I have several energy meters (with a web server embedded) distributed in many buildings, all these sensors are connected to the local network so that can be accesed through a browser to see the real time data.

I am trying to access to each of theses devices from my office, but none of these devices has a public IP.

I am evaluating these solutions:

1) Use a VPN router like Cisco rvs4000, create a VPN account (IPsec) into the router and allow traffic to those port from my office.

2) Create a VPN with a persistent connection between each device (using a router I dont know which one) and a VPN server which will be located on my office. This will allow me to create a web site (branding) which will handle web request and send them to each device.

3) Create a VLAN: I am looking a cost effective solutions for this. Do you know a router or topology for this porpuse?

What do you think could be the best (technical and economical) solutions?


  • 59
  • 1
  • 5

2 Answers2


Three possibilities that I see:

  • VPN. Yes, you could rig some kind of VPN connection between each device and a concentrator. That would be expensive monetarily if you didn't use open source tools. That would be a bit of a pest to manage since each meter would then have an IP on the endpoint. Sure, you could manage it with subnetting and/or IP schemes and DNS records and all. It really depends on your needs for this project, but I'd tend to shy away from this solution unless there was a compelling reason to have the meters be presented as if they were local to your office.
  • Jump host. Install a host within the network that has the meters. Remotely connect to that host and from there access the meters. This simplifies things greatly. You can install a product like LogMeIn, TeamViewer, Bomgar or just set up a single VPN connection from that PC to your office (as opposed to each meter having a VPN connection). Now you only manage one VPN connection rather than potentially dozens or hundreds. Complexity is reduced. Peace reigns in the land.
  • Go berzerk and make your meters send information through a SOAP over HTTP(S) connection. If you made your meters to send that information back to one central server for data collection and perhaps even configuration management... well... that would just be darn cool. That would also be a lot of reworking your service. In essence, it's like an application layer VPN. I only include this option because I've been doing a lot of web work lately and felt like joining the cool kids with their restful soaps.

If these meters are internal to your business and you're not selling a product, just use a jump host. Cheap and easy. If you're selling a product, don't even think about a VPN. Use an HTTPS connection with a master server that you own. In the end, using individual VPN connections for this situation, as little as we know about it, seems like more of a pain that it's worth.

  • 32,320
  • 9
  • 80
  • 116

How many are several energy meters, and how many is many buildings? Do you have control over the internet routers in each building? Is this for demand monitoring (15 minute reads), automated meter reading (daily to monthly), or just to look at occasionally? Do you have any control or influence over the software in the energy meters?

First, if the meters are all internal to your business, talk to your IT department before you roll your own solution. That said:

If you don't have control over the building networks or the energy meter firmware, then your only real options are to use the jump host option posted by WesleyDavid, or try to put a VPN router between your energy meters and the building network. See Can I hook a firewall inside a network and VPN connect to another network?

If you have control over the internet routers, and if they support port forwarding and port redirection, consider just opening ports on each buildings' router to your meters. Verify that the meters are password protected, or that you can only look at data, not change programming etc. This solution can be difficult to manage if you have a lot of buildings.

If you can work with the energy meter firmware, then you may be able to set up VPN links into your office. Consider ssh instead of a full VPN.

Using VPNs will require you to either install a VPN client on each meter, or install a VPN endpoint in each building. More time and money to set up, but pretty transparent once you're done. If you want the VPN's up at the same time, then generally each network needs to be on a different subnet.

  • 151
  • 5