Accessing an IoT device with a private IP address over a cellular connection can be challenging due to the NAT (Network Address Translation) used by cellular networks. Many companies are looking to solve this by looking for cellular connections with Public IP addresses to easily access their systems. This solution works however as IoT / M2M segment is often very cost sensitive the cost addition is not scalable for any IoT connections on a larger scale.  In addition to this it increases the security risk to have an IoT devices publicly open to the internet opening an attack surface for hackers to get to.  

There are several ways how a device can be accessed remotely even if it is using a private IP address. At Simplex Wireless we offer a SDWAN based VPN solution that puts all the devices connected with Simplex SIM can into a private VPN making them remotely accessible. It’s a great solution as it is device agnostic and does not need anything on the device side.  

M2M / IoT router makers have also implemented some of their solutions to tackle this problem. We have gathered most common ways in here and also taken some examples on how Teltonika, Peplink and MultiTech have implemented their remote accesses.  

However, several strategies and solutions have been developed by IoT device makers to facilitate remote access. Here’s an overview of general solutions and specific implementations by Teltonika, Peplink, and MultiTech. 

General Solutions for Remote Access 

Solutions by Specific Manufacturers 

1. VPN (Virtual Private Network):
   • Description: Establish a secure VPN tunnel between the IoT device and a central server, allowing remote access as if the device were on the same local network.
   • Implementation: The IoT device initiates a VPN connection to a VPN server, providing secure remote access.
2. Cloud-Based Management Platforms:
   • Description: Utilize a cloud-based platform to manage and access IoT devices.
   • Implementation: Devices periodically communicate with a central cloud server, offering a web interface for remote access and management.
3. Reverse SSH Tunneling:
   • Description: The IoT device initiates an SSH connection to a remote server and creates a reverse tunnel.
   • Implementation: Remote users connect to the remote server, which tunnels the connection back to the IoT device.
4. Relay Servers:
   • Description: A relay server acts as an intermediary for connections between remote users and IoT devices.
   • Implementation: The IoT device maintains a persistent connection to the relay server, which forwards traffic to the device from remote users.

Teltonika: 

Teltonika provides several solutions for remote access: 

1. RMS (Remote Management System):
   • Description: A cloud-based platform for remote monitoring and management of Teltonika devices.
   • Implementation: Devices communicate with RMS, allowing remote configuration and access through a web interface.
2. VPN Configuration:
   • Description: Support for various VPN protocols (OpenVPN, IPsec) to establish secure tunnels.
   • Implementation: Devices can be configured to connect to a VPN server, facilitating secure remote access.

Peplink: 

Peplink offers robust solutions for remote access: 

1. InControl2:
   • Description: A cloud-based management platform for remote monitoring and control of Peplink devices.
   • Implementation: Devices connect to InControl2, providing a web-based interface for remote access and configuration.
2. SpeedFusion VPN:
   • Description: Proprietary VPN technology enabling secure remote access and bonding of multiple connections.
   • Implementation: Devices use SpeedFusion to create secure, reliable connections for remote access.
3. PPTP/L2TP/IPsec VPN:
   • Description: Support for multiple VPN protocols.
   • Implementation: Devices can be configured to use VPN protocols for secure remote tunnels.
4. Remote Web Admin:
   • Description: Direct access to the web admin interface of Peplink devices.
   • Implementation: Remote access via public IP or VPN.

MultiTech: 

MultiTech employs several strategies for remote access: 

1. DeviceHQ:
   • Description: A cloud-based IoT device management platform.
   • Implementation: Devices connect to DeviceHQ, enabling remote management and access through a web interface.
2. VPN (OpenVPN, IPsec):
   • Description: Support for VPN protocols for secure connections.
   • Implementation: Devices establish VPN connections to facilitate remote access.
3. Remote Terminal Server (RTS):
   • Description: Secure, remote access to serial ports.
   • Implementation: Provides access to serial devices over TCP/IP with encryption and authentication.
4. Reverse SSH Tunneling:
   • Description: Establishing reverse SSH tunnels for remote access.
   • Implementation: Devices initiate SSH connections to a central server for tunnel creation.

Conclusion 

The ability to remotely access IoT / M2M gateways over cellular networks with private IP addresses has been an industry discussion point for a long time and it has been effectively solved in various ways,  

If you would like to chat with Simplex Wireless how our SDWAN based VPN solution has been implemented, we are happy to discuss it.  

This article was created by Jan Lattunen, CCO Simplex Wireless 

About the Author: Jan Lattunen manages Sales and Marketing for Simplex Wireless. Jan has 20 years’ experience in working with SIM card technology and was involved in launching the eSIM in North America with major carriers and OEMs. His expertise in telecommunications is around SIM cards. On a personal note, Jan is a family man and avid cyclist with advocacy for safety in the roads. You can connect with Jan on https://linkedin.com/in/JanLattunen