Virtually connecting 1 device to another site


I'm looking for a way to virtually connect 1 device to the internet connection of an other router over VPN.

The problem is as follows. We have bad mobile reception in our house. It's now possible to buy a femto-cell which acts as a small cell phone ground station to improve indoor reception. However the femto-cell needs to be connected to an internet connection of the cell phone carrier. We don't have the possibility to get an internet connection from this carrier in our house. We do have an internet connection from this carrier at work. So now I'm planning on setting up a VPN which routes all traffic from the femto-cell at home to the router at work. This to virtually connect it to the correct carrier.

Is this possible and how should I do this?


Take a look at this topic: VPN Policy-Based Routing + Web UI -- Discussion

It could be possible but there's a good chance voice quality will be terrible. Voice over IP requires fairly tight latency limits and VPN tends to have more overhead and more issues in general. It can be done but you may find it unsatisfactory.

Very true. If you were to try that, I would suggest using Wireguard. My VOIP quality over wireguard is indistinguishable from no-VPN quality. Wireguard has the lowest latencies, highest bandwidth and lowest overhead.

OK, past changing carriers (we have a similar device from T-Mobile US that works over "any" IP transport), it will depend on the latency of your link.

The femto-cell almost certainly encrypts all its sensitive traffic already, so you almost certainly don't need to worry about that. The ones I've worked with require UDP 500 and 4500 to be available (IPSEC with NAT traversal), as well as 123 (for NTP).

However, if you bridge the networks, you should secure the channel to protect your office traffic.

Not knowing what you've got "at work" for border gateways, it's hard to say what your options are. It may already have VPN access.

Edit: Your provider should be able to tell you what ports and protocols need to be open. The "quick start" guide for the device may have that information and you may be able to download it from their website.

It might well do sip over TLS and SRTP rather than ipsec.