There are many ways how to test and verify the 1NCE VPN Service. The methods of test also depend on the kind of IoT device used with the 1NCE SIM. For prototyping setups a Raspberry PI with a cellular modem can be used. Testing ICMP PING requests is the easiest way to test the server-device connection. More encompassing testing can be done by establishing a TCP, UDP or SSH connection from the OpenVPN client endpoint towards a device.
Please note that for all connectivity tests terminating in a device with a 1NCE SIM, the device needs to be connected to the mobile cellular network and show the online status with a open, active PDP data session. This can be verified in through the CMP.
For the examples listed in this guide, the setup in the Figure below is used as reference setup.
Using simple ICMP PING is a fast way of testing a connection between a device and the VPN client server-side. On a server, this test can be done from most Command Line Interfaces. Tracing the traffic on the local VPN interface with the Wireshark tool can help to visualize the request and response traffic.
For testing the mobile originated connection, a mobile device with a 1NCE SIM can initiate a ICMP PING request towards the VPN client endpoint (10.65.x.1). A tool like Wireshark can be used to make the traffic on the VPN TUN interface visible. Please note that some server-side firewall configuration (e.g., Windows Firewall) might block incoming ICMP requests. Please disable or configure the firewall for testing. The blocked requests should still be visible in Wireshark on the TUN interface.
Testing the mobile terminated traffic direction, ICMP PING requests need to be send from the VPN client over the TUN interface towards a active mobile device with a open PDP data session. Please note that the target IoT device needs to have the capability to respond to PING requests and the VPN client system needs to be able to receive the responses. Sending an ICMP PING request from the connected OpenVPN (10.65.x.1) client towards a connected 1NCE SIM device (e.g., 10.x.x.2) should trigger a response from the device. Ensure that the server-side routing and firewall are setup correctly to accept ICMP requests and direct the traffic to the VPN TUN interface.
Dependent on the IoT device application or prototype setup, a connection/request originating from the application server (VPN client) can be established for testing. A simple setup with a Raspberry PI, a mobile modem with the 1NCE SIM and a locally running TCP server can serve as IoT device in this test case. From the VPN client (10.65.x.1) a TCP connection towards the Raspberry PI (e.g., 10.x.x.1) can be opened using a regular web browser of a tool like Postman.
Updated 3 months ago