GurdeepakSidhu
Hi,
let me take it over here from @MartinVyskocil ,
For implementing the VPN client as part of the .oakapp, would you recommend this be integrated into the same .oakapp that includes our DepthAI inference, uploader logic, and Flask-based trigger? Or should the VPN client ideally be isolated in a separate .oakapp?
To answer this, its really up to you. Each approach has benefits.
You can deploy VPN as a separate app, where it will work similarly to running openvpn docker image. Main upside is that the VPN connection won't be affected by the main app (eg when main app crashes). Additionally, your updates will be smaller as the main app won't contain all the OpenVPN stuff and you could rollout an update to the OpenVPN client without downtime on the main app. Main downside is that you will need to manage two apps per device.
If it’s valid to include OpenVPN within the same .oakapp, my understanding is that I’ll need to ensure the app setup includes the installation of OpenVPN and adding the relevant client config files as part of the build process. Could you confirm if this approach is correct?
While you can include configuration files in your build process, it’s strongly discouraged—same goes for embedding credentials or API keys.
We’re working on an official configuration-distribution feature in Luxonis Hub, but don’t have a firm release date yet. It’s expected to roll out sometime between Q3 and Q4.
In the meantime, a workaround would be to load the config file onto the device at a predefined location, then have this location as a mountpoint in your oakapp.toml
Then if you would need to modify this file you would SSH into the device ( or utilize the Web Terminal ).
It’s great to know that the Luxonis Hub offers a Web Terminal for secure remote access. Are there any official documents outlining the required network settings or firewall exceptions needed for this to work reliably, particularly in a client facility where outbound access may be restricted? This would help us prepare in advance for deployment scenarios.
We are working to reflect this in our documentation. For the Web Terminal specifically, you need to allow the main IP address for Luxonis Hub ( 34.96.75.74 on port 443), which is required for the device to at all connect to Luxonis Hub, as well as turn.cloudflare.com on ports 3478 and 5349 (TCP). The turn.cloudflare.com IP address is not fixed and can change at any point in time. If you would be interested in static IP option, then that is available as part of our Enterprise plan.
From your message, it sounds like application updates via the Luxonis Hub are not fully supported yet. Just to confirm — does that mean for now we’d need a host computer connected locally to the camera to push any application updates? And in the future, we’ll be able to do this remotely via the Hub?
You do not need a host computer/be locally connected to the camera. What is meant by "updates" is a feature where you would update existing installation of an app to a newer version ( eg 1.0.0 -> 1.0.1 ), such that all its data is preserved. This capability is not available at all (even locally).
What you can do, both locally and remotely is uninstall the old version (eg 1.0.0) and install the new version (eg 1.0.1). Main downside being downtime and loss of any application data your application may store at runtime.
The update feature is a very high priority.
It's reassuring to know that we can migrate our current setup into a .oakapp. Is there any existing example, guide, or reference project you could point me to that reflects a similar architecture — i.e., an app that combines inference, upload logic, and a small API or event trigger? That would be very helpful as we begin adapting our current Docker-based solution
We have customers that implemented such apps, however we do not have such example available. I will bring this up internally and get back to you on this.
