Implementing VPN Technology Over Wi-Fi & WAN

Tosibox VPN - Starlink Integration Whitepaper

 

TOSIBOX VPN OVER STARLINK CONSIDERATIONS

 

Many customers who have Starlink do not realise its limitations when trying to implement VPN technology. Starlink uses CGNAT (carrier grade network translation), - CGNAT does not support port forwarding to an internal service – such as a VPN, web servers etc… nor does it allocate a routable static IP address. Outbound sessions operate just like any other internet service, allowing traffic to flow back and forth over an established session state. Tosibox architecture overcomes CGNAT limitations. The Tosibox server (lock) is situated on the LAN side of the Starlink connection (the inside of the network), an outbound connection is established to a Tosibox connection broker; when a Tosibox client device (software key, hardware key) wants to connect to the server (lock), a connection is made from the Tosibox client to the connection broker, the broker then bridges the two connections, and a secure VPN tunnel is established. The Tosibox platform is simple to implement with Starlink, however the devil is in the detail... There are two connection methods, Wi-Fi & WAN, we have a whitepaper available for download with step-by-step instructions on how to implement both, also explained below.

 

DOWNLOAD THE WHITEPAPER

WI-FI CLIENT METHOD

This connection is the easiest to implement and requires no alteration to the standard Starlink package.

Additionally, this method is wireless and eliminates the need for cable runs. Keep in mind that distance and obstructions can lower Wi-Fi throughput, so be aware of where the Tosibox is. Any Tosibox lock that supports Wi-Fi client mode can connect to the Starlink Wi-Fi Router.

Simply place the Tosibox into Client Mode, set the SSID and password fields to that of the Starlink router, set WPA2 for the authentication method.

DO NOT use 192.168.1.0/24 for the Tosibox LAN address, this will conflict with the Starlink router.

With this method you will have two networks; 192.168.1.0/24 – the Starlink Wi-Fi network, and the Tosibox LAN network – being anything other than 192.168.1.0/24

Wi-Fi Client method, Starlink Router Topology.

TOSIBOX Wi Fi Client method StarLink router topology

Ethernet WAN method with Starlink Bypass Mode

WAN Port

This method is written for Gen2 Starlink routers and requires additional hardware:

  • Router/firewall - to act is your main internet gateway
  • Wireless Access Point – if Wi-Fi is required
  • Network switch – if necessary
  • Or, an all-in-one router, Wi-Fi, switch

WAN Method

  1. Shut down Starlink and install the Ethernet dongle.
  2. Power on, login, and place the Starlink into Bypass mode.
  3. Starlink router will reboot.
  4. Plug the Ethernet dongle into your routers WAN port.
  5. A dynamic WAN IP address will be allocated to your router.
  6. Configure LAN IP address and DHCP range
  7. Starlink Ethernet Dongle – mandatory. WAN method
  8. Shut down Starlink and install the Ethernet dongle.
  9. Power on, login, and place the Starlink into Bypass mode
  10. Starlink router will reboot.
  11. Plug the Ethernet dongle into your routers WAN port.
  12. A dynamic WAN IP address will be allocated to your router.
  13. Configure LAN IP address and DHCP range

You can download the whitepaper by clicking the button below.

Wi-Fi Client method, Starlink Router Topology

TOSIBOX WAN method StarLink Router topology
Tosibox VPN Over Starlink White Paper Cover

Download the Tosibox VPN over Starlink White Paper

Many Starlink users face issues with VPNs due to CGNAT, which lacks port forwarding and static IPs. ECS solves this by establishing a secure Tosibox VPN tunnel through its connection broker, allowing seamless integration with Starlink. The setup is simple, though details matter for smooth operation. You can download the ECS whitepaper to learn how.

Related Tosibox Devices

Image of TOSIBOX® Lock 600 Series
TOSIBOX® Lock 600 Series

Devices for all connectivity scenarios that meet the most demanding operating conditions, and can be used in power-hungry industrial applications where speed and robustness are at the heart of the solution.

Image of TOSIBOX® 500 Series
TOSIBOX® 500 Series

A high-end connectivity device bringing unprecedented possibilities for customers to manage their operations and to build new IoT solutions, compatible with all existing TOSIBOX® products.

Image of TOSIBOX® Key
TOSIBOX® Key

Intelligent cryptoprocessing device that enables a secure connection between your computer and one or more TOSIBOX® Nodes Encrypted VPN tunnel.

Tagged in 

Contact ECS


Contact us for sales, support, service and genreal enquiries. Our experienced customer service team are here to help.

At ECS we strive to offer the best customer service in the industry. When you phone us you will go straight through to our sales team who are made up of trained electricians and automation engineers. We are not just order takers, we are able to guide you through our products so you can select the right product to suit your requirements.


Fill out our online form.