manualshive.com logo in svg

MC Technologies MC-LR, User Manual

The MC Technologies MC-LR User Manual is a comprehensive guide to unleash the full potential of your MC-LR device. Download the manual for free from our website and gain in-depth knowledge about its features, functionalities, and troubleshooting techniques. Empower yourself with the ultimate resource to maximize your MC-LR experience.

Share
Download
background image

User Manual/Web Interface MC-LR/MC-LR-4/MC-LRS/MC-LRS-4 – 01/2018 (FW 2.07.3)

21

IPsec Connection IKE

IPsec - Internet Key 

Name of the VPN connection.

Exchange Settings

Phase 1 ISAKMP SA

ISAKMP SA Encryption

AES-128 (default). AES-192, AES-256, 3 DES.

ISAKMP SA Hash 

The setting "all" accepts either MD5 or SHA-1.

ISAKMP SA Lifetime 

Life cycle of a key in seconds (3600 = 1 hour).

Phase 2 IPsec SA

Unlike Phase 1 ISAKMP SA (key exchange,) this is where the procedure for 

Data exchange

is 

determined. It can differ from the key exchange procedure.

IPsec SA Encryption 

AES-128 (default). AES-192, AES-256, 3 DES.

IPsec SA Hash 

The setting "all" accepts either MD5 or SHA-1.

IPsec SA Lifetime

Life cycle in seconds for the key specified for IPsec SA.

28800 seconds  = 8 hours  (default).
86400 seconds  = 24 hours  (maximum).

Perfect Forward

Yes:

Perfect Forward Secrecy activated.

Secrecy (PFS)

No:

Perfect Forward Secrecy deactivated.

DH/PFS Group

Key exchange procedure (Diffie-Hellman groups for Internet Key Exchange (IKE)).

5/modp1536  = High encryption.
2/modp1024  = Normal encryption (default).

Rekey

Yes:

A new key will be brokered.

No:

No new key will be brokered.

Dead Peer Detection 

Recognition of validity and resulting action in case of interruption of IPsec connection.

Yes:

Dead Peer Detection activated (i.e. Restart at VPN Initiate).

No:

No Dead Peer Detection.

DPD Delay

Time interval to next check.

DPD Timeout

Time period after which the connection to the remote peer should be declared inactive.

Default value:

120 seconds.

Maximum:

86400 seconds (24 hours).

Summary of Contents for MC-LR

Page 1: ...MC LR MC LR 4 MC LRS MC LRS 4 User Manual Web Interface ...

Page 2: ...l configuration of router family via integrated web server USB stick or remote Event alerts by email Top hat rail mounting Use of applications with RS232 or RS485 interfaces on demand only 2 port variantes Integrated logbook records device specific events Delivered ready to use including power supply plug and Ethernet connecting cable All specifications for the 2 port version also apply for the 4 ...

Page 3: ...tzwerksicherheit 1 6 2 Firewall 16 1 6 3 NAT Table Port forwarding 17 1 7 VPN 1 7 1 IPsec 1 7 1 1 Connections 18 21 1 7 1 2 Certificates 22 1 7 1 3 Status 22 1 7 2 OpenVPN 1 7 2 1 Connections Tunnel 1 and 2 Clients 23 25 1 7 2 2 Connections Server only MC LR Server 26 29 1 7 2 3 Port Forwarding 29 1 7 2 4 Certificates 30 1 7 2 5 Static Keys Preshared Key 30 1 7 2 6 Status 31 1 8 I O 1 8 1 Inputs 3...

Page 4: ...ject The router web interface can be temporarily readdressed using the default IP address 192 168 0 1 for the Ethernet LAN connection The configuration settings will not be lost when doing so Web access reset Important note The router does not supply any IP address to the connected PC via DHCP You must thus assign a fixed IP address to the PC e g 192 168 0 2 default gateway 192 168 0 1 You will no...

Page 5: ...ted IP address from the network Netmask Allocated net mask from the network DNS Server IP address of the DNS server Sec DNS Server IP address of the alternate DNS server RX bytes Sum of received data since last login TX bytes Sum of sent data since last login Local Network Link For each LAN Port Link 1 4 depending of the router type the connection of the port is shown Connected The local Ethernet ...

Page 6: ...ed High The signal is high E Mail An email is being sent Output Signal Event 1 ON Output active Based on Manual ON Remote Controlled ON VPN Service ON Internet Link ON or Connection lost ON Off Output is not active Display of current routing table Status display of integrated ComSERVER 1 3 3 ComSERVER only for MC Router with RS232 or RS485 interface on X1 See also 1 9 6 ComSERVER ...

Page 7: ...P Configuration Current Address IP Address Current local IP address of the router If you forget the IP address and would like to configure the router follow the instructions under 1 2 Configuration on Page 5 Subnet Mask Current subnet mask Type of IP address Static default The IP address has been set assignment DHCP The IP address and the subnet mask are obtained dynamically from a connected DHCP ...

Page 8: ...abled Enabled Click Enabled if an IP address should be dynamically allocated to the connected terminal equipment in a set range Begin IP Range Starting address for the address range from which IP addresses should be distributed End IP Range Ending address for the address range from which IP addresses should be distributed Static IP address Static allocation of the IP address using the MAC address ...

Page 9: ...Static Routes 9 User Manual Web Interface MC LR MC LR 4 MC LRS MC LRS 4 01 2018 FW 2 07 3 Local Static Routes Network Network in CIDR notation IP address Net mask Example xxx xxx xxx xxx yy x IP address yy net mask Example yy 24 number of binary ones net mask 255 255 255 0 Gateway The gateway how this network can be reached ...

Page 10: ... Following this click Apply 1 5 1 1 Static address Preferred setting for operation in local networks A fixed IP address can be assigned to routers which are operating in an existing network IP Address The router s IP address at the WAN interface Subnet Mask Subnet mask Default Gateway The gateway s IP address in the Internet DNS Server The DNS server s IP address Sec DNS Server The IP address of a...

Page 11: ... be assigned with an IP address from the network set Connection Type to DHCP Client and click Apply If you want to manually set the DNS server s IP addresses set Manual DNS to Yes and enter the IP addresses Following this click Apply 1 5 1 3 PPPoE PPPoE Preferred setting for operation with DSL modems For operation with a DSL modem select the PPPoE setting under Connection Type and click Apply ...

Page 12: ... Password Password for access to the DSL network Servicename Service name for access to the DSL network MTU default 1492 Maximum size of an unfragmented data package Idle Timeout 0 Always On no termination of the connection 0 Always On Time in minutes The router terminates the connection at the end of the set time The timer starts when data transmission has ended Daily Reconnect Repeat logging int...

Page 13: ... is not the case with all providers DynDNS cannot replace a static IP address and has limited reliability DynDNS Set up Status Disabled Deactivate DynDNS client Enabled Activate DynDNS client DynDNS Provider Select the name of the provider with whom you are registered i e DynDNS org TZO com dhs org selfHost de custom DynDNS Use the custom DynDNS setting to select your preferred DynDNS provider Ple...

Page 14: ...led Connection check is deactivated default Enabled Connection check is activated Host 1 3 IP address or host name of the reference point for the connection check Local option when dealing with an address which can be reached via a VPN tunnel Check every Check interval in minutes Max retry Number of repetitions until the configured action Activity is performed Activity Reboot Restart the router Re...

Page 15: ...s Disabled SNMP from the WAN interface is blocked Enabled SNMP from the WAN interface is permitted External web based Disabled External configuration via the web interface is not possible management via HTTP Enabled External configuration via the web interface is possible NAT Masquerade Disabled No IP masquerading performed external Enabled IP masquerading is activated Communication from a private...

Page 16: ...o Event is not logged default New A new firewall rule is added below the last rule Delete The rule is deleted Outgoing Traffic Lists the installed firewall regulations They apply for outgoing data connections that were internally initiated to communicate with a remote destination device Factory settings The factory settings include a rule allowing all outgoing connections Note If no rule is set al...

Page 17: ...d be applied Yes IP masquerading is activated reply to cellular network is possible No default No reply to the Internet is possible Comment Entering a comment Log Logging firewall rules Yes Event is logged No Event is not logged default New The New button allows a new rule to be added under the last rule The Delete button deletes the rule from the table Rules for IP and port forwarding The router ...

Page 18: ...in mode SA lifetime 1 second to 24 hours IPsec Internet Protocol Security is a security protocol used for communicating over IP networks 1 7 1 IPsec IPsec Connections Monitor DynDNS If DynDNS is used as Remote Host the Monitor DynDNS function should be set to Yes Check interval Check interval in seconds Enabled Activate or deactivate VPN connection Name Arbitrary name of VPN connection Settings VP...

Page 19: ...ficate must be loaded ahead of time Local Certificate Local certificate with which the router identifies itself to the VPN remote peer machine certificate PKCS 12 The certificate must be loaded ahead of time Remote ID If the field is left empty default the information from the certificate is used Name for identification by remote peer This must correspond to the information from the router certifi...

Page 20: ...s Remote Connection Direction of connection establishment Accept Wait for the remote peer to establish the connection Initiate The router establishes the connection Initiate on SMS Connection established after reception of valid SMS Initiate on Call Connection established after valid call Iniatiate on Input Connection established after switch signal on IN of the I O interface Autoreset Click here ...

Page 21: ...SA Lifetime Life cycle in seconds for the key specified for IPsec SA 28800 seconds 8 hours default 86400 seconds 24 hours maximum Perfect Forward Yes Perfect Forward Secrecy activated Secrecy PFS No Perfect Forward Secrecy deactivated DH PFS Group Key exchange procedure Diffie Hellman groups for Internet Key Exchange IKE 5 modp1536 High encryption 2 modp1024 Normal encryption default Rekey Yes A n...

Page 22: ...to be used for the local router Certificate Under VPN IPsec Connections Settings Edit you assign the certificate to the VPN connection Password Enter the password given during exporting Remote Certificates List of imported cer crt certificates Delete Delete a certificate Own Certificates List of imported PKCS 12 certificates Delete Delete a certificate IPsec Status Active IPsec An active VPN conne...

Page 23: ...ed Remote Host IP address or URL of the remote peer to which the tunnel will be established Remote Port Port of the remote peer to which the tunnel will be established default 1194 Device Type TAP for a TAP OpenVPN Connection TUN for a TUN OpenVPN Connection Protocol Protocol selection UDP or TCP LZO Compression Disabled Switched off or not allowed Adaptive Data adaptive compression switched on Ye...

Page 24: ...of the tunnel Encryption Encryption algorithm for the OpenVPN connection Authentication Preshared Secret Key authentication procedure with a static key Preshared Key Preshared Secret Key Ascertains preshared secret key the router uses to identify itself to the VPN remote peer Remote Interface Virtual remote IP address of the remote peer certificate type Certificate Type Local Interface Virtual loc...

Page 25: ...ets coming in through the tunnel are rewritten on the local router address Port Forwarding Forwarding with the setting described under 1 7 2 2 Host Forwarding Forwarding to the fixed IP address of a connected terminal device Forward to local Host Masquerading Only with the setting Connection NAT Port Forwarding or Host Forwarding Packages leaving via the tunnel are rewritten to the router s source...

Page 26: ...r In this case an enhanced menu is available for configuration of OpenVPN connections OpenVPN Client OpenVPN Client and Server Configuration of the OpenVPN server To activate the server select the Yes option for the Enabled menu item Enter your chosen server name under Name Following this click Apply Click Edit to access the OpenVPN server settings ...

Page 27: ... is defined when creating Parameter the certificate Encryption Encryption algorithm for the OpenVPN connection Client to Client Traffic Used to block or permit client to client traffic Client Subnet Base Specification of the OpenVPN server s base network This setting is used to automatically derive the clients network segments see Setting Client table below Virtual Network Base Specification of th...

Page 28: ...al network base 172 16 0 0 24 First client address 172 16 0 5 Second client address 172 16 0 9 etc The client subnet is automatically derived from the Client Subnet Base setting under OpenVPN Server e g Virtual network base 192 168 1 0 24 First client subnet 192 168 2 0 24 Second client subnet 192 168 3 0 24 etc Please define your OpenVPN clients here To enable the OpenVPN server to identify clien...

Page 29: ... Protocol TCP UDP ICMP In Port To Port TCP and UDP only You have the following options To Port 1 direct port input Example In Port 20 To Port 30 2 Port range Example In Port 80 90 To Port 100 110 To IP Input of a target IP address 0 0 0 0 0 means all IP addresses Masq For every individual rule you can determine if IP masquerading should be applied Yes IP masquerading is activated reply to VPN tunn...

Page 30: ...onnection under Local Certificate Password Password with which the PKCS 12 file is protected during export Load CA certificate Upload Upload the CA certificate crt Own Certificate Name Display the uploaded certificates and keys CA Certificate Name Display the uploaded CA certificates and keys Static Keys Generate static Key Click on Save to generate and save a static key file Load static Key Uploa...

Page 31: ...nt Remote Host Sender IP address of the client from the server perspective Client Address Virtual client address in the internal OpenVPN network The client address is created as a link and serves as a direct connection to the connected client s Web server if there is one Client Subnet Client s network address segment Status Status Green symbol The client is connected Red symbol The client is not c...

Page 32: ...email the email account under the section 1 9 8 see Page 40 41 SMTP Configuration must be set up The router has an I O input and output Input Output Inputs High E Mail If activated an email will be sent when there is a High level on the switching input Select E Mails and click Apply Following this click Edit and fill out the email form None No email is sent Low E Mail If activated an email will be...

Page 33: ...outer connection check does not reach the configured address Autoreset Autoreset resets the switch output after the preset period of time The router includes an integrated socket server and can be made to perform the following actions by receiving XML files 1 Set and query I O signals 2 Send email messages 3 Query the router status To use these functions the socket server must be set to Enabled in...

Page 34: ...nternet address of the manufacturer Type Article description of the router Serial number Serial number of the router Hardware Hardware version of router Release version Release version of router software Operating system Version of operating system Web based management Version of web interface MAC address LAN1 MAC address of Ethernet Connection 1 MAC address LAN2 MAC address of Ethernet Connection...

Page 35: ...port or by additionally indicating Port 80 The port can be changed here if needed Example using router address 192 168 0 1 Web interface address 192 168 0 1 or 192 168 0 1 80 1 9 3 System Configuration Web Configuration Hostname The hostname of the WAN Interface can be changed here After changing the port to for instance 8080 address of the web interface 192 168 0 1 8080 Note After clicking Apply ...

Page 36: ...icate Click again to renew the certificate Important note This function is only supported by 4 port routers MC xx 4 or 2 port routers MC xx with firmware beginning with 2 xx x See System Hardware Release e g 2 04 2 Log files can be saved on an external log server via UDP Log Configuration Remote UPD logging Disabled No logging on external server Enabled Logging on external server Server IP address...

Page 37: ...1 The configuration is uploaded from the storage medium USB stick or SD card when there is a High signal from the input I O Load Configuration Click Apply to save your configuration To reconfigure the router using the default IP address or to set the configuration to the factory default settings you will need to use the configuration button on the rear side of the device See Item 1 2 2 The followi...

Page 38: ...e router s IP address user name and password and make any necessary changes Factory reset You changed the setting to factory reset see Item 1 9 3 System configuration Reset button Use a pointed object to press the configuration button for at least 5 seconds The router s Web interface can now be readdressed using the default IP address 192 168 0 1 to the Ethernet LAN connection Note All configurati...

Page 39: ...as password modification default admin user Only access password modification default public Log File Clear All entries are deleted View Log file display Save Storage of the log file as a text file on a user PC All router activities are indicated in a log file When the maximum storage capacity is reached the oldest entries are overwritten ...

Page 40: ...urpose For de tailed information please refer to the MC Technologies Application Note 41 Router COM Port connection via MC router RS232 RS485 1 9 6 ComSERVER Only for MC Router with RS232 or RS485 interface on X1 Status Disabled The ComServer is deactivated Enabled The ComServer is activated Connection Type Server RAW Usage without RFC 2217 Client Server Protocol Server RFC 2217 Usage with RFC 221...

Page 41: ... Up Download Download Download Store the current configuration in a file on a connected PC USB stick Store the current configuration in a file on a USB stick inserted into the router SD card Store the current configuration in a file on the internally inserted SD card The SD card slot can be accessed by opening the rear housing panel XML format Check this box to save the configuration in XML format...

Page 42: ...NTP Network Time Protocol The router can be used as an NTP server for a terminal device connected to ETH1 or ETH2 The terminal device must then use the router address as an NTP server NTP synchronization must be set to Enabled Timezone Timezone selection Daylight saving time Disabled Without daylight saving time Enabled With daylight saving time Time Server for Local Network Time Server Disabled T...

Page 43: ... triggered via a HIGH signal to the switching input I O IN Please ensure that the switching input is ultimately set back to LOW to prevent another restart None No event for a reboot Device Firmware Update Upload Allows you to upload the latest firmware to the router Options Select Keep configuration if your current configuration should be retained following a firmware update or remove the tick if ...

Page 44: ...n 192 168 0 1 su c usr sbin export_cfg config xml oder plink 2 pw admin admin 192 168 0 1 su c usr sbin export_cfg tgz config tgz 2 1 2 Upload configuration via SSH For Linux a a Without router reboot cat config xml ssh admin 192 168 0 1 su c usr sbin store_cfg b b With subsequent router reboot cat config xml ssh admin 192 168 0 1 su c usr sbin store_cfg sbin reboot The password is requested inter...

Page 45: ...ctions the socket server must be set to Enabled as described under 1 8 4 Page 34 The socket server port can be freely configured the default setting is port 1432 2 2 1 Sample for XML files The following are a few examples of XML file content Example Setting and querying the I O signals xml version 1 0 io output no 1 value 1 input no 1 io Example Sending an email xml version 1 0 email to name1 doma...

Page 46: ...irst be stored on your user PC Open Hyperterminal and configure the desired connection The example given uses the default settings Host address 192 168 0 1 Router Socket Server IP Address Connection number 1432 Socket Server Port Establish connection via TCP IP Winsock Open the connection In the HyperTerminal menu Transfer send text file select the XML file to be transferred After transfer is comp...

Page 47: ...User Manual Web Interface MC LR MC LR 4 MC LRS MC LRS 4 01 2018 FW 2 07 3 47 ...

Page 48: ...rdware and end to end solutions GSM GPRS UMTS HSPA LTE GPS modules terminals router and industrial computers Short range modules Customer specific cable assemblies Connectors for industry Thanks to our many years of experience we can offer A wide competitively priced product range based on German quality standards Design and development of the optimum solution specifically tailored to your applica...

Reviews:

No comments

Related manuals for MC-LR

IBM 315 Hardware Maintenance Manual Supplement preview
315
Brand: IBM Pages: 151
Datacom DM-SV01 Product Manual preview
DM-SV01
Brand: Datacom Pages: 89
IBM 88631SU - System x3850 - 8863 Installation Manual preview
88631SU - System x3850 - 8863
Brand: IBM Pages: 90
Flexport HF2211 User Manual preview
HF2211
Brand: Flexport Pages: 39
Atos BullSequana Edge nano User Manual preview
BullSequana Edge nano
Brand: Atos Pages: 29
Supermicro SuperServer 7089P-TR4T User Manual preview
SuperServer 7089P-TR4T
Brand: Supermicro Pages: 155
Supermicro SuperServer 1029P-MT User Manual preview
SuperServer 1029P-MT
Brand: Supermicro Pages: 123
Lenovo 7Y45 Setup Manual preview
7Y45
Brand: Lenovo Pages: 116
Lenovo 70F0 User Manual And Hardware Maintenance Manual preview
70F0
Brand: Lenovo Pages: 96
Lenovo 8753 Product Manual preview
8753
Brand: Lenovo Pages: 46
Lenovo 7Y54 Maintenance Manual preview
7Y54
Brand: Lenovo Pages: 138
Lenovo 8871 Product Manual preview
8871
Brand: Lenovo Pages: 56
Lenovo 8869 Product Manual preview
8869
Brand: Lenovo Pages: 64
Lenovo DU User Manual preview
DU
Brand: Lenovo Pages: 226
Lenovo BladeCenter HS22 Installation And User Manual preview
BladeCenter HS22
Brand: Lenovo Pages: 96
Lenovo BladeCenter HS23 Installation And User Manual preview
BladeCenter HS23
Brand: Lenovo Pages: 104
Lenovo 643815U Installation Manual preview
643815U
Brand: Lenovo Pages: 90
Lenovo 6435 User Manual preview
6435
Brand: Lenovo Pages: 76

Brands by name

Popular brands

Load more brands