HY-LINE truecon Router Manual HY-LINE Systems GmbH Seite 1

Share Embed


Short Description

Download HY-LINE truecon Router Manual HY-LINE Systems GmbH Seite 1...

Description

HY-LINE truecon Router Manual

HY-LINE Systems GmbH

Inselkammerstr. 10

82008 Unterhaching

systems(at)hy-line.de

www.hy-line.de/systems

Seite 1

HY-LINE truecon Router Manual th

Copyright 2012 Manual release R1.8.8 English – 29. July 2013 (Update: 7 April 2014) All rights reserved for this documentation. Along with that all photographs and electronic media are the sole property of HYLINE Systems. Technical Modifications The company HY-LINE Systems reserves the right to make changes to the illustrations and information in this documentation without previous announcement. This documentation was created with utmost care and is regularly revised. In spite of all control measures taken it can not be ruled out that technical inaccuracies and typographical errors might have occurred. All errors known to us are eliminated in the next edition. We are always grateful for information regarding errors in this documentation. Support Our technical support pages are on our website www.hy-line.de. New manuals and data sheets are also available there. FAQ pages are also available on our website. If you have further questions please direct them at [email protected] Care and Maintenance Only clean the case with a dry towel, do not use water or any other cleaning agents. Never use a spray can or bottle on the device.

Safety Never open the router while it’s connected to a power outlet. Take the power socket out before opening the case. Danger possibility of electric shock. Recycling WEEE IBM PC, AT, XT is trademark from International Business Machine Corporation. Windows™ is trademark from Microsoft Corporation. Java is trademark from Oracle Corporation. Linux is trademark from Linus Torvalds. Errors and omissions excepted.

Service addresses, deliveries and replacements:

HY-LINE Systems GmbH Inselkammerstr. 10 82008 Unterhaching Germany Phone +49 (0)89/ 61450381 Fax +49 (0)89/ 61450385 E-Mail [email protected] Internet: www.hy-line.de/systems M2M-Router: www.hy-line.de/router

HY-LINE Systems GmbH

Inselkammerstr. 10

82008 Unterhaching

systems(at)hy-line.de

www.hy-line.de/systems

Seite 2

HY-LINE truecon Router Manual

Directory Seitenzahlen koorigieren! Product description

4

SShd

Safety & Regulations

5

Syslogd

40

Router Variations

7

FTP Server

40

Operating elements

8

UDP-Broadcast

41

Quick start

9

Webserver

42

Software reset (factory defaults )

10

VPN

43

Configuration - Home

11

Base Settings

39

VPN-PPTP Server

45

VPN-PPTP Client

46

Identification

14

VPN-OpenVPN Server

50

Network

16

VPN-OpenVPN Client

53

Date & Time

18

VPN-IPsec

55

Connection Settings

Advanced

Phone Settings

19

Command line interface

61

Internet Settings

20

System settings / Update

64

Dial-In / Call back

22

Logging

65

E-Mail

24

Network tracer

66

I/O-Settings Input / Output

26

User Management

68

Firewall

28

NAT

29

Technical specifications with integr. Switch

69 70

Services – Status

32

Dimensions

71

DHCP/DNS Server

33

Analog modem country code

72

DynDNS

34

InetWD

35

NTPd

36

Ser2TCP

37

SNMP

38

HY-LINE Systems GmbH

Inselkammerstr. 10

82008 Unterhaching

systems(at)hy-line.de

www.hy-line.de/systems

Seite 3

HY-LINE truecon Router Handbuch

Product description M2M Industrial Router with modem, VPN and Firewall The M2M-Industrial router is a simple, secure and global communications solution that will connect you to your systems and machines where ever you are! Connections to your systems and machines are made through the integrated firewall, VPN and automated call center. The compact design, with standard European Top Hat Rail connection for easy mounting, as well as the possibility to establish all connections (Analog, ISDN, GSM/GPRS/UMTS, LTE, DSL) in one device, are what make this the leading industrial router on the market. The router has an RS232 port as well as the standard Ethernet connection. On the protocol side the router is capable of SNMP, DynDNS, NTP and DHCP. Configurable alarms can be sent via E-Mail. The digital inputs and outputs offer additional control and alarm possibilities. Every router has an internal HTML web server with complete configuration software. Access, configuration and maintenance are easy and secure with a standard web browser. Installation rd of 3 party software is not necessary or recommended. Order-numbers: see current pricelist

HY-Lstems GmbH Inselkammerstr. 10 82008 Unterhaching systems(at)hy-line.de www.hy-line.de/systems HY-LINE Systems GmbH Inselkammerstr. 10 82008 Unterhaching [email protected] www.hy-line.de/systems

Seite 4 Seite 4

HY-LINE truecon Router Handbuch

Qualification of personnel This manual is only for trained personnel familiar with the applicable norms and standards. The specialist must have read and understood this documentation and follow the instructions.

Safety regulations The responsible staff must ensure that the application or use of the product described fulfill all safety requirements, including any applicable laws, regulations, guidelines and rules.

Delivered The product is delivered according to the application and internal modem in particular hardware and firmware configurations. Changes to hardware or software configurations which are not described in this manual are not allowed and nullify the liability of the HY-LINE Systems GmbH The product is made according to current state of the art technical and reliable in operation and left the factory in safety condition state. To maintain this condition over the period of operation, the information in the manual and applicable product change notification should take care of. Obligation of diligence The operator must ensure that • The product is used as intended. • the product is operated working condition. • Only suitably qualified and authorized personnel operate the product. • the personnel is instructed regularly about relevant occupational safety and environmental protection, as well as the manual and especially the safety notes contained herein. The operator must strictly observe the applicable national regulations concerning operation, functional testing, repair and maintenance of electronic equipment note.

Intended Use The product is only allowed to use within the specified information from this document and documents referred to. The product must not be used for the following purposes and under these conditions or operated: control of machines and equipment that are not of the Directive 2006/42/EC and Directive 2004/108/EC (EMC - Directive). It is recommended to use the following power supply with the HY-LINE router because all EMC tests were performed with this power supply: 12W AC adapter Minwa MC120D050 with ferrite Würth 74270077 Read carefully this documentation before installation and commissioning. Incorrect handling of the product may result in personal injury or property damage.

Technical Limits The product is for use only within the specified limits which are in the data sheets determined. Following limiting values are set: • The ambient temperature must not be exceeded or below. • The specified supply voltage must not be exceeded or below. • Humidity must not be exceeded, and condensation should be avoided. • The maximum switching voltage, and maximum switching current must not be exceeded. • The maximum input voltage, and the maximum input current must not be exceeded.

HY-Lstems GmbH Inselkammerstr. 10 82008 Unterhaching systems(at)hy-line.de www.hy-line.de/systems HY-LINE Systems GmbH Inselkammerstr. 10 82008 Unterhaching [email protected] www.hy-line.de/systems

Seite 5 Seite 5

HY-LINE truecon Router Handbuch

Warranty provision The product is maintenance free. Opening the case will void the warranty. Repairs should be performed only by authorized personnel. An improper use, disregarding of this documentation, the use of insufficiently qualified personnel as well as unauthorized changes exclude the liability of the manufacturer for any resulting damage.

Notes for transport and storage Please avoid environmental conditions for storage like: mechanical stress, temperature, moisture, corrosive atmospheres. The product is packaged so that it is protected against shocks during transport and storage. Please check the product for possible damage that might be caused by improper transport or improper handling before installation.

Electrical installation safety Installation must be in accordance with appropriate tools and documentation. The assembly of the product may only occur with switched off power supply. When wiring the cabinet must be secured against being switched on again. National accident prevention regulations must be observed. The electrical installation is in accordance with national regulations done (wire colors, cross sections, fuses, PE connection, etc.) Electrical work must made by authorized personnel. Observe the electrical connection information in the documentation, otherwise the electrical protection can be affected.

Disposal The product in its delivery consists of different materials: The individual components must be disposed of properly. All components of the delivery can be returned to HY-LINE system for proper disposal. Transport costs will be paid by the sender.

Delivery The scope of supply for the HY-LINE router includes the accessories listed below. Please check that all accessories are included in the box. If anything is missing or damaged, please contact your distributor. 1 HY-LINE router (basic types) 1 Quick Installation Guide 1 GSM antenna with magnetic base (optional for different Router package versions) Further documents for the HY-LINE routers are available at: www.hy-line.de/router

HY-Lstems GmbH Inselkammerstr. 10 82008 Unterhaching systems(at)hy-line.de www.hy-line.de/systems HY-LINE Systems GmbH Inselkammerstr. 10 82008 Unterhaching [email protected] www.hy-line.de/systems

Seite 6 Seite 6

HY-LINE truecon Router Handbuch

HY-LINE Router product variations

• •

Analog: HAP-RA with integr. Switch (4x LAN): HAP-RAS

• •

DSL : HAP-RDS with integr. Switch (4x LAN):

• •

ISDN: HAP-Ri with integr. Switch (4x LAN): HAP-RiS

• •

HAP-R – without integr. Modem with integr. Switch (4x LAN): HAP-RS

• •

UMTS : HAP-RU with integr. Switch (4x LAN): HAP-RUS

• •

LTE : HAP-RL with integr. Switch (4x LAN): HAP-RLS

HY-Lstems GmbH Inselkammerstr. 10 82008 Unterhaching systems(at)hy-line.de www.hy-line.de/systems HY-LINE Systems GmbH Inselkammerstr. 10 82008 Unterhaching [email protected] www.hy-line.de/systems

Seite 7 Seite 7

HY-LINE truecon Router Handbuch

Operating elements HAP-R HAP-RI HAP-RA HAP-RG HAP-RU HAP-RL

HAP-RS HAP-RIS HAP-RAS HAP-RGS HAP-RUS HAP-RLS

HAP-RDS integr. 4--port Switch

integr. 4--port Switch

SIM-Card Slot

Power (10-30VDC) Digital I/Os (Screw terminal, removable)

Serial RS232 – SUB-D 9 PIN

Antenna 2 - SMA: GSM/UMTS (optional)

ISDN/DSL RJ45 Analog RJ11

Antenna 1 - FME: GSM/UMTS

Network RJ45

Mounting: Din Rail Mount

-> For better shielding (EMC reason) please connect antenna connector (1 and 2) with connector PE.

Connector layout: Router Version

Connector – ISDN/DSL

Connector – Analog

UMTS/GPRS - HAP-RU/RUS

Not used

Not used

DSL - HAP-RDS

used (Pin 4/5 – DSL A/B)

Not used

Analog - HAP-RA/RAS

used (Pin 3/4 – TX/RX)

ISDN - HAP-RI/RIS

Not used used (Pin 3/4/5/6 – TX+/TX-/RX+/RX-)

Without internal modem - HAP-R/RS

Not used

Not used

Not used

HY-Lstems GmbH Inselkammerstr. 10 82008 Unterhaching systems(at)hy-line.de www.hy-line.de/systems HY-LINE Systems GmbH Inselkammerstr. 10 82008 Unterhaching [email protected] www.hy-line.de/systems

Seite 8 Seite 8

HY-LINE truecon Router Handbuch

Quick start Access to the router through a web browser: http://192.168.101.222/ or https://192.168.101.222/ Administration access: login: manager password: changemetoo (Password can be changed through this account) Visitors access: login: user password: changeme

(Password can only be changed through the administrators account)

Access to the router through SSH-Secure Shell (TCP/IP): login: root password: changemetoo

Settings SSH (TCP/IP): Host-Name or IP-Address: Router-IP

Port: 22

Note: After first time power-up the router initializes his SSH-Keys. This process takes about 15 minutes after that the router will be reachable through SSH.

Access to router over serial: login: root password: changemetoo no flow control

Settings for serial connection: 38.400 bps // 8 bits // no parity // 1 Stop bits //

IP-Address changes over SSH or serial console zero modem cable): Login over SSH or serial as described above, Execute the following commands: a. ip address xxx.xxx.xxx.xxx netmask xxx.xxx.xxx.xxx device eth0 b. commit ch c. write disk

Installation of the SIM card with a GSM/GPRS/UMTS/LTE-Router: Insert the SIM-Card inside the SIM-card holder with the Chip side (gold) pointing to the printed side of the router case. The SIM card must snap in the SIM card holder.

Internet watchdog service: Don’t enable this service until router is ready to access internet connections

Download Router Handbook & Firmware: www.hy-line.de/router

Firmware update: Please contact our support team: [email protected] Attention: Do not install system.conf files from older firmware version to newer firmware versions or vice versa.

HY-Lstems GmbH Inselkammerstr. 10 82008 Unterhaching systems(at)hy-line.de www.hy-line.de/systems HY-LINE Systems GmbH Inselkammerstr. 10 82008 Unterhaching [email protected] www.hy-line.de/systems

Seite 9 Seite 9

HY-LINE truecon Router Handbuch

Software reset Factory default for all settings 1. Disconnect power from the router 2. Set Jumper 3 (see picture) to on position 3. Power up router, wait for flashing LEDs (approx. 2 Min.) 4. Disconnect power from the router 5. Set Jumper 3 (see picture) to off position 6. Power up router, factory default set Important: Power down Router before changing the jumper positions!

HY-LINE Systems GmbH

Inselkammerstr. 10

82008 Unterhaching

systems(at)hy-line.de

www.hy-line.de/systems

Seite 10

HY-LINE truecon Router Handbuch

Configuration - Home:

The start page holds a general oversight of the router; Firmware version, System updates, serial number, modem type, band type, gsm signal strength, router uptime, PPP-Data Counter (max. 2GB) as well as the status of the digital inputs and outputs

Configuration - Home: HY-LINE Systems GmbH

Inselkammerstr. 10

82008 Unterhaching

systems(at)hy-line.de

www.hy-line.de/systems

Seite 11

HY-LINE truecon Router Handbuch

 Internal modem 1: analog,   Signal strength: Error

Bad Low Good Very good   Active

band:

isdn, gsm, umts, dsl, lte, none (without modem) no signal, check antenna and/or SIM-Card and SIM-PIN -113 ... -112 dBm -111 ... – 90 dBm - 89 ... – 56 dBm > -55 dBm

lte Umts / WCDMA2100 gsm1800 (gprs-1800 MHz Band) gsm900 (gprs-900 MHz Band) no service (no signal, check antenna and/or SIM-Card and SIM-PIN)

     Connectivity

status: While the router is online it will show the assigned IP address form the service provider (WAN interface). In Online mode you will see the status of the internet connection:

        WAN 

Traffic Counter: Traffic counter Internet und PPP-Traffic, max. 2.147.483.648 Bytes

Reset-Taste: Reset traffic counter

                  HY-LINE Systems GmbH

Inselkammerstr. 10

82008 Unterhaching

systems(at)hy-line.de

www.hy-line.de/systems

Seite 12

HY-LINE truecon Router Handbuch

Konfiguration - Home:    DNS 

Servers: active DNS server

Default Gateway: active gateway (further information on page 16 – LAN settings)



Internet Connectivity: Pressing the button send a ping to a host or ip-address configured in ../Services/InetWD. On demand router will be triggered to establish an internet connection

 Refresh-button:    Home-button:



resend ping back to home menu

Reboot-button: Router (software) reboot



HY-LINE Systems GmbH

Inselkammerstr. 10

82008 Unterhaching

systems(at)hy-line.de

www.hy-line.de/systems

Seite 13

HY-LINE truecon Router Handbuch

Base Settings - Identification:



Router name:

Name of router, max. 35 letters characters, name is attached to send E-Mails



Location:

Location of the router (for informational purposes only)



Manager:

E-Mail Address of the system manager (Recipient of the dynamic IP address, once the router is connected to the internet)

HY-LINE Systems GmbH

Inselkammerstr. 10

82008 Unterhaching

systems(at)hy-line.de

www.hy-line.de/systems

Seite 14

HY-LINE truecon Router Handbuch

Base Settings - Network:

    HY-LINE Systems GmbH

Inselkammerstr. 10

82008 Unterhaching

systems(at)hy-line.de

www.hy-line.de/systems

Seite 15

HY-LINE truecon Router Handbuch

Base Settings - Network: Configure LAN network parameter. Interfaces are: eth0, eth0:1 und eth0:2. The :x are virtual interfaces mapped to eth0. With this settings it is possible to have more then one subnet on the physical interface of the router. Subnets on the ethernet interface of the router are not isolated against each other.   LAN 

0 – LAN 2:

Local IP-Adresse / Network mask: Parameter for each individual interface (Multirouting)    Systemwide

Network Settings:

DNS Server:

Network DNS Server Address (Default is public DNS Server from Arcor)

Gateway:

Network Gateway Address

Activate network changes:

Configuration

check to enable settings after pressing SAVE button immediately

Multi-LAN:

- DHCP works only with interface LAN2 (eth0:2) - DHCP Client receives IP address, subnet mask, DNS server and default gateway.



External gateway for data communications (Router: no internal modem or not active)

- Service: Deactivate Internet-Dial-Up in Service menu ../Services/ - Apply following settings if HY-LINE Router is using an external gateway on WAN side

DHCP-Server inactive in external gateway subnet (WAN): LAN 0: Network/subnet Gateway side (WAN) LAN 2: Network/subnet HY-LINE Router Gateway (systemwide): Network/Subnet Gateway side (WAN) DHCP-Server active in ext. gateway subnet: LAN 0: Network/subnet HY-LINE Router LAN 2: Network/subnet Gateway side (WAN - DHCP active) Gateway (systemwide): Network/subnet Gateway side (WAN)        HY-LINE Systems GmbH

Inselkammerstr. 10

82008 Unterhaching

systems(at)hy-line.de

www.hy-line.de/systems

Seite 16

HY-LINE truecon Router Handbuch

Base Settings - Network: 

continue: external gateway for data communications

Allow: In- and outgoing data traffic over external WAN gateway Service Menü Firewall:



Masquerade srcnet:

Aktivieren: erlaubt ausgehende TCP-Pakete über ein Standard Gateway (keine Modemgateway)



Source net:

Netzmaske/IP-Bereich des zu ausgehenden Traffics Format: 192.168.102.0/24 (Beispiel)

Darstellung Ipv4 Netzadressen und Netzmasken (Quelle: Wikipedia: http://de.wikipedia.org/wiki/Netzmaske) Bits Eine Netzmaske ist genau so lang wie eine IPv4-Adresse, also 32 Bit. Alle Bits des Netzwerkteils sind auf 1 gesetzt, alle Bits des Geräteteils haben den Wert 0. Der Netzwerkteil einer IPv4-Adresse ergibt sich aus ihrer bitweisen logischen AND-Verknüpfung mit der Netzmaske. Nach der bitweisen Negation der Netzmaske wird der Geräteteil ebenso abgetrennt. Beispiel

HY-LINE Systems GmbH

Inselkammerstr. 10

82008 Unterhaching

systems(at)hy-line.de

www.hy-line.de/systems

Seite 17

HY-LINE truecon Router Handbuch

Fortsetz. Darstellung Ipv4 Netzadressen und Netzmasken (Quelle: Wikipedia: http://de.wikipedia.org/wiki/Netzmaske)

Bei einer solchen Netzmaske mit 24 gesetzten Bits verbleiben 8 Bits und damit 28=256 Adressen für Geräteteile. Man spricht von einem 24-Bit-Netz. Weil die kleinste Adresse (alle Bits im Geräteteil sind null) das Netz selbst beschreibt und die größte Adresse (alle Bits im Geräteteil sind eins) für den Broadcast reserviert ist, zählen sie nicht zu den Adressen, die an Geräte verteilt werden. Es stehen also 254 Adressen für Geräte zur Verfügung. Die Notation von Netzmasken wie IPv4-Adressen erfolgt in der Regel im Dezimalsystem. Dann lautet die IP-Adresse des obigen Beispiels 192.168.1.129 und die Netzmaske 255.255.255.0 oder kurz /24. Somit ist der Netzwerkteil 192.168.1 und der Geräteteil 129. Das IP-Netz kann man auch als 192.168.1.0/24 beschreiben. Während die CIDR-Notation /24 die Anzahl der in der Netzmaske gesetzten Bits angibt, wird die Netzmaske bei der dotted decimal notation in vier Oktette zerlegt, die durch Dezimalzahlen dargestellt werden. Die Dezimalzahl 255 hat den gleichen Wert wie die Dualzahl 11111111, die 8 gesetzten Bits entspricht. So ergeben sich im Beispiel 8+8+8+0=24 gesetzte Bits. Eine Übersicht über alle IPv4 Netzmasken größer als /8 in verschiedenen Notationen befindet sich im Artikel CIDR. Beispiel 1: Untersucht werden soll die IP-Adresse 192.168.1.188/27, in anderer Schreibweise 192.168.1.188/255.255.255.224. Die Netzwerkmaske ist eine 27-Bit-Maske. Zuerst soll die Frage geklärt werden, wie viele IP-Adressen zu einem 27-Bit-Netz gehören. Antwort: Eine IPv4-Adresse besteht aus 32 Bits. 32 minus 27 ist 5. Die 27-Bit-Maske lässt also 2 hoch 5 Adressen zur freien Verfügung, d. h. 32. Zu einem 27-Bit-Netz gehören somit 32 Adressen. Nun soll die Frage geklärt werden, wie das Netz heißt, zu dem die Adresse gehört. Antwort: Die kleinste Adresse aus dem vorbestimmten Umfang gibt dem Netz seinen Namen. Man findet sie, indem man von 188 ausgehend die nächste kleinere Zahl sucht, die durch 32 teilbar ist. Es ergibt sich 160. Das Netz heißt also 192.168.1.160/27. Zu ihm gehören die 32 Adressen von 192.168.1.160 bis einschließlich 192.168.1.191. Die Adresse 192.168.1.160 bezeichnet das Netz selbst, 192.168.1.191 ist die Broadcast-Adresse. Für Geräte nutzbar bleiben die 30 IP-Adressen von 192.168.1.161 bis einschließlich 192.168.1.190. Beispiel 2: 172.16.0.0/16 und 172.16.0.0/24 unterscheiden sich dadurch, dass das erste Netz die IPAdressen 172.16.0.1 bis 172.16.255.254 umfasst, während das zweite nur den Bereich 172.16.0.1 bis 172.16.0.254 beinhaltet.

HY-LINE Systems GmbH

Inselkammerstr. 10

82008 Unterhaching

systems(at)hy-line.de

www.hy-line.de/systems

Seite 18

HY-LINE truecon Router Handbuch

Base Settings - Date & Time:



Date, Time:

Date and time of the router



Timezone:

Timezone in which the router is (Please be aware that the summer and winter time will be automatically switched only in Germany. Settings: Berlin)



Time-Server:

Time server, standard: ptbtime1.ptb.de: ptbtime1.ptb.de



Manual apply:

for manual adjustment of the time and date



Network sync.: Time and date will be synchronized after pressing SAVE over the internet (The router will dial in to the internet)

Connectivity Settings – Modem Settings: HY-LINE Systems GmbH

Inselkammerstr. 10

82008 Unterhaching

systems(at)hy-line.de

www.hy-line.de/systems

Seite 19

HY-LINE truecon Router Handbuch



MSN/Mobile number: Telephone number of the router: only important when it is an ISDN connection: the MSN must be included here. Die MSN (Multiple subscriber Number) is either the dialling number without area code or only the extension number. This is dependent on the setup of the telephone system.

  GSM

band:

Set GSM Band manually. Option: 0=auto; 5=gprs; 8=umts; 9=lte



SIM-PIN:

Enable PIN is only for use with a SIM card in order to log in to the network -> do not enable for use with analog or ISDN connections!



PIN:

PIN number of the GSM/GPRS SIM card



PIN verify:

Re-enter the SIMS PIN number

Connectivity Settings – Internet Settings: HY-LINE Systems GmbH

Inselkammerstr. 10

82008 Unterhaching

systems(at)hy-line.de

www.hy-line.de/systems

Seite 20

HY-LINE truecon Router Handbuch

Connectivity Settings – Internet Settings: HY-LINE Systems GmbH

Inselkammerstr. 10

82008 Unterhaching

systems(at)hy-line.de

www.hy-line.de/systems

Seite 21

HY-LINE truecon Router Handbuch



Internet Service: Choose an ISP in order to enable Call-by-Call option      

  PPPoE

LTE-UMTS-GPRS: default TELEKOM Analog-ISDN 1: default Arcor Analog-ISDN 2: default Freenet Analog-ISDN 3: default T-Online Analog-ISDN 4: default Schweiz DSL

– external modem/gateway for data connections (Router: no internal modem or

inactive) - PPPoE activation: Connectivity Settings\Internet Settings\Internet Service: choose DSL - Connect external PPPoE modem to any Router ethernet port of HY-LINE router - PPPoE with external modem can’t be used with HY-LINE Router with internal DSL modem 

APN / Phone number:

APN for LTE/UMTS/GPRS Telephone number of the ISPs Call-by-Call center (2 seconds for every comma, i.e. 0,,0625112345)



Username:

Username for internet service



Password:

Password for internet service



Password verify:

Re-enter password for internet service



Timeout:

Time till router hangs up an connection to the Internet due to lack of traffic. No function if router is set to mode: always online



IP reporting mode:

After Internet login: DynDNS activated and/or dynamic IP address of the router sent per email



Network time sync (further settings in service men: ../services/ntpd): -



Once (RFC868): Time sync one time after online connection NTP (RF1305): permanent time sync after RFC1305

Network connection mode:

 Use  

peer DNS:

Internet dial-up: - On-Demand: connects only when needed, timeout active - Always online: permanent online connection (InetWD Service should be activated) DNS server is set from provider (recommended)

Connectivity Settings – Dial-In / Call Back: HY-LINE Systems GmbH

Inselkammerstr. 10

82008 Unterhaching

systems(at)hy-line.de

www.hy-line.de/systems

Seite 22

HY-LINE truecon Router Handbuch



PPP-Dial Dial-In:



Internet by call/ Ringing function: Calling the M2M router from any phone line (don’t wait until the router connect the line!) activates the router to log in to the internet.

ISDN/Analog/GSM-PPP-Dial-In: the router will pick up after the number of rings and will build the PPP connection. Please wait 30 seconds after cutting the connection in order to build another connection.

Continue: Connectivity Settings – Dial-In / Call Back: HY-LINE Systems GmbH

Inselkammerstr. 10

82008 Unterhaching

systems(at)hy-line.de

www.hy-line.de/systems

Seite 23

HY-LINE truecon Router Handbuch



Port Speed: with bad analog lines (usually overseas) the routers communication speed can be set down for more stable phone lines 

Dial-In Server/Client IP: IP addresses of the PPP tunnel should be within the same subnet as the gateway (M2M router IP address). Advantage: The router IP address doesn’t have to be inputted in to the devices gateway address.

Configuring Direct Connection to M2M Router over PPP: There is one PPP-User on the router is a permanent account with user name pppuser. This account is not displayed in the User Management. Additional PPP-Users can be added as system user. PPP-Dial-In: -User name: pppuser (can not be changed) -Password: M2MLogin -DFÜ-Client settings: Windows default settings Important: Please make sure that there are no user names registered with the name pppuser in User Management. If there are delete them.

Configuration of Call-by-Call access for ISDN / Analog telephone lines No login needed, costs are over the standard telephone bill. Call costs can be found at the website of your provider. ARCOR User: arcor-ibc Password: internet Tel-no.: 0192075 Arcor-DNS: 145.253.2.11

MSN (Microsoft Network) User: [email protected] Password: msn Tel-no: 0193670 MSN-DNS: 145.253.2.11

ARCOR User: arcor Password: internet Tel-no.: 00493412004937 Arcor-DNS: 145.253.2.11

FREENET User: gast Password: internet Tel-no: 019231770 Freenet-DNS: 62.104.191.241

Configuration of Call-by-Call access for ISDN / Analog telephone lines -WORLDWIDE-: No login needed, costs are over the standard telephone bill. Call costs can be found at the website of your provider. Configuration for access to GPRS/UMTS/LTE modem connections with APN: T-MOBILE T-D1 settings with standard APN: Number or APN: internet.t-d1.de User: t-d1 Password: t-d1

E-Mail: HY-LINE Systems GmbH

Inselkammerstr. 10

82008 Unterhaching

systems(at)hy-line.de

www.hy-line.de/systems

Seite 24

HY-LINE truecon Router Handbuch

E-Mail: HY-LINE Systems GmbH

Inselkammerstr. 10

82008 Unterhaching

systems(at)hy-line.de

www.hy-line.de/systems

Seite 25

HY-LINE truecon Router Handbuch



E-Mail address: E-Mail address of the system managers, it can also be set to administrator, in which case copies of all E-Mails would be sent there. 

SMTP-Server: Address of the SMTP server for the sending of E-Mails (supports DNS addresses as well as IP addresses). 

Rewrite sender domain: If enabled rewrites the sender domain for outgoing E-Mails.



Sender domain: Sender domain for outgoing E-Mails.



ESMTP authentication: Whether to use ESTMP Auth for outgoing E-Mails



E-Mail address 1-3: E-Mail recipients 1-3



I/O-Settings – Digital Input / Output: HY-LINE Systems GmbH

Inselkammerstr. 10

82008 Unterhaching

systems(at)hy-line.de

www.hy-line.de/systems

Seite 26

HY-LINE truecon Router Handbuch



Activate: If checked the I/O port is monitored for input data



Signal action: -

System reboot: Restart (Softreset)

-

Internet dial-in: Dial in to the internet

-

Alarm send E-Mail: Sends an E-Mail with message text to recipient 1-3

-

Alarm once (high) – send Mail: Sends an E-Mail with message text to recipient 1-3 and system manager after power up the router. The E-Mail is send only if Digital Input 1 is high immediately after power-up the router. In normal use Digital Input 1 can’t be triggered

-

Run user defined script 1/2: Run user defined scripts on Linux. Predefined scripts can be found on ../user/sbin with name user1.sh and user2.sh Please set user rights to execute on both scripts after edit

HY-LINE Systems GmbH

Inselkammerstr. 10

82008 Unterhaching

systems(at)hy-line.de

www.hy-line.de/systems

Seite 27

HY-LINE truecon Router Handbuch

I/O-Settings – Digital Input / Output:



Activate: If checked the I/O port is used for data output



Map digital output: DigEin1, DigEin2 or Online state is mapped to digital output



Turn On / Turn off: manual on and off control of the digital output

Technical data Digital I/Os: For EMC reason it is recommended to use a ferrite core, if data lines are longer then 3m. (ferrite core Würth 74270090 with two coils)    Digital

Input 1 / 2: Triggering from high to low signal change;

Potential-free inputs: Factory default setting, Signal action by simple shortcut (self powered) Active input: Switching voltage: apply max. 24VDC/ min. 5mA DIP-Switch1: configures DigIn1, see picture; DIP-Switch2: configures DigIn2, see picture

The jumper position in the picture shows configuration for potential free inputs, factory default. 

Please switch of router before making changes to the jumper. The router must voltage free all the time you set jumper router. The router case must not b opened!

any be on the DIP-Schalter 1: Digital In 1

   Digital

DIP-Schalter 2: Digital In 2

Jumper Block 3/4: DIP-Schalter 3: Reset DIP-Schalter 4: ohne Funktion

output: Open Collector: Output voltage 12-30VDC (active) / max. 100mA. The output voltage is similar to the power supply voltage applied to the router.

    HY-LINE Systems GmbH

Inselkammerstr. 10

82008 Unterhaching

systems(at)hy-line.de

www.hy-line.de/systems

Seite 28

HY-LINE truecon Router Handbuch

Firewall:

HY-LINE Systems GmbH

Inselkammerstr. 10

82008 Unterhaching

systems(at)hy-line.de

www.hy-line.de/systems

Seite 29

HY-LINE truecon Router Handbuch

Fortsetz.: Firewall: The firewall configuration allows the opening and closing of specific services from the internet to the router (arrows left) and from the router to the internet (arrows right).

Continue: Firewall: 

Three standard profiles are available: -



Default – Standard, applicable for most uses Custom – Custom profile defined by user, must be set for user configuration Minimum – High security

Commit rules: Commit the changes immediately to the firewall configuration when saving



Masquerading: Set S-NAT routing options: if activated all data packets will be changed coming from the WAN interface to the local ethernet (eth0) router interface. The router will exchange the public ip for forwarded packets with his own local ip address. This will be used to access devices on the router lan subnet without having set a gateway address in this devices.

Ausgehende Verbindungen (HY-LINE Router LAN -> externe Gateway) :



Masquerade srcnet:

Aktivieren: erlaubt ausgehende TCP-Pakete über ein Standard Gateway (keine Modemgateway)



Source net:

Netzmaske/IP-Bereich des zu ausgehenden Traffic Format: 192.168.102.0/24 (Beispiel) Siehe Seite 17.

HY-LINE Systems GmbH

Inselkammerstr. 10

82008 Unterhaching

systems(at)hy-line.de

www.hy-line.de/systems

Seite 30

HY-LINE truecon Router Handbuch

NAT (Network Address Translation) NAT (Network Address Translation) is a network procedure where an IP-Address in a data pack is changed in to another. This is usually done to support private IP addresses on to public networks such as the internet. The ports are also translated in the same sense but through a system called PAT (Port Address Translation). Configuration The NAT configuration in the router can be configured through a serial connection over SSH or via the web interface. A maximum of 150 NAT rules can be configured. Following Ports shouldn’t be changed: List of unchangeable ports Service File Transfer Protocol (FTP) SSH Remote Login Protocol (ex. pcAnyWhere) Telnet Simple Mail Transfer Protocol (SMTP) Domain Name Server (DNS) WWW Server (HTTP) HTTPS Post Office Protocol ver.3 (POP3) Network News Transfer Protocol (NNTP) Point-to-Point Tunnelling Protocol (PPTP) pcANYWHEREdata pcANYWHEREstat WinVNC

Protocoll TCP UDP TCP TCP UDP TCP TCP TCP TCP TCP TCP UDP TCP

Port 21 22 23 25 53 80 443 110 119 1723 5631 5632 5900

Konfiguration über Website: HY-LINE Systems GmbH

Inselkammerstr. 10

82008 Unterhaching

systems(at)hy-line.de

www.hy-line.de/systems

Seite 31

HY-LINE truecon Router Handbuch



Protocol Type:

Protocol TCP or UDP



Forwarded Port:

Incoming port



Dest. Address:

IP-Address of device the packet is send to



Dest. Port:

Port of device the packet is send to



Commit rules:

Immediately activate NAT rules after pressing save button (no restart required)

HY-LINE Systems GmbH

Inselkammerstr. 10

82008 Unterhaching

systems(at)hy-line.de

www.hy-line.de/systems

Seite 32

HY-LINE truecon Router Handbuch

Services - Status:

The service menu allows to stop, start and pause the services. HY-LINE Systems GmbH

Inselkammerstr. 10

82008 Unterhaching

systems(at)hy-line.de

www.hy-line.de/systems

Seite 33

HY-LINE truecon Router Handbuch

Services - DHCP/DNS Server:

HY-LINE Systems GmbH

Inselkammerstr. 10

82008 Unterhaching

systems(at)hy-line.de

www.hy-line.de/systems

Seite 34

HY-LINE truecon Router Handbuch

Services - DynDNS:



DynDNS Service Provider: Choose your provider for the DynDNS server.



Username: DynDNS account name



Password: DynDNS password



Password verify: Re-Enter DynDNS password



Host alias: DynDNS Hostname

Activate DynDNS Service Modemmode: Activate DynDNS service in ../Connectivity Settings/Internet Settings/ -> IP-Reporting mode! Gateway mode: Activate DynDNS service in Service Menu

HY-LINE Systems GmbH

Inselkammerstr. 10

82008 Unterhaching

systems(at)hy-line.de

www.hy-line.de/systems

Seite 35

HY-LINE truecon Router Handbuch

Services - Inetwd + Redundancy:

HY-LINE Systems GmbH

Inselkammerstr. 10

82008 Unterhaching

systems(at)hy-line.de

www.hy-line.de/systems

Seite 36

HY-LINE truecon Router Handbuch

Services - Inetwd + Redundancy:

Funktionsweise Internet Watchdog (Inetwd): The internet watchdog checks periodically via ping (icmp protocol) the correct access to an ip address or host name on the internet or intranet. If the ip address is not reachable the router will be restart. 

Important: this function will cause traffic also if there is no other communication over the router



Destination host: IP-Address or host name - Layout: www.name.extension



Maximum retries: Number of ping trials before router restart



Interval: Interval in seconds für ping request

Important: Do not activate this service until the router is ready to access the internet. If the service is activated and there is e.g. no sim card installed, the router will reboot every 600seconds by default.

Funktionsweise Redundancy: redundanter Kommunikationsweg a)

LAN-Gateway (DHCP)

 UMTS / PPPoE (intern DSL oder externes Modem)

Der Router ist nur über die aktuell aktive Verbindung online. Aktivierung der redundanten Funktion über die system.conf. (Setzen einer Variablen). Der primäre, aktive Kommunikationsweg (nach Router Reboot) ist immer LAN-Gateway (DHCP). Sobald der primäre, aktive Kommunikationsweg ausgefallen ist, wird die Kommunikation automatisch auf den redundanten Kommunikationsweg (UMTS/PPPoE) aktiviert. Diese Funktion wird durch den Dienst InetWD aktiviert. Anschließend wird der DHCP Dienst (falls aktiviert) beendet und der Router neu gestartet. Nach dem Neustart ist der aktive Kommunikationsweg UMTS/PPPoE. Es wird eine E-Mail abgesetzt, die eine (definierbare) Information enthält. Umschalten auf den primären Kommunikationsweg erfolgt manuell über die Router Weboberfläche, einfach durch einen Reboot/ Neustart des Routers (übers Internet oder Intranet).

b)

LAN-Gateway (kein DHCP)  LAN-Gateway (kein DHCP) Funktionsweise redundanter Kommunikationsweg, wie unter a). Voraussetzung: es darf kein DHCP Client bei den LAN Einstellungen im Router aktiviert sein, alle LAN-Parameter müssen manuell eingegeben werden. Das Umschalten auf den primären Kommunikationsweg/ Gateway erfolgt manuell über die Router Weboberfläche durch einen Reboot/ Neustart des Routers (übers Internet oder Intranet). Das Umschalten des aktiven Gateways nach erfolglosem Ping des InetWD automatisch auf das redundanten Gateway. Hinweis: Das redundante Gateway wird vom User in den InetWD Dienst eingetragen, dies kann nicht über die Weboberfläche gemacht werden.

HY-LINE Systems GmbH

Inselkammerstr. 10

82008 Unterhaching

systems(at)hy-line.de

www.hy-line.de/systems

Seite 37

HY-LINE truecon Router Handbuch

Fortsetz.: Services - Redundancy Konfiguration: LAN-Gateway –> UMTS/Gateway Fallback



Enable redundancy:

Redundanz aktivieren, Optionen: Redundanzweg modem oder Gateway



Fallback gateway:

Hier das Gateway im Redundanzfall angeben, das zum Default Gateway wird



Status Mail modem r.: Aktiviert Mail Benachrichtigung im Falle eines umschalten auf den Redundanzweg. Die Mail wird an den system manager verschickt. 

Mail Message:

Inhalt der Benachrichtgungsmail

Beispiel Redunanz konfigurieren: - Redundancy

aktivieren (modem oder fallback), Mail Benachrichtigung aktiverieren und Mail Text angeben

- Service Menü: - Internet Einwahl auf: Always online - Internet-Dial-Up Service deaktivieren - Internet Watchdog Service aktivieren (InetWD)

Fortsetz.: Beispiel Redunanz konfigurieren: HY-LINE Systems GmbH

Inselkammerstr. 10

82008 Unterhaching

systems(at)hy-line.de

www.hy-line.de/systems

Seite 38

HY-LINE truecon Router Handbuch

- Konfiguration LAN-Gateway: wie im Kapitel Base Settings / LAN beschrieben vornehmen

DHCP-Server inaktiv im ext. Gateway Subnetz: LAN 0: Netzwerk/Subnetz auf der der Gateway Seite LAN 2: Netzwerk/Subnetz des HY-LINE Routers Gateway (systemwide): Netzwerk/Subnetz auf der der Gateway Seite

DHCP-Server aktiv im ext. Gateway Subnetz: LAN 0: Netzwerk/Subnetz des HY-LINE Routers LAN 2: Netzwerk/Subnetz auf der der Gateway Seite (DHCP aktivieren) Gateway (systemwide): Netzwerk/Subnetz auf der der Gateway Seite (wird autom. vergeben)

Konfiguration Firewall:: wie im Kapitel Firewall beschrieben, Masquerading srcnet aktivieren und konfigurieren

Router Neustart!

 AKTIVE Redundanz: LAN-Gateway –> UMTS Fallback Nach dem Neustart erweitert sich die Anzeige auf der Home Startseite des Routers: es wird eine eingeschaltete Redundanz Funktion angezeigt: Wir die Redundanz aktiv, d.h. der 2. Kommunikationsweg wird aktiviert, ändert sich die Statusanzeige wie folgt:

Die erste Zeile zeigt den gewählten Redundanzmodus an, die zweite Zeile zeigt dann denselben Wert an, wenn der inetwd in den Fallback gewechselt hat. Der inetwd Serive läuft nun regulär weiter und versucht (jetzt über den Fallback-Weg) seinen Ping ins Internet abzusetzen. Gelingt das weiterhin nicht, hakt wieder der Reboot ein und das System startet neu (und schaltet damit auf die primäre Funktion zurück). Nach einem manuellen Reboot des Router über die Webberfläche ist der 1. Kommunikationsweg aktiv.

HY-LINE Systems GmbH

Inselkammerstr. 10

82008 Unterhaching

systems(at)hy-line.de

www.hy-line.de/systems

Seite 39

HY-LINE truecon Router Handbuch

Services – NTPd Timeserver:

Protocoll of the timeserver is NTP RFC1305. 

NTP Timeserver 1/2:



NTP Server (RFC 1305):

HY-LINE Systems GmbH

IP address or hostname. Timeserver 2 is automatically used if connection to timeserver 1 failed.

Activate the NTP Server Mode for the local network. Any ip device can update their time over the router via NTP.

Inselkammerstr. 10

82008 Unterhaching

systems(at)hy-line.de

www.hy-line.de/systems

Seite 40

HY-LINE truecon Router Handbuch

Services - Ser2TCP:



The Ser2TCP Service is able to stream data from the serial RS232 Router interface to any ip based device over the ethernet network. Further administration under Linux OS is needed. Please contact HYLINE technical support for assistance.

HY-LINE Systems GmbH

Inselkammerstr. 10

82008 Unterhaching

systems(at)hy-line.de

www.hy-line.de/systems

Seite 41

HY-LINE truecon Router Handbuch

Services - SNMP:



Please contact HY-LINE technical support to receive the MIB (Management Information Base).

HY-LINE Systems GmbH

Inselkammerstr. 10

82008 Unterhaching

systems(at)hy-line.de

www.hy-line.de/systems

Seite 42

HY-LINE truecon Router Handbuch

Services - SSHd:

Configuration for access to the router over SSH (Secure Shell TCP/IP Terminal) Secure Shell – secured communication over unsecured networks : Secure Shell (SSH) is a program that allows the communication of computers over unsecured networks through a secure means. It closes many security risks, this is done through the encryption of data. Access to the router through SSH-Secure Shell (TCP/IP): Windows Editor, for example: Winscp login: root password: can be set under User Management Settings SSH (TCP/IP): Host-Name or IP-Address: Router-IP

Port: 22

Note: First time power-up (after firmware update) the router initializes his SSH-Keys. This process takes about 15 minutes after that the router will be reachable through SSH.

HY-LINE Systems GmbH

Inselkammerstr. 10

82008 Unterhaching

systems(at)hy-line.de

www.hy-line.de/systems

Seite 43

HY-LINE truecon Router Handbuch

Services - Syslogd:

Configuration of the log files size, number of logs and remote logins.

Services - FTP-Server:  

approx.. 3MB Flash-Memory (persistent, root directory) approx. 8MB RAM-Memory ( ..\tmp)

HY-LINE Systems GmbH

Inselkammerstr. 10

82008 Unterhaching

systems(at)hy-line.de

www.hy-line.de/systems

Seite 44

HY-LINE truecon Router Handbuch

Services - UDP Broadcast Proxy:

The UDP-Broadcast function is used for discover ip devices on the HY-LINE Router lan subnet. Incoming tcp-ip packets with configured broadcast port will be send automatically to each device in the router network. Each reply will be send back to the sender from the internet.   Destination

IP range: Destination the broadcast will be send to (usually the HY-LINE Router lan subnet)



Destination Netmask: Subnet of destination network



Destination Port:

HY-LINE Systems GmbH

Identification of broadcast function and destination port to send to

Inselkammerstr. 10

82008 Unterhaching

systems(at)hy-line.de

www.hy-line.de/systems

Seite 45

HY-LINE truecon Router Handbuch

Services - Webserver:



Use also Port 80 active: Router is accessible via Port 80 and Port 443 over the internet and intranet



Attention: Due to security reason it is recommended to disable Port 80 access from the internet



Certificate warning: The HY-LINE Router has a standard https certificate installed (common version). This will cause in a browser alert after trying to access the routers web interface. It is possible to use a customer specific certificate to prevent this. This is not a security issue.

HY-LINE Systems GmbH

Inselkammerstr. 10

82008 Unterhaching

systems(at)hy-line.de

www.hy-line.de/systems

Seite 46

HY-LINE truecon Router Handbuch

VPN: A Virtual Private Network (VPN) is a computer network that communicates private data through a big open network such as the internet. Members of the VPN that are logged in can exchange data as if they were part of a private LAN. The meaning private implies that the connection is established much like a local LAN but does not imply that the connection is encrypted. A tunnel is established between Client and Server, this connection is the tunnel but VPN tunnels do not have to be encrypted. Secure VPNs use cryptographic tunnelling protocols to provide the intended confidentiality (blocking snooping and thus Packet sniffing), sender authentication (blocking identity spoofing), and message integrity (blocking message alteration) to achieve privacy. When properly chosen, implemented, and used, such techniques can provide secure communications over unsecured networks. This has been the usually intended purpose for VPN for some years. Secure VPN technologies may also be used to enhance security as a "security overlay" within dedicated networking infrastructures.



Secure VPN protocols included in the M2M Router are following: 

IPsec (IP security) – Pre-shared-keys or X.509 certificates



PPTP Client and Server (point-to-point tunnelling protocol), Username and password security



OpenVPN Client and Server: Certificate authentication, NO username and password possible

HY-LINE Systems GmbH

Inselkammerstr. 10

82008 Unterhaching

systems(at)hy-line.de

www.hy-line.de/systems

Seite 47

HY-LINE truecon Router Handbuch

Services - VPN



Use IPsec:

Enables IPSec server when connected to the internet aktiviert (Pre-shared key, Zertifikate x.509)



Use PPTP server:

Enables PPTP server (Username and password authentication)



Use PPTP client:

Enables PPTP Client (Certificate authentication)

HY-LINE Systems GmbH

Inselkammerstr. 10

82008 Unterhaching

systems(at)hy-line.de

www.hy-line.de/systems

Seite 48

HY-LINE truecon Router Handbuch

VPN – PPTP Server Configuration:



Gateway IP / Client IPv4 range: VPN-Tunnel IP-Subnet must be different from HY-LINE Router LAN subnet

HY-LINE Systems GmbH

Inselkammerstr. 10

82008 Unterhaching

systems(at)hy-line.de

www.hy-line.de/systems

Seite 49

HY-LINE truecon Router Handbuch

VPN – PPTP Client Konfiguration:



Server address: IP-address or host name of VPN-PPTP server



User name: vpn pptp user name, add/edit in ..\Advanced\user management



Enable network mode: activate routing to remote network (server subnet)



Network address: network ip range on server side (for routing), syntax: xxx.xxx.xxx.0



Route netmask: subnet for routing, syntax: 255.255.255.0



Route manuell setzen auf linux shell: -sys sh -ip route add 192.168.3/24 add ppp1

HY-LINE Systems GmbH

Inselkammerstr. 10

82008 Unterhaching

systems(at)hy-line.de

www.hy-line.de/systems

Seite 50

HY-LINE truecon Router Handbuch

VPN-PPTP SERVER Set up connections example M2M Router settings for us a VPN-PPTP-CLIENT: 



Authentication method: o CHAP or MS-CHAP V2 authentication available o Edit: \\etc\runit\pptp\run (File with extension script) 

CHAP: name +mppe-40 persist maxfail 0 debug \ -> if CHAP not possible, MS-CHAP V2 is used



MS-Chap V2: name +mppe-40 refuse-chap persist maxfail 0 debug \ -> only MS-Chap V2 is used

Encryption MPPE: o Edit: \\etc\runit\pptp\run (File with extension script)   

HY-LINE Systems GmbH

+mppe-40 +mppe-128 De-activate mppe: remove string (+mppe-40 or +mppe-128)

Inselkammerstr. 10

82008 Unterhaching

systems(at)hy-line.de

www.hy-line.de/systems

Seite 51

HY-LINE truecon Router Handbuch

Continue: VPN-PPTP SERVER Set up connections example Web interface settings

VPN Services: Use PPTP client

 VPN \ PPTP \ Client :  Set PN server  Set user name; user must be add in user management, see next page  Enable Network Mode, routing is active  Network address: subnet on other side of VPN Tunnel, Syntax: x.x.x.0 All other settings like shown in the picture.

HY-LINE Systems GmbH

Inselkammerstr. 10

82008 Unterhaching

systems(at)hy-line.de

www.hy-line.de/systems

Seite 52

HY-LINE truecon Router Handbuch

User management: VPN-PPTP  Add user via web interface ../Advanced/User Management:  User subsystem: PPP/PPTP User

Important: if connectionist not working please change following: o Edit: \etc\ppp\chap-secrets o Change username PPP password to username * password * # PPP t-d1 * t-d1 # PPTP vpn ppp 123 * # PPTP username ppp password * change to username * password * Important: this change must be made every time a new user is added/changed or deleted!

HY-LINE Systems GmbH

Inselkammerstr. 10

82008 Unterhaching

systems(at)hy-line.de

www.hy-line.de/systems

Seite 53

HY-LINE truecon Router Handbuch

VPN – OpenVPN Server Configuration:

 Range ip Address: IP-Address range of established OpenVPN tunnels (Format: x.x.x.0)  Range ip netmask: IP-Netmask of established OpenVPN tunnels  Push route 1-3: IP-Address range, set as route in OpenVPN Client (Format: x.x.x.0)  Route 1-3 netmask: IP-Subnet, set as subnet in OpenVPN Client

HY-LINE Systems GmbH

Inselkammerstr. 10

82008 Unterhaching

systems(at)hy-line.de

www.hy-line.de/systems

Seite 54

HY-LINE truecon Router Handbuch

VPN – OpenVPN Server Configuration:

      Duplicate cn: allow multiple clients with same common name to connect to router at the same time

 Authentication: only with certificate, Username and password not possible   Encryption: SHA1 - HMAC and BF-CBC (Blowfish - Cyper-Block-Chaining Mode) Default-Keysize: SHA1: 160 bit ; BF-CBC: 128 bit. (not editable)  OpenVPN Client: example for use with windows: http://openvpn.net/index.php/open-source/downloads.html HY-LINE Systems GmbH

Inselkammerstr. 10

82008 Unterhaching

systems(at)hy-line.de

www.hy-line.de/systems

Seite 55

HY-LINE truecon Router Handbuch

VPN – OpenVPN Server Configuration: EXAMPLE  OpenVPN Client Configuration on remote side (e.g. PC-System / Hardware-Router): - Store certificate + keys in HY-LINE Router, Format: > ca.crt > ca.key > client.crt > client.key > server.crt > server.key - Copy certificate + keys on the PC (e.g. ..\Programme\OpenVPN\Config - Configure OpenVPN Client Software Config File (e.g. client.ovpn)  Successful connection between HY-LINE Router and Windows PC running OPenVPN.org software client.

HY-LINE Systems GmbH

Inselkammerstr. 10

82008 Unterhaching

systems(at)hy-line.de

www.hy-line.de/systems

Seite 56

HY-LINE truecon Router Handbuch

VPN – OpenVPN Client configuration:  Attention: the router internal clock must be set to correct date and time.  Activate OpenVPN Client via Service menu:

 Server FQHN: openVPN Server IP-Address or Domain-Name  Server port: openVPN Server Port  Client certificate: Authentication certificate  Client key: Keys for Authentication  CA certificate: Setup CA-Certificate for authentication in OpenVPN SERVER Menu  CA key: Setup CA-Key for authentication in OpenVPN SERVER Menu

HY-LINE Systems GmbH

Inselkammerstr. 10

82008 Unterhaching

systems(at)hy-line.de

www.hy-line.de/systems

Seite 57

HY-LINE truecon Router Handbuch

VPN –IPsec Server Configuration: VPN-ipsec Preshared Key Network example: Server room Router-IP WAN: 201.202.203.204 Network : 192.168.180.0/24 Remote Network (HY-LINE Router) Router-IP WAN: dynamic Router-IP LAN: 192.168.3.254 Network : 192.168.3.0/24

255.255.255.0

255.255.255.0

ipsec PHASE 1 PARAMETER (management connection) Encryption : 3DES Authentication (Hash) : SHA1 Preshared Key : 12345 Lifetime : 86400 ipsec PHASE 2 PARAMETER (data connection) Security protocol : ESP (nicht AH) Conection Mode : Tunnel Mode (nicht Transport Mode) Encryption : 3DES Authentication (Hash) : SHA1 Perfect Forward Secrecy (pfs-Group) : 2 (enabled) – DH2: Diffie Hellmann Group 2

ipsec activate:

HY-LINE Systems GmbH

Inselkammerstr. 10

82008 Unterhaching

systems(at)hy-line.de

www.hy-line.de/systems

Seite 58

HY-LINE truecon Router Handbuch

VPN –IPsec Server Configuration: ipsec configuration:

 

Keep not used values in the default settings (e.g. identifier value, type, etc) ipsec algorithm (encryption/authentication) fill in manually, pay attention to syntax

HY-LINE Systems GmbH

Inselkammerstr. 10

82008 Unterhaching

systems(at)hy-line.de

www.hy-line.de/systems

Seite 59

HY-LINE truecon Router Handbuch

VPN –IPsec Server Configuration: ipsec Policies (Routing): RECHENZENTRUM Router-IP WAN: 201.202.203.204 Netz : 192.168.180.0/24 255.255.255.0

Remote Netz (HY-LINE Router) Router-IP WAN: dynamisch Router-IP LAN: 192.168.3.254 Netz : 192.168.3.0/24 255.255.255.0

Hier müssen im HY-LINE Router 2 Routen konfiguriert werden, eine für ausgehenden Traffic (out) und eine für eingehenden Traffic (in). ipsec Policies OUT:

HY-LINE Systems GmbH

Inselkammerstr. 10

82008 Unterhaching

systems(at)hy-line.de

www.hy-line.de/systems

Seite 60

HY-LINE truecon Router Handbuch

VPN –IPsec Server Configuration: ipsec Policies IN:

HY-LINE Systems GmbH

Inselkammerstr. 10

82008 Unterhaching

systems(at)hy-line.de

www.hy-line.de/systems

Seite 61

HY-LINE truecon Router Handbuch

VPN –IPsec Server Configuration: ipsec Policies summary:

Add user: Menu ..\Advanced\User Management :

User subsystem: VPN ipsec user Username: public IP-address (WAN) of Server room Password: preshared key

HY-LINE Systems GmbH

Inselkammerstr. 10

82008 Unterhaching

systems(at)hy-line.de

www.hy-line.de/systems

Seite 62

HY-LINE truecon Router Handbuch

VPN-ipsec certificate connections Base settings: see VPN with preshared Keys. The HY-LINE router is based on x.509 certificates. The router uses 2 files: the certificate file with extension .crt and the private key file with extension: e.g. p12 for pkcs 12 Files. For x.509 certificates in one file you have to split it into two files. For example with the software: XCA . IMPORTANT: The Private Key File must not be protected by a password. (remove with OpenSSL).

Use the software XCA to split the certificate in two files(http://xca.hohnstaedt.de/?page_id=3)

Remove password in the Public Key File with OpenSSL (http://www.openssl.org/): Start OpenSSL prompt Check if password protected, you won’t see any information: pkcs12 -in Name_des_Zertifikats.p12 -info Clear password in the private Key File: pkcs12 -in Name_des_Zertifikats.p12 -info -nodes -nocerts -out Name_des_Zertifikats _neu.pem

HY-LINE Systems GmbH

Inselkammerstr. 10

82008 Unterhaching

systems(at)hy-line.de

www.hy-line.de/systems

Seite 63

HY-LINE truecon Router Handbuch

Advanced - System:

System management:  Advanced  

command line: Command Line Interface

HY-LINE Systems GmbH

Inselkammerstr. 10

82008 Unterhaching

systems(at)hy-line.de

www.hy-line.de/systems

Seite 64

HY-LINE truecon Router Handbuch

Advanced - System: 

Amcli command line: The amcli is a simple command line interface running on the routers linux system OS.

Example commands: -c -D -d -f file -R file -h -V -v -g -q -i -s -F -r runlevel -m -p

Execute command and exit Dump configuration and exit Write configuration and exit Specify configuration file Read commands from file Show help Verify configuration file and exit Be more verbose Run in CGI mode Quiet mode Run init jobs and exit Shutdown mode for init Forced init (abort on error) Set init runlevel Modify configuration data and exit Purge nodes

HY-LINE Systems GmbH

Inselkammerstr. 10

82008 Unterhaching

systems(at)hy-line.de

www.hy-line.de/systems

Seite 65

HY-LINE truecon Router Handbuch



Amcli command line interface

Output for command: ping 192.168.101.222

HY-LINE Systems GmbH

Inselkammerstr. 10

82008 Unterhaching

systems(at)hy-line.de

www.hy-line.de/systems

Seite 66

HY-LINE truecon Router Handbuch

Advanced - System: System management: 

Reboot system: Router reset (Softreset)

System configuration management: 

Download: loads the current configuration of the router to a file (system.conf)



Upload: uploads a system.conf file in to the router, restart required

 configuration file must be from same firmware version



Incremental Update Support: Firmware update without the need for a full firmware download

HY-LINE Systems GmbH

Inselkammerstr. 10

82008 Unterhaching

systems(at)hy-line.de

www.hy-line.de/systems

Seite 67

HY-LINE truecon Router Handbuch

Advanced - Logging:



System Log: The system log will show details about the routers functions, e.g. dial in the internet, sending mails, using DynDNS, etc.

Example of logfile:

09:55:46: Internet dial-up und public ip address: 80.187.16.115 09:55:50: DynDNS Alias name update 09:55:53: E-Mail send (ip-address)

HY-LINE Systems GmbH

Inselkammerstr. 10

82008 Unterhaching

systems(at)hy-line.de

www.hy-line.de/systems

Seite 68

HY-LINE truecon Router Handbuch

Advanced – Network Tracer:

The Network tracer tool logs all network traffic over all interfaces ecxept following traffic: Port 22 (ssh), 80 (http), 443. 

Enable tracer: check box this box and press save



Clear traces: clear all saved logs



Trace log: show save logs

Example: Tracelog

HY-LINE Systems GmbH

Inselkammerstr. 10

82008 Unterhaching

systems(at)hy-line.de

www.hy-line.de/systems

Seite 69

HY-LINE truecon Router Handbuch

Advanced - User Management:

User Management: To add, change and delete user on the HY-LINE Router.

HY-LINE Systems GmbH

Inselkammerstr. 10

82008 Unterhaching

systems(at)hy-line.de

www.hy-line.de/systems

Seite 70

HY-LINE truecon Router Handbuch

Advanced - User Management: 

Webserver user have fixed names and belongs to a right system with limited access to router functions

- Username: manager

Password: changemetoo

- Username: service

Password: changemetoo

- Username: installer

Password: changemetoo

- Username: user

Password: changemetoo

Passwords can be changed. Menu ‚List users’ shows only user with same or lower rights.



User rights

HY-LINE Systems GmbH

Inselkammerstr. 10

82008 Unterhaching

systems(at)hy-line.de

www.hy-line.de/systems

Seite 71

HY-LINE truecon Router Handbuch

Specification Function

M2M Industrial router with free modem choice, VPN and Firewall for easy, secure and worldwide access to machines and facilities.

Router-Versions

Analog 56 KBit/s, ISDN 64 KBit/s (Euro-ISDN), GSM/GPRS/EDGE/UMTS/LTE (HSPA) Quad-band; DSL – Annex B, (optional Annex A), ADSL, ADSL2 and ADSL2+ (Annex A/M/L or Annex B); LAN-Router – without Modem

VPN

Virtual Private Network, Protocols: OpenVPN Client and Server, IPSec (Pre-Shared Key / X.509 Certificates); PPTP (PAP, CHAP, MS-CHAP V2)

PPP PPPoE

Point to Point Protocoll, analog, ISDN and GSM-Modems support, PPP-Callback functionality Point to Point over Ethernet Protocoll, supports external modems via Ethernet/PPPoE

Firewall

Packet-Inspection, NAT, Port Forwarding

Services

DynDNS, DHCP/DNS Server, SNMP, NTP, SMTP, FTP

Configuration / Management

HTML-Webserver, SSH, Serial, HTTP, HTTPS, SSH, Seriell

Alarm management

E-Mail, SMS, trigger able by Digital Input

Digital Inputs

2 x 5-30 VDC / VAC, current min. 5 mA, switchable to floating inputs

Digital Output

24 VDC / max. 100 mA

Interfaces

Ethernet RJ 45, 10/100 Mbit/s; RS232-DSUB-9; analog RJ 11; DSL RJ45; ISDN RJ 45, Antenna: FME (male), optional: SMA (female)

Status LEDs

Power On, Network, Online, Digital I/Os

Environment

Analog-Router, ISDN-Router: Operation 0°C bis +70°C GSM/GPRS/UMTS/LTE-Router: Operation -20°C bis +70°C DSL-Router: Operation 0°C bis +60°C (optional: -20°C bis +60°C) LAN-Router, without internal Modem: Operation -20°C bis +70°C

Power

For all Router versions: Humidity: 0-95%, not condensing 12-30 VDC, power requirement: max. 3-5 Watt, depends on Router-Version

Approvals

CE, EMV EN61000-4-3, ENV50204, ENV55022-B

Dimension

120 x 101 x 35 mm, approx. 250 g, DIN rail mount, IP 20

HY-LINE Systems GmbH

Inselkammerstr. 10

82008 Unterhaching

systems(at)hy-line.de

www.hy-line.de/systems

Seite 72

HY-LINE truecon Router Handbuch

Specification: Router with integrated 4-port switch

Ethernet-Interfaces

Power

Integrated 4-port 10/100 Mbit/s, Ethernet RJ45 Switch on the Front Panel Auto Negotiation, Auto Crossing, Auto Polarity Status-LEDs: Function, Link, Speed Isolation: 1000 VAC Ethernet and Power Supply IEEE 802.3 (CSMA/CD), IEEE 802.3ux (Fast Ethernet, Full Duplex Mode) 12-30 VDC, power requirement: max. 4-6 Watt, depends on Router-Version CE, EMV EN61000-4-3, ENV50204, ENV55022-B

Approvals Dimension

HY-LINE Systems GmbH

120 x 101 x 60 mm, approx. 450g, DIN rail mount, IP 20

Inselkammerstr. 10

82008 Unterhaching

systems(at)hy-line.de

www.hy-line.de/systems

Seite 73

HY-LINE truecon Router Handbuch

Empty page

HY-LINE Systems GmbH

Inselkammerstr. 10

82008 Unterhaching

systems(at)hy-line.de

www.hy-line.de/systems

Seite 74

HY-LINE truecon Router Handbuch

Dimensions Din Rail Mount (EN 60715), IP20, synthetic material

HAP-RS HAP-RIS HAP-RAS HAP-RGS HAP-RUS HAP-RLS

HAP-RDS

101mm

HAP-R HAP-RI HAP-RA HAP-RG HAP-RU HAP-RL

60mm

83mm

120mm

35mm

HY-LINE Systems GmbH

Inselkammerstr. 10

82008 Unterhaching

systems(at)hy-line.de

www.hy-line.de/systems

Seite 75

HY-LINE truecon Router Handbuch

Analog modem country code settings - Log on to the Router via SSH or serial: - Type in following commands (case sensitive) sys sh svactivate stop mgetty-s0 svactivate stop pppd microcom /dev/ttyS0 at+gci=42 (=Germany for example) at&w check country code: at+gci?

- please reboot Router

HY-LINE Systems GmbH

Inselkammerstr. 10

82008 Unterhaching

systems(at)hy-line.de

www.hy-line.de/systems

Seite 76

View more...

Comments

Copyright © 2017 HUGEPDF Inc.