Geneko GWR User Manual Download Page 43

Page: 43 / 144

User Manual

GWR High Speed Cellular Router Series

Settings – VRRP Settings

VRRP (Virtual Router Redundancy Protocol) is a protocol which elects a master server on a LAN and the

master answers to a 'virtual ip address'. If it fails, a backup server takes over the ip address.

VRRP specifies an election protocol to provide the virtual router function described earlier. All protocol

messaging is performed using IP multicast datagrams, thus the protocol can operate over a variety of multi-

access LAN technologies supporting IP multicast. Each VRRP virtual router has a single well-known MAC

address allocated to it.

Figure 26 – Virtual Router Redundancy Protocol

VRRP

Label

Description

Enabled

Select this option to enable VRRPD service

Virtual Router ID

Enter Virtual Router IDentifier (VRID) [1-255], which is the same for all

physical routers for virtual router with this ID in the network.

Priority

Routers have a priority of between 1-255 and the router with the highest

priority will become the master.

Password

Enter authentification password as hexkey [0-9a-fA-F]+.

Reload

Click Reload to discard any changes and reload previous settings

Save

Click Save to save changes.

Table 12 – VRRP Parameters

Settings – VPN Settings

VPN (Virtual private network

) is a communications network tunneled through another network and

dedicated to a specific network. One common application of VPN is secure communication through the

public Internet, but a VPN need not have explicit security features, such as authentication or content

encryption. VPNs, for example, can be used to separate the traffic of different user communities over an

underlying network with strong security features.

A VPN may have best–effort performance, or may have a defined Service Level Agreement (SLA)

between the VPN customer and the VPN service provider. Generally, a VPN has a topology more complex

than point–to–point. The distinguishing characteristics of VPNs are not security or performance, but that

they overlay other network(s) to provide a certain functionality that is meaningful to a user community.

Summary of Contents for GWR

Page 1: ...GWR High Speed Cellular Router Series USER MANUAL WWW GENEKO RS Document version 1 0 0 Date December 2015 GWR...

Page 2: ...story Date Description Author Comments 24 12 2015 User Manual Tanja Savi Firmware versions 1 1 2 Document Approval The following report has been accepted and approved by the following Signature Printe...

Page 3: ...LATION IN TABLES 22 SAVE RELOAD CHANGES 22 STATUS INFORMATION 23 Status General 23 Status LAN Port Information 23 Status DHCP 24 Status WAN Information 24 Status ADSL Information 25 Status Mobile Info...

Page 4: ...MANAGEMENT COMMAND LINE INTERFACE 76 MANAGEMENT REMOTE MANAGEMENT 77 MANAGEMENT CONNECTION MANAGER 77 Getting started with the Connection Wizard 78 MANAGEMENT SIMPLE MANAGEMENT PROTOCOL SNMP 81 MANAG...

Page 5: ...e 24 DMZ configuration page 40 Figure 25 RIP configuration page 41 Figure 26 Virtual Router Redundancy Protocol 43 Figure 27 GRE tunnel parameters configuration page 45 Figure 28 IPSec Summary screen...

Page 6: ...GWR Router 1 96 Figure 81 IPSec configuration page III for GWR Router 1 96 Figure 82 IPSec start stop page for GWR Router 1 97 Figure 83 Network configuration page for GWR Router 2 97 Figure 84 IPSEC...

Page 7: ...125 Figure 123 OpenVPN GWR settings 127 Figure 124 Starting OpenVPN application 127 Figure 125 OpenVPN status on PC 127 Figure 126 OpenVPN status on GWR 127 Figure 127 Portforwarding example 128 Figur...

Page 8: ...43 Table 13 GRE parameters 44 Table 14 IPSec Summary 47 Table 15 IPSec Parameters 51 Table 16 OpenVPN parameters 55 Table 17 PPTP parameters 56 Table 18 L2TP parameters 58 Table 19 Firewall parameters...

Page 9: ...mance backup solution for existing land lines or satellite networks is now a simple task thanks to modern cellular networks Therefore no matter if the goal is to provide primary internet access or bac...

Page 10: ...central site Vehicle based bank service POS Vending machine Bank office supervision Security Traffic control Video Surveillance Solutions Other Remote Office Solution Remote Access Solution There are...

Page 11: ...vailable on 4G models LTE 800 850 900 1800 1900 2100 2600 MHz Transfer rate max 100 Mbps down 50 Mbps up UMTS HSPA DC HSPA 850 900 1900 2100 MHz Transfer rate max 42 Mbps down 5 76 Mbps up GSM GPRS ED...

Page 12: ...T1 413 Issue 2 ITU T G 992 1 G dmt ITU T G 992 2 G lite ITU T G 992 3 G dmt bis ADSL2 ITU T G 992 5 ADSL2plus Connector RJ 11 6P2C Wired Interfaces Ethernet Ports 1 2 or 5 depending on a model Standa...

Page 13: ...t to factory settings LED s Link Activity LED s on Ethernet connectors Power Input 12 VDC 2A Consumption tbd Connector Barrel connector DC Power Cord Barrel connector to bare wire AC Power Supply 100...

Page 14: ...orts otherwise forwarded SNMP v1 2c Simple Network Management Protocol is used in network management systems to monitor network attached devices for conditions that warrant administrative attention NT...

Page 15: ...alternative to other VPN technologies OpenVPN max number of tunnels 15 PPTP The Geneko Router can be used as a PTPP Point to Point Tunneling Protocol client PPTP uses a control channel over TCP and a...

Page 16: ...P based CLI SSH telnet serial Remote management over SSH Remote management over Telnet Traffic and event log Log tracing Maintenance Diagnostics Ping utility Authentication Used for activating and dea...

Page 17: ...hernet connector LED ACT yellow on Network traffic detected off when no traffic detected Network Link green LED on Ethernet activity or access point engaged Figure 2 GWR Router front panel Back panel...

Page 18: ...ettings of the GWR Router hold the RESET button pressed for a few seconds Restoration of the default configuration will be signaled by writing messages on the display and changing network status This...

Page 19: ...d is by web interface This method provides administrator full set of privileges for configuring and monitoring the router Configuration administration and monitoring of the GWR Router can be performed...

Page 20: ...r Plug other side of ETHERNET CABLE to Ethernet port on your computer You will see on the screen if SIM card is present cellular network types signal level current firmware version or IP address uptim...

Page 21: ...menu on the left side of the screen Set IP Address and Subnet Mask and click on SAVE button Add a new network to the interface on your PC Ping new IP address When the GWR router is accessible insert...

Page 22: ...successfully finished process of authentication of Username Password you can access Main Configuration Menu You can set all parameters of the GWR Router using web application All functionalities and...

Page 23: ...Information Tab provides general information about device type device firmware version kernel version CPU vendor Uptime since last reboot hardware resources utilization and MAC address of LAN port Sc...

Page 24: ...IP addresses gained from DHCP server MAC addresses expiration period and lease status Figure 9 DHCP Information Status WAN Information WAN Port Information Tab provides information about WAN port and...

Page 25: ...us ADSL Information ADSL Port Information Tab provides IP status information about interface WAN address primary DNS address DSL information about upstream speed and downstream speed and Line informat...

Page 26: ...ovide information about GPRS EDGE HSPA HSPA LTE mobile module manufacturer and model Mobile operator and signal quality Mobile traffic statistics in bytes Screenshot of Mobile information from the rou...

Page 27: ...ormation Status Firewall Firewall Information Tab provides information about active firewall rules divided in three groups INPUT FORWARD and OUTPUT chain Each of these groups has packet counter which...

Page 28: ...User Manual GWR High Speed Cellular Router Series 28 Figure 15 Router monitoring 1 Figure 16 Router monitoring 2...

Page 29: ...1 is the factory default IP address Subnet Mask The subnet mask specifies the network number portion of an IP address The GWR Router support sub netting You must specified subnet mask for your LAN TCP...

Page 30: ...ary DNS IP address of your primary DNS server Secondary DNS IP address of your secondary DNS server Reload Click Reload to discard any changes and reload previous settings Save Click Save button to sa...

Page 31: ...ration time Primary DNS Secondary DNS This field specifies IP addresses of DNS Domain Name System server that will be assigned to systems that support DHCP client capability Select None to stop the DH...

Page 32: ...User Manual GWR High Speed Cellular Router Series 32 Figure 19 DHCP Server configuration page...

Page 33: ...Authentication This field specifies password authentication protocol Select the appropriate protocol from drop down list PAP CHAP PAP CHAP Username This field specifies Username for client authenticat...

Page 34: ...s Reboot after n consecutive failed connection attempts Enable SIM1 SIM2 keepalive Make some traffic periodically in order to maintain connection active You can set keepalive interval value in minutes...

Page 35: ...ry to connect to GSM By selecting AUTO option router will first try to establish UMTS connection and if it fails router will go for GSM connection Mobile status Displays data related to mobile connect...

Page 36: ...ettings screen Use this screen to configure the username and password parameters Error Reference source not found Enable radio button Default route Figure 21 ADSL Port Settings Settings Wireless Setti...

Page 37: ...printable characters Channel Select one from list of legally allowed Wireless LAN channels using IEEE 802 11 or Auto for automatic channel selection 802 11 Protocol 802 11b has a maximum raw data rat...

Page 38: ...ption Routing Table Dest Network This parameter specifies the IP network address of the final destination Routing is always based on network number If you need to specify a route to a single host use...

Page 39: ...tocol Interface Choose between ppp_0 and br0 interface Select interface where port forwarding is done Port forwarding from outside WAN interface to inside LAN interface is done on PPP and in reverse d...

Page 40: ...es if DMZ settings is enabled at the Geneko Router IP address from LAN IP address to secure an internal network from external access Reload Click Reload to discard any changes and reload previous sett...

Page 41: ...e displayed on telnet console of the Routing Information Protocol Manager Password Login password Port to bind at Local port the service will listen to Routing Information Protocol Status Start Start...

Page 42: ...edistribute static Redistribute routes defined locally in RIP configuration ripd configure router redistribute connected Redistribute directly connected routes Disable RIP update optional ripd configu...

Page 43: ...1 255 and the router with the highest priority will become the master Password Enter authentification password as hexkey 0 9a fA F Reload Click Reload to discard any changes and reload previous settin...

Page 44: ...an IP network You need to connect two similar networks connected by a different network with different IP addressing Click VPN Settings Tab to open the VPN configuration screen In the Error Reference...

Page 45: ...ves are disabled Use the keepalive check box to enable this feature Keepalives do not have to be configured on both ends of the tunnel in order to work a tunnel is not aware of incoming keepalive pack...

Page 46: ...is is the number of IPSec tunnels being defined Maximum number of tunnels This is the maximum number of tunnels which can be defined Maximum number of tunnels is 15 No This filed indicates the number...

Page 47: ...in negotiation process Log level Set IPSec log level Add New Tunnel Click on this button to add a new Device to Device IPSec tunnel After you have added the tunnel you will see it listed in the Summa...

Page 48: ...this box to enable the IPSec tunnel Local Security gateway type When SIM Card is selected the WAN or Internet IP address of the Router automatically appears If the Router is not yet connected to the G...

Page 49: ...ed Key IKE is an Internet Key Exchange protocol used to negotiate key material for Security Association SA IKE uses the Preshared Key to authenticate the remote IKE peer Both ends of IPSec tunnel must...

Page 50: ...one way hashing algorithm that produces a 160 bit digest SHA1 is recommended because it is more secure Both ends of the IPSec tunnel must use the same Phase 2 Authentication setting NOTE If you selec...

Page 51: ...and responder must support the mechanism for detecting the NAT router in the path and changing to a new port as defined in RFC 3947 NOTE If you select this mode the Aggressive mode will be automatical...

Page 52: ...nfiguration it allows the server to release an authentication certificate for every client using signature and Certificate authority It uses the OpenSSL encryption library extensively as well as the S...

Page 53: ...l Number Automatically assigned number of the tunnel Tunnel Name Enter a name for the OpenVPN tunnel This allows you to identify multiple tunnels and does not have to match the name used at the other...

Page 54: ...bad HMAC it will drop the packet HMAC usually adds 16 or 20 bytes per packet Set none to disable authentication NOTE Depending on the options selected in the previous steps some of the following opti...

Page 55: ...ck Click Back to return on IPSec Summary screen Reload Click Reload to discard any changes and reload previous settings Save Click Save to save your changes back to the GWR Router After that router au...

Page 56: ...ote netmask Netmask of remote subnet to route Domain Some PPTP servers require domain name for authentication Username Username to authenticate ourselves to remote server Password Password to authenti...

Page 57: ...d in the tunnel Figure 36 L2TP configuration page L2TP Label Description Enable Select this option to enable L2TP tunnel Tunnel name Unique tunnel identifier Local IP address Set the IP address of the...

Page 58: ...sion id value being used at the peer Peer Cookie Sets an optional peer cookie value to be assigned to the session This is a 4 or 8 byte value specified as 8 or 16 hex digits e g 014d3636deadbeef The v...

Page 59: ...redefined or custom defined values Input Interface Select the name of an interface via which a packet was received only for packets entering the INPUT and FORWARD chains Output Interface Select the na...

Page 60: ...box enables Distributed DOS Maximum average matching rate Maximum average matching rate specified as a number with an optional time unit second minute hour or day the default is 3 hour Maximum initia...

Page 61: ...e MAC Filter table the packet will dropped MAC Filtering Settings Label Description Enable MAC Filtering This field specifies if MAC Filtering is enabled at the router Enable Enable MAC filtering for...

Page 62: ...DNS Cilent Enable DynDNS Client Service The type of service that you are using try one of no ip dhs pgpow dyndns dyndns static dyndns custom ods easydns dyns justlinux and zoneedit Custom Server IP or...

Page 63: ...y default above described features are disabled Selecting one of two possible applications of Serial port opens up additional options available for configuration Figure 41 Serial Port Settings initial...

Page 64: ...Only on server side Server IP address Specify server IP address Only on client side Connect to TCP UDP port Number of the TCP UDP port to accept connections from this device Only on client side Type o...

Page 65: ...laves can be directly attached to the unit s serial ports without any external protocol converters Click Serial Port Tab to open the Modbus Gateway configuration screen Choose Modbus Gateway settings...

Page 66: ...r is 502 Connection timeout When this field is set to a value greater than 0 the serial server will close connections that have had no network receive activity for longer than the specified period Tra...

Page 67: ...User Manual GWR High Speed Cellular Router Series 67 Figure 43 Modbus gateway configuration page...

Page 68: ...After the command is executed router sends one of the following status reports to the user CONNECTING CONNECTED WAN_IP WAN IP address or the router DISCONNECTING DISCONNECTED 5 In order to establish...

Page 69: ...ter entering Phone number and Message and by pushing button Send Figure 45 Send SMS SMS Gateway is used for sending SMS with GET query Command format is following 192 168 1 1 cgi send_exec lua group s...

Page 70: ...the GWR Router Only for information purpose Location This field specifies location of the GWR Router Only for information purpose Save Click Save button to save your changes back to the GWR Router Rel...

Page 71: ...sword to confirm it Enable Radius Authentication By this check box you can activate or deactivate function for authentication via remote radius server Enable Enable or disable usage of this radius ser...

Page 72: ...s of the NTP server Automatically synchronize NTP Setup automatic synchronization with time server Update time every Time interval for automatic synchronization Time Zone Select your time zone Save Cl...

Page 73: ...o look for the firmware file After selection of new firmware version through Browse button mechanism the process of data transfer from firmware to device itself should be started This is done by Uploa...

Page 74: ...te configuration file After you select the file click Import This process may take up to a minute Restart the Router in order to changes will take effect Export Configuration File To export the Router...

Page 75: ...ystem Reboot page Management Display settings Display settings on the GWR Router are done through window Display Settings Figure 54 Display Settings Display Settings Label Description Enable Screen Sa...

Page 76: ...Interface Label Description CLI Settings Enable telnet service Enable or disable CLI via telnet service Enable ssh service Enable or disable CLI via ssh service View Mode Username Login name for View...

Page 77: ...changes back to the GWR Router Reload Click Reload to discard any changes and reload previous settings Table 29 Remote Management parameters Management Connection Manager Enabling Connection Manager...

Page 78: ...et mask GWR router s Ethernet port and GPRS EDGE HSPA HSPA LTE network connection Selecting this option you can configure parameters for LAN and WAN interface Figure 58 Connection Wizard Initial Step...

Page 79: ...Speed Cellular Router Series 79 Figure 59 Connection Wizard Router Detection When you select one of the routers from the list and click Next you will get to the following screen Figure 60 Connection...

Page 80: ...t and you will be able to setup WAN interface Figure 61 Connection Wizard WAN Settings After entering the configuration parameters if you mark option Establish connection router will start with connec...

Page 81: ...2 SNMP configuration page SNMP Settings Label Description Enable SNMP SNMP is enabled by default To disable the SNMP agent click this option to unmark Get Community Create the name for a group or comm...

Page 82: ...from many different types of systems into a central repository Figure 63 Syslog configuration page The GWR Router supports this protocol and can send its activity logs to an external server Syslog Se...

Page 83: ...ner of the screen Click this tab to exit the web based utility If you exit the web based utility you will need to re enter your Username and Password to log in and then manage the Router CHROOT A chro...

Page 84: ...seq unset cd fi lua service until chattr find luac set unzip chmod flock mapfile sh upfirmware clear for md5sum shift uptime cmp free microcom shopt users command ftpd mkdir show usleep compgen funct...

Page 85: ...accept the changes Use SIM card with a dynamic static IP address obtained from Mobile Operator Note the default gateway may show or change to an address such as 10 0 0 1 this is normal as it is the G...

Page 86: ...ddress Source tunnel address should have static WAN IP address Destination tunnel address should have static WAN IP address GSM UMTS APN Type For GSM UMTS networks GWR Router connections may require a...

Page 87: ...M UMTS connection Mobile Settings Tab If disconnected please click Connect button Click VPN Settings GRE to configure GRE tunnel parameters Enable yes Local Tunnel Address 10 10 10 1 Local Tunnel Netm...

Page 88: ...The GWR Router 2 configuration Click LAN Ports Tab to open the LAN Ports Settings screen Use this screen to configure LAN TCP IP settings Configure IP address and Netmask IP Address 192 168 2 1 Subnet...

Page 89: ...want to use host name as peer identifier Tunnel Destination 1 10 251 49 2 obtained by the network provider 2 Select HOST from drop down menu if you want to use host name as peer identifier KeepAlive e...

Page 90: ...h of the routers it appears that it has two paths to the remote physical interface and the tunnel interface running through the tunnel This tunnel could then transmit unroutable traffic such as NetBIO...

Page 91: ...face Tunnel0 ip address 10 10 10 2 255 255 255 252 tunnel source FastEthernet0 0 tunnel destination 172 29 8 5 ip route 10 1 1 0 255 255 255 0 tunnel0 Command for tunnel status show ip interface brief...

Page 92: ...epAlive enable no Period none Retries none Press ADD to put GRE tunnel rule into VPN table Press Save to accept the changes Figure 74 GRE configuration page Configure GRE Route Click Static Routes on...

Page 93: ...and tunnel destination address Dynamic IP WAN address must be mapped to hostname with DynDNS service for synchronization with DynDNS server SIM card must have internet access GSM UMTS APN Type For GSM...

Page 94: ...changes Figure 77 LAN Port configuration page for GWR Router 1 Use SIM card with a static IP address obtained from Mobile Operator Click Mobile Settings Tab to configure parameters necessary for GSM...

Page 95: ...sive Phase 1 DH group Group 2 Phase 1 Encryption 3DES Phase 1 Authentication MD5 Phase 1 SA Life Time 28800 Perfect Forward Secrecy true Phase 2 DH group Group 2 Phase 2 Encryption 3DES Phase 2 Authen...

Page 96: ...on on Internet Protocol Security page to initiate IPSEC tunnel NOTE Firmware version used in this scenario also provides options for Connection mode of IPSec tunnel If connection mode Connect is selec...

Page 97: ...sk IP Address 192 168 10 1 Subnet Mask 255 255 255 0 Press Save to accept the changes Figure 82 Network configuration page for GWR Router 2 Use SIM card with a static IP address obtained from Mobile O...

Page 98: ...IP Address 10 0 10 0 Subnet 255 255 255 0 IPSec Setup Keying Mode IKE with Preshared key Mode aggressive Phase 1 DH group Group 2 Phase 1 Encryption 3DES Phase 1 Authentication MD5 Phase 1 SA Life Ti...

Page 99: ...R High Speed Cellular Router Series 99 Figure 83 IPSEC configuration page I for GWR Router 2 Figure 84 IPSec configuration page II for GWR Router 2 NOTE Options NAT Traversal and Send Initial Contact...

Page 100: ...ion mode Connect is selected that indicates side of IPSec tunnel which sends requests for establishing of the IPSec tunnel If connection mode Wait is selected that indicates side of IPSec tunnel which...

Page 101: ...ttings Tab to configure parameters necessary for GSM UMTS LTE connection All parameters necessary for connection configuration should be required from mobile operator Check the status of GSM UMTS LTE...

Page 102: ...Mask 255 255 255 0 Remote Group Setup Remote Security Gateway Type IP Only IP Address 172 29 8 5 Remote ID Type IP Address Remote Security Group Type IP IP Address 192 168 10 1 Failover Eanble IKE fai...

Page 103: ...ware version used in this scenario also provides options for Connection mode of IPSec tunnel If connection mode Connect is selected that indicates side of IPSec tunnel which sends requests for establi...

Page 104: ...68 10 1 Subnet Mask 255 255 255 0 Press Save to accept the changes Figure 92 Network configuration page for GWR Router 2 Use SIM card with a static IP address obtained from Mobile Operator Click Mobil...

Page 105: ...Security Gateway Type SIM card Local ID Type IP Address IP Address From SIM 1 WAN connection is established over SIM 1 Local Security Group Type IP IP Address 192 168 10 1 Remote Group Setup Remote Se...

Page 106: ...al GWR High Speed Cellular Router Series 106 Figure 93 IPSEC configuration page I for GWR Router 2 Figure 94 IPSEC configuration page II for GWR Router 2 Figure 95 IPSEC configuration page III for GWR...

Page 107: ...ch sends requests for establishing of the IPSec tunnel If connection mode Wait is selected that indicates side of IPSec tunnel which listens and responses to IPSec establishing requests from Connect s...

Page 108: ...namic IP WAN address must be mapped to hostname with DynDNS service for synchronization with DynDNS server SIM card must have internet access GSM UMTS APN Type For GSM UMTS networks GWR Router connect...

Page 109: ...ype IP Address IP Address From SIM 1 WAN connection is established over SIM 1 Local Security Group Type Subnet IP Address 192 168 10 0 Subnet Mask 255 255 255 0 Remote Group Setup Remote Security Gate...

Page 110: ...nual GWR High Speed Cellular Router Series 110 Figure 99 IPSEC configuration page I for GWR Router Figure 100 IPSec configuration page II for GWR Router Figure 101 IPSec configuration page III for GWR...

Page 111: ...e msec service timestamps log datetime msec no service password encryption hostname Cisco Router boot start marker boot end marker username admin password 7 enable secret 5 no aaa new model no ip doma...

Page 112: ...255 255 255 0 ip nat inside no ip route cache no ip mroute cache duplex auto speed auto ip route 0 0 0 0 0 0 0 0 150 160 170 2 ip http server no ip http secure server ip nat inside source list nat_lis...

Page 113: ...o Router Idea is to create IPSec tunnel for LAN to LAN site to site connectivity Figure 103 IPSec tunnel between GWR Router and Cisco Router The GWR Routers requirements Static IP WAN address for tunn...

Page 114: ...Enable true IPSec Setup Keying Mode IKE with Preshared key Mode aggressive Phase 1 DH group Group 2 Phase 1 Encryption 3DES Phase 1 Authentication SHA1 Phase 1 SA Life Time 28800 Perfect Forward Secre...

Page 115: ...anual GWR High Speed Cellular Router Series 115 NAT Traversal true Press Save to accept the changes Figure 105 IPSEC configuration page I for GWR Router Figure 106 IPSec configuration page II for GWR...

Page 116: ...Click Start button on Internet Protocol Security page to initiate IPSEC tunnel Click Start button and after that Connect button on Internet Protocol Security page to initiate IPSEC tunnel Figure 108 I...

Page 117: ...nfiguration Step1 Create New Tunnel Interface Click Interfaces on Network Tab Figure 109 Network Interfaces list Bind New tunnel interface to Untrust interface outside int with public IP addresss Use...

Page 118: ...Key Advanced tab Figure 111 AutoKey Advanced Gateway Click New button Enter gateway parameters Gateway name TestGWR Security level Custom Remote Gateway type Dynamic IP address because your GWR router...

Page 119: ...User Defined custom Phase 1 proposal pre g2 3des sha Mode Agressive must be aggressive because of NAT Nat Traversal enabled Click Return and OK Figure 113 Gateway advanced parameters Step 3 Create Aut...

Page 120: ...te Gateway Predefined Choose VPN Gateway from step 2 Figure 115 AutoKey IKE parameters Click Advanced button Security level User defined custom Phase 2 proposal pre g2 3des sha Bind to Tunnel interfac...

Page 121: ...21 Figure 116 AutoKey IKE advanced parameters Step 4 Routing Click Destination tab on Routing menu Click New button Routing parameters are IP Address 192 168 10 0 24 Gateway tunnel 3 tunnel interface...

Page 122: ...om Untrust to trust zone Source Address 192 168 10 0 24 Destination Address 10 10 10 0 24 Services Any Click OK Figure 118 Policies from untrust to trust zone Click Policies in main menu Click New but...

Page 123: ...User Manual GWR High Speed Cellular Router Series 123 Figure 119 Policies from trust to untrust zone...

Page 124: ...figuration is the remote endpoint IP or hostname field Also the client can set up the keepalive settings For successful tunnel creation a static key must be generated on one side and the same key must...

Page 125: ...e will be automatically Saved in Open VPN configuration file directory Configuration file and pre shared key must be in same directory d If you have more remote locations every location has to have it...

Page 126: ...VPN tunnel e Workstation where OpenVPN server is installed should have ip route to subnet which is on the other end of the OpenVPN tunnel This subnet is reachable over remote OpenVPN interface which i...

Page 127: ...so you must start it first That accomplishes configuration of the GWR regarding establishing the OpenVPN and routing through it Implementation You start Open VPN tunnel on server side by right click...

Page 128: ...orwarded to workstation 192 168 1 2 and port 22 Result SSH is accessible from the outside to the first workstation 2 Traffic destined to WAN IP by port 8080 is forwarded to workstation 192 168 1 3 and...

Page 129: ...ons In the picture below serial communication is achieved over GWR router in client mode on remote location and Virtual COM port application on central side As application is in server mode IP address...

Page 130: ...ngs Option SERIAL PORT OVER TCP UDP SETTINGS is used for configuration of transparent serial communication Configuration parameters are presented in picture below Figure 130 GWR settings for Serial to...

Page 131: ...e Keepalive idle time 120 sec Keepalive interval 60 sec Log Settings Log level level 1 When serial port is configured button SAVE should be selected and STATUS of the service should change to started...

Page 132: ...ICMP error messages 3 DROP traffic is blocked without any error messages connection is retried until the threshold for retransmission is exceeded By default all traffic is PERMITTED To block all the...

Page 133: ...ppp_0 Allow IPSec protocol 10 Allow IPSec tunnels on ppp_0 protocol 11 Allow IPSec tunnels on ppp_0 IKE 12 Allow IPSec tunnel on ppp_0 IKE_NATt Allow OpenVPN protocol 13 Allow OpenVPN tunnels on ppp_...

Page 134: ...ALL page Page for firewall configuration is presented in the following picture Figure 134 Initial firewall configuration on GWR Firstly firewall should be enabled that is done by selecting Firewall Ge...

Page 135: ...ed when policy reject is selected After that SAVE button should be pressed and user is returned to main configuration page 2 ICMP traffic is denied from all IP addresses except 212 62 38 196 New rule...

Page 136: ...of rule is changed by selecting number in drop down menu In this example number 4 is selected 3 ICMP traffic is allowed from single IP addresses With firewall rule configuration shown above IP address...

Page 137: ...Sec firewall rules These three rules are enabled in following way Select EDIT of the rule Enable selected SAVE and exit 5 SSH access is allowed from IP range 212 62 38 210 220 New rule should be added...

Page 138: ...tion page 7 FTP traffic is allowed New rule should be added by selecting ADD NEW RULE button Policy should be configured in following way Rule name Allow FTP Enable selected Chain INPUT Service FTP Pr...

Page 139: ...xample of traffic filtering in direction from inside to outside New rule should be added by selecting ADD NEW RULE button Policy should be configured in following way Rule name Allow HTTP from LAN Ena...

Page 140: ...Figure 141 Complete firewall configuration SMS management example GWR routers can be managed over the SMS messages Commands from the SMS are executed on the router with status report sent back to the...

Page 141: ...rks through two simple steps First step is STANDARD ping proofing This ping periodically checks if link is alive Standard ping has 4 packets which are sent over the link and if all 4 are returned keep...

Page 142: ...link failure is detected Settings are following SIM1 Ping target 8 8 8 8 Ping interval 120 Advanced ping interval 10 Advanced ping wait for response 5 Maximum number of failed packets 80 Keepalive act...

Page 143: ...r window or to another location within the facility can result in optimum reception Another way of increasing throughput is by physically placing the device on the roof of the building in an environme...

Page 144: ...Bul Despota Stefana 59a GENEKO 11000 Belgrade Serbia Phone 381 11 3340 591 3340 178 Fax 381 11 3224 437 e mail gwrsupport geneko rs www geneko rs UM GWR362 462 Rev A Dec 15...

Search results

Summary of Contents for GWR

Reviews:

Related manuals for GWR

Brands by name

Popular brands

Geneko GWR, User Manual

Search results

Summary of Contents for GWR

Reviews:

Related manuals for GWR

Brands by name

Popular brands