Searching...

Matching results

    How to configure my infrastructure when devices are communicating with ALMS through a VPN?

    Set up a VPN with ALMS

    ALMS provides, as a chargeable option, a VPN between ALMS and the infrastructure in which the devices are, be it your own infrastructure or a private APN.

    If you want to set up a VPN with ALMS, please contact your Sierra Wireless Partner or Regional Sales Manager (RSM).

    In order to finalise the set up process, you are required to fill out a VPN Option application form and provide the following information:

    • Tunnel Endpoint IP address: The public IP address of the tunnel endpoint on your side
    • ALMS Server IP Address: The desired IP address for ALMS inside the VPN tunnel
    • Remote Accessible Host/Network: The network of the devices that will use the VPN
    • Phase 1 Parameters (IKE Proposal):
      • Pre-shared Key transmittal method (Phone, Fax, SMS, e-mail)
      • Hash Algorithm
      • Encryption Algorithm
      • Key Exchange (Diffie-Hellman Group)
      • Data Lifetime [seconds]
      • Negotiation Mode
    • Phase 2 Parameters (IPSec Proposal):
      • Transport Protocol & Hash Algorithm
      • Encryption Algorithm
      • Perfect Forward Secrecy (Diffie-Hellman Group)
      • Data Lifetime [seconds]

    Once this form has been reviewed by ALMS operation team, you will be provided with the public end point IP address of the tunnel on the ALMS side and the PSK (Pre-Shared Key) and you can set up the VPN endpoint.

    Restrictions:

    • The VPN tunnel is only meant to be used for device traffic. All access to the ALMS web UI and APIs must be performed through a public Internet endpoint.
    • Server initiated communications are not supported inside the VPN.

    Configure your infrastructure

    In order for devices to communicate with ALMS, you will have to:

    1. Set up a DNS
    2. Route ALMS protocols through the tunnel

    Set up a DNS

    You have to set up DNS that will resolve several Host Names to the ALMS IP addresse inside the VPN:

    • na.m2mop.net
    • na.airvantage.net
    • airvantage.net
    • nucaleos-na.airvantage.net
    • bs.airvantage.net
    • lw.na.airvantage.net

    You will also need to configure your network or devices in order to make the devices use this DNS.

    The DNS is mandatory in order to allow a number of key features of ALMS such as firmware upgrades, to work properly.

    Set up routing

    You have to route the following protocols through the VPN:

    • HTTP (TCP/80)
    • HTTPS (TCP/443)
    • M3DA (TCP/44900)
    • MQTT (TCP/1883)
    • MQTT over SSL (TCP/8883)
    • LWM2M (UDP/5684 and UDP/5686)
    TOP