background image

30

 

MC Technologies GmbH

 

 

Restart

 

Keep Alive

 

Protocol

 

In Port / To Port

 

Masq

 

Comment

 

To IP

 

 

 

 

 

 

 

OpenVPN Tunnel (general info)

 

 

 

Time period in seconds after which Keep Alive requestsshould be sent.

 These requests test 

whether the remote peer is still available.

 

Factory settings:

 30 seconds.

 

Time period in seconds after which the connection to the remote peer should be restarted if 
there is no reply to the Keep Alive requests.

 

Factory settings: 120 seconds.

 

 

 

 

1.7.2.2

 

Port Forwarding

 

 

Rules for Port Forwarding: The router has only one IP address, through which it can be accessed externally. Data 
packets can be redirected to internal IP address ports via additional transmitted port numbers.

 

 
 
 

 

 

 

 
 

 

 

 

 

 

 
 

 

TCP, UDP, ICMP

 

(only with TCP and UDP) You have the following options:

 

To Port 1. direct port input - example: In Port = 20, To Port = 30.

 

2. Port range - example: In Port = 80-90 To Port = 100-110. 
Input of a target IP address, 0.0.0.0/0 means all IP 
addresses

 

For every individual rule, you can determine if IP masquerading should be applied. 

Yes:  

IP masquerading is activated, reply to VPN tunnel is possible.

 

No:   

(default) reply to VPN tunnel is not possible. Input 

comment

 

 

 

 

1.7.2.3

 

OpenVPN Certificates

 

 

C

ertificate for authentication of the router to the remote peer.

 

Содержание MC-MRE

Страница 1: ...Web Interface User Manual MC Technologies Router MC MRH MC MRE ...

Страница 2: ...uration of router family over integrated web server USB stick or remote Compatible with mobile networks world wide can be used internationally Event alerts by SMS and email Top hat rail mounting Integrated logbook records device specific events Use of applications with RS232 RS485 or M Bus interfaces on demand Use of integrated GPS receiver for positioning on demand only MC MRH Delivered ready to ...

Страница 3: ...19 Firewall 20 21 NAT table 22 VPN IPsec Connections 23 26 Certificates 27 Status 28 OpenVPN Tunnels 1 and 2 28 30 Port Forwarding 30 Certificates 30 31 Static Keys 31 Status 31 I O Inputs 32 Outputs 33 Phonebook 33 System Hardware 34 Software 35 Web Configuration 35 User 36 Log Configuration 36 Log File 37 ComSERVER 38 SMTP Configuration 38 39 Configuration 39 Up Download RTC 40 Reboot 41 Firmwar...

Страница 4: ...on this password can be reset at anytime in the web interface at the following point in the menu System User see page 35 1 2 2 Local IP address is not known or no longer known configuration button To configure the router via the standard IP address again you will need the configuration key on the backside of the device This function does not reset the configuration It just allows you temporary acc...

Страница 5: ...in a third party cellular network Waiting for PIN Waiting for PIN to be entered Waiting for PUK Locked SIM card must be unlocked with PUK Wrong PIN Wrong PIN configured in the router No SIM Card Put SIM card in Power off The GSM module is still off Display receive level Offline No packet data connection GPRS online Active GPRS connection EDGE online Active EDGE connection UMTS online Active UMTS c...

Страница 6: ...N connected Active VPN connection via the cellular network Not connected No packet data connection in the cellular network Allocated IP address from the cellular network Allocated netmask from the cellular network IP address of the DNS server IP address of the alternate DNS server Sum of received data since last login to cellular network Sum of sent data since last login to cellular network connec...

Страница 7: ...s been triggered An SMS is being sent An email is being sent ON Output active Based on Manual ON Remote Controlled ON Radio Network ON Packet Service ON VPN Service ON Incoming Call ON or Connection lost ON Off Output is not active 1 3 4 ComSERVER Only for MC Router with RS232 or RS485 interface on X1 Status display of integrarted ComSERVER See also 1 9 7 ComSERVER 1 3 5 Routing Table Display of c...

Страница 8: ...en saved but not yet applied To apply the set up restart the router IP Configuration Current local IP address of the router If you forget the IP address and would like to configure the router follow the instructions under Configuration on page 4 Current subnet mask Static default The IP address has been set DHCP The IP address and the subnet mask are obtained dynamically from a connected DHCP serv...

Страница 9: ...CP server at start up Domain name to be broadcast via DHCP Validity period of allocated network configuration Disable Enable Click Enable if an IP address should be dynamically allocated to the connected terminal equipment in a set range Starting address for the address range from which IP addresses should be distributed Ending address for the address range from which IP addresses should be distri...

Страница 10: ... be defined by static routes over other gateways for alternative routes Local Static Routes Network in CIDR notation IP address Net mask example xxx xxx xxx xxx yy x IP address yy net mask Example yy 24 number of binary ones net mask 255 255 255 0 The gateway through which this network can be reached ...

Страница 11: ...set up for using the second SIM card The SIM card holder SIM2 see page 13 is located inside the device and can be accessed by removing the back panel Amount of time in minutes after which the back up SIM card SIM2 should be switched to if the primary cellular network SIM1 is down Amount of time in hours after which the primary cellular network SIM1 should be switched back on Disable Deactivate dai...

Страница 12: ...a provider yourself Disable Roaming is deactivated and only the local network of the provider is used If this network is not available the router cannot connect to the Internet Selection of the provider through which the router connects to the Internet The selection changes according to the country selected under Country in the menu Auto The router selects the provider automatically Username for a...

Страница 13: ...d for security The password can comprise up to 7 alphanumeric characters SMS Syntax Commands are input using the following SMS syntax password command password A Z 0 9 up to 7 alphanumeric characters command SET sub_cmd command CLR sub_cmd sub_cmd OUTPUT sub_cmd IPSEC sub_cmd IPSEC n set command ON clear command OFF output set to ON OFF IPsec VPN 1 ON OFF IPsec VPN n ON OFF n 1 x command SEND STAT...

Страница 14: ... the following example format Important note The call number should be included as an entry in the phonebook see page 33 in order for the router to identify it Example xml version 1 0 cmgr origaddr 49172123456789 timestamp 10 05 21 11 27 14 08 SMS message cmgr origaddr sender s call number timestamp time stamp of the Service Center in GSM 03 40 format SMS Configuration Disable Remote control of ro...

Страница 15: ...ion saved in the log file Enable Data compression of the packet data connection is activated default Disable Data compression of the packet data connection is deactivated Maximum packet size in bytes in the packet data network default 1500 Definition of packet data connection start Initiate automatic start Initiate on Input 1 Start controlled through IN signal in the I O interface Disable Automati...

Страница 16: ...rk Gateway 1 5 6 Static Routes Data packets from the local network can be defined by static routes for alternative routes in the mobile service network Static Routes Network in CIDR notation The gateway through which this network can be reached ...

Страница 17: ...d and activated in the router accordingly Note For this to work the provider must have allocated a public IP address to the router not a private one This is not the case with all providers DynDNS cannot replace a static IP address and has limited reliability DynDNS Disable Deactivate DynDNS client Enable Activate DynDNS client Select the name of the provider with which you are registered i e DynDN...

Страница 18: ... lead to increased data traffic and corresponding costs Connection Check Disable Connection check is deactivated default Enable Connection check is activated IP address or hostname of the reference point for the connection check Local option when dealing with an address which can be reached through a VPN tunnel Check interval in minutes Number of repetitions until the configured action Activity is...

Страница 19: ...sable Outgoing NetBIOS requests are allowed Enable Outgoing NetBIOS requests are blocked default Disable A ping request from the external IP network to the router is ignored default Enable A ping request from the external IP network to the router is returned Disable An external configuration through the web interface is not possible default Enable An external configuration through the web interfac...

Страница 20: ...teful Packet Inspection Firewall The firewall can be turned on or off see Network Security Setup menu point Firewall The firewall is active by default and blocks incoming data traffic Outgoing data traffic is still possible The firewall rules are applied from up to down ...

Страница 21: ...ule is added below the last rule Delete The rule is deleted Lists the set firewall rules They apply to outgoing data connections initiated internally to communicate with a remote peer Factory settings In the factory settings a rule is set which allows all outgoing connections If no rule is set all outgoing connections are blocked except VPN TCP UDP ICMP all 0 0 0 0 0 means all IP addresses To ente...

Страница 22: ... Port 20 To Port 30 2 Port range example In Port 80 90 To Port 100 110 0 0 0 0 0 means all IP addresses To enter an address range use CIDR notation For every individual rule you can determine if IP masquerading should be applied Yes IP masquerading is activated reply to cellular network is possible No default reply to cellular network is not possible Logging firewall rules Yes Event is logged No E...

Страница 23: ...5 3DES or AES encryption MD5 or SHA 1 Hash algorithms Tunnel mode Quick Mode Main Mode SA Lifetime 1 second to 24 hours 1 7 1 IPsec Connections IPsec Internet Protocol Security is a security protocol use for communicating over IP networks IPsec Connections If DynDNS is used as Remote Host the Monitor DynDNS function should be set to Yes Check interval in seconds Activate or deactive VPN connection...

Страница 24: ...elow With the setting Accept the router waits for a connection to be established externally X 509 Remote Certificate Each VPN participant has a private secret key as well as a public key in the form of a X 509 certificate which contains further information about its owner and a certification authority CA Preshared Secred Key PSK Each VPN participant knows a shared password Certificate of the VPN r...

Страница 25: ...D IP address subnet mask of the remote network to which the VPN connection needs to be established IP address subnet mask of the local network With the 1 1 NAT function the local IP addresses for communication via VPN tunnel are translated by NAT 1 1 to the addresses of the set network Direction of connection establishment Accept Wait for the remote peer to establish the connection Initiate The ro...

Страница 26: ...Encryption IPsec SA Life cycle in seconds of key established for IPsec SA 28800 seconds 8 hours default 86400 seconds 24 hours maximum Perfect Forward Yes Perfect Forward Secrecy activated No Perfect Forward Secrecy deactivated DH PFS Group Key exchange procedure Diffie Hellman groups for Internet Key Exchange IKE 5 modp1536 high encryption 2 modp1024 normal encryption default Dead Peer Recognitio...

Страница 27: ...ificates Upload upload the certificate of the remote peer cer crt Under VPN IPsec Connections Settings Edit you assign the certificate for the VPN connection Upload upload the certificate in PKCS 12 format xxx p12 to be used for the local router Under VPN IPsec Connections Settings Edit you assign the certificate to the VPN connection Password enter the password given during exporting List of impo...

Страница 28: ...ctivated Disable OpenVPN Tunnel deactivated Arbitrary name of OpenVPN connection IP address or URL of the remote peer to which the tunnel will be established Port of the remote peer to which the tunnel will be established default 1194 Protocol selection UDP or TCP Disabled Switched off or not allowed Adaptive Data adaptive compression switched on No Switched off but can be switched on from the ser...

Страница 29: ...e connection to the remote peer should be restarted if there is no reply to the Keep Alive requests Factory settings 120 seconds OpenVPN Tunnel Preshared Secret Key Preshared Secret Key authentication procedure with a static key Preshared Key Ascertains which Preshared Secret Key the router identifies itself to the VPN remote peer Virtual remote IP address of the remote peer certificate type Virtu...

Страница 30: ...has only one IP address through which it can be accessed externally Data packets can be redirected to internal IP address ports via additional transmitted port numbers TCP UDP ICMP only with TCP and UDP You have the following options To Port 1 direct port input example In Port 20 To Port 30 2 Port range example In Port 80 90 To Port 100 110 Input of a target IP address 0 0 0 0 0 means all IP addre...

Страница 31: ... these certificates to each VPN connection under Local Certificate Password Password with which the PKCS 12 file is protected during export Name List of loaded PKCS 12 certificates Delete delete the certificate 1 7 2 4 OpenVPN static Keys OpenVPN Certificates Click on Save to generate and save a static key file Upload Upload the static key file The same file must be loaded on the Open VPN server o...

Страница 32: ...input an SMS or an email is sent Select the type of message and click Apply Then click Edit For SMS select the corresponding phonebook entry and enter your message under Message Text For an email alert fill out the email form When activated and when there is a Low level at the switch input an SMS or an email is sent Select the type of message and click Apply Then click Edit For SMS select the corr...

Страница 33: ...t Service The switch output is active when the router has established a packet data connection and received a valid IP address from the provider VPN Service The switch output is active when the router has established a VPN connection Incoming Call The switch output is active when the router is called from a call number entered in the phonebook Caller ID Connection Lost The switch output is active ...

Страница 34: ...s of the manufacturer Internet address of the manufacturer Article description of the router Serial number of the router Hardware version of router Release version of router software Version of operating system Version of web interface MAC Address of Ethernet connection 1 MAC Address of Ethernet connection 2 Type of cellular module used Firmware version of the cellular module The IMEI Internationa...

Страница 35: ...an normally be reached through the browser without additionally indicating a port or by additionally indicating Port 80 The port can be changed here if needed Example with router address 192 168 0 1 Web interface address 192 168 0 1 or 192 168 0 1 80 After changing the port to 8080 for example Web interface address 192 168 0 1 8080 After clicking Apply perform a reboot page 40 or restart the route...

Страница 36: ...sword modification default admin Read only access password modification default public 1 9 5 Log Configuration Log files can be saved on an external log server via UDP Log Configuration Disable No logging on external server Enable Logging on external server Server IP address Server port Logging on internal SD card or USB stick on the front side of the router ...

Страница 37: ...Clear View Save 1 9 6 Log File All router activities are indicated in a log file When the maximum storage capacity is reached the oldest entries are overwritten Log File All entries are deleted Log file display Storage of the log file as a text file on a user PC ...

Страница 38: ...er is deactivated Enable The ComServer is activated Server RAW usage without RFC2217 Client Server Protocol Server RFC2217 usage with RFC2217 Client Server Protocol Setting the TCP port through which the ComServer is to be addressed Setting flow control RFC2217 with an RS232 application RS485 RTS with an RS485 application Note RFC2217 is a Standard Client Server Protocol used as a standard protoco...

Страница 39: ...encrypted transfer Username for logging onto mail server Password for logging onto mail server Email address of sender 1 9 9 Configuration Up Download The configuration can be stored as a CFG file default or as an XML file on the user PC Configurations stored on this PC can be loaded in the router Configuration Up Download Storage of current configuration in a file Check this box to save the confi...

Страница 40: ...n Disable without daylight saving time Enable with daylight saving time Enable The router obtains date and time from a time server NTP Network Time Protocol The router can be used as an NTP server for a terminal device connected to ETH1 or ETH2 The terminal device must then use the address of the router as an NTP server NTP synchronization must be set to Enable Enable The router is operated as a t...

Страница 41: ...etting the day of the week for a reboot Enter time of reboot in the format Hour Minute A reboot can be triggered by a HIGH signal at the switch input I O IN For this select Input 1 Please make sure that the switch input is then set to LOW to avoid another reboot 1 9 12 Firmware Update Firmware Update Here you can load the latest firmware onto the router Here you can load the latest web interface o...

Страница 42: ...n admin 192 168 0 1 su c usr sbin export_cfg config xml or plink 2 pw admin admin 192 168 0 1 su c usr sbin export_cfg tgz config tgz 2 1 2 Upload configuration via SSH Under Linux a Without router reboot cat config xml ssh admin 192 168 0 1 su c usr sbin store_cfg b With subsequent router reboot cat config xml ssh admin 192 168 0 1 su c usr sbin store_cfg sbin reboot The password is requested int...

Страница 43: ...nable as described under 1 8 4 The socket server port can be freely configured the default setting is port 1432 2 2 1 Examples for XML files The following are a few examples for XML file content Example Setting and querying the I O signals xml version 1 0 io output no 1 value 1 input no 1 io Example Sending an email xml version 1 0 email to name1 domain de cc name2 domain de subject Test Mail subj...

Страница 44: ...t be stored on your user PC Open Hyperterminal and configure the desired connection The example given uses the default settings Host address 192 168 0 1 Router Socket Server IP Address Connection number 1432 Socket Server Port Establish connection via TCP IP Winsock Open the connection In the Hypeterminal menu Transfer send text file select the XML file to be transferred After transfer is complete...

Страница 45: ...quest As a reply from the integrated socket server after receiving an XML file with status request 2 3 1 Activating the GPS function Connect a passive or active GPS antenna to the antenna terminal GPS on the router Please make sure that the GPS antenna has a clear view of the sky In the web interface under Wireless Network Radio Setup under GPS Configuration in the menu select the type of antenna ...

Страница 46: ...ling the Cellular Router by SMS a status notification can be requested by SMS password SEND STATUS After the GPS function is activated the GPS coordinates are transmitted in the SMS reply in addition to the status notification 2 3 4 GPS coordinates as an XML file As described under 2 2 the status of the router can be requested by sending an XML file to the socket server After the GPS function is a...

Отзывы: