Home

Viola M2M Gateway user manual 4.0

1. 1 Keys need to be locked This can be done by pressing Lock keys button This lock the keys and prevent their accidental deletion 2 Create a backup Instructions for this can be found in section 9 4 6 6 Editing existing connection Peers can be edited by selecting Edit button from the peer list All the parameters except peer name can be changed from this edit screen Note that the keys must be unlocked if keys need to be changed Figure 21 SSH VPN Peer Edit screen Edit peer Peer name arctic 2 Peer 35H key 1024 35 16364002716138956456 73356356591 2601119081175203231731 IF pair rm P peer IP 10 100 100 3 10 100 100 4 Routing mode Tunnel the following network nd Remote network IP 97 163 1000 Remote network mask 255 255 255 0 Feer enabled Wes gt 6 7 SSH port configuration Default port for SSH is 22 It is recommended to change this to something less common to increase system security Changing SSH port on M2M Gateway is done by entering new port to a configuration field located in the bottom of the SSH VPN configuration screen and pressing Change port button Note Changing the SSH port on M2M Gateway requires configuration changes to SSH VPN connected Arctics as well Also remote SSH access has to use new port User Manual V O LAX Viola M2M Gateway 7 L2TP VPN Configuration 7 1 Introduction to L2TP VPN L2TP VPN uses username and password to authenticate and validate remote connections It is a
2. Viola M2M Gateway User Manual Viola M2M Gateway 2500 Firmware Version 2 4 Document Version 4 0 October 2010 User Manual V O LAC Viola M2M Gateway Copyright and Trademark Copyright 2008 2010 Viola Systems Ltd All rights to this manual are owned solely by Viola Systems Ltd referred elsewhere in this User s Manual as Viola Systems All rights reserved No part of this manual may be transmitted or reproduced in any form or by any means without a prior written permission from Viola Systems Ethernet is a trademark of XEROX Corporation Windows and Internet Explorer are trademarks of Microsoft Corporation Netscape is a trademark of Netscape Communications Corporation All other product names mentioned in this manual are the property of their respective owners whose rights regarding the trademarks are acknowledged Viola Systems Ltd Lemminkaisenkatu 14 18 A FI 20520 Turku Finland E mail info violasystems com Technical Support Phone 358 20 1226 226 Fax 358 20 1226 220 E mail support violasystems com Internet http www violasystems com User Manual V O LA Viola M2M Gateway Disclaimer Viola Systems reserves the right to change the technical specifications or functions of its products or to discontinue the manufacture of any of its products or to discontinue the support of any of its products without any written announcement and urges its customers to ensure that the inform
3. Viola M2M Backup Viola M2M Supportlog 7 Select Network Configuration icon on the first page 8 From the next screen select Network Interfaces icon 9 Below the text Interfaces Activated at Boot Time select eth0 Figure 11 Select eth0 interface Interfaces Activated at Boot Time Mame Type IP Address INetmask Activate at boot Proxy ARP enabled eth Ethernet 1 2 16 6 2 255 255 0 0 YES No 10 Enter your preferred configuration to the configuration fields Figure 12 Ethernet Configuration Boot Time Interface Parameters From DHCP From BOOTP IS Static 172166 2 Hame eth IP Address Netmask gt 55 755 00 Broadcast e Automatic E automatic Activate at e e boot wes No HITU Enable Prox ARP 2 ves No Save and Apply Delete and Apply Firmware Version 2 4 16 Document Version 4 0 User Manual V O LAC Viola M2M Gateway 11 Press Save and Apply button when you are ready to activate your new settings Note The existing web browser connection hangs up after you apply the settings so open a new connection to the new IP address check your Ethernet cabling 12 Now you should be able to connect to the M2M Gateway with your new IP address User Manual V O LAX Viola M2M Gateway 4 Network Configuration This chapter describes how to configure network interfaces on M2M Gateway 4 1 Configuration screens Network configuration screens can be found from main menu and pressi
4. Figure 1 Viola M2M Gateway Concept Company Firewall VPN tunnel GPRS link ViaM2M gal Gateway Ke Arctic A computer with the network connection and an HTML browser is required to configure the M2M Gateway Using the M2M Gateway Web user interface you can configure and view the status of the remote Arctic devices and configure the VPN connection between M2M Gateway and Arctic device Arctics have a WWW user interface which can be used to configure them using a HTML browser For the rest of this documentation the Viola M2M Gateway is referred as M2M Gateway 1 2 M2M Gateway Features The M2M Gateway offers different advanced features for network usage In most simple usage only VPN feature is used but M2M Gateway makes possible to make complex network configurations Routing M2M Gateway can forward packets to local Ethernet ethO which it is connected to company network Also it is possible to route packets to second Ethernet eth1 of M2M Gateway More complex routing solutions can be made but they need consultation of your local network administrator Firewall The M2M Gateway has internal firewall with graphical user interface It is possible to connect M2M Gateway directly to the Internet and filter unwanted connections without external firewall The recommended method is to use a dedicated firewall and install M2M Gateway behind it VPN VPN is used to connect remote Arctic devices to local network The
5. Peer name must be same than hostname on Arctic 4 Press Confirm button and return to previous screen Figure 19 SSH VPN peer creation screen Add peer Feer name IP pair Cm2mlP peer iP Routing mode No routing e Remote network IP Remote network mask After anew peer has been created it will show up in peer list and its status will be disabled To enable it the keys must be exchanged between Viola M2M Gateway and Arctic To do this 5 Open Arctic user interface and SSH VPN configuration screen on M2M Gateway to separate web browser windows 6 On the Arctic navigate to Network gt SSH VPN page Copy key from Arctic to M2M see figure 6 4 8 Select correct peer from list on M2M paste Arctic key below and press Enter key button N User Manual y LAX 9 Copy M2M key from Server public key field 10 Copy key from M2M to Arctic see figure 20 Figure 20 SSH VPN key exchange Key manage mer Local SSH public kay 024 39 42276969261 56 5056695 10411 Primary server key Primary server SSH public key 17216 2001 1024 95 14977725719 Q8992900 Insert SSH key for primary server 172 16 2001 Retrievf Arctic Backup server Kpy Backup serve SSH public key 62 236 160 176 1024 35 151 08996433265466 Insert SSH ke ior backup server 62 235 160 176 insert Rgfrieve Key management Server public ke 024 35 125497183689 3926 145522332759605 399331 436469741 49803376 ENT m M2M Gatewa
6. Remove button 7 3 Creating new connection To create new connection 1 2 From the L2TP VPN configuration screen select Add peer button Fill in the settings for the tunnel For simple point to point tunnel only peer name and IP pair are needed Peer name is the hostname of the Viola Arctic that forms the other end of the tunnel IP pair is an IP pair that does not con ict with any other address used See figure 24 Routing mode selects if the network on the other side of the tunnel is routed thorough the tunnel Remote network IP and network mask define the remote network routed thorough the tunnel Username and password must be the same than on the Viola Arctic When you are done press Confirm button to save the settings The tunnel should now be added to the tunnel list Enable the tunnel by clicking Enable text The connection can be tested by selecting the checkbox next to the peer name and pressing the Start check button See figure 22 Figure 24 L2TP VPN new peer Add peer Peer name IP pair m2mIPxpesrIP Routing mode Ho pouting Remote network IF Remote network mask Username Fassword User Manual V As LR Viola M2M Gateway 8 OpenVPN Configuration Please refer to Viola Systems OpenVPN application note Firmware Version 2 4 28 Document Version 4 0 User Manual V OG LR Viola M2M Gateway 9 Additional System Configuration 9 1 Changing system password lt is always recomme
7. default IP address of Viola M2M Gateway is 10 10 10 10 netmask 255 0 0 0 Note that you have to connect to a HTTPS port 10000 see figure 8 Figure 8 Browser https example Kei httpsi 10 10 10 10 10000 v ON Go 4 Your browser might mention about certificates you can safely ignore them at this point 5 When you get to the login screen enter username and password and press Login button Figure 9 Login Screen Logout successful Use the form below to login again Login to Webmin You must enter a username and password to login ta the Webmin server on 172 16 6 2 Username Password Remember login permanently Note Default username is viola adm and default password is violam2m It is recommended that the default password is changed before the product is connected to a public network User Manual V O LAX Viola M2M Gateway 6 Now you should be logged in a see a main configuration menu Icons on the blue background are primary navigation icons and they are always visible on the screen Icons lower are secondary navigation icons and clicking them allows the user to change the specific settings they represent See figure 10 Figure 10 Main Configuration Menu CH a X viola M2M Gateway System 7 Networking Others ek RA TS Viola M2M Gateway N d m f p A p x a Ma e R x p th2FR MEN ET L2TP VPN Configuration Network Configuration OpenVPN Configuration SSH VPWN configuration x gt x gt
8. opposite side of the tunnel For example on Arctic set IP address to be the address that is assigned to the eth1 of M2M Gateway and vice versa User Manual V O LA Viola M2M Gateway 6 SSH VPN Configuration This chapter describes how to use SSH VPN module on Viola M2M Gateway 6 1 Introduction to SSH VPN SSH VPN uses SSH keys and remote nodes hostname to authenticate and validate remote connections It is the default VPN for Viola Arctic products 6 2 SSH VPN Configuration screen Configuration screen can be divided into different regions as shown below Figure 17 SSH VPN configuration screen X SSH YPN configuration summary Peers4 Active 3 Inactive 1 Last check Checked 3 Peers 3 OK 0 Failed 2008 06 25 05 41 58 Interface IP pair m2miP peerlP Routing Remote IP Netmask Check ppp4 10 100 100 1 10 100 100 2 None nia ppps 10 100 100 3 10 100 100 4 Tunnel 192 168 100 0 255 255 255 0 Active nla pppo 10 100 100 5 10 100 100 6 None Active nia toe en Tuned Hamas SSS HSS SS 240 Inactive nla Key management Server public key 1024 35 121966023870561533592275977270823734011527680495476 7 169646898445 Add key for peer arctic 4 Key Number of enabled keys 3 55H listens on port 22 Change port On the top are summary about peers and their last check Configured connections are listed next If the number of peers is over 500 list is divided to multiple pages Below the list are conn
9. or disconnecting any cables It should be ascertained that different devices used have the same ground potential Before connecting any power cables the output voltage of the power supply should be checked This product is not fault tolerant and is not designed manufactured or intended for use or resale as on line control equipment or as part of such equipment in any hazardous environment requiring fail safe performance such as in the operation of nuclear facilities aircraft navigation or communication systems air traffic control direct life support machines or weapons systems in which the failure of Viola Systems manufactured hardware or software could lead directly to death personal injury or severe physical or environmental damage User Manual V O LAC Viola M2M Gateway Revisions Document Firmware Description of changes Version Version 05 2004 a0 Manual released CA C BE Ce Erz EEE ao eo reinen User Manual V O LA Viola M2M Gateway Contents COPYRIGHT AND TRADEMARK seinen ee 2 DIS 211 eera E ee eee 3 DECLARA BION OF CONFORMITY E 4 WARRANTY AND SAFETY INSTRUCTION 5 Kuele 6 RICK Ce EAR EH Te EE 9 1 1 About Viola M2M Gaieway nennen nnnnnnnnnnnnnnnnnnnennn 9 1 2 M2M Gateway Features 9 1 3 Pack ging Be Wei e E 10 RECH e 10 41 MOM Dane leeren ange nannte benannt area ann 10 LA2 BECK Pan E 10 143 Product label ernste ee 11 2 NETWORK REQUIREMEN Tea ge e taeb geseet nannten nein 12 2
10. 1 CONNECTION Pncgple eee cccccceeseeeceeceaeeeeceeeeseeaeeceeeeeseseeeeeeeeaeseeeeeeseaaaeeeeeessuaaeeeeesssagaess 12 2 2 Minimum Network Heourements neuen nnnnnn nenne nnnnnnnnnnnnennnnnennnnnnn 12 E ROING O UD ee 13 24 Other Neiw rk Te 13 2 5 Recommended Network Getunp nennen nnnnnnnnnnnnnnnnnn 13 2 6 Using the Second Ethernet Port 14 Be II INSTALLA TON E 15 3 1 Setting IP Address Using Web Browser 15 4 NETWORK CONFIGURATION nenn nenn nenn nenne nenne nenn nenn nenn nenne nnnnennnenn 18 4 1 Configuration ecreeng cece cccccecsseseccceecaeeseeceeeeeeeseeeeeeeeseusseeeeeesaaeueceeessaauseceeessaaaeeeeessaaaaes 18 5 VEN VOONNEG IVIL EE 19 5 1 VPN reouemente A 19 5 2 Available VPN Iwvpes nennen nnnnnnnnennnnnnnnn nennen ennnnnnnnnnnnnnnne nennen 19 5 3 Typical connection scheme neuen onnnnnn nennen neuen neuen nnnnnnennnnnennnnne nennen 19 5 4 Typical connection scheme with routnmg nenne ennennn nenne nennen nnennn nennen 20 6 SOH Kor Keele LETTRE 22 61 la ele ter ei to EE D ae ee 22 6 2 SSH VPN Configuration screen 22 6 3 Creating new Connechon nennen nnnnnnnnnnnnnnnnnnnsnnnnennnnnnnnn 23 6 4 Checking Connechon 24 6 5 Finalising SSH VPN SEUD DEE 24 6 6 Editing existing CONNGCHON sC egu geekkeegued n geeee ehn nennen Ehe 25 67 S9M DOM COMMUN AU OM EE 25 7 L2TP VPN GONFIGURA TIO E 26 7 INIOQJUCHONTO E2ZTEP VPN er ee 26 7 2 L2TP VPN configuration screen ENEE 26 7 3 Creating new Connechon nennen nnnennnnnnnnnnnnnnnsnnnnen
11. 8 Manual System Time Configuration System Time Day Date Month Year Hour Tuesday 34 si June x 2008 sl os sl is zl 54 si Hardware Time Month Hour Dan Date Se Tuesday 24 June wf 2008 el os de dia d Time Zone Change timezone to Europe Helsinki 9 3 2 Automatic configuration with NTP To configure system time automatically with NTP protocol Enter valid ntp server address to timeserver field and press Sync and Apply button on the bottom of the screen Figure 29 Automatic System Time Configuration Time Server Timeserver hostnames or addresses D Set hardware time too 9 4 Backup The Backup module saves user made settings of the Viola M2M Gateway It backups configuration files and keys of VPN tunnels and firewall settings 9 4 1 Backup screen Backup screen can be found from the Web user interface main screen Press Viola M2M Backup icon to open backup screen Firmware Version 2 4 31 Document Version 4 0 User Manual V O LAX Viola M2M Gateway Figure 30 Backup Screen X M2M Backup This module creates or restores a backup of the main configuration files eg YPN for the MAM Gateway create backup os restore backup wail open Le 9 4 2 Creating backups From the first page select Viola M2M Backup icon and press create backup button to create a backup file When the backup is created succesfully a notification text appears Figure 31 Backup created message e The backup was c
12. Addresses Shows hostnames assigned to IP addresses Firmware Version 2 4 18 Document Version 4 0 User Manual V O LAC Viola M2M Gateway 5 VPN connectivity 5 1 VPN requirements VPN implementation on M2M Gateway requires Open port in firewall for selected VPN server port Fixed IP address for M2M Gateway accessible from public Internet or used APN Remote client to connect to M2M Gateway most commonly Viola Arctic product Usually third node to monitor the connections and to access remote nodes laptop central management Note The M2M Gateway needs a fixed IP address 5 2 Available VPN types The available VPN types are L2TP SSH and OpenVPN A comparison is shown in table 2 Table 2 VPN comparison table VPN Description Encryptio Default Type port SSH VPN Default tunnel for Viola Arctic products 22 TCP i n L2TP VPN Lighter but less secure alternative to SSH O 1701 UDP VPN OpenVPN Best option for laptops and remote yes 1194 UDP management Selection of VPN depends on requirements available link capacity and used hardware 5 3 Typical connection scheme Typical connection scheme is described in figure 15 Viola M2M Gateway User Manual Y l o LAC Figure 15 Typical VPN Connection Company Firewall VPN tunnel GPRS link etho hl Ml Si 10 20 20 20 Gateway 10 20 2021 z Ke Arctic Hostname ViolaArctic Network configuration in VPN tunneling will be easier
13. Gateway Note It is possible that the internal routing in company intranet may require configuration in order to integrate M2M Gateway to an existing network 2 2 Minimum Network Requirements The M2M Gateway requires the following settings One public IP address for M2M Gateway SSH port default 22 unblocked for incoming connections to M2M Gateway from the remote network Although this configuration is minimal it can be used for testing and evaluating more complex systems It is always recommended to consult local network administrator when installing new servers to the public network User Manual V O LAX Viola M2M Gateway 2 3 Routing Setup When the M2M Gateway is installed to the existing network some configuration is required to add the route to the M2M Gateway and devices behind it For example local firewall to router needs to be aware of routes going via the M2M Gateway Routing can be complex to setup in large networks and it is recommend to consult local network administrator also about routing 2 4 Other Network Services M2M Gateway network services are listed in table 1 The only mandatory service is Secure Shell SSH SSH server listen to the incoming connections from Arctic devices in port 22 default This port must not be blocked by any firewall otherwise the remote Arctic devices are not able to open VPN connections to the M2M Gateway Arctic uses ICMP ECHO ping messages to check its network co
14. Hz 2 Conducted Emissions 0 15 30MHz EN 50082 1 Immunity Test 1 IEC 801 3 Radio Frequency Electromagnetic Field 2 IEC 801 2 Electrostatic Discharge 3 IEC 801 4 Fast Transients AC Power Ports and Signal cables Supplementary Information The product complies with the requirements of the Low Voltage Directive 73 23 EEC and EMC directive 89 336 EEC Warning This is a Class A product In a domestic environment this product may cause radio Interference which may make it necessary for the user to take adequate measures Manufacturer s Contact Information Viola Systems Lid Lemminkaisenkatu 14 18 A FI 20520 Turku Finland Phone 358 20 1226 226 Fax 358 20 1226 220 User Manual V O LAX Viola M2M Gateway Warranty and Safety Instructions Read these safety instructions carefully before using the products mentioned in this manual Warranty will be void if the product is used in any way in contradiction with the instructions given in this manual or if the product has been tampered with The devices mentioned in this manual are to be used only according to the instructions described in this manual Faultless and safe operation of the devices can be guaranteed only if the transport storage operation and handling of the devices is appropriate This also applies to the maintenance of the products To prevent damage both the product and any terminal devices must always be switched OFF before connecting
15. M2M Gateway 10 Advanced settings These configuration options are targeted for advanced users only Under normal operation these should not be changed 10 1 Command Line Shell The Connection status displayed on SSH VPN page does not update automatically it has to be updated manually and the current status needs to be checked 10 2 Advanced UI Menus 10 2 1 System menu Bootup and Shutdown change process and system level services on startup Bootup and Shutdown change process and system level services on startup Figure 35 System Menu System a kV a I e el bei Ka Bootup and Shutdown Change Passwords Running Processes Says Init Configuration N B o System Logs System Time System and Server Status SysV Init Configuration innitab configuration runlevels for system startup System and Server Status N A reserved for future use 10 2 2 Networking menu SSH Server Advanced SSH server configurations Under normal operation only SSH port is changed from SSH VPN user interface SSH Telnet Login debugging console not recommended for normal usage 28 Figure 36 Networking menu Networking t I Sue Linus Firewall SoH Server S5H Telnet Login 10 2 3 Others menu Command Shell debugging console for system level commands Webmin Actions Log Web user interface access log data Firmware Version 2 4 35 Document Version 4 0 User Manual V O LAX Viola M2M Ga
16. ation at their disposal is valid Viola software and programs are delivered as is The manufacturer does not grant any kind of warranty including guarantees on suitability and applicability to a certain application Under no circumstance is the manufacturer or the developer of a program responsible for any damage possibly caused by the use of a program The names of the programs as well as all copyrights relating to the programs are the sole property of Viola Systems Any transfer licensing to a third party leasing renting transportation copying editing translating modifying into another programming language or reverse engineering for any intent is forbidden without the written consent of Viola Systems Viola Systems has attempted to verify that the information in this manual is correct with regard to the state of products and software on the publication date of the manual We assume no responsibility for possible errors which may appear in this manual Information in this manual may change without prior notice from Viola Systems User Manual V O LAX Viola M2M Gateway Declaration of Conformity according to ISO IEC Guide 22 and EN 45014 Manufacturer s Name Viola Systems Lid Manufacturer s Address Lemmink isenkatu 14 18 A FI 20520 Turku Finland declares that this product Product Name Viola M2M Gateway conforms to the following standards EMC EN 55022 Emission Test Class A 1 Radiated Emissions 30 1000M
17. ay Connectors from left to right 1 Power plug Mouse and keyboard connector USB connectors Serial connector Parallel connector VGA display connector Ethernet 0 connector Eth0 WAN Ethernet 1 connector Em LAN CON OFF FB W bh 1 4 3 Product label Product label is found on the bottom of the device and it contains the basic information about the unit such as product name serial number and Ethernet MAC address Figure 4 Product label Arctic 2008 10 17 Viola Systems Ltd Made in Finland Ei Deeg Tel 358 20 1226 226 Fax 358 M20 1226 220 wan viglasystems com User Manual V O LAC Viola M2M Gateway 2 Network Requirements M2M Gateway works properly when the required parameters which are described in this chapter are configured For your network settings contact your local network administrator Note Misconfiguration of the M2M Gateway can seriously hinder your network Make sure you verify your network configuration with local network administrator 2 1 Connection Principle Company Intranet is normally connected to Internet via firewall Figure 5 shows the M2M Gateway connected to the Demilitarized Zone DMZ of the firewall This configuration allows hosts from Company Intranet to connect via firewall to the M2M Gateway Other configurations are also possible Figure 5 DMZ Connection Company Firewall Local Internet Ethernet Viola M2 M
18. connection is initiated by Arctic and the M2M Gateway decides based User Manual V O LAX Viola M2M Gateway on its configuration does it allow remote Arctic start VPN connection VPN connection can be disabled from M2M Gateway Ifthe connection is terminated for some reason it gets connected automatically by back up Remote Management M2M Gateway offers full remote management Also traditional console access is available using SSH 1 3 Packaging information The product package should contain the following items Viola M2M Gateway Power cord Viola M2M Gateway Quick Start Guide 1 4 Hardware description This section describes the front and back panel features of M2M Gateway 1 4 1 Front panel M2M Gateway front panel is shown in figure 2 Figure 2 Front Panel LEDs and switches from left to right Temp LED lit if system temperature is too high Nic 2 activity LED Eth 1 LAN Nic 1 activity LED Eth 0 WAN HD activity LED Power LED Reset switch NO OF SS W DP Power switch 1 4 2 Back Panel M2M Gateway back panel is shown in figure 3 Figure 3 Back panel 9 A wo Se HOU s ade EE Zi J Du a Ber C emt eg OGL HE One lee SSES 3 Bee ram 00 JEE Kee EH LUIER Hl Ean Es L GES Ess See noo Ee Se lass Lal Je ANE BE een Ta e 0 Firmware Version 2 4 10 Document Version 4 0 User Manual V O LAX Viola M2M Gatew
19. e background select Networking icon From the Networking page select Linux Firewall icon The firewall configuration is divided into sections Firewall has three chains input forward and output which are listed separately Figure 26 Firewall Chain Listing Showing IPtable Packet filtering filter Add a new chain named Incoming packets INPUT Select all Invert selection Action Condition Ad Accept If state of connection is ESTABLISHED Bei Accept If state of connection is RELATED d a Accept If protocol is ICMP EE accept If protocol is TCP and destination port is 22 and state of connection is NEW ey Accept If protocol is UDP and destination port is 53 Lt Drop If protocol is TCP and destination port is 80 and state of connection is NEW 4T N Accept If protocol is UDP and destination port is 1194 1199 LF P lAccept If protocol is UDP and destination port is 1701 dE amp ccept If protocol is TCP and destination port is 10000 and state of connection is NEW Ir Select all Invert selection Set Default Action To Drop sl Clear All Rules Add Rule On the bottom there are action buttons which can be used to apply or revert the changes Figure 27 Firewall Action buttons Apply Configuration Click this button to make the firewall configuration listed above active Any firewall rules currently in effect will be flushed and replaced Revert Configuration Click this button to reset the configuration listed above to the o
20. ection test buttons Key management field is located below peer list Here are listed only those peers that do not have a key yet If existing key for a peer needs to be changed it must be done by editing the peer On a bottom is SSH port configuration field Using action buttons on the peer list the connections can be managed and monitored easily See figure 18 Figure 18 SSH VPN Peer Listing Peer Interface IP pair m2mlP reet RoutingRemote IPNetmaskStatusCheck N x pke_arctic_test_1 pppo 10 10 10 11 10 10 10 12 None Active nia Disable Edit Remove Possible actions are from left to right 1 Connectivity test selection box 2 Peer status icon enabled or disabled Firmware Version 2 4 22 Document Version 4 0 User Manual V O LAX Viola M2M Gateway Key status icon Peer name Interface assigned to peer IP pair assigned to tunnel Routing mode none or network CON Oo OO KR Cu Remote IP if routing mode is set to network 9 Netmask if routing mode is set to network 10 Status Active or Inactive 11 Check status from last check n a OK or Failed 12 Enable Disable button 13 Edit button 14 Remove button 6 3 Creating new connection To configure a new connection 1 Go to SSH VPN configuration page 2 Press Add peer button located between peer list and key management box See figure 17 3 Enter values to fields Required fields are peer name and IP pair See figure 19 Note
21. ewall configuration please refer to your firewall documentation or to your local network administrator Figure 6 Recommended network setup Company Firewall Local Internet Ethernet Viola M2 M Gateway 2 6 Using the Second Ethernet Port If a firewall or network configuration does not allow the use of a DMZ or only few host has to have access to the M2M Gateway the second Ethernet can be used The second Ethernet of tne M2M Gateway can be enabled from the Web user interface The IP address of the second Ethernet of the M2M Gateway is then used as the default gateway for the devices connected to the second Ethernet port Figure 7 Second Ethernet port in use ethl kr Viola M2M Gateway Company Firewall Local Ethernet Firmware Version 2 4 14 Document Version 4 0 User Manual V O LAX Viola M2M Gateway 3 Quick Installation This chapter describes how to configure the network interfaces on M2M Gateway 3 1 Setting IP Address Using Web Browser This section describes how to change factory default IP address for the first time 1 Connect the cross over Ethernet cable between Viola M2M Gateway Ethernet 0 connector and your configuration computer 2 Configure your computer to use the same IP address space than Viola M2M Gateway laptop IP for example 10 10 10 11 with netmask 255 0 0 0 Check with ping command 3 Connect to the Viola M2M Gateway using your web browser The
22. gure 33 System Log View Last 20 lnesof Only show lines with text Jun 24 06 56 26 memgw sshalpam_unis 21914 session closed for user viola adm Jun 24 03 00 51 me2maw sshdipam_ unis 1976 session opened for user wypn by duid 0 Jun 24 09 00 51 memgw logger start_tunnel starting YPN pke_arctic_test_2 Jun 24 09 00 51 meng logger start_tunnel ppp finished pk arctic_test_2 Jun 24 03 00 51 mamgw ppopd 21604 Terminating op signal 15 Jun 24 09 00 51 memow sshelpam_unis 21558 session closed for user wpn Jun 24 09 00 51 memgw pppdf 1604 Child process pppd charshunt pid 216054 terminated with signal 15 Jun 24 03 00 51 me2maw popd 21604 Modem hangup Jun 24 09 00 51 memow popd 21604 Connection terminated Jun 24 09 00 51 m2mgw popd elb04 Connect time 42 5 minutes dun 24 03 00 51 m2maw pppaf21604 Sent 340 bytes received 342 bytes Jun 24 09 00 51 memow pppd e1604 Connect time 42 8 minutes Jun 24 03 00 51 memgw pppd itg Sent 340 bytes received 342 bytes Jun 24 09 00 51 m2maw pppaf21604 Exit Jun 24 09 00 51 memo logger start_tunnel killed old ppp pke_arctic_test_2 Jun 24 09 00 51 memgw pppd 2023 pppd 2 4 2 started by root vid 0 Jun 24 09 00 51 memgw popd 2 023 Using interface pppo Jun 24 09 00 51 memow popd 2023 Connect ppp lt gt fdeyvipts 0 Jun 24 03 00 52 mermgw popd ee023 local IP address 10 10 10 21 Jun 24 09 00 52 m2maw popd 22023 remote IF address 10 10 10 22 Last 20 lines of On
23. if some rules are followed Network addresses can not overlap it is always best to use dedicated IP address range for VPN tunnels Remember that VPN tunnel addresses are only visible between M2M Gateway and remote node Netmasks should be strict to prevent network overlapping Draw a network diagram with all the relevant information about the network you are building 5 4 Typical connection scheme with routing This example shows a little larger system This common setup is practical in connecting remote networks to as a part of local network This could be used to connect isolated remote stations to local monitor station Figure 16 Typical network setup with routing Company Firewall Internet GPRS link VPN tunnel 10 20 20 20 M2 M Gateway 3 eh 192 168 1 1 10 202021 z ugh Arctic Hostname ViolaArctic ethO 172 16 1 1 Local Ethernet De fault gateway Remote Ethernet 192 168 1x 172161 Local workstation Remote device v Default gateway The basic rules explained in the previous example are valid also in this example Please take some time to browse the user interfaces of both M2M Gateway and Arctic to become familiar with the settings Firmware Version 2 4 20 Document Version 4 0 User Manual V O LAC Viola M2M Gateway Select routing mode to Tunnel the following network ID address and netmask is the address that is located in the
24. lusion or limitation of incidental or consequential damages so the above limitation or exclusion may not apply to you Obtaining Warranty Service You must notify Viola Systems within the warranty period to receive warranty service During the warranty period Viola Systems will repair or replace at its option any defective products or parts at no additional charge provided that the product is returned shipping prepaid to Viola Systems All replaced parts and products become the property of Viola Systems Before returning any product for repair customers are required to contact the Viola Systems User Manual V O LAX Viola M2M Gateway 14 Technical Support Contacting Technical Support Phone 358 20 1226 226 Fax 358 20 1226 220 E mail support violasystems com Internet http www violasystems com Recording Arctic Information Before contacting our Technical Support staff please record if possible the following information about your Arctic product Product name Serial no Note the status of your Arctic in the space below before contacting technical support Include information about error messages diagnostic test results and problems with specific applications
25. ly show lines with text OpenVPN has its own logs which can be found from OpenVPN configuration Supportlog is a module that helps Viola Systems technical support team in troubleshooting situations It generates a collection of data from system that helps identifying the problem It can generate a log package that can be e mailed to Viola Systems technical support It is possible to collect all the data or smaller selection Firmware Version 2 4 33 Document Version 4 0 User Manual V O LA Viola M2M Gateway Figure 34 Supportlog Screen X Supportlog This module creates supportlog reports from system and peer status and configuration Select which reports to show below Select all I SSHVPN interface status 7 coHVPH peer configuration SSHVPN keys and key status e L2TP interface status e L2TP peer configuration e Open FN interface status e Open PA peer configuration e Ethernet information m IP interface status and configuration e IF routing status and configuration e Open and established TCP and UDF connections ke Firewall status and configuration e Firmware version e Process list and CPU and memory usage e system log security log tunnel log e MaM backups status 9 7 Factory default settings Factory default settings can be restored by selecting factoryBackup from backup restore selection screen See section 9 4 Firmware Version 2 4 34 Document Version 4 0 User Manual V O LA Viola
26. nded that the default password will be changed during the installation To change the password for user interface login From the top icon row on the blue background select System icon From the System page select Change Passwords icon From the user list select user viola adm Enter new system password and press Change to commit the new password See figure 9 1 eS e Figure 25 Password change screen Changing Unix user password Changing password for viola adm New password New password again PR Force user to change password at next login g Change password in other modules The only users who can log in a system are viola adm and root User viola adm is the only one who can log in to a web user interface User root can log in only locally remote root access is restricted 9 2 Firewall Firewall in an important part of the M2M Gateway product Firewall should always be turned on and configured as strict as possible to keep out any unauthorized traffic Note It is not recommended to use M2M Gateway without firewall turned on if connected to any public network For more detailed explanation about firewall configuration refer to application note Configuring Viola M2M Gateway firewall 9 2 1 Firewall configuration screen To reach the firewall configuration screen User Manual y LANC Login to M2M Gateway and enter the web user interface main menu From the top icon row on the blu
27. ne that is currently active Activate at beet ves No Change this option to control whether your firewall is activated at boot time or not Click this button to clear all existing firewall rules and set up new rules for a basic initial configuration 9 2 2 Changing firewall rules Default firewall rules allow only Arctic traffic Rules can be changed in firewall configuration screen 1 Existing firewall rules can be modified by clicking the Action text colored Drop Accept Adding new rules can be done by clicking the blue arrows on the left side of the rules Modified rules can be applied or old rules can be reset using the buttons at the end of the page The modified rules have to be applied by pressing Apply Configuration button before they are in use 9 3 Date and time lt is important to have date and time set up correctly if certificate based VPNs are in use To configure date and time Firmware Version 2 4 30 Document Version 4 0 User Manua VIO LA Viola M2M Gateway 1 Login to M2M Gateway and enter the web user interface main menu 2 From the top icon row on the blue background select System icon 3 From the System page select System Time icon There are two methods to configure system time manual and automatic with NTP protocol 9 3 1 Manual configuration To configure system time manually Enter time and date to system time and press Apply then Set system time to hardware time Figure 2
28. ng Network Configuration icon Figure 13 Network Configuration Menu Network Configuration ooo E p Sen ees re Network Interfaces Routing and Gateways Hostname and DNS Client Host Addresses Click this button to activate the current boot time interface and routing settings as they normally would be after a Apply Configuration reboot Waning this may make your system inaccessible via the network and cut off access to Webmin Network Interfaces Displays running network configuration on the top on Interfaces Active Now list This list contains all the interfaces running locally including VPN interfaces On the bottom there is a listing of physical interfaces ethO and eth1 Interface confiuration can be changed by pressing underlined interface name See figure 14 Figure 14 Network Interface List Interfaces Activated at Boot Time Name Type IP Address Netmask Activate at boot Proxy ARP enabled etho Ethernet 172 16 6 2 255 255 0 0 ves No eth1 Ethernet 172 30 30 1 255 255 255 0 ves No lo Loopback 127 0 0 1 255 0 0 0 Yes No Add a new interface Add anew address range Routing and Gateways Configures default route static routes and displays running routes Default route can be changed from this screen Enter the correct interface and IP address and press Save button Note Do not define more than one default route Hostname and DNS Client Configures hostname and DNS settings Host
29. nnection to the M2M Gateway By default the private IP address of the VPN peer is used as the target for the network connection status check i e the M2M Gateway is not required to accept ICMP ECHO messages The network connection status check can also be made using some public IP address e g the public IP address of the M2M Gateway In this case the target host of the network connection check is required to accept ICMP ECHO messages and that they are not blocked by any firewall Table 1 Network Services Port SSH TCP SSH VPN tunnel SSH remote access ICMP ICMP Network connection checking ECHO OpenVPN 1194 TCP UDP OpenVPN tunnel L2TP 1701 1701 L2TP VPN tunnel Note Remote root user login is disabled for security reasons User viola adm must be used for SSH and web user interface logins 2 5 Recommended Network Setup The M2M Gateway is recommended to be connected to a DMZ of a firewall This way the M2M Gateway can have public or private IP address depending on the firewall configuration When placed in DMZ the firewall protects efficiently against any unauthorized access to the M2M Gateway Only incoming SSH connections are required to have access to DMZ zone Services other than SSH are optional User Manual VIOL WwW Viola M2M Gateway en If the M2M Gateway is located in the DMZ and it has a private IP address the firewall has to support port forwarding or destination network address translation DNAT For fir
30. nnennnnn 27 8 OPENVPN CONFEIGURATION nenn nnne nenne nenn nenne nenn nnneneneen 28 User Manual V O LAC Viola M2M Gateway 9 ADDITIONAL SYSTEM CONEIGURATION nenne nenne enennenn 29 91 Changing system Bas Wo en 29 Ge UE 29 9 2 1 Firewall configuration screen 29 9 2 2 Changing firewall rules nennen nnennnn en 30 93 Dale and UMO eurer 30 9 3 1 Manual contguraion nennen nnennn nennen ennnnnennennennennnnnnnnen nennen 31 9 3 2 Automatic configuration with NIR 31 94 le E EN GES BackUp Eer E EN 942 Creating WACK e 32 9 43 TCSIONNG PACKS nme une anime ei 32 9 4 4 Moving backups between umnifs nennen nnnennnnnnnnnnne nennen 32 GE OV SUSI O a E E E 33 SE UPPOO aeren a EE ein ee ee ee 33 GER gl Veirel EE 34 TOADVANCED SGE FTING EE 39 IOT SOI ET Le 1S TEE 35 10 2 Advanced UI WSIS nee ee 35 1021 System En EE 35 10 2 2 NotWorking TING ee ansehen 35 10 25 Others EE 35 TEE ROUBEESHODSTING rennen aeg nee 3 gS ol ee Ne E 38 IS LIND DIEB VARRANT Y ae een 39 TA TESFINICAL SUPPORT see ee ea ee ee 40 User Manual V O LAX Viola M2M Gateway 1 Introduction This document describes how to configure the Viola M2M Gateway product 1 1 About Viola M2M Gateway The Viola M2M Gateway is a network device that enables VPN connection between company network and remote Arctic devices It can also be used to control and monitor Arctic devices in local or remote networks Concept of the Viola M2M Gateway is described in figure 1
31. reated successfully saved as m mbackup 2006 06 25 0620 00 30 46 OF 64 24 in foptividlasm2m Backups 9 4 3 Restoring backups Press open button to select the backup you want to restore and press restore backup button to restore the backup Figure 32 Backup Restore Selection Ia Choose File Konqueror Directory of Lal Iactiordbackupn DU 20 A0 DE D 4 tgz 14kB 13 Jun2008 09 12 Lal inetmbackup 2008 06 25 0640 DU A0 Ap DE D Z4I0s 29 kB 22Uunf 00gp 06 20 9 4 4 Moving backups between units To restore a backup on a different machine the backup file has to be copied into the opt viola m2mBackups directory on the second machine In addition the MD5 file also has to be copied onto the new machine This file has to copied into the opt viola MD5 directory After restoring the backup as described above the IP address has to be changed to the IP address of Firmware Version 2 4 32 Document Version 4 0 User Manual Viola M2M Gateway y LAX systems the machine the backup was created on Afterwards the secondary unit can replace the primary unit seamlessly without any further configuration 9 5 System logs To reach the system logs 1 2 3 9 6 Supportlog Login to M2M Gateway and enter the web user interface main menu From the top icon row on the blue background select System icon From the System page select System Logs icon Logs can be searched with defined text or just show last n entries Fi
32. ted warranty is only to you the first end user purchaser The warranty begins on the date of purchase and lasts for the period specified below Viola M2M Gateway one 1 year Excluded Products and Problems This warranty does not apply to a Viola Systems software products b expendable components such as cables and connectors or c third party products hardware or software supplied with the warranted product Viola Systems makes no warranty of any kind on such products which if included are provided AS IS Excluded is damage caused by accident misuse abuse unusually heavy use or external environmental causes Remedies Your sole and exclusive remedy for a covered defect is repair or replacement of the defective product at Viola Systems sole option and expense and Viola Systems may use new or refurbished parts or products to do so If Viola Systems is unable to repair or replace a defective product your alternate exclusive remedy shall be a refund of the original purchase price The above is Viola Systems entire obligation to you under this warranty INNO EVENT SHALL VIOLA SYSTEMS BE LIABLE FOR INDIRECT INCIDENTAL CONSEQUENTIAL OR SPECIAL DAMAGES OR LOSSES INCLUDING LOSS OF DATA USE OR PROFITS EVEN IF VIOLA SYSTEMS HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES In no event shall Viola Systems liability exceed the original purchase price of the device server Some states or countries do not allow the exc
33. teway Figure 37 Others Menu Others VA Command Shell Webmin Actions Log Firmware Version 2 4 36 Document Version 4 0 User Manual V O LA Viola M2M Gateway 11 Troubleshooting This Chapter provides a list of the common problems encountered while installing configuring or administering the Arctic If you are unable to resolve your problem refer to the Warranty and Technical Support Sections at the end of this User s Guide for information about contacting Viola Systems Technical Support representatives Q When setting up routing mode tunnel the following network routing to M2M Gateway eth1 does not work A Check that IP forwarding has been enabled and internal firewall does not block packets Q From Arctic Ethernet connection to M2M Gateway Ethernet is not working A Check that IP forwarding has been enabled on Arctic Q If only one public IP is available can the M2M Gateway be used A Yes if firewall connected to public IP can forward incoming SSH connections to the M2M Gateway User Manual V O LAX Viola M2M Gateway 12 Specifications Table 3 Technical specifications 10 to 90 RH non cond Techical specifications can be changed without notification User Manual V O LAC Viola M2M Gateway 13 Limited Warranty Coverage Viola Systems warrants this hardware product to be free from defects in materials and workmanship for the warranty period This non transferable limi
34. vailable on Viola Arctic products 7 2 L2TP VPN configuration screen Configuration screen is shown in figure 22 Figure 22 L2TP VPN configuration screen L2TP PN configuration X L TP VPN configuration Global Settings Port 1701 Link test interwal DU Reply timeout 20 Enabled Yes Edit settings Peer Interface par R Routing emole etmaskUsemame Password Statuscheck im2mlP peerlP IP ntp_test_pieerdno IF De Mone ntp_test_peergassworgdhere ctive ria Disable Edit Remowe Add peer Summary Peers 1 Active 1 Inactive 0 i Using action buttons on the peer list the connections can be managed and monitored easily See figure 23 Possible actions are from left to right Figure 23 L2TP VPN peer listing IP pair Routing ore Netmask Usemame Password Status Check Peer Interface i u reet E af ntp_test_peer no IF 10 2 2 21 10 2 2 22 None ntp_test_peer passwordhere Active na Disable Edit Remove 1 Connectivity test selection box 2 Peer status icon enabled or disabled 3 Peer name 4 Interface available if peer is up 5 IP pair assigned to tunnel 6 Routing mode none or network 7 Remote IP if routing mode is set to network 8 Netmask if routing mode is set to network 9 L2TP username 10 L2TP password Firmware Version 2 4 26 Document Version 4 0 User Manual y LAX 11 Status Active or Inactive 12 Status Active or Inactive 13 Enable Disable button 14 Edit button 15
35. y Add key for pe 4 X Select right peer After the keys are exchanged the peer can be enabled on the M2M Gateway Just press Enable button on the peer list Please note that the Arctic needs to be restarted before the connection comes up After the Arctic restarts and connects the peer status can be checked on the M2M by selecting a checkbox on the peer list and pressing Start check button For more information about configuring Arctic refer to Arctic User Manual 6 4 Checking connection The Connection status displayed on SSH VPN page does not update automatically it has to be updated manually and the current status needs to be checked To check the current status of a peer 1 Checked peers are selected by using checkboxes next to peer names Peers can be selected individually or they all can be selected using Check all button Connection check is started by pressing Start check button After the check is done the results are displayed above the peer list Checked n Peers gt n OK n Failed date Results for individual peers can be seen on Check column on peer list Note Peer interface tells which interface is assigned to a peer It is a local interface on M2M Gateway and it can not be used to determine the current connection status 6 5 Finalising SSH VPN setup After all the peers have been configured do the following Firmware Version 2 4 24 Document Version 4 0 User Manual V O LAC Viola M2M Gateway

Viola M2M Gateway user manual 4.0

Contents

Download Pdf Manuals

Related Search

Related Contents