How to securely communicate with a device behind a router?

security networking router

Networking noob here.

I want to find a secure way to communicate with a device that is located behind a router (Teltonika RUT950). The router has a fixed public IP. The device that is connected to the router has no authentication feature. Anyone in the local network can communicate with it (over the Modbus TCP protocol).

I want to be able to communicate with the device securely from an external server (the server could have a dedicated IP if needed).

The simplest option that comes to my mind is to set a port forwarding on the router, restricting the source to the IP of the external server. However I'm aware this solution is vulnerable to IP spoofing attacks.

What other options do I have to secure the communication?

Edit Adding more details as the actual problem is more complex and the proposed solution covers the original simplified scenario:

In summary the external server needs to query multiple devices, each behind a separate router. The server needs to query each device once every few seconds. There is around 50 devices to query and the list will grow over time.

enter image description here


Solution 1:

The most secure way of doing what you want to achieve would be to use another device such as a Raspberry PI in your local network, set up a vpn e.g. with OpenVPN and then connect a VPN client from your remote computer to the running server on the PI.

With this solution, you now have a secure connection that needs an authentication, so you only will be able to "get into your secure LAN behind the Teltonika router" if you know the correct user/password combination registered in the VPN-Server on the PI. Doing it this way means that you do not need to get a static IP address for your remote computer and spoofing the connection is nearly impossible.

Edit concerning this specific model of a router: This model already includes a configurable OpenVPN server. With it you can save the work and money for the proposed solution with a Raspberry PI and directly connect to the router via a VPN. In the manual there is a brief explanation, but if you look around the web administration panel of the router you will most likely find the VPN option quite quickly. I do not know this specific model myself, but in most control panels the option for remote access using a VPN and the settings for port forwarding are in the same category.

Related

Make the degree symbol on the top of letter
Minimize all other windows from the current application?
How do you access custom Follow-Up flag values ("Flag to...") in Outlook 2016?
PCI BAR memory addresses
Files from Mac are not showing on USB flash drive in Windows
How to renumber usb audio playback devices windows 10
Copying 80 minute music CD to 700MB CD-R
Unknown connection type of HDD
MKMapView MKPointAnnotation tap event
Loading an Android Resource into a WebView
How to render HTML string in ASP.NET MVC?
Difference between response.send and response.write in node js