South Africa C4 user Posted January 26 Share Posted January 26 I have Control4 set up at my main residence and my beach house. I would like to update 15 or 20 register values (number variables) from one house to the other every 10 or 15 minutes. I currently do this for one or two values (registers) in 3 different ways but all of these are clunky and definitely not elegant. I also suspect that they are not very scalable. Does anyone have any recommendations on how best to do this? Quote Link to comment Share on other sites More sharing options...
Dueport Posted January 26 Share Posted January 26 Isn’t there a driver that mirrors devices between houses? Would that do it? I can’t remember the details of the driver but I feel like I saw that somewhere….. South Africa C4 user 1 Quote Link to comment Share on other sites More sharing options...
South Africa C4 user Posted January 26 Author Share Posted January 26 1 hour ago, Dueport said: Isn’t there a driver that mirrors devices between houses? Would that do it? I can’t remember the details of the driver but I feel like I saw that somewhere….. Thanks! I hadn’t thought of the Multisystem driver. I had a quick look at the documentation and one problem (for my setup) is that it requires a secure tunnel (VPN) between the residences. My routers are not capable of this… but it has sparked another thought. Maybe I should upgrade my routers as creating such a tunnel would open up various other ways of swapping data between the 2 residences. I will give it some thought although I think it will be a bit too expensive for now. Dueport 1 Quote Link to comment Share on other sites More sharing options...
Popolou Posted January 26 Share Posted January 26 12 hours ago, South Africa C4 user said: Thanks! I hadn’t thought of the Multisystem driver. I had a quick look at the documentation and one problem (for my setup) is that it requires a secure tunnel (VPN) between the residences. My routers are not capable of this… but it has sparked another thought. Maybe I should upgrade my routers as creating such a tunnel would open up various other ways of swapping data between the 2 residences. I will give it some thought although I think it will be a bit too expensive for now. Certainly one of the progressions in recent years which has come leaps and bounds is small form factor PC's. They pack quite a lot of grunt which (with a very rich feature set) should allow for both the ease and scale to set up VPNs and in more ways than have been available ever before (OpenVPN/Tailscale/WireGuard). If you are keen to keep your networks how they are without a complete revamp, you can set up a small VPN endpoint on each network and use them to route between the two locations. All that would be required is to create a single static route on each firewall/router that points to the other network. Any local traffic will hit your internal gateway but then be told to go via the local VPN endpoint and tunnel the traffic to the other side. Each VPN endpoint could have a single LAN port in this case. Say $300 for two NUCs is quite reasonable. South Africa C4 user 1 Quote Link to comment Share on other sites More sharing options...
RAV Posted January 26 Share Posted January 26 I've played with this to relay a couple status between home and work system. https://www.berto.co.uk/berto-pushover Ideally would be a cloud service to store values to be read and updated from both/multiple systems. South Africa C4 user 1 Quote Link to comment Share on other sites More sharing options...
zaphod Posted January 26 Share Posted January 26 You don't need routers to create VPNs, you can do that with other PCs that you may have on your LAN. I used to run OpenVPN on my router, but now I use either OpenVPN in a docker on my unRAID server, or Wireguard which is built into unRAID. I also use unRAID, which is a linux NAS-centric OS, as a file server and to run docker containers for stuff like my Unifi controller, Plex, etc. South Africa C4 user 1 Quote Link to comment Share on other sites More sharing options...
Eddie Posted January 26 Share Posted January 26 Zero Tier or Tailscale should work also if you have a PC or device you ran run it on.. CloudFlare tunnels also.. All those should be free for 2 clients.. South Africa C4 user 1 Quote Link to comment Share on other sites More sharing options...
Popolou Posted January 26 Share Posted January 26 2 hours ago, zaphod said: You don't need routers to create VPNs, you can do that with other PCs that you may have on your LAN. I used to run OpenVPN on my router, but now I use either OpenVPN in a docker on my unRAID server, or Wireguard which is built into unRAID. I also use unRAID, which is a linux NAS-centric OS, as a file server and to run docker containers for stuff like my Unifi controller, Plex, etc. You don't need to, but it's always preferable to separate out the services especially when you consider the low price point and benefits of the kit even coming with dedicated hardware crypto. South Africa C4 user 1 Quote Link to comment Share on other sites More sharing options...
zaphod Posted January 26 Share Posted January 26 4 hours ago, Popolou said: You don't need to, but it's always preferable to separate out the services especially when you consider the low price point and benefits of the kit even coming with dedicated hardware crypto. What do you mean by separate the services? Do you mean run the VPN software on your router or on separate hardware? Quote Link to comment Share on other sites More sharing options...
Andrew luecke Posted January 26 Share Posted January 26 Even good VPN routers are fairly cheap these days, so I'd recommend just using a router honestly instead of shuffling data around your network back and forth and you're less likely to run into issues long time. PC's also drain a lot more power, and need more maintenance. Furthermore, most routers have better traffic management, and some even have IPS and advanced network security technologies like anti-ransomware. That being said, you can use PC's too Andrew H and South Africa C4 user 2 Quote Link to comment Share on other sites More sharing options...
Shoe Posted January 26 Share Posted January 26 @South Africa C4 user do you have Ubiquiti gear or what kind of networking gear do you have? You may already have the ability to do site to site VPN. Quote Link to comment Share on other sites More sharing options...
zaphod Posted January 27 Share Posted January 27 1 hour ago, Andrew luecke said: Even good VPN routers are fairly cheap these days, so I'd recommend just using a router honestly instead of shuffling data around your network back and forth and you're less likely to run into issues long time. PC's also drain a lot more power, and need more maintenance. Furthermore, most routers have better traffic management, and some even have IPS and advanced network security technologies like anti-ransomware. That being said, you can use PC's too But routers generally have CPUs that aren't all that fast and your bandwidth can be substantially limited when you have an active VPN connection, at least that used to be the case with OpenVPN. I think Wireguard is less CPU intensive. And my router is a Unifi USG and I don't think Unifi supported VPN, although they have increased support in that area in recent years. I have my unRAID server running 24x7 so adding VPN through that is not a big deal. And it may be useful in other ways, like if you have two homes you may want to use a VPN or other connection to share media files between the two homes. Quote Link to comment Share on other sites More sharing options...
Andrew luecke Posted January 27 Share Posted January 27 9 minutes ago, zaphod said: But routers generally have CPUs that aren't all that fast and your bandwidth can be substantially limited when you have an active VPN connection, at least that used to be the case with OpenVPN. I think Wireguard is less CPU intensive. And my router is a Unifi USG and I don't think Unifi supported VPN, although they have increased support in that area in recent years. I have my unRAID server running 24x7 so adding VPN through that is not a big deal. And it may be useful in other ways, like if you have two homes you may want to use a VPN or other connection to share media files between the two homes. Unifi does have VPN.. Both site to site and normal client. Not sure about the USG (as they're older), but the newer UDM's at least even support Wireguard for everything except site-to-site (although, there might be a way to make site-to-site work on it). In practice, even when I was an installer 3 years ago, we were pulling out the USG's The original older USG's I'm fairly sure support both IPSEC and OpenVPN at least. However, its fairly slow (less than 50mbps). The USG's were released in 2014 though. There's some performance figures here: https://evanmccann.net/blog/2023/11/uxg-lite-preview comparing them. The routers available from Snap (such as Araknis, which are also directly supported by snap), also have site-to-site (and the AN-520 looks like it supports up to 4.4gbps on IPSec: https://www.snapav.com/shop/en/snapav/an-520-rt ) Even the lowest end Watchguard NV5 supports 65mbps (and that is designed mainly for kiosks and small satellite offices). Quote Link to comment Share on other sites More sharing options...
South Africa C4 user Posted January 27 Author Share Posted January 27 Thanks everyone! Some really useful feedback. @Shoe - I have Luxul routers at both residences. While they allow client VPN which I use regularly, they don’t allow site to site VPN AFAIK. I suspect my best option is to stick with my clunky solution in the short term and change routers in both houses thereafter. Popolou 1 Quote Link to comment Share on other sites More sharing options...
Popolou Posted January 27 Share Posted January 27 17 hours ago, zaphod said: What do you mean by separate the services? Do you mean run the VPN software on your router or on separate hardware? Yup, by rather than having one system go down and it takes some of the more vital services with it. I'm all for efficient computing and a RAID box for multiple purposes (disk array, Plex - all very common) is fine but not for services such as site-to-site connections. If you need to swap out a failing disk from the RAID array and it is not a hot-swappable system, you are looking at both downtime and then a significant overhead afterwards when rebuilding/resilvering the array that it would affect everything else on that system. 16 hours ago, zaphod said: But routers generally have CPUs that aren't all that fast and your bandwidth can be substantially limited when you have an active VPN connection, at least that used to be the case with OpenVPN. I think Wireguard is less CPU intensive. And my router is a Unifi USG and I don't think Unifi supported VPN, although they have increased support in that area in recent years. I have my unRAID server running 24x7 so adding VPN through that is not a big deal. And it may be useful in other ways, like if you have two homes you may want to use a VPN or other connection to share media files between the two homes. Partially true, but the router hardware is more suited for the throughput and packet management than your low-end RAID server. Especially when they will contain certain cryptographic elements in hardware that make the encryption/decryption a doddle rather than using up CPU cycles. Quote Link to comment Share on other sites More sharing options...
Popolou Posted January 27 Share Posted January 27 5 hours ago, South Africa C4 user said: Thanks everyone! Some really useful feedback. @Shoe - I have Luxul routers at both residences. While they allow client VPN which I use regularly, they don’t allow site to site VPN AFAIK. I suspect my best option is to stick with my clunky solution in the short term and change routers in both houses thereafter. Is it the ABR-4500 model or similar? Quote Link to comment Share on other sites More sharing options...
South Africa C4 user Posted January 27 Author Share Posted January 27 2 minutes ago, Popolou said: Is it the ABR-4500 model or similar? Yes! One is the ABR 4500 and the other is the ABR 5000 Quote Link to comment Share on other sites More sharing options...
Popolou Posted January 27 Share Posted January 27 Then you are in luck - https://res.cloudinary.com/avd/image/upload/v133508088/Resources/Luxul/Routers/Firmware/Luxul_Page-Firmware-ABR-4500.pdf Shoe and South Africa C4 user 2 Quote Link to comment Share on other sites More sharing options...
South Africa C4 user Posted January 27 Author Share Posted January 27 2 hours ago, Popolou said: Then you are in luck - https://res.cloudinary.com/avd/image/upload/v133508088/Resources/Luxul/Routers/Firmware/Luxul_Page-Firmware-ABR-4500.pdf Really? So Wireguard means I can create a site to site VPN? That is phenomenal! Thank you! Quote Link to comment Share on other sites More sharing options...
Popolou Posted January 27 Share Posted January 27 No problem, WG is a more modern & lightweight VPN service so it should run pretty well on that hardware. From what i gather, the existing VPN methods (PPTP, IPSEC) will be dropped in favour of WG so your existing connections will need to be remade. That video appears to go into it at some length. South Africa C4 user 1 Quote Link to comment Share on other sites More sharing options...
Andrew luecke Posted January 27 Share Posted January 27 So basically.. 1. PPTP should NEVER be used. It's totally insecure in every aspect. If you're using PPTP anywhere, switch IMMEDIATELY 2. IPSEC is fast, but is a lot of messing around with routing and such. It's been around for ages. It's very powerful. 3. OpenVPN tends to handle routers better, and is easier than IPSEC. imho, slower than IPSEC and possibly less flexible. 4. Wireguard is FAST, handles firewalls extremely well, very secure, and very efficient. This isn't a choose 2/3 thing (in this case, everything is better). The only limitation might be that less routers support it so far. South Africa C4 user 1 Quote Link to comment Share on other sites More sharing options...
zaphod Posted January 28 Share Posted January 28 On 1/27/2024 at 10:09 AM, Popolou said: Yup, by rather than having one system go down and it takes some of the more vital services with it. I'm all for efficient computing and a RAID box for multiple purposes (disk array, Plex - all very common) is fine but not for services such as site-to-site connections. If you need to swap out a failing disk from the RAID array and it is not a hot-swappable system, you are looking at both downtime and then a significant overhead afterwards when rebuilding/resilvering the array that it would affect everything else on that system. Partially true, but the router hardware is more suited for the throughput and packet management than your low-end RAID server. Especially when they will contain certain cryptographic elements in hardware that make the encryption/decryption a doddle rather than using up CPU cycles. But a RAID server doesn't have to have a low end CPU. My unRAID server has a pretty decent CPU (i5-11400) as it isn't just a NAS, it is a media server as well so may do transcoding of video files, etc. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.