Network related for an ambulance but don't know where else to ask

Hi all, maybe one of you can point me in the right direction...

I have a laptop that needs to connect securely to a server in the headquarters of a fire department...

When the laptop is in the building I can juts connect to a secure wifi that is on the same network as the server...

As soon as the laptop leaves the building, however, I need it to automatically be able to connect to the server. The idea that comes to mind is to use a VPN. BUT how do I make sure that it automatically connects to the VPN after it leaves the building? I have 2 different methods of internet connectivity. Right now every vehicle that the laptop is in is outfitted with a cellular hotspot that generates a wifi connection. Unfortunately when the vehicles are int he building they lose cell service so the laptop that is connected to that mobile hotspot does not have internet and does not automatically switch to the building wifi....

NO idea what to do

 

An option would be to have the hotspot in each vehicle connect via vpn, using a router thats capable of doing this?

Alternatively have your vpn Work from inside the wifi aswell (some sort of NAT-loopback and DNS name lookup to anninternal vpn server address) and Always connect to the vpn on those laptops.

 

A VPN is the best way to do it, that's what we do for pilots. Have you increased the roaming aggressiveness on the wifi card to maximum?

Edit:

Suspect the laptop is not switching from the wifi hotspot because the connection between the laptop and the wifi router is still ok. It is not detecting that the internet connection from the hotspot is down and then switching to the other network.
One solution would be to have the crew turn the wifi hotspot off when inside the building.
Highly probable there is a solution out there that uses GPS to determine which access point to connect to but I've never had the need for one.

 

another possible method would be to add a second wifi card to the laptop, set this to connect to the external wifi and move it higher in the network adapters and bindings list.

 

@maze unfortunately while we could definietly install a router in the vehicle and make that on the VPN the issue still is that when the vehicle gets into the building the hotspot/router loses cellular connection.

@Tom You are correct that the laptop does not realize that the wifi hotspot in the vehicle has lost connection. What would the second wifi card do may I ask? How would that help?

 

So here's my theory. With the second network card set to only connect to the external wifi, the other wifi will be connected to the internal wifi which will always be connected.
By moving the second wifi connection higher in the (assume you're using windows) list, when it is connected the laptop will use that connection. When it is disconnected, the laptop will use the other connection that is always connected.
Does that make sense?
Probably a better way to do it via software...
On an Android phone you can get apps that use the internal GPS to determine which AP to connect to, see if there is something similar.

 

Just get the celular company to install a repeater so the cell router can work inside the building.

Or tell the laptop to prefer the building WiFi over the cell router. You don't say what OS is on the laptop, but in Windows just edit the wireless connection so the SSID of the building is at the top of the list. Then when the laptop sees that SSID it will connect to it over the cell router. When the laptop no longer sees that SSID it will then associate to the cell router SSID.

 

It is Windows... I was just reading that. Does that actually work? If I set network priority and the laptop is connected to the vehicle Hotspot and it backs into the building and sees the higher priority WiFi network it will disconnect and switch to the higher one?? If so then that may be a very good solution. I can then try to find a script to automatically connect to the VPN when the laptop connects to the mobile Hotspot. Very interesting... I wish this was easier haha and didn't require a VPN but I guess everything can't be that simple...

Also the cellular repeater thing got installed last week and it did not resolve the service issue.

 

worth a try

 

Look for location awareness.
If you're looking for a cheaper solution,and you could use IPSEC, you could use the paid version of shrewsoft vpn client, if you have the room for an investment and want to use ssl, look at pulse secure and their MAG series, with their pulse client

Verstuurd vanaf mijn ZP920+ met Tapatalk

 

As well as setting up the wifi order, you need to go into the properties of each saved wifi connection and set it them "connect to a more preferred network when available" which doesn't seem to be the default. This is what mine looks like.

 

So Im connected to wifi and I reordered my hotspot to be the highest priority on the list and checked the thing that said connect to a more preferred network when available on the building wifi... I turn on the hotspot and I see that the compute rsees it but it does not automatically switch. Anyone else experience this?

 

Go into the wifi network adapter properties and make sure 'Roaming aggressiveness' is set to 'Highest'. By default it is set to 'Medium-Low'.

 

that seems to have it working. Now the only question is how to get the VPN to be seamless. I do appreciate the help so far! This is working out well

 

A couple of ways to do it, depending on whether it is a network connection or stand alone software.
If it is a network connection type VPN then you can use task scheduler to check a particular network connection status and run a script or action accordingly e.g. reconnect script. Google it.
Software VPNs are a bit more difficult as it relies on the available settings in the app. Would require scripting etc.

 

How to launch a command on network connection/disconnection?

 

We are using a sonicwall vpn appliance at this time. I'm not against using something else as long as it doesnt break the bank. So far it seems that junos makes the best solution but thats a pretty penny.

 

Hi. This may not fix your network connectivity problem (how to make the laptop connect to the internal wifi when in the building even though it doesn't know it lost cell signal via the hotspot), but have a look at ZeroTier. This is software defined networking which will take care of your VPN problem. Install client on server and laptop and regardless of where the laptop is connected, it is ALWAYS connected to the VPN. This is the beauty of using a SDN and you may have a great use-case for this. www.zerotier.com.

 

BTW I set this up on my wife's laptop because I needed a way to ensure she was using secure connection and it needed to be completely transparent to her so with ZeroTier, no matter which wifi she connects to, she automatically VPNs back home and I can manage ad filtering and web filtering as if she was connected locally. I also use this on my laptop so I can always remote desktop to any of my servers as if I was on the local network.

 

Looking into ZeroTier after seeing this. Currently using a slow VpN on my unifi usg. Thanks.