Via up to six physical WAN connections of a Multichannel VPN Router (DSL connections, 3G, 4G, et al.), an SSL-based VPN tunnel is established to a Multichannel VPN Hub in a data center. Within this tunnel, real bundling takes places - it is realized by the Viprinet bonding technique developed uniquely for this purpose. The connection between the router and the hub is encrypted via SSL. The "actual" connection to the Internet starts at the hub. In addition, the hub is a node/junction for a company network established via Viprinet. The hub routs the corresponding networks, provides NAT or serves as interconnection point to the Internet or to further company networks.
The Viprinet Principle
How does the Viprinet principle work in detail?
Why do I need two devices?
You need two devices, a Multichannel VPN Router and a Multichannel VPN Hub, because an encrypted VPN tunnel is established between them, bundling the different connections and distributing the transmitted data among them via the unique Viprinet method. Thus, the router "chops" the data streams, which have then to be reassembled by the hub.
How is the Viprinet system different from load balancing?
The maximum bandwidth available for one session corresponds to the bandwidth of the physical line. While with load balancing, bandwidth is restricted to the maximum of the line with the highest throughput, Viprinet uses the total bandwidth of all cumulated lines, downstream as well as upstream.
For example: An office is connected to the Internet via 1x DSL 16000 and 2x DSL 6000. With load balancing, a single employee would, in the best of cases, be able to only use 16 Mbps, while Viprinet would allow for up to 28 Mbps. In addition, all sessions established via a load balancer are terminated in case of the loss of even one line. This is especially problematic for HTTPS connections, e.g. during online banking, as the sessions are terminated and the user has to login again. With Viprinet though, only the total available bandwidth changes, while the sessions are maintained.
Why is the Viprinet system better than other systems, e.g. better than WAN balancing?
WAN balancing reduces the probability to be completely offline but it cannot prevent HTTP sessions or connections from breaking down. Only the Viprinet technology renders this possible, as it combines all available connections to a single line. If one of the connections fail, you only notice a reduced bandwidth.
How secure is the Viprinet VPN?
Viprinet uses an SSL-based VPN tunnel, encrypted by 256Bit AES, and distributes the data on six and more different connections; packet integrity is guaranteed with SHA-1. Anyone eager to access data within the tunnel must intercept six different, encrypted streams at the same time, decode them and reassemble them afterwards in the right order.
Which bandwidths are possible?
The maximum bandwidth depends on the router used and the available connections. Multichannel VPN Hubs are able to achieve bandwidths of up to two Gbps, Multichannel VPN Routers have a maximum bonding capacity of up to 200 Mbps. This means that one branch office may be linked with a maximum capacity of 200 Mbps, while a Multichannel VPN Hub 5010 may terminate up to ten of such branch offices with 200 Mbps constant load each - in practice, more than hundred of such branch offices may be terminated at one hub due to mixed calculation in broadband utilization.
What makes Viprinet so special?
Is bonding also possible without a Multichannel VPN Hub?
No. Even a simple Internet connection needs the operation of a Multichannel VPN Hub, so that a VPN tunnel may be established.
Which qualifications does the data center I want to operate a Multichannel VPN Hub in have to fulfil?
A symmetric connection as well as a static public IP address for free usage are an absolute minimum for the operation of a Multichannel VPN Hub. Here, the cumulated bandwidth of the branch offices must not exceed the bandwidth of the Hub connection. We recommend a connection with a bandwidth of at least 100 Mbit/s as well as a public subnet of the size /29 though.
Can I use external SDSL or leased-line routers with Multichannel VPN Routers?
Yes. You can connect external SDSL or leased-line routers via the Viprinet Gigabit Ethernet Module. DHCP Client, Static IP and PPPoE are supported.
Can I run Multichannel VPN Routers with USB sticks for 3G / UMTS or 4G / LTE too?
How does your solution cope with the different latencies of connections?
The total latency of a tunnel is geared to the connection with the highest latency within the tunnel. However, it is possible to define via QoS how high the latency for corresponding traffic (port, IP, Type-of-Service) is allowed to get, and if high-latency connections can be implemented into the bundling method for certain kinds of traffic.
What happens if a device has already been given a static IP address from a provider?
The static IP address loses its original function as it is needed for the operation of the Viprinet VPN tunnel. However, should you for any reason need one or more static IP addresses for you devices, we will be glad to provide them for you.
What do I have to keep in mind when using VoIP?
Bonding different ADSL connections to use them for VoIP telephony is no problem at all. It's important though that you have available a guaranteed bandwidth with low latency. These adjustments can be made via the specific Viprinet QoS settings for VoIP. We recommend testing such a setup.
Multichannel VPN Router/Hub
How is a Multichannel VPN Router different from a Hub?
Multichannel VPN Hubs are different from Routers in that respect that they are tailored to the needs arising from serving as a remote station. According to this, the router is the device for the branch office while the hub stays in the data center.
How do I set up a Multichannel VPN Router or Hub?
For the initial configuration, you need the setup tool, which you can easily download from our website or the setup CD enclosed in your package. With that, a VPN between Multichannel VPN Router and Hub can be configured step by step. You can do any further configuration in the web interface of the router or hub.
How can I monitor the Multichannel VPN Router or Hub?
To monitor the Viprinet infrastructure, you have SNMP and Syslog to your disposal. Furthermore, you can conduct a real time diagnosis with a graphic monitoring tool.
Which ports do I need to open in firewalls, proxies, etc. in order to establish a Viprinet VPN tunnel?
At the WAN ports, TCP port 443 is needed for incoming connections. The LAN port doesn't need any incoming connections to build up the Viprinet VPN tunnel; to use the firmware update mode, only ports 53 and 443 must be available outgoing.
Hot Plug Modules
What does "hot plug" mean?
"Hot plugging" means the changing and changeability of system components and modules during active system operation. For Viprinet modules, this means that they can be plugged into or removed from the respective Multichannel VPN Router at liberty without affecting the router. This way, the existing bandwidth can be increased during active operation without Internet disconnect. Due to that, any maintenance downtime is omitted since Viprinet devices don't need to be cut off power on module change.
Which Hot Plug Modules exist?
- ADSL 2+ Annex A
- ADSL 2+ Annex B
- CDMA 450 Bands A/H/L
- CDMA/EV-DO (Sprint USA)
- CDMA/EV-DO (Verizon USA)
- Gigabit Ethernet
You can find more information on the Hot Plug Modules webpage.
Will Viprinet offer modules for future technologies too?
Can I combine any kind of module?
Web Interface of Multichannel VPN Routers/Hubs
Which configuration options do I have in the web interface?
In the web interface, you can adjust the following et.al.:
- Module / Slot configurations (Access datan, VLAN, MTU, etc.)
- Advanced LAN settings
- Tunnel configuration (depending on the component QoS)
- Routing and NAT
- License management
- VPN client configuration
- User management
Viprinet VPN client
How does the Viprinet VPN client work?
Individual computers trying to access a VPN infrastructure from the outside, e.g. field workers with notebooks or home offices, can log onto a specially configured Multichannel VPN Hub via the Viprinet VPN client software. The VPN client mounts itself as virtual network card into the OS and afterwards uses - comparable to a Multichannel VPN Router - all available online connections of the device dynamically, e.g. UMTS/3G and WLAN. To set up a VPN client, a separate software with a separate license is required.
Which operating systems does the VPN client support?
MacOSX (10.6 and higher)
How do I set up a VPN client?
To set up a computer or laptop as VPN client, you will need to install the Viprinet client software, which you can download from this website at Downloads. At the same time, you will need a VPN client license which you can purchase from our certified sales partners. Next you will need a Multichannel VPN Hub which you can also purchase or rent. To activate the license, it must be bound to the hub. After that, you install the client software on the respective operating system. Please note that you will need admin rights for the installation, since a new Internet connection will be set up. Also, the operation of the VPN client service needs admin rights. As soon as the installation is finished, type in the account data you have previously set in the respective web interface section of your hub into the empty boxes of your VPN client (username/password). In the last box, enter the public WAN IP address of your hub.
Hub Redundancy System
How does the Hub Redundancy System work and what is it good for?
The Multichannel VPN Hub in the data center to which all Multichannel VPN Routers connect forms a single point of failure - if it fails, all routers are offline. Thus, it's important to safeguard it especially. The Viprinet redundancy system ensures that a Multichannel VPN Hub that has dropped out will be replaced automatically. For that, several hubs are combined to a group and within this group defined as productive or monitoring hubs, so called "hot spares". Each productive hub sends out heartbeats as well as encrypted configuration data to all hot spares that are part of its redundancy group. If this transmission stops, or rather if a WAN or LAN port of a productive hub fails, a competent hot spare activates the configuration last received and replaces the faulty hub.
Can I distribute hot spares over different data centers?
Yes. However, an L2 Ethernet connection must exist between the corresponding data centers.
Why is a layer-2 environment necessary?
On the one hand, the L2 environment is necessary for a Multichannel VPN Hub configured as hot spare to be able to monitor the productive hub assigned to him. On the other hand, the L2 environment enables a hot spare to take over configuration and tasks of a dropped-out productive hub without creating an IP address conflict.
How can I configure a Hub Redundancy System?
First, you need to create an ID and a password for a redundancy group. Fill in both into the web interface of each Multichannel VPN Hub to be assigned to this redundancy group. Choose the hub running in hot spare mode via configuration. This hub will reboot and afterwards fulfil this function. You may operate several hot spares to increase the rate of redundancy this way. If a productive hub fails, all hot spares belonging to one redundancy group negotiate with each other which device will replace the dropped-out hub.
What do I need to be able to use the Hub Redundancy System?
You need several Multichannel VPN Hubs 1000/1020 (with Hub Redundancy license), Hubs 2000/2020 or Hubs 5000/5010 able to communicate with each other on layer 2 (L2).
You can purchase the Hub Redundancy System in the form of license keys which you have to register once via the license activation system of the Viprinet website. You will find more information on this topic at Additional Features License Activation.
Hub Tunnel Segmentation
What is Hub Tunnel Segmentation?
This Multichannel VPN Hub feature allows for terminating several different customers on the same hub with their data traffic being treated completely separated from each other. Thus, several customers can use the same private IP networks being at conflict with each other. This means that e.g. the subnet 192.168.0.0/24 can be multiply terminated. Here, the tunnel segmentation works similar to a VLAN system.
This feature is especially important for ISPs, as they are then able to terminate several customers with different sites respectively on one shared hub, considerably reducing operating costs.
What do I need to be able to use Hub Tunnel Segmentation?
You can purchase the Hub Tunnel Segmentation in the form of license keys which you have to register once via the license activation system of the Viprinet website. You will find more information on this topic at Additional Features License Activation.
License keys must be purchased for VPN Hubs only; for Multichannel VPN Routers, this feature is neutral. Here, no license key is required.
How do I set up Hub Tunnel Segmentation?
After the activation, you have a box "SegmentID" at your disposal in every VPN tunnel configuration at the Multichannel VPN Hub. All tunnels are logically connected via the same SegmentID; tunnels not sharing this ID are unable to communicate with each other though. Additionally, SegmentID-based NAT and port-forwarding configurations are possible.
Enhanced SNMP Monitoring
What do I need to be able to use enhanced SNMP monitoring?
To be able to use normal SNMP monitoring, you need a network monitoring software like e.g. NAGIOS. For simply reading out of SNMP information, SNMPWALK should suffice.
How do I set up enhanced SNMP monitoring?
You can purchase the enhanced SNMP monitoring in the form of license keys which you have to register once via the license activation system of the Viprinet website. You will find more information on this topic at Additional Features License Activation.
After the activation, you may insert the desired community string in the web interface under "AdminDesk - Logging & Maintenance - SNMP Settings", and activate SNMP.
How does Streaming Optimization work?
Streaming optimization means an autotuning and bonding mode especially optimized for streaming applications, improving the transfer of very latency sensitive data via unreliable media such as UMTS/3G. Here, attention is paid not so much to an increase in bandwidth but rather to the maximization of the likelihood that every package is already transmitted correctly at the first delivery attempt. For that, every package is, if necessary, transmitted multiply over every available line via a heuristic procedure. The remote station then only considers the packet that has been transferred entirely and fastest.
What do I need Streaming Optimization for?
Many applications work with very latency-sensitive data. People doing mobile video streaming, for instance, are dependent on low latencies of the Internet connection used to enable fluent streaming. However, mobile data transfer often means having to resort to UMTS/3G which, as transfer media, is very disadvantageous due to high latencies. Here, Streaming Optimization comes into operation: With this new autotuning and bonding mode, the transmission of latency-sensitive data via unreliable media such as UMTS/3G can be enhanced. Thus, even mobile RDP and Citrix applications work successfully.
How do I set up Streaming Optimization?
After the activation, you may choose and use the new bundling method "BondingDiversity" in the corresponding QoS traffic classes. BondingDiversity is a realtime-optimized bundling method especially built for latency-sensitive traffic.
What do I need to be able to use Streaming Optimization?
You can purchase Streaming Optimization in the form of license keys which you have to register once via the license activation system of the Viprinet website. You will find more information on this topic at Additional Features License Activation.
For this feature to work correctly, corresponding license keys are necessary for the Multichannel VPN Hub as well as for every single Multichannel VPN Router for which Streaming Optimization is to be carried out.
Which operation purpose are the knuckle antennas enclosed with some Hot Plug Modules suited for?
The knuckle antennas are suited for all applications showing good mobile phone reception in the first place, i.e. 4 bars minimum on a cell phone display. For all other cases, e.g. the operation of a Multichannel VPN Router within a reinforced concrete building or a cellar, further antenna solutions are available.
Can I only use the listed antennas for the Viprinet system?
No. Most Viprinet Hot Plug Modules are equipped with an SMA jack suited for the connection of diverse antennas. Here, it is advised that the antennas used are optimized for the respective frequency range depending on country and 3G/4G technology. In case you would like to use antennas of third-party suppliers, we strongly recommend you consult a telecommunications electrician, especially when an outdoor installation is concerned.
My device is defective. What can I do now?
As soon as you notice that your Viprinet device is defective, please contact your Viprinet vendor. In case you have bought your device directly from Viprinet, or your vendor is unable to help you, please call +49 6721 490 30-0 or write an email to email@example.com. Please have the serial number as well as the invoice of your device ready in each case.
Can Multichannel VPN Routers also be rented?
How do I find a sales partner for Viprinet products in my vicinity?
On the Viprinet website, you can find a list of all Viprinet sales partners at Viprinet GmbH / Supplier. In addition, you can contact the Viprinet headquarter in Bingen am Rhein, Germany, by call at +49 6721 490 30-0 or by email at firstname.lastname@example.org. Your requests will be attended to as soon as possible or passed on to the Viprinet partner nearest to your location.
Warranty and Guarantee
What's the difference between warranty and guarantee? Why should I buy a guarantee license?
Warranty is a legal claim and is always issued from the vendor to the customer. Viprinet only sells to commercial customers and offers them 12 months legal warranty. Other vendors of Viprinet devices may handle this differently. Regarding legal warranty, please always contact the company from which you bought your devices.
Voluntary manufacturer's guarantee is issued by Viprinet themselves, independent of when and where the device was bought. For 12 months beginning with the purchase of the device, manufacturer's guarantee is free. For 4 weeks after the purchase of the product, guarantee can be extended to 3 years with a guarantee license. In the case a device becomes defective, processing of the repair is handled by certified Viprinet partners and distributors. Viprinet only repairs devices with undamaged guarantee seal. In this case, repair is usually free of charge within the guarantee period (if the devices were operated as intended). After the guarantee period, repair may be liable to costs.
How long is the warranty period for Viprinet products?
Can I additionally get guarantee for Viprinet products?
How can I get guarantee on a Viprinet product?
For every Viprinet product, you can purchase a guarantee package in form of a license key which you have to register once via the license activation system on our website. You will find more information on this topic at Support / Service Extension License Activation.
For which countries does Viprinet offer extended guarantee?
There is no limitation. Viprinet sells guarantee packages to customers from all countries where Viprinet products can be bought.
Up to when can I purchase a guarantee package?
The purchase of a guarantee package is possible up to six months after the purchase of a device; the guarantee certificate has to be bound to the respective device for which it was registered. Should you use several Viprinet devices and want guarantee, you need to purchase a corresponding guarantee package for every single device.
What kind of support does Viprinet offer?
We offer users email as well telephonic support. You can contact us in this matter by calling +49 6721 490 30-0 or by emailing to email@example.com.
For certified sales partners, we provide special arrangements on request.
Depending on which conditions do I get telephonic support?
Generally, the Viprinet sales partner you bought your device from will provide you with telephonic consultation.
Should you wish for assistance from Viprinet exceeding first-level email support, e.g. for debugging or problem analysis, or in case you would like a Viprinet network assistant to log onto your system via remote connection, you will need to purchase a corresponding remote assistance quota.
Depending on which conditions do I get email support?
We offer free lifetime email support for all our products from the day of purchase. This means free first-level assistance concerning basic technical questions, e.g. when experiencing problems with the first-time configuration of Multichannel VPN Routers or Hubs, or the integration of a newly purchased module in an existing network.
When does Viprinet assistance entail charges?
Support will always be charged if individual installations are to be discussed or supervised, and if remote access to your installations becomes necessary.
How can I set up remote assistance?
The accounting unit for technical support will be 15 minutes and can be purchased as license key in quota packages of 4x15 minutes or 20x15 minutes.
You will have to register your remote assistance quota once via the license activation system of the Viprinet website. You will find more information on this topic at Remote Assistance Quota Activation.