
Share on other sites
This thread is quite old. Please consider starting a new thread rather than reviving this one.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.

  I accept