Connect 2 Networks over WiFi

Because your public IP address will change based on the access point you are connected in through, you'll need to use a Dynamic DNS (DDNS) configuration.  The optimal solution would be to outfit the truck with a dedicated firewall that exposes a single port (VNC) on a single server.  This can easily be done with just about any firewall.  On that server, then, install the VNC Repeater component, which will act as a proxy servewr and allow you to jump to ANY other VNC server on the local (in-truck) network.

When you get to a new location, you'll connect to the local access point, and the DDNS service will be updated with the new IP address.  You can then use the DDNS node name to access the VNC repeater, and then get into any inside computer from there.

I'd install something like AnyDesk (paid service) or Google Remote Desktop (free) on one of the Servers then you can connect to it via the client. From there VNC from that server to the others.

Why not use TeamViewer, LMI, ScreenConnect or one of the other solutions that is made for this?

Bill's suggestion won't work if the local Wi-fi is behind a firewall or NAT that you can't control.

The problem might be that servers are headless.
I want to use VNC to view the screen that is not there.
If i connect one pc to the wifi it will be on a different network, the computers need to be on the same network as they communicate via python to turn on and off machines in the truck.
The router uses static ip's in the range of 192.168.0.100-192.168.0.100
There is one PC with monitor in the truck connected to network.
I was hoping to find a way to give the router or network, internet access.

To have same IP address you must use Cellular Network connection  device and use it as your Router.
Something like this one

https://3gstore.com/product/6156_pepwave_max_br1_3g_4g.html?gclid=CjwKCAiAm7LSBRBBEiwAvL1-LxYVIqD2rTC1T3o8gOHJXMfKDiBtjFkPkK5pm35H9zEdo_-IX7enWBoCYh8QAvD_BwE

Then you need to configure internal Firewall to give your access to internal network inside your truck.

Speed is not going to be a superfast but for remote access to one of your server inside truck it's going to be enough as long as truck is going to be in network coverage.

If you ate effectively borrowing a wifi connection each place you ate at them you need a wifi bridge or can often set up routers as one - I. E. They connect to a wifi network then present it on one or more ethernet sockets which connect to your servers or existing network switch.

Or as suggested above use a 3g / 4G router with mobile data.

I would use an outgoing connecting service like team viewer,  logmein or the like.  I use Aeroadmin which is great and free to use for personal use so you can try and once working purchase a license for your remote  viewing pc.  As long as that has an Internet connection of any sort it can connect outwards and allow you to remote on.

If you are using different wifi connections you would need details of the external ip for each one and ability to port forward on each router your incoming vnc connections which I presume would not be the case.

Steve

Your diagram needs a clear description to go along with it.  Rather than starting out by mixing the setup along with the objective, I'd start with the setup.  So I will:

It appears that the servers are already connected to the internet with their own public IP addresses.  But, it's not clear how those connections are being made.  Is it via a broadband cell system?

You say:

How can i connect to this network without changing all the IP addresses?

There is nothing here to suggest a need for changing IP addresses.  So this is most unclear.  Stick with describing what you have and ask the first question by itself.

You say:

Each server talks to the other through static ip's

But you don't say that these are public or private IP addresses.  That's a big deal!  So please tell us how the servers actually communicate: e.g.
"Each of the servers is on a public IP address and can access the others through those addresses"
or
"Each of the servers is on a private LAN and can access the others on the LAN"

Here's a wild guess;
Each of the servers is connecting to the internet using a cell-based connection.  So, each one has a dynamic public IP address.  Yet, somehow they are communicating with one another.  So this may imply that they have STATIC public IP addresses???
I can't begin to guess what the "router" is doing except connecting to a local WiFi access point.  So there's another internet connection I guess but how does it connect into the network?  (unspecified).

Fred Marshall:

Right now there is no internet connection only a router providing ip's inside the truck. There is no broadband or gsm service. Im trying to find a way to connect to the internet with what we have built.

I think i have found my own solution to this problem after consulting with a colleague and networking expert by the name of Slava. He suggested that we build a VPN system to connect to using Amazon servers with DDNS. This will give us internet access and control over our Ip's while still being able to connect to (lets say) a McDonalds wifi. I think this is the best solution so far ill wait to see if anyone disagrees. Thank you all for your input!

I have also considered GSM/Cellular network however my boss said no because we already have a lot of problems with GSM dead zones aound the country. Thank you for your suggestion!

Zeke Rich:  So you don't have an internet connection and would expect to grab one with a local WiFi hotspot.  OK.
So, you sure as heck aren't going to have public IPs on the servers.  My reasoned assumption there.

Given an internet connection via a WiFi hotspot then you have many ways to connect to the outside world.
Steve Knight mentioned using TeamViewer and I like using GoToAssist.  All of those services install a little server program on your computers (well you do the work) and those report out the current IP addresses to the service's central servers.  That way you can change the internal IP addresses and not lose the capability.
I use VNC but NOT for over-the-internet connections; only internal ones.  My bias here is about setting up ports on the routers and, in your case, you may not be able to deal with the WiFi hotspot interfacing routers at all.  The services work from the inside out while VNC works from the outside in.  The former is much easier and much easier to deal with firewalls, etc.

You install the service software on each computer on your network.
With GoToAssist, you can access them all at once - well one screen at a time but you can "hop" from one to another with a mouse click.
I don't see how Amazon would help with this so, to me, that's simply another complication that's not worthy of discussion here or now.
Once the computers have been set up with the remote access you will also want them to be accessible "unattended" which is part of the capability offered.  Then you can access any computer at any time without any human intervention.
It doesn't matter if the computers are headless.  In fact, this is one good way to manage headless computers even from the inside.
You can remote into a headless server from a workstation in the van or from your workstation in Peoria.

Fred: If all the computers are not wired and only have wifi how will they talk to eachother if they connect to a hotspot? They will be on a different network.  I think you are missing the point.  When debugging software i need one server to tell the other server to turn on a motor or turn on a lighting system. Cant do that if i connect to a outside network. I mainly need to use Putty not so much VNC also SFTP.

It doesn't matter if the computers are wired or connected with WiFi.  They will still all be on the same LAN subnet if you control the subnet.

Now, if the subnet is controlled by a WiFi hotspot then they may likely have the feature turned on that isolates the computers for privacy reasons.

So, you would need a local WiFi router or extender that itself gets connected to the foreign WiFi hotspot AND provides NAT so you have your own subnet and can communicate across it and with the external stuff as well.  I've done a lot of systems but not one with this particular set of characteristics.  You may be able to do it with a router using dd-wrt firmware:
https://www.dd-wrt.com/wiki/index.php/Linking_Routers
See Repeater/Repeater Bridge.
What you need is the Repeater:

Repeater - A wireless repeater with DHCP & NAT enabled, clients on different subnet from host AP (primary router). Computers connected to one router can not see computers connected to other routers in Windows Network.

I looked at a few commercial products but none that I found had this particular feature set.  Most with NAT had Ethernet WAN and you need both wireless WAN and a separate wireless LAN.  You might look an Engenious and Ubiquiti products.  I installed a 2-band system that received an upstream link on 5GHz and works as an access point on a separate subnet at 2.4GHz.  
Otherwise, if you use something like WDS then you can lose half the bandwidth.  For your purposes this may not matter.  The advantage of using 2 bands is that may well receive and transmit at the same time - between bands.  
Consider that a WiFi link is generally half-duplex to begin with.  Then, if you link two of them using the same radios, you end up with quarter duplex or half the original bandwidth.
But, I sense that this won't matter much to you - so dd-wrt, Engenius or Ubiquiti may be the best places to start looking.

If they're headless VNC won't work, nor will any other remote desktop app. You'll need to SSH or Telnet to the boxes. That means VPN is probably the only way. You would need 3/4G for that unless you can get a box to VPN to outside the host's network.

If not headless, I suggested remote desktop solutions in my first post.

I'm using GoToAssist all the time with headless computers.  In fact, it's about the only way I know how to efficiently deal with them.
I also use RDP and VNC, internal to the network for backup access.
So, if I can reach one computer on the network, from the outside, with GoToAssist, from there I can access another workstation inside the network with RDP.  With RDP, I can install VNC.  With VNC I can install GoToAssist on the 2nd computer.  So it all begins with RDP in cases like this.
The reason why it works this way is because RDP doesn't show the actual screen but VNC does - and GTA requires that you be able to see the actual "screen" while installing it for unattended access.
Maybe Craig Beck and I mean different things by : "headless".
I mean computers with no monitor, mouse or keyboard that boot automatically when power is applied - Windows logged in or not after power is applied.

You're right, Fred. I'm meaning Windows Server core, etc.

You need two WiFi devices, one to act as a "client" to connect to local WiFi services, and one to act as an Access Point for the computers to connect to.

Connecting to McDonalds/Starbucks etc is however going to be a little more involved, first you need to get the WiFi devices that acts as a client to connect to the appropriate SSID, and then you might need a "computer" to "sign in"/accept Terms of Service etc.

As an alternative, I'd suggest a 3G/4G MiFi device with a suitable data plan.

ArneLovius: We have one PC with a monitor on the truck to login/connect to WiFi hotspots. 3G/4G is not an option Boss says. Too many cellular dead zones across the country. Thanks.

The servers have a custom shell for bootup on power and bootdown on power loss with UPS.

I looked at dd-wrt to refresh my memory.  The Repeater mode says that it does what's needed - including NAT.  I don't know what's missing from this and it's pretty easy to try out.
You may prefer to purchase a wireless router with DD-WRT preinstalled but that may be slightly challenging.  Buffalo seems to offer one with their own version which isn't the full deal.

If you do connect to a "public" wifi connection you may need to connect via a captive portal, so your boss needs to understand the challenges associated with that.  Someone will probably need to log in to the service before you can use it, so a headless setup won't give you the capability to do that.  It may not be feasible to do some things at one site and some things at another site, so 4G is looking like the most attractive option, unless coverage is really that bad in some places.

Steve Knight mentions the small travel routers at https://nerdtechy.com/best-portable-mini-travel-wifi-router.
I did look at that but didn't find any that had but Ethernet WAN ports.
Did I miss something?  That would be nice.

Yes, he needs wireless on both sides.  That's kind of a big deal but not unsurmountable.  That's why I went toward DD-WRT, Ubiquiti and Engenius.  

I've done that sort of thing in hotels where I use an Ethernet WAN Buffalo travel router with WiFi LAN for in the room
Once you get connected vai the WiFi with a phone and open a browser, the browser goes to the site's login page.

I've also connected to wireless systems like this:
The WiFi system management subnet is on a separate subnet from the access point's DHCP - but the access point is the way in.
So you set up a static address on a laptop wifi interface that matches the management subnet and then connect to the WiFi access point as usual (or vice versa).  Once connected via the WiFi, the management subnet is accessible - even though the DHCP would have put your device on the other subnet.
Perhaps not exactly the same thing but somewhat related.

Another approach, IF there's a problem at all, would be to mimic the router's MAC address on a laptop and sign in; then switch to the router.  But, as above, I've always found that a phone can "reach through" to login.
But, we don't know that this is a problem for Zeke Rich.

I would be a little worried that I was relying on free wifi from McDonald's or whatever to run my truck frankly!

Steve Knight, McDonalds was used as an example as we are not going to disclose our clients name for obvious reasons?

I found this website with modern routers pre-flashed with DD-WRT.
https://www.flashrouters.com/routers/router-types/dd-wrt

Here is what I tried to describe for the van:

External "foreign" access point signal / SSID
Router (as from the above link) set up in Repeat mode:
    WAN side: connects to the foreign access point.
    NAT in the router translates the WAN IP address to the "internal" LAN subnet range.
    LAN wireless has its own SSID e.g. "VAN_SSID"and security mode.
    LAN in the router with DHCP supports devices connected to the LAN either wired or wireless.
Computers in the van connect via VAN_SSID wireless signal.

Computers in the van are configured with GoToAssist, TeamViewer, etc.  one of those for your remote management computers.
Your remote workstation accesses any or all (at once) of the computers in the van.
You can work on all the computers in the van as you require and can jump from one to another on your workstation screen very conveniently at will.
There's no interaction with the foreign access point router(s) at all.
The one exception might be if the foreign access point requires a login to gain internet access - such as might be found at a hotel.  In that case you may need to log in with one of your computers first.  No matter how you do this, that would be needed.

I hope this is clearer.

[I've not used this exact configuration but certainly have set up DD-WRT routers in WDS mode as extenders - which is similar.  But, the manual says the Repeat mode does this.  So, it looks very promising for this application.]

I don't understand why this is getting so complicated. It just needs a client bridge connected to the wifi and a remote admin app installing.

If there's a captive portal that can be logged into at the same time that the client bridge is connected to the wifi.

Craig - Agreed... just go and get a suitable router.... and connect it... and while you are at it use 3 x Cat5 cables for the 'servers' rather than bizarre WiFi inside a tin box truck with random amount of unknown networks around you using up bandwidth and leaving traffic between your servers competing with bandwidth.

I sure agree with cabling inside.  It just wasn't in the context of the Author's question.  Still very good advice.

What "client bridge" might be recommended?

Anyway, doing this switches
from:
wireless-wireless
to:
wireless-wired still with NAT.
So my belabored description seems to apply except for the wired part doesn't it?

Zeke?

Something like this...

http://uk.tp-link.com/products/details/cat-5090_TL-WR902AC.html

It will connect wirelessly to the hotspot and give you a RJ45 connection to the router in the truck.  All you'd then need to do is log in to the captive portal via one of the servers or a laptop connected to the truck network and you're done.

Wow! Craig, Steve, Fred, Amazing work guys! Real Experts! So many wonderful suggestions! Im headed to Fry's in the morning to buy the Travel Router! Ill hook it up on Monday and let you know how the testing goes! I appreciate all the feedback and hope you all have a wonderful weekend! Thanks again! -Zeke

You may need to buy a simple 5-port or 8-port switch unless the router has more than one RJ-45 port.
That's so the cables you'll be adding in the van to each computer, printer, .... device will need a place to plug in.
Just plug the switch into the new router and also each of the devices that are in the truck.

Hi guys i purchased the travel router tp-link tl-wr802n however it is assigning a new IP from each ISP I connect to. I can already accomplish this with the system i have now.

Im not sure I explained correctly what I was trying to accomplish.

I have a local (3 web server) network that I would like to keep the local IP's static, i need to pull pages from each server without the ISP assigning new local IP's each time we stop and losing the connection. I need to be able to assign Port forwarding so i can log into each web server and check on it.
Inside the truck is a touch screen that needs to pull pages from each webserver for the client to chose the augmented show they like.

I think what im trying to accomplish is called "Tunneling with a VPN"?  Will this keep my IP's from changing?

Will vpn gateway with upnp port-forwarding solve my problems?

Im not sure why i purchased a travel router? Pretty useless. I feel like i took retard pills for buying this thing.

Also I tried adding a DDNS and it gets stuck at the ISP's (McDonalds) firewall. Pretty useless.

To be extra clear logging into a captive portal is the least of my worries.

This looks like what im trying to accomplish: https://www.sonicwall.com/en-us/support/knowledge-base/170505256117325

it sounds like you don't have NAT turned on or available in that router.  That's why the IP addresses are changing.  What is the router model?
I'm not sure about DDNS being blocked because it works from the inside out.
You would have a little server program running on a computer.  It contacts the DDNS server saying "here is my IP address now" and that would be the McDonald's public IP address with a port number (really just an address extension) which will talk to your computer.  So, I think it's not much different than reaching any web server.

You say you have web servers and want to keep the local IP's static.  That's what the NAT will help accomplish.
I might be picky about words and say maybe you have http servers and want to keep the local IP's static.
I then might say if you had WEB servers then they would have to have public IP addresses which you can't do this way at all.

Because you have to open ports for VNC and because you can't open ports in a foreign access point (e.g. McDonald's), I strongly suggest you use something like GoToAssist, GoToMyPC, TeamViewer, etc.  Have you tried that?  You would put the program on each computer you need to access and they would have a little server running that acts like DDNS.  Then it doesn't matter where they are located.  But you still need NAT.

The travel router should be connected to the McDonald's access point LAN on its WAN/Internet side via wireless.  Lets say it gets an address of 10.0.10.233 on the subnet 10.0.10.0/24.
The LAN side of the router, via NAT, might be 192.168.1.0/24 using 192.168.1.1 for itself - and the computers will be maybe 192.168.1.2,.3,.4,etc.  The public IP address that's apparent will be McDonald's 53.6.111.61   :-) well, not really that one!

You are NOT going to get port forwarding through McDonalds.  That was my point about setting up VNC.  As I understand VNC, you have to open up ports.

Years ago I wondered how the packets would return to MY application when I was on a private LAN and communicating with the internet.
How did the return packets reach my computer much less my particular application instance like a browser window?

The browser window sends out a link click shall we say?  It's directed to a web server address.


The computer adds a port address to identify that browser window - which becomes part of the packet.
The local router adds a port address to identify that computer  - which becomes part of the packet.
The NAT translates this packet into one that will return to the public IP of the router to a port that represents the LAN IP address of my computer.
The packet arrives at the destination which responds to the incoming packet and sends a response to the local router's IP address/port.
The /port is translated by NAT into the LAN address (and port) for my computer.
The computer translates the return packet to reach the web browser window.
There is no port forwarding in the "settings" sense.
It works the same way with GoToAssist, etc.

Now, I'm pretty sure that things I've said *do* make sense.  So, exactly what does not?  I'd like to help clarify.

Thanks for your response steve, I do need to have access to the van through the internet. The people in the van barely know how to turn on a computer. We are planing to have a dozen new vans each year. I need to access all of them from the office and also have them connected to a monitoring service while they are in operation.

Fred Im sorry if i am getting frustrated it is a lot to try to understand all at once, i appreciate your input. I will try to turn off NAT on the router tomorrow in the am. Thank you

I suggest then maybe you should get a local network expert involved as it sounds like you have a couple of issues I would suggest something like each van has its own wired and wireless network if needed each van needs to use a different IP range and then you should have the Bands make an outgoing VPN connection back into your main office router

I agree Steve but before i pay 200/hr to a network expert who is trying to keep a running tab i need to understand whats going on and what I actually need vs. going into this completely blind with a signed blank check.

This may seem like a flawed business model to you guys because it is. We already have an agreement with another company will outfit our trucks with a working system for $35,000 each truck. With my system we will be saving $30,000 each truck if i can get it to work, its already working perfect except for the networking end.  But i feel like im speaking chinese here.  Because some people are not understand my half broken jargon at all. Also my clients are not McDonalds it more like Mc Donell Douglas. But the name of the client is not really important. They still wont give us access to their system other than a WIFI.

Sorry you feel like we don't understand what you're trying to say.

To me, looking at your network diagram, it wasn't clear that you already have the means to connect to a wifi hotspot from the network you already have.  It just looks like you have a wireless router which connects your truck network but nothing to connect it to the internet, hence suggesting the travel router.

If you need to connect to someone else's internet connection you will never be able to stop the ISP from assigning a different IP address every time you go to a new location.  That's just how it is.  Unless you take a business-class 3/4G connection with a fixed IP you'll never get this from site to site.

Without wanting to sound rude, I think this is being overcomplicated.  The solution should be simple.  This takes me back to the point around using a remote desktop solution.  That is the simplest, cheapest and easiest way to get into the network from anywhere and is a tried-and-tested solution.  The app will make the connection outbound to a remote server (much like the AWS VPN would) so that you can get in from the internet-side.  You simply need to use the client app to get in.  You don't need to worry about networking, NAT, VPN or anything else.  Just connect to the internet and it'll work.

OK... then separate it.  3 x PC's connect to cheap 5 port network switch in VAN with cables.  Then connect one or more to the internet though WiFi.  the fixed addresses remain on the network cards to talk to each other.  They can always communicate with each other through cable, whatever outside world connection you get through Wifi, 3G or whatever is accessible too.

So, the truck PCs connect to the wireless router, as before.  The travel router connects the wireless router to the venue's wireless network.

The wireless router contains the truck servers/PCs on its own wireless network.  The servers/PCs can all have the same static IP addressing forever.  They use the wireless router as their default gateway.  The travel router connects via wire to the WAN port of the wireless router.  The travel router also connects wirelessly to the venue wifi, thus bridging the internet to the truck wireless router, and therefore the servers/PCs.  A remote desktop app on each server/PC connects to the internet via the connection and you can control it from anywhere.

I believe that Craig Beck and I (at least the two of us and likely more) have now all tried to convey the same approach.  It's frustrating that you think that somehow it won't work.

Rather than turning NAT OFF, you have to have NAT ON (on the travel router).  You mentioned changing IP addresses.  With NAT turned on, there won't be any changes to the LAN IP addresses.  But if you meant the WAN address then it is going to change outside of your control.

This seems pretty easy to accomplish.  Maybe not for you right now and that's understandable.  The hesitancy to accept solid advice is puzzling.  There's a big difference between saying "I don't have it working yet, what should I change?" vs. saying "That approach just won't work!"  when you're an admitted newbie to this stuff.

It would be a great idea to share your *new* diagram with us so we can all be on the same page.  
Plenty of us appear to be willing to stick it out with you.  So take advantage.

Thank you Fred for all your help, I really Appreciate it, it has been a very frustrating and daunting task to understand networking however I think I have finally made some progress thanks to your persistence in helping me. I eat my words now about the travel router. It was a magnificent idea indeed. Today I was able to connect the travel router and remove the other router completely. So now we have a tiny little router set up as a access point that seems to be doing exactly what we need! I was able to:

• connect it to a wifi
• shared the internet with my private network
• reserved some static private ip's in a range that hopefully wont conflict with any subnet: 192.168.13.100-192.168.13.199

I think my hardest part was understanding that 2 private LAN networks could be on the same public ip. That was difficult for me.
Thanks again for sticking with me through my frustration.  Tomorrow I will practice with some services to see what i can get to work with this new private network behind the company router. Team Viewer etc. VNC and ill look through this thread again I know you mentioned a few!

I did keep everything wireless and the client is super happy because they want to control the servers separately now from ipad touch screens wirelessly for demos of the system etc.

I will make up a new diagram at work tomorrow and post it =)

Thanks again everyone!  For a awesome day!

Ok I finally got everything working. I was able to connect from behind a firewall using real VNC which dials out to their cloud connection and lets me in from my pc, even behind 2 firewalls.  I will upgrade to Professional or Enterprise edition VNC so I can transfer files between computers.  This is exactly what I wanted! Works perfect! I can VNC into each pc and open a terminal window, it even lets me switch user accounts on the main pc without logging me out of VNC, amazing.  The drawing is still the same. Other than using the Travel router which made a hot spot for me with ease! Much easier than bridging a router.  I purchased 2 TP Link Travel routers, one with N-channel and one with AC-channel which just arrived in the mail. So far the N-Channel has been performing flawlessly.  This was a pretty simple set up. I just needed to understand what was going on and the difference between LAN and WAN which i was very dumb on. Thank you all for helping me get through this. I wish i could buy you all a round of beers. Cheers.

Good, I wasn't aware that Real VNC now worked like the other tools with a go-between service to deal with two outgoing only connections, interesting and will have to review that myself alongside our other remote access methods.

Think it may be appropriate to split the points here as you have only assigned to me... I can re-open it and you can re-assign?