Internet Access

[TwoHooter]

Yes, we can log on to marina WiFi. The RUT950 can be programmed to use either WiFi or Cell to contact the outside world. And on cell you tell it which of the two SIM card slots to use - so you can buy a local SIM card if cruising where your usual provider has a poor network or excessive costs for data. You tell the router which is the primary connection and it defaults automatically to the second connection if it drops the primary. We have a Ubiquiti Bullet bridge, hard-wired to the router for the marina WiFi.

But in the 3 years we have been using it I have used marina WiFi exactly once, just to test the connection. The 4G cell connectivity does everything we need. Being on the boat is exactly like being at home. We have a package with EE which allows me to swap my data allowance between devices so when we are on the boat I make sure the boat SIM has enough data just by doing a transfer. In fact I am beginning to toy with the idea of getting rid of our land line + "broadband" connection at home, buying one of those external antennae and a RUT950 or 955, and using cell everywhere.

Another nice thing about my current cell service is that my phone will connect by WiFi if it drops its cell connection. In a couple of places my phone has not had a good signal but the RUT950 router has an excellent connection, so my phone just uses the router to make a call. And that's with the router in the electronics cabinet. With an antenna up the mast I think it would be even better.

 

[Mikehp0]

This RUT955 and QUspot looks excellent and a fraction of the price of dedicated yacht systems like Digitalyacht etc.

One question if I may Mikehp0 & TwhoHooter - when you used the wifi part as opposed to 4g, did the unit handle captive portals as found in most marinas? Thanks.

good point about the issue of getting past a captive portal (which although I’m supposed to be an IT professional, I must confess I had to look up - in case anyone else is wondering, it’s the ‘welcome to our WiFi, please login’ screen that needs user input). Seems like the Teltonika RUT range doesn’t support it but clever people on the Teltonika Forum (who knew?) seem to have a workaround - see Connecting to Public Hotspots with Captive Portal - Crowd Support Forum | Teltonika Networks.

With regard to VPN,I’ve never used one with this router, I’m afraid. On my few trips over the channel, I’ve stuck to 4G so as to get a UK IP address.

 

[Hurricane]

Mike - private VPNs - on your system for creating a VPN tunnel, is this "always on", by which I mean does the on-board router keep connected to the cell network continuously to keep the tunnel open? If so does it consume data constantly? Or does it only consume data when you connect to the boat remotely? As usual I sort of half understand this stuff which is sometimes worse then not understanding it at all.

That Teltonika unit looks good - I've not seen it before - I might switch when I need to get a new one (5G etc).

The VPN stays on/open all the time.
There may be something that continually negotiates the connection but if there is, it uses very little data.
Not enough to register on the Vodafone control panel anyway.

DD-WRT - very complicated to set up
If you are interested, you should have a look at the DD-WRT project.
It is an open source project to replace an individual router's firmware with completely different software.
Lots of different router manufacturers are supported but the project started using the Linksys WRT54G routers.
IIRC, Linksys was bought by Cisco.
The DD-WRT firmware is mainly used in routers that use the WiFi as a LAN but I have made it work as a WiFi WAN connection (marina WiFi for example).
The Linksys WRT54G is very old so I now use the WRT1200AC routers - they also have a faster one (WRT1900AC) but the 1200 seems to work well enough for what I want.
All these routers have 5 Ethernet ports - 4 are usually dedicated to LAN connections - the 5th one is usually an "uplink" to the upstream router.
When you buy these routers, they come with Linksys firmware and you have to go through a complicated provess of "flashing" DD-WRT onto them.
But, with the correct DD-WRT build, OpenVPN is automatically there.
Unfortunately, thats not the end of it.
To make a secure VPN between 2 DD-WRT routers, you need SSL Certificates and keys.
These are the same ones that are used with https:// for secure web connections.
But with https:// the certificates form a chain back to a known (safe) certificate provider.
With OpenVPN working in my environment, I didn't need (or want) to use a certificate provider so I made the top level certificate myself.
So, essentially, I was the certificate provider.
You then choose one of the DD-WRT routers as a server and install the server certificates and keys etc onto it.
Then install client keys/certificates onto the remote DD-WRT router.
I have made several client certificates/keys - I use a different one on each of my remote devices - one for the boat - one for my Android phone - one for my Android tablet etc.
I even had one for my daughter when she lived in Finland.
Thankfully, I have set the certificates to have a very long expiry date so I won't need to make any new ones for a very very long time.
There is a windows software application that makes the certificates and certificate authorities etc but it does take time to understand it.
All these clients join "seemlessly" to the server - at the same time if they are switched on and interconnect with each other.
So, for example, the LAN in my daughter's house in Finland was on the same LAN when I was on the boat.
As you can see it is a very complicated thing to set up.
But once set up it works really well and probably very secure.
I'm sure that people won't be setting up a system like mine but if anyone wants any help, I keep note for this kind of thing and I will be able to help if required,

Most people ask me "WHY" - I dunno - its because I can!!
And there are times where the internal "tunnelled" LAN is really useful.

EDIT
Oh yes - there is another very important prerequisite.
The server router needs to have an internet static IP address.
I use Plusnet as a service provider at home and they offer a Static IP address on their packages.

 

[TwoHooter]

EDIT
Oh yes - there is another very important prerequisite.
The server router needs to have an internet static IP address.
I use Plusnet as a service provider at home and they offer a Static IP address on their packages.

Duh. There's my failing memory again. Only now do I recall that we already started this conversation a while back and I had to back off trying to do this because I couldn't find an ISP that will provide private customers with static IP addresses. I think you have a business account with Plusnet - is that how you got it? I've been told that static IP addresses are getting expensive.

How do you get over the fact that when using a cellular connection at the remote end (the boat) the IP address is inevitably dynamic. Do you use Dynamic DNS or a similar service to get round that? And did I already ask that question and forget this as well?

 

[Hurricane]

Duh. There's my failing memory again. Only now do I recall that we already started this conversation a while back and I had to back off trying to do this because I couldn't find an ISP that will provide private customers with static IP addresses. I think you have a business account with Plusnet - is that how you got it? I've been told that static IP addresses are getting expensive.

How do you get over the fact that when using a cellular connection at the remote end (the boat) the IP address is inevitably dynamic. Do you use Dynamic DNS or a similar service to get round that? And did I already ask that question and forget this as well?

I paid PlusNet a one off fee of £5 to set up a static IP for my Home Broadband.
I see that PlusNet's business accounts have a static IP option once you are connected but my PLusNet connection is a private home account
My static IP works - it IS static.
I even host an internet server on it - I simply redirect my domain name to it - just a cheap PC with a big hard disk gives me lots of internet space - really useful.

Anyway, back to the point.
You only need one static IP (the one that the server router is connected to.
All the remote routers know how to contact the server by using its static IP address.
That bit of it is actually quite simple.

There is one other element of the VPN that I haven't mentioned.
The system uses a server mode called TAP
Rather than routing (through a TUN interface), TAP provides full broadcast facilities over the LAN.
Full broadcast means that you can browse servers/PCs etc over the LAN - just as if they were local wired ethernet connections.
I use NoMachine which is multi platform remote desktop software.
Using NoMachine, I can run a PC on the boat as a remote desktop of PC at home with hardly any lag.
My home servers are "headless" (no keyboard, monitor or mouse) but do have their own desktops so NoMachine is a great way of remotely controlling these computers.
Sorry - got a long way off topic but a TAP connection allows all this - and more.

 

[Peterlewis321]

I thoroughly recommend this £150 Teltonika router.

Teltonika RUT950 4G LTE WLAN Router

It has dual 4G Sims, 4 Ethernet ports and WiFi bridge functionality. In a marina it uses the WiFi bridge capability to connect to marina WiFi then swaps to the preferred 4G SIM on departure or if the marina WiFi fails. If preferred 4G fails it uses the 2nd 4G connection. It is easy to setup and very reliable. 4Gon sell it with 2xWiFi and 2x4G rubber antennae but both can be substituted for good external ones. I have a 4G MIMO antenna on the coach roof but no room for a WiFi one so just use the rubber ones. Subjective testing on cross channel trips says it hangs onto usable 4G for miles after my mobile phone on the same network has given up. if you prise the waterproof lid off a well known marine focused £1000+ solution you will find one of these inside - that’s how I found it. Lots of nice configurable VPN, NAT and other stuff with initials to keep the geeks happy too. Manuals are available via my link. Bound to be a 5G version in due course...

I’ve got one of these tucked away inside my somewhat overpriced ‘Webboat’ dome......was having immense problems with it’s stability (using the Glomex interface app) until I found a thread suggesting to configure it using the Teltonika web interface......and since then it has been running almost faultlessly.
We use a UK SKY sim card and it works really well enabling us to get all the UK streaming services from BBC etc etc. We have 3 sims (Boat/wife/Daughter) and you can effectively ‘bank’ any unused data each month and then reuse on any of the 3 sims within 2 years-very useful!