Skip to main content
What VPN support is available in EdgeVis?
Updated over 8 months ago

What is a VPN?

According to the Wikipedia definition:

  • A virtual private network (VPN) is a mechanism for creating a secure connection between a computing device and a computer network, or between two networks, using an insecure communication medium such as the public Internet.

  • A VPN can extend access to a private network (one that disallows or restricts public access) to users who do not have direct access to it, such as an office network allowing secure access from off-site over the Internet.

EdgeVis encoders (from version 8.6 onwards) can now be configured to use a VPN.

Version 8.6 supports using Wireguard as a VPN provider, with additional VPN providers being added in future releases.

What can I use a VPN for?

While EdgeVis has built-in encryption to secure its end-to-end links, the use of a VPN can allow new deployment scenarios:

  • Put EdgeVis Server behind a VPN so that the location hosting EdgeVis Server does not have to open any incoming EdgeVis ports.

  • Connect to camera web interfaces remotely (in a similar way to SecureConnect - see the differences), allowing full access to the camera (including firmware updates, and configuration management).

  • Connect to the encoder’s local services at the full speed of the VPN link – so using SFTP to retrieve recordings remotely (at the full speed of the connection) is now possible.

  • Have a camera transmit additional data from a third-party service (e.g. detected number plates) to a central database.

  • Have a central data collection service connect to individual IoT devices (at the edge) to collect data such as temperature or humidity.

What do I need to use a VPN?

VPNs can be a complex topic and often involve a deep understanding of networking, IP addresses, router configuration, and security. Before attempting to use your EdgeVis encoder as a VPN router, you should have prior experience in setting up VPNs, or support from an IT professional who does.

Before proceeding, you will need a Wireguard VPN infrastructure to connect to. You should already be able to test your infrastructure works using a laptop/PC using standard Wireguard clients.

From a troubleshooting perspective, you should be able to confirm that your infrastructure and VPN configuration are correct, before investigating any potential issues with your encoder configuration.

While Digitial Barriers can provide general VPN support, we can not assist in setting up your VPN infrastructure. There is nothing specific to EdgeVis in creating a Wireguard infrastructure and you may need to consult a third-party IT provider to assist in your general VPN infrastructure if you do not have the necessary networking resources available within your organisation.

What are the pros/cons of using a VPN?

Pros:

  • It's an industry-standard and you should be able to use remotely your devices in the same manner as you would locally. If you don't use VPN, then using SecureConnect requires using EdgeVis Client to proxy through (see differences).

  • As a standards-based solution, you should be able to find external IT support who can assist if required. No knowledge of EdgeVis is required to setup a VPN.

  • The speed of the connection is only limited to the full bandwidth available on your connection to the VPN server - this will be faster than SecureConnect.

Cons:

  • You must setup, secure, and maintain a VPN infrastructure to support this.

  • By using a VPN data link outside of an EdgeVis link, you no longer have EdgeVis bandwidth controls to control costs - these only control the EdgeVis link to EdgeVis Server.

  • By having data outside of the EdgeVis encoder-to-server link there is the potential for contention in low bandwidth situations. EdgeVis will manage its link the best it can, but you now have two different mechanisms (VPN and EdgeVis) contending for the same bandwidth.

Getting Started

These steps will assist you in preparing to set up your encoder to use VPN:

  • Set up your VPN infrastucture.

  • Test your VPN infrastructure using a standard PC - this provides you with confidence that your infrastructure is working.

  • Plan out the devices and services you want to attach to your encoder - preferably drawing out a network map, and listing out the IP addresses you plan to use.

  • Create the Wirguard configuration file that will allow your encoder to connect to the VPN, and provide access to the devices/services that you intend to use.

  • Setup VPN on your encoder using the configuration file you have created

  • Test that...

    • your encoder can connect to the VPN.

    • your encoder can connect to EdgeVis Server.

    • you can remotely access any devices you have configured for remote access.

    • your edge devices can access any services over the VPN that you have configured for remote access.

  • If you encounter any issues you can monitor your VPN connection and retrieve in-depth logging.

Did this answer your question?