manualshive.com logo in svg

Sierra Wireless oMG series, Руководство по эксплуатации и настройке, Страница: 43 / 101

Поделиться
Скачать
Sierra Wireless oMG series Скачать руководство пользователя страница 43

How to Configure a VPN

Rev 4  May.17

43

7.3 Configuring DNS Zones for Private 
DNS Server Use

In deployments that make use of VPNs with internal DNS servers (to resolve 
specific internal domains) and public DNS servers, the oMG must be configured 
to use DNS zones.

To configure one or more oMGs for DNS zones:

1.

In the LCI, set the Primary DNS and Secondary DNS Servers fields to the 
addresses of the public DNS servers to be used. (Applies to the WAN > Links 
configuration screens (Ethernet, Cellular) and WAN > Wi-Fi Networks config-
uration screen.)

2.

On a computer, create a DNS zones file named “private-zone.conf”. In this 
file, indicate the domains to be resolved by the indicated internal DNS 
servers.

For example (filename: private-zone.conf):

zone "customer.local" IN {

        type forward;

        forward only;

        forwarders { 10.5.1.1; 10.6.1.1; };

};

zone "customer.internal" IN {

        type forward;

        forward only;

        forwarders { 10.5.1.1; 10.6.1.1; };

};

In this example, the domains “customer.local” and “customer.internal” are 
both to be resolved by the internal DNS servers “10.5.1.1” or “10.6.1.1”. Any 
other domains will be resolved by the public DNS servers specified in the 
WAN Link’s Primary DNS and Secondary DNS Servers fields.

3.

Use AMM to store the file on the oMG(s):

a.

In AMM, select Config > Deploy > Upload to copy the file to the AMM.

b.

Select Config > Deploy > Deploy to store the file on selected oMGs.

Note: Refer to the AMM Operation and Configuration Guide for details or contact 
Sierra Wireless Support for assistance.

Содержание oMG series

Страница 1: ...oMG Operation and Configuration Guide 3 14 4118618 Rev 4...

Страница 2: ...In aircraft the Sierra Wireless modem MUST BE POWERED OFF When operating the Sierra Wireless modem can transmit signals that could interfere with various onboard systems Note Some airlines may permit...

Страница 3: ...chnical support including warranty and returns Web sierrawireless com company contact us Global toll free number 1 877 687 7795 6 00 am to 6 00 pm PST Corporate and product information Web sierrawirel...

Страница 4: ...AN Link Configuration 14 5 1 1 Cellular WAN Link Configuration 15 5 1 2 WiFi WAN Link Configuration 16 5 1 3 Ethernet WAN Link Configuration 16 5 1 4 Serial WAN Link Configuration 17 5 2 Defining an A...

Страница 5: ...l Settings 36 6 4 2 Deleting a LAN Network Rules 37 6 5 Attaching a Network Printer 37 6 6 Setting up Virtual LANs 38 7 How to Configure a VPN 39 7 1 Detecting Dead VPN Connections 40 7 2 Multi VPN Su...

Страница 6: ...57 12 Applications 58 13 Updating the System 59 13 1 Configuring Auto Software Updates 59 13 2 Over the Air Updates 61 14 Troubleshooting 62 14 1 Viewing Advanced System Event Information 62 A Configu...

Страница 7: ...6 2 LAN Segment Settings 83 A 6 3 VLAN Settings 84 A 6 4 LAN Ethernet 802 1x Settings 84 A 7 LAN Throughput Settings 84 A 8 WAN Recovery Settings 85 A 9 VPN Configuration Settings 85 A 10 Bluetooth Su...

Страница 8: ...tends the utility and convenience of LAN networking to devices and applications in vehicles The oMG interfaces with the AMM Sierra Wireless mobile network management system Figure 1 1 The back panel o...

Страница 9: ...prior to shipping If a network card must be installed please read the oMG Installation and Configuration Guide for your model of oMG 1 4 Related Publications Table 1 1 Related Publications Title and P...

Страница 10: ...ge 99 3 Test the unit connect a test device such as a PC equipped with Ethernet or WiFi to the oMG LAN An oMG with factory default settings will provide an unsecured WiFi access point AP broadcasting...

Страница 11: ...e Configuration of the unit is best performed using a web browser running on a Windows 7 or Windows XP PC As of version 3 8 the oMG supports Internet Explorer 9 Other devices and other browsers may wo...

Страница 12: ...Settings The oMG includes an Easy Access page which allows users on all devices connected to the unit to view the unit s operational status without having to log into the unit To view the Easy Access...

Страница 13: ...alled field is checked for each Ethernet port listed Optional if Ethernet is to be used for LAN devices ensure that the Use field has been set to LAN for at least one of the ports Optional if Ethernet...

Страница 14: ...mmonly used for providing connectivity to devices on the oMG s LAN Multiple devices can also be configured to provide redundant WAN access should one connection go down Note The oMG does not support U...

Страница 15: ...r typical settings can include a dial string user ID password and modem initialization The screenshot below shows the cellular configuration settings for a Sierra Wireless Aircard Figure 5 2 Common Ce...

Страница 16: ...onfiguration Additional details on these settings are available in WiFi Link Configuration Settings on page 71 Once a WiFi WAN link has been configured it must then be assigned to an AP profile which...

Страница 17: ...ernet WAN Configuration Settings For information about Ethernet WAN configuration settings see Ethernet Link Configuration Settings on page 72 5 1 4 Serial WAN Link Configuration A serial modem can be...

Страница 18: ...al AP and the credentials i e access security etc required to connect to that AP from the oMG The settings for a profile must therefore match those defined at the actual WiFi AP itself To define an AP...

Страница 19: ...ion failures occurring on a healthy connection between a WAN link and a LAN segment e g server timeouts due to a server being rebooted A monitor accomplishes detection and recovery by periodically che...

Страница 20: ...ect a dead connection ensuring that the correct LAN segment is selected for the Source Address field See WAN Monitor Settings on page 76 for information on specific settings 4 Click Save to save the m...

Страница 21: ...the assigned access point profile ii Navigate to WAN WiFi Networks locate the AP and click Configure iii Select the monitor under network settings Figure 5 8 Assigning the Monitor to the WiFi Access P...

Страница 22: ...stability Selection is based on a scoring system where penalties for issues e g a link being down reduce a link s score Each link is evaluated based on its score and the link with the highest score is...

Страница 23: ...ving past a depot s WiFi hostspot Note These settings are not available on cellular devices By default both are set to 15 seconds and will prevent a WiFi link s status from changing from down to up an...

Страница 24: ...n some condition is not being met e g a link has not been able to establish a connection for some time The other value that can be defined is the Recovery Period which specifies the amount of time tha...

Страница 25: ...example with WiFi and two Cellular links Note This graph is intended to provide a basic introduction to how policies use scoring to switch between links In practice other factors such as a WiFi device...

Страница 26: ...regions where part of each overlaps the other The coverage in Region 1 is known to best for Mobile Network Operator 1 C1 and the coverage in Region 2 is known to be best for Mobile Network Operator 2...

Страница 27: ...Geographic Region Policy on page 64 for a summary of this policy s settings 5 4 4 Time Period Policy Overview The Time Period Policy promotes one link over others when operating within a defined time...

Страница 28: ...tive A key aspect in tuning this policy is to define an appropriate speed threshold such that the switch from WiFi to cellular happens before WiFi connectively is lost This will provide a seamless swi...

Страница 29: ...p to ensure that the preferred link is utilized the most as signal strengths between devices fluctuate If devices from different Mobile Network Operators are equally preferable the signal strength in...

Страница 30: ...nd Velocity Policy Combination The following can be observed on this timeline WiFi starts with a higher score of 1200 cellular with 1000 The vehicle is stationary with no speed At 6 minutes the WiFi c...

Страница 31: ...tworking Rules on page 65 for more information about the specific configuration fields for each rule type Note Both Access Blocking and Access Granting rules may be created to implement very specific...

Страница 32: ...ngs on page 85 for detailed information on these settings Enabling WAN Link Recovery will restart the entire unit and force the oMG to boot up again if WAN connectivity is lost The Remote Configuratio...

Страница 33: ...deployed using the following steps The careful and deliberate configuration of LAN access will help to ensure a more secure system Note To add or remove LAN devices see Preparing the Network Interface...

Страница 34: ...nfigured with additional BSSIDs maximum of three LAN segmentation and the process of adding LAN segments is used for advanced networking scenarios when LAN traffic from different devices must not be p...

Страница 35: ...nt must have a different scope i e IP address range from the other segments A warning will be provided if an attempt is made to cross segment scopes as shown in Figure 6 6 Figure 6 6 Warning for a seg...

Страница 36: ...ent to modify and click Configure in the Actions column See LAN Segment Settings on page 83 for details on each setting 3 To enable DHCP set the Enable DHCP Server field to enabled and assign the DHCP...

Страница 37: ...if the printer will use a static IP address or will obtain one through DHCP from the oMG and click Save See Configuring LAN Segments on page 34 for information on configuring and assigning LAN segmen...

Страница 38: ...LANs A VLAN can be used when devices inside the vehicle require VLAN tagging for their operation or the vehicle LAN has a switch with VLAN tagging enabled If a vehicle has VLANs configured or four Eth...

Страница 39: ...all of the following information oMG LAN IP Subnetwork LAN Mask LAN IP Address Security components such as pre shared key certificates etc Note Using pre shared keys PSK for authentication on some VP...

Страница 40: ...a VPN service is down For IKEv2 it is recommended that MOBIKE be enabled if multiple WAN links are available which will automatically switch links when one goes down MOBIKE has been tested by Sierra...

Страница 41: ...e VPN tunnels per WAN link With this feature one or more VPN policies can be applied to one or more WAN links in the LCI Figure 7 2 Selecting Multiple WAN Links The VPNs assigned to a WAN link can als...

Страница 42: ...N link WiFi Network has two or more VPNs any of these VPNs cannot have both a local and remote subnet overlapping at the same time Distinct ping monitors can be assigned to each VPN tunnel The oMG s L...

Страница 43: ...e domains to be resolved by the indicated internal DNS servers For example filename private zone conf zone customer local IN type forward forward only forwarders 10 5 1 1 10 6 1 1 zone customer intern...

Страница 44: ...B e g an antenna connection or through Ethernet using the UDP protocol The unit comes pre configured to use the built in GPS device by default The GPS data can also be forwarded to additional servers...

Страница 45: ...n be used to configure or change GPS settings See GPS Configuration Settings on page 89 for detailed information on each field 1 Navigate to the GPS tab 2 Select Enable 3 In the GPS Sources section se...

Страница 46: ...Serial Allows data to be sent to a device connected to the oMG s serial port The oMG s serial port settings must match those of the receiving system Note that Serial forwarding requires that the Seria...

Страница 47: ...Balanced option to enabled 4 Specify a weight 5 Click Save to save the WAN link configuration 6 Repeat these steps on at least one other WAN link Note Load balancing is accomplished by randomly assig...

Страница 48: ...t QoS Prioritizing in the rule dropdown and click Add New Networking Rule 3 Enter a descriptive name for the rule in the Rule Name field 4 Configure the fields and click Save See QoS Priority on page...

Страница 49: ...d but only if the Minimum Report Interval time has elapsed If the threshold hold has not been reached it will be sent when the Maximum Report Interval elapses For more information on these fields see...

Страница 50: ...g on This is used to delay powering on the unit until after a certain amount of time has elapsed after turning on the ignition 4 Click Save to save the startup configuration settings See Startup on pa...

Страница 51: ...adings are subject to cable length and will always be slightly lower than the voltage measured at the source 3 Click Save to save the shutdown configuration When a shut down occurs due to a high low v...

Страница 52: ...ber etc can be obtained by navigating to the General General tab which displays the following Figure 11 1 General Status Information 11 2 Obtaining Network Status Network status information such as th...

Страница 53: ...ion purposes can be configured from the Security Users tab Figure 11 3 User Configuration Screen To Add a New Administrator 1 Navigate to Security Users 2 Enter the name of the new user in the User Na...

Страница 54: ...sword is used password entry may be required when accessing the unit through an AMM Consult with Sierra Wireless Technical Support before changing the password to ensure that Sierra Wireless can conti...

Страница 55: ...ckup restore 2 Click on Backup beside Backup configuration and save the file in an appro priate location To restore a configuration from a previous backup 1 Navigate to General Backup restore 2 Click...

Страница 56: ...under Results Figure 11 6 Tool example executing the ping command against a known website URL 11 8 Running Custom Scripts The General Advanced Routing Rules tab allows administrators to run custom sc...

Страница 57: ...G and laptop and the following settings must be configured on the oMG via the LCI 1 Navigate to the Devices Serial tab and ensure that Use is set to Application 2 Navigate to the GPS tab and locate th...

Страница 58: ...vehicle routing and two way messaging between a control center and an oMG equipped with a Garmin personal navigation device Each application requires configuration on both the oMG and the AMM Configu...

Страница 59: ...link Patterns on page 99 13 1 Configuring Auto Software Updates The oMG can be configured to check for and download updates for its software its BIOS and for its on board MC7354 cellular module over a...

Страница 60: ...the currently installed image and that specified on the SIM card the oMG will automatically install the appropriate image on next boot when a connection is available In other words Mobile Network Oper...

Страница 61: ...greement Note that a customer must request upgrades from Sierra Wireless Technical Support before they are automatically published If an oMG has been configured to automatically check for updates the...

Страница 62: ...iewing Advanced System Event Information 4 If the LCI page is not accessible ensure that the browser has the proxy server disabled If using Internet Explorer 7 add the LCI s URL as a trusted host Note...

Страница 63: ...g files Logs are stored in a compressed file format to optimize memory usage The log file naming convention describes its function e g yyyy mm ddfirewall log records firewall activity Log files should...

Страница 64: ...s Recovery Period the amount of time in seconds a link which has come online again must wait before it can become an active link This is used to help ensure that the link is stable If the link disconn...

Страница 65: ...trength Policy Switches networks based on the signal strength of the WAN connection Signal Strength Threshold dBm the threshold of signal strength below which a penalty should be applied Penalty the a...

Страница 66: ...estination IP Address Destination IP port range defined by the first and last port inclusively of the range Enter a rule name for identification purposes Fields that are left blank are treated as wild...

Страница 67: ...IP address will be given priority based on the priority value specified in integers The lowest priority is 0 The higher the number the higher the priority Maximum Guaranteed Bandwidth Enter a rate and...

Страница 68: ...which bear an address other than that of the cellular modem Masquerade Port Range Auto Manual manual is the default and should be used in most cases to avoid using defined or reserved ports Minimum M...

Страница 69: ...work Operator APN specifies the Mobile Network Operator access point network for the E362 E371 AC340 AC341U MC7700 and MC7354 modules e g we01 vzwstatic for the Verizon Static IP network Typically thi...

Страница 70: ...to prevent packets from being dropped on slower WAN connections This field should not be changed without assistance from Sierra Wireless Signal Strength Change Threshold dBm the threshold for sending...

Страница 71: ...matic is selected the oMG will read factory param eters from the modem to best determine how to connect to the selected network Mobile Network Operator If a specific Mobile Network Operator is selecte...

Страница 72: ...discussed below This is typically desirable in a depot situation This should be disabled in a metropolitan network where fast roaming is required Satisfactory Quality of Signal once an oMG has associ...

Страница 73: ...n with internal DNS servers This requires DNS zones to be defined on the oMG see Configuring DNS Zones for Private DNS Server Use on page 43 for details Primary DNS specifies the IP address of the dom...

Страница 74: ...d or reserved ports Minimum Maximum Port Number The range of ports to use for masquerade The default range is 49152 to 65535 The minimum value is 0 and the maximum is 65535 If the minimum is set below...

Страница 75: ...within enterprise networks Use an enterprise specific monitor Monitor Mode defines the action that will occur on the link if the monitor fails or succeeds Success in one monitor keeps the link up defa...

Страница 76: ...AN link configuration page for a WiFi which has been provisioned to be used on WAN SSID the Service Set Identifier of the WiFi network to which the oMG should connect Probe Hidden SSID allow disallow...

Страница 77: ...ranslation Automatic DNS if selected the DNS servers provided by the network service provider via DHCP will be used to resolve host names This must be disabled if using a static IP address If Automati...

Страница 78: ...ion an authentication protocol is chosen PEAP Version if enabled the version of the PEAP Protected Extensible Authentication Protocol that should be used PEAP Label If enabled specifies which type of...

Страница 79: ...ecified here selecting Browse will allow uploading from a device connected to the LAN Private Key if the WiFi network administrator has supplied a private key for this network it can be specified here...

Страница 80: ...e below SSID if Auto SSID is not enabled the string in this field will be used as the SSID The default value is the same as the value that would result from enabling Auto SSID Channel the WiFi channel...

Страница 81: ...text editor and then emailed to Sierra Wireless Technical Support who will push the file to the oMG The for mat of the file must abide by the following Files must be in plain ASCII text Comment lines...

Страница 82: ...Master Key WPA EAP Enable 802 1x specifies whether to enable 802 1x authenti cation for the access point Enable Cisco Legacy 802 1x Compatibility enable for systems that use lower case MAC addresses...

Страница 83: ...maller network Enable DHCP Server when checked DHCP is enabled when unchecked DHCP is disabled DHCP Low Address the start of the IP address of the address pool used for DHCP DHCP High Address the end...

Страница 84: ...enegotiate its connection credentials periodically and to avoid having to do a full re keying each time the oMG moves into the area served by a different authenticator EAP Re authentication Period whe...

Страница 85: ...sult in losing WAN connectivity If the oMG has no WAN connectivity after the timer expires the oMG will revert to the original configuration A 9 VPN Configuration Settings Friendly Name enter a descri...

Страница 86: ...If an R_U_THERE_ACK packet has not been received within the timeout period the peer will be declared dead When Dead Peer Detection is enabled the Delay and Timeout time can be set The default values...

Страница 87: ...indicates when the current Auth ID and PSK become the active credentials in a rotating credential system The format of the date is yyyy mm dd hh mm Secondary Auth ID this field is used in conjunction...

Страница 88: ...monitor as any other ensuring that the target IP address is reachable only via the IPsec VPN tunnel Unlike the WAN monitors where more than one can be combined ensure only one VPN monitor is selected...

Страница 89: ...from the location calcu lation which appear within the specified mask above the horizon The range is 0 to 90 The default is 5 Dynamics Code refines filtering calculations based on the type of terrain...

Страница 90: ...intervals faster than five seconds are not recommended The local consumer is defaulted to Port 9345 using TCP UDP and serial broadcast are disabled by default To receive data via the serial port i En...

Страница 91: ...events Values must be 0 The default is 30 A 12 General Configuration Settings A 12 1 Startup AutoPower changes the start up behavior When enabled the oMG starts automatically when power is applied Oth...

Страница 92: ...e oMG s CPU above which the oMG will not operate Button reset time the amount of time in seconds required to hold the external black RESET button to trigger a factory reset A 12 3 Tools ping sends an...

Страница 93: ...IP address A 12 5 Auto Software Updates Options The following options control oMG firmware updates Enabled If selected every time the oMG establishes a connection it checks the AMM firmware repository...

Страница 94: ...forms updates when the ignition is turned on Should the ignition be turned off during an update this option will override the Uptime Extension After Ignition Off shutdown option see Shutdown on page 9...

Страница 95: ...gateway may require an additional 8 seconds to connect on boot Firmware Download Enabled enabled by default when enabled the oMG will automatically download an image package when the Mobile Network Op...

Страница 96: ...RFC 2131 USB USB 2 0 x 2 Serial or Ethernet Configurable rear panel supports custom connector configurations Compatibility Operates with WiFi certified client devices Supports all major client operati...

Страница 97: ...ged by network priority availability GPS location time of day GPS velocity Protocols Supported Transparent support for HTTP HTTPS SMTP POP IMAP FTP etc PPP RFC 2516 GPS Track vehicle locations on maps...

Страница 98: ...ty and over voltage protection Locking power connector AC adapter optional Power Management System Auto power up on ignition sense Managed power down including programmable shut off delay Input voltag...

Страница 99: ...e Ingress Protection IP54 Vibration Shock In accordance with SAE J1455 EMI EMC FCC Part 15 Reliability The oMG2000 has an MTBF Ground Fixed 40 C as follows 521 000 hours 59 47 years MTBF calculation i...

Страница 100: ...settings are incorrect External Red Off Normal operation On for two seconds then off repeating Initial power connection made Two flashes per second The unit is shutting down due to a temperature or v...

Страница 101: ...Rev 4 May 17 101 C C Supported USB To Serial Adaptors Table 3 1 Supported USB Adaptors Supported USB Ethernet Adaptors IO Gear IOGear GU232A Star Tech ICUUSB232...

Отзывы:

Нет отзывов