Connect two company locations (with JTL-Wawi) via VPN

Connect two company locations (with JTL-Wawi) via VPN

One of my customers approached me a few days ago with a special task: I was to connect two company locations with as little monetary effort as possible.

One challenge was that one of the connections was an LTE connection and not a DSL connection. The problem with such an LTE connection is that the providers here do not provide an “own” IP address and only work with “ports”. With this method, one IP address is used for many customers through NAT, which means that the connection cannot be directly addressed from “outside”.

Accordingly, a Telekom LTE router was available at one location and a Fritzbox (DSL) at the other.

The customer uses the JTL warehouse management system with an Android-based cash register (JTL-POS), network storage and various network printers.

The goal of the project was for both the POS and the computers at the site to be able to access the JTL server, network storage and printers at the other company site using the LTE router. At the same time, the speed or performance of the VPN had to be high, because data transfer rates and latency were already limited by the LTE connection. Security aspects also had to be taken into account.

I therefore decided to recommend a solution based on Wireguard to the customer.

During the setup, we encountered a new problem at the site with the DSL connection. The customer’s provider no longer assigned IPv4 addresses here, but only IPv6 addresses. Therefore, the Wireguard server set up on this site could not be reached from the outside.

Fortunately, an IPv4 address could be added after calling the provider. After that, the port shares also worked and the Wireguard server was addressable from the outside.

Accordingly, the solution was then successfully implemented for the customer and the site with the LTE connection can access the JTL server and all other network devices (such as network storage and printers) without any problems.

If you are also faced with the challenge of having to connect two sites together, don’t hesitate to send me a message via my contact form.

Why Wireguard?

Wireguard offers the best performance among the available VPN protocols and is open source. Also, the Wireguard server does not respond to all requests on the Wireguard port, which makes it difficult to identify a Wireguard server. Of course, without the “knowledge of an existing Wireguard server”, attacks are further complicated because attackers would have to blindly “attack” all IP addresses and ports. The services behind the Wireguard VPN – such as the Microsoft SQL database server for JTL-Wawi – are not visible from the outside (without logging into the VPN) and are still sealed off.

Leave a Reply

Your email address will not be published.