INSYS MoRoS LAN PRO 2.0 Скачать руководство пользователя страница 43 | Manualshive

Страница: 43 / 88

background image

MoRoS LAN PRO 2.0

Functions

43

12.3.3

Configuring OpenVPN Server

Configuring an OpenVPN Server with or without authentication

In the following, you will find a description of how to configure the MoRoS LAN PRO
2.0 as VPN server. How to configure the VPN server of the MoRoS LAN PRO 2.0
without authentication or with one of the two supported authentication methods
(certificate-based or by static key):

Configuring the OpenVPN server with certificate-based authentication

In order to configure an OpenVPN server with certificate-based authentica-
tion, you must first create Diffie-Hellman parameters, (CA) certificates and
keys. Afterwards, you can configure the VPN server and clients using the
created files. The created files and keys must then be distributed on the
server and the clients according to the figure below. Moreover, it is possible
to upload a Certificate Revocation List to the MoRoS LAN PRO 2.0. More in-
formation regarding the use and creation of certificates can be found on
the OpenVPN web site: http://openvpn.net/howto.html

Figure 7: OpenVPN with certificates

Creating a CA certificate structure (in Windows)

How to create a CA certificate structure for the MoRoS LAN PRO 2.0 VPN
server and the VPN clients, which must be loaded to all participants in the
OpenVPN network.



You have downloaded and installed the OpenVPN packet (version >= 2.0.9)
from the INSYS web site (www.insys-tec.de/en/en/driver). The installation
of the RSA scripts and an SSL installation are important.



The time of the MoRoS LAN PRO 2.0 is correct (certificates have a validity
date).

«
...
41
42
43
44
45
...
»

Содержание MoRoS LAN PRO 2.0

Страница 1: ...Manual MoRoS LAN PRO 2 0 Dec 09...

Страница 2: ......

Страница 3: ...trademark of Microcom Inc IBM PC AT XT are registered trademarks of International Business Machine Corporation INSYS is a registered trademark of INSYS MICROELECTRONICS GmbH Windows is a registered tr...

Страница 4: ...terface 28 11 2 Access via the HTTPS Protocol 30 12 Functions 31 12 1 Basic Settings 31 12 1 1 Web Interface User Name Password Remote Configuration 31 12 1 2 Configure IP Addresses or Retrieve via DH...

Страница 5: ...rver 62 12 6 4 Setting up the Serial Ethernet Gateway 63 12 6 5 Configuring the Proxy Server 63 12 6 6 Configuring an URL Filter 64 12 7 System Configuration 65 12 7 1 Displaying System Messages 65 12...

Страница 6: ...been in contact with moisture Danger Overvoltage Fire hazard The MoRoS LAN PRO 2 0 must be secured with a suitable fuse against overvoltage Danger Over current Fire hazard The MoRoS LAN PRO 2 0 must b...

Страница 7: ...due to chemicals Ketones and chlorinated hydrocarbons dissolve the plas tic housing and damage the surface of the device Never let the device come into contact with ketones e g acetone or chlorinated...

Страница 8: ...very for the MoRoS LAN PRO 2 0 includes all accessories listed below Please check if all accessories are included in the box If a part is missing or damaged please contact your distributor 1 MoRoS LAN...

Страница 9: ...hine directive 2006 42 EC Usage as data transmission device for a PLC The MoRoS LAN PRO 2 0 must not be used for the following purposes and used or oper ated under the following conditions Controlling...

Страница 10: ...tage minimum 10 V DC maximum 60 V DC Power consumption idle 2 W Power consumption connection 3 W Level inputs HIGH level 3 12 V contact open or volt age strength for external supply LOW level 0 1 V Cu...

Страница 11: ...l Feature Description 4 Port Ethernet Switch 10 100 Mbit s full half duplex auto sense automatic detection of crossover or patch wiring LAN ext interface 10 100 Mbit s full half duplex auto sense auto...

Страница 12: ...nt panel Position Description 1 Status VPN LED 2 Data LED 3 COM LED 4 Power LED 5 Status LED for Switch LAN 4 6 Status LED for Switch LAN 3 7 Reset key 8 Status LED for Switch LAN 2 9 Status LED for S...

Страница 13: ...Client or server estab lished Status VPN red Status Initialization FW update fault Table 4 Meaning of the LED displays 5 2 Function of the Control Elements Description Operation Meaning Reset key Pre...

Страница 14: ...s 1 2 3 Figure 2 Connections on the front panel of the device Position Description 1 Serial interface RS232 socket V 24 V 28 2 Switch with 4 Ethernet ports RJ45 10 100 BT 3 Ethernet port RJ45 10 100 B...

Страница 15: ...the top of the device Terminal Description Description 1 OUT 1 NC Output1 normally closed 2 OUT 1 Output 1 3 OUT 1 NO Output 1 normally open 4 OUT 2 NC Output 2 normally closed 6 OUT 2 Output 2 6 OUT...

Страница 16: ...tions on the bottom of the device Terminal Description Description 19 GND Ground 20 Input 2 Input 2 21 Input 1 Input 1 22 GND Ground 23 Reset Reset Input 24 GND Ground 25 10 60VDC Power supply 10 V 60...

Страница 17: ...ta Set Ready 7 RTS Request To Send 8 CTS Clear To Send 9 RI Ring Indication Table 9 Description of the pin allocation of the Sub D socket 6 5 LAN Connection Table 10 RJ45 connector Ethernet cable Pin...

Страница 18: ...dresses from the MoRoS LAN PRO 2 0 automatically DHCP client The MoRoS LAN PRO 2 0 optionally retrieves IP addresses from the network automatically at the interface LAN ext Static IP address A static...

Страница 19: ...to another network e g the company network In this case the MoRoS LAN PRO 2 0 will connect itself as a Client to an OpenVPN Server Various VPN authentification methods The MoRoS LAN PRO 2 0 supports...

Страница 20: ...does not need to be set manually In addition the time and the date can be set manually if no NTP server is available HTTP and HTTPS proxy with URL filter The proxy may be used to limit the access to...

Страница 21: ...ou or not An arrow will indicate prerequisites which must be fulfilled to be able to process the subsequent steps in a meaningful way You will also learn which software or which equipment you will nee...

Страница 22: ...shock hazard when touching it The MoRoS LAN PRO 2 0 may not be used in wet or damp environments or in or very close to water Install the de vice at a dry location protected from water spray Switch the...

Страница 23: ...the upper edge of the DIN rail when connecting the device 2 Push down the MoRoS LAN PRO 2 0 perpendicular to the DIN rail until the plastic spring of the third flexible snap in hook engages in the DI...

Страница 24: ...ply of the cabinet is switched off and secured against being switched off accidentally All cables at the MoRoS LAN PRO 2 0 are disconnected Danger Exposed electrical components Risk of death through e...

Страница 25: ...S LAN PRO 2 0 as shown in the following figure The plastic spring of the snap in hook is stretched 3 While you hold the plastic spring of the snap in hook stretched pull the Mo RoS LAN PRO 2 0 away fr...

Страница 26: ...k at the MoRoS LAN PRO 2 0 switch 4 Connect the network cable of the external LAN to the LAN ext jack at the MoRoS LAN PRO 2 0 MoRoS LAN PRO 2 0 configuration The MoRoS LAN PRO 2 0 is connected to the...

Страница 27: ...and repeat step 2 A dialog field will prompt you to enter a user name and password for au thentification 3 Enter the user name insys and the password moros This user name and password are set as facto...

Страница 28: ...lawless configuration Configuring the MoRoS LAN PRO 2 0 with the web interface How to configure the MoRoS LAN PRO 2 0 with the web interface The MoRoS LAN PRO 2 0 is connected to a network and switche...

Страница 29: ...the menu item in which you want to change settings 5 Enter the required settings 6 Click on the button OK on the according configuration page to save the set tings After you completed the configuratio...

Страница 30: ...2 0 again via the HTTPS protocol the browser indicates again that the MoRoS LAN PRO 2 0 uses an invalid security cer tificate The certificate is not trusted because the Common Name of the certificate...

Страница 31: ...t at which the interface can be accessed from the respective network of the MoRoS LAN PRO 2 0 Configuration with the web interface User name and password are entered in the menu Basic Settings on the...

Страница 32: ...e The link Adjust DHCP server settings at the end of the page remembers to adjust these settings as well if the IP address has been changed 12 1 3 Enter Static Routes You can define static routes for...

Страница 33: ...LAN PRO 2 0 can communicate with the WAN via an DSL mo dem Configuration with the web interface In order to connect the MoRoS LAN PRO 2 0 with a LAN select in the LAN ext menu on the LAN ext page the...

Страница 34: ...ect time in seconds after which the MoRoS LAN PRO 2 0 terminates the connection Enter 0 to disable the time controlled connection termination In order to adjust the MTU maximum permissible number of b...

Страница 35: ...blish the connection after system start The MoRoS LAN PRO 2 0 checks the connection for its function peri odically The connection check can be performed either via a DNS query of a host name or via PI...

Страница 36: ...interface In order to create a route or a routing rule enter in the LAN ext menu on the Routing page in the field Add new route the net address the netmask address belonging to it and a gateway into...

Страница 37: ...source IP address into the entry field Source IP address In order to permit connections to certain ports enter the permitted destina tion port into the entry field Destination port In order to permit...

Страница 38: ...mporarily uncheck in the menu LAN ext on the page Firewall the checkbox in the column active in the firewall rule overview Click on OK to confirm the settings In order to delete one or more rules chec...

Страница 39: ...es contradict each other for example the same port is used twice only the rule which is further up in the list will be processed 12 2 9 Defining the Exposed Host As an option the MoRoS LAN PRO 2 0 can...

Страница 40: ...al network card available for sending data traffic Figure 6 OpenVPN network and IP addresses in the sample configuration In the sample configuration the end points of the OpenVPN connection will have...

Страница 41: ...e basic settings of the MoRoS LAN PRO 2 0 are reasonable factory defaults which you may change in certain circumstances The VPN basic settings are used to de fine which port of the MoRoS LAN PRO 2 0 i...

Страница 42: ...mation In order to define a certain fragmenting size for the VPN tunnel packets in bytes use the entry field Fragment packets Enter the required maximum packet size in bytes here If you don t enter a...

Страница 43: ...using the created files The created files and keys must then be distributed on the server and the clients according to the figure below Moreover it is possible to upload a Certificate Revocation List...

Страница 44: ...server It must be the sa me for all certificates 5 Enter the 2 letter code for your country If you enter in this field or in the following entry fields the according certificate field will remain emp...

Страница 45: ...ll find a file with the name dh1024 pem in the sub directory keys Creating a private key and certificates for the server and clients How to create the private keys and certificates for the MoRoS LAN P...

Страница 46: ...d You will find two files with the names Client key and Client crt for each client in the sub directory keys The creation of private keys and certificates for the OpenVPN server and the OpenVPN client...

Страница 47: ...s are allocated from this Pool or network 9 Enter a network mask for the address pool in the entry field Netmask of IP address pool 10 Click on OK to save the settings 11 For each Common name of the a...

Страница 48: ...ddresses for the ends of the VPN tunnel The IP addresses of the tunnel ends must be located in the same sub network At the VPN remote terminal these tunnel addresses must be swapped i e the address wh...

Страница 49: ...ding the static key as well as a link for deleting this key appears behind the note Preshared key avail able 4 Download this key for the later configuration of the remote terminal as the server and th...

Страница 50: ...e option to display the current configuration file to create a configuration for an OpenVPN remote terminal the OpenVPN sever and to display a log of the last connection Configuration with the web int...

Страница 51: ...t size in bytes If you don t enter a value the VPN packets will have a maximum size of 1 500 bytes The actually transmitted amount of user data is lower because VPN creates a protocol overhead which m...

Страница 52: ...PN Client 2 Select the radio button Authentication based on certificate 3 Click on OK to save the settings 4 Click in the section Upload key or certificates on Browse 5 Select a file with the ending c...

Страница 53: ...nstead of the red X next to CA certifi cate A green checkmark is displayed instead of the red X next to Certificate A green checkmark is displayed instead of the red X next to Private key If a red X i...

Страница 54: ...must be located in the same sub network At the VPN remote terminal these tunnel addresses must be swapped i e the address which is the local tunnel end at the server will be remote loo king at it fro...

Страница 55: ...on setup of the VPN tunnel 8 Enter IP addresses for the ends of the VPN tunnel The IP addresses of the tunnel ends must be located in the same sub network At the VPN remote terminal these tunnel addre...

Страница 56: ...as long as the connection configura tion allows Configuration with the web interface In order to configure the function of input 1 select in the menu In Outputs on the page Inputs either the option no...

Страница 57: ...a second SIM card tnter the SMSC number for this SIM card into the entry field SCN Ser vice Center Number SIM card 2 In order to send a message by the single 4 seconds long pulse enter under Simple al...

Страница 58: ...ndition using the radio but tons and click OK In order to switch an output to operated condition daily at a certain time check in the section Switching times Output 1 2 the checkbox Switches to operat...

Страница 59: ...guring Switch Ports You can determine which switch port is operated with which transmission rate and if it is operated in half duplex or full duplex mode You can also determine if the auto nego tiatio...

Страница 60: ...ing Port Mirroring With port mirroring you can copy the data traffic of a switch port to a definable other switch port called the sniffer port This enables you to read the network traffic for analy si...

Страница 61: ...means that the network behind the MoRoS LAN PRO 2 0 can always be reached with the same domain name from the Internet also for dynamically allocated IP addresses if the allocated IP address for incomi...

Страница 62: ...e DHCP server of the MoRoS LAN PRO 2 0 allocates addresses in the LAN The IP address range of the DHCP server must be located in the same network as the IP address of the MoRoS LAN PRO 2 0 Enter into...

Страница 63: ...control In order to use the control lines DCD and DTR check the checkbox Use mo dem control lines In order to reset the control lines after the connection is terminated check the checkbox Reset modem...

Страница 64: ...for each client re quest Enter the desired maximum number of simultaneous proxy server processes in the entry field Maximum amount of free proxy servers for this If more requests are received than pro...

Страница 65: ...on the web inter face Configuration with the web interface In order to view the detailed system messages via the web interface click on the link Show the extensive system log 12 7 2 Displaying the La...

Страница 66: ...e entry field In order to synchronise time and date immediately via NTP server check the checkbox Update time now Then it will be tried to connect to the NTP server to synchronize the time once with s...

Страница 67: ...O 2 0 contact the support of INSYS MICROELECTRICS Note Loss of availability Through a firmware update your MoRoS LAN PRO 2 0 may loose its previous configuration Your MoRoS LAN PRO 2 0 can then only b...

Страница 68: ...re size 4 Confirm the query with Yes The update process starts The browser waits During the update the Status LED at the MoRoS LAN PRO 2 0 lights up red After the completed update a page is displayed...

Страница 69: ...the MoRoS LAN PRO 2 0 to replace the current configuration of the MoRoS LAN PRO 2 0 by the settings in the file Uploading the Configuration File of the MoRoS LAN PRO 2 0 You have a configuration file...

Страница 70: ...to send a single Ping packet enter the IP address to which you want to send the Ping packet in the menu System on the page Ping into the field IP address and click on OK The reply will be displayed o...

Страница 71: ...guidelines the repurchasing and recycling of legacy systems for our clients is regulated as follows Please send those legacy systems to the following address carriage prepaid Frankenberg Metalle Gaert...

Страница 72: ...ctions translate to certain responsibilities for you if you distribute copies of the software or if you modify it For example if you distribute copies of such a program whether gratis or for a fee you...

Страница 73: ...ns of that work are not derived from the Program and can be reasonably considered independent and separate works in them selves then this License and its terms do not apply to those sections when you...

Страница 74: ...be to refrain entirely from distribution of the Program If any portion of this section is held invalid or unenforceable under any particular circumstance the bal ance of the section is intended to app...

Страница 75: ...ense applies to some specially designated Free Software Foundation software and to any other libraries whose authors decide to use it You can use it for your libraries too When we speak of free softwa...

Страница 76: ...han by this special one TERMS AND CONDITIONS FOR COPYING DISTRIBUTION AND MODIFICATION 0 This License Agreement applies to any software library which contains a notice placed by the copy right holder...

Страница 77: ...otices that refer to this License so that they refer to the ordinary GNU General Public License version 2 instead of to this License If a newer version than version 2 of the ordinary GNU General Publi...

Страница 78: ...he above specified materials from the same place d Verify that the user has already received a copy of these materials or that you have already sent this user a copy For an executable the required for...

Страница 79: ...n certain countries either by patents or by copyrighted interfaces the original copyright holder who places the Library under this License may add an explicit geographical distribution limitation excl...

Страница 80: ...nd the original SSLeay license apply to the toolkit See below for the actual license texts Actually both licenses are BSD style Open Source licenses In case of any license issues related to OpenSSL pl...

Страница 81: ...ogram startup or in documentation online or textual provided with the package Redistribution and use in source and binary forms with or without modification are permitted provided that the following c...

Страница 82: ...age Protocol Protocol that is often used to control a network The programm Ping for example uses ICMP IP address Internet Protocol Address The IP address of a device in a network under which it can be...

Страница 83: ...ber the MAC ad dresses connected to a port and directs the traffic more efficiently to the individual ports TCP Transmission Control Protocol A transport protocol to enable the exchange of data betwee...

Страница 84: ...le 8 Description of the connections on the bottom of the device 16 Table 9 Description of the pin allocation of the Sub D socket 17 Table 10 RJ45 connector Ethernet cable 17 Table 11 Description of th...

Страница 85: ...ection log 42 Connection timeout 63 Control lines 63 Current consumption of an active input 10 Daily connection termination 35 Data direction 38 Data flow control 63 Data format 63 Data LED 12 13 Date...

Страница 86: ...Location 65 Log 51 Log files 20 LZO compression 42 51 MAC address 32 82 Max current load 10 Max switch voltage 10 Maximum connect time 34 Menu 29 Message dispatch 56 Moisture 6 Name server 60 NAT 18 3...

Страница 87: ...ddress 38 Statefull firewall 19 Static IP address 32 Static key 41 55 Static route 32 Status LED 12 68 Status VPN LED 12 13 Switch 11 14 19 58 83 Switch LED 13 Switch Outputs 19 Switch port 58 59 Swit...

Страница 88: ...88...

Отзывы:

Нет отзывов

Похожие инструкции для MoRoS LAN PRO 2.0

Wireless Router

Бренд: Watchguard Страницы: 11

Бренд: D-Link Страницы: 32

Бренд: D-Link Страницы: 28

Бренд: D-Link Страницы: 48

Бренд: D-Link Страницы: 83

Бренд: D-Link Страницы: 155

Бренд: 3Com Страницы: 48

Бренд: C&H Technologies Страницы: 46

S5500-HI Switch Series

Бренд: H3C Страницы: 180

Бренд: H3C Страницы: 84

Бренд: H3C Страницы: 281

Бренд: H3C Страницы: 8

Бренд: H3C Страницы: 9

Бренд: H3C Страницы: 33

Бренд: H3C Страницы: 42

Бренд: H3C Страницы: 102

S12500CR Series

Бренд: H3C Страницы: 9

Бренд: H3C Страницы: 15

Бренды по названию

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Популярные бренды

Загрузить еще бренды