JetBox 8210 User Manual
Contents
1. and it will compress all files in etc openvpn easy rsa 2 0 keys and etc openvpn easy rsa 2 0 userkeys When you download these keys you can copy them to other clients As below To upload Certificate Authority to JetBox Default path will be in etc openvpn easy 2 0 userkeys Upload Choose File client key i Upload archive Upload path is in the etc openvpn easy rsa 2 0 userkeys Korenix VPN ra You can also delete the certificate keys via web interface Select your certificate file to delete File List 9 Delete File letc openvpn easy rsa 2 keys ca crt etc openvpn easy rsa 2 l kevs ca crt l etc openvpn easy rsa 2 D keys client1 crt letc openvpn easy rsa 2 keys client2 crt pe MM t nwis sis letc openvpn easy rsa 2 D keys client3 crt letc openvpn easy rsa 2 D keys server crt letc openvpn easy rsa 2 l keys ca key letc openvpn easy rsa 2 keys clientl key letc openvpn easy rsa 2 D keys client2 key fetc openypn easy rsa 2 O keys client3 key etc openvpn easy rsaf2 O keys server key letc openvpn easy rsa 2 D keys client1 csr fetc openypn easy rsa 2 O keys client2 csr fetc openvpn easy rsa 2 0 keys client3 csr fetc openvpn easy rsa 2 0 keys server csr letc openvpn easy rsa 2 D userkeys client2 ke 7 4 PPTP In this page we provide PPTP server and PPTP client for user can create a VPN tunnel based on PPTP protocol We have two sample con2. SSID KorenixAP2 Mode Client BSSID 49 54 B2 90 CC D2 Encryption TKIP WPA2PSK IPv4 192 168 1 126 gt 3 100 Mask 255 255 255 0 Q Disable Edit x Remove Tx 172071 168 0 KiB Rx 2380631 2 2 MIB Connect Successfully Press Disable button to disable wireless device if you don t want to disconnect it 3 4 3GSettings Plug in the 3G dongle click the 3G settings and it will show the wireless device System f Network switch f Routing f Firewall B VPN g Serial Logout _ Status Settings WiFi Settings 3G Settings Network Redundancy Diagnostics 3G Overview Es Generic 3G Wireless Controller 1 Wireless is disabled or not associated amp Enable A Edit Remove Click Edit to edit the 3G configuration System Network Switch Firewall te ettings liFi Settings 3G Settings A pppO Here you can configure installed 3G devices General Setup Modem device idevitty USB3 v APN Dial String Username Password e Reset Save amp Apply Network Korenix Modem device The location of the device that wvdial should use as your modem i e for Sierra MC8092 it uses dev ttyUSB3 APN Specify your APN name For example in Taiwan we use internet as APN Dial String Customize to your country or provider for internet connection i e in Taiwan we use 99 Username Password Change with your username and password if needed Press Save amp A
3. 24 T L LAN W 192 168 10 2 192 168 10 1 ME LAN 192 168 20 1 3 WAN WAN n 192 168 1 7 n OpenVPN controller IP 192 168 1 100 a Connection IP 192 168 20 2 GW 192 168 20 1 We already provide two sample configuration files for Server and Client System Network M Switch B Routing M Firewall VPN Serial Logout OpenVPN IPSec Certificates PPTP L2TP L2TPy3 CHAP Secrets OpenVPN Connection Status Below is a list of configured OpenVPN instances and their current state Start Status Port Remote IP Address Protocol i openserver amp Start no 1194 udp Z x openclient f Start no 1194 192 168 10 1 udp Z x E Reset Save amp Apply Create OpenVPN Server Configuration system ff Network Switch Routing rrewat J wen serial MIND cu OpenVPN IPSec Certificates PPTP LZTP L2TPy3 CHAP Secrets OpenVPN Basic Connection Configuration for openserver Encryption Y Data Channel Encryption Options Generate Secret Key 3 Generate client 9 Configure client mode secret etc openvpn static ke E3 O Enable Static Key encryption mode non TLS ifconfig 10 8 0 1 10 8 0 2 O set tun tap adapter parameters ping timer rem Y 9 Only process ping timeouts if routes exist persist tun Y 9 Keep tun tap device open on restart persist key Y 9 Don t re read key on restart port 1194 9 TCP UDP port st for both local and remote keepalive 1060 Helper directive to simplify the expression of ping
4. Interf3CB i or rima s Cre E A Teo e ONUS 6 SST O mec E 6 cce Rc 7 gau 7 PASS WO scseceradi texit oe D bL ec detur bte ada 7 Sence dulled MESI RETENTO TT 8 SU add 9 General Stinson 9 Backup Configuration cir A 10 LIE are UP rates ni 11 REDOO tt NS 12 zin OMI dE AE 12 Sha GUS E 12 A pte E pei emm tales O E ttem dm 13 WIR SST II scum RT 13 JG SONE S p E 16 Network RedundafhCcy scio cios intr AA AT 18 DIAGNOSTICS er 20 i re Me eS 21 DORE tU c HUP V 21 POU CONTO cisseca dice kta 21 NIN neon caer Soa esa esa b SM T dA Ue M D MM NEU IA dere UE 22 dip T eceevees 22 Gl H M 23 Bate LIE e odit pe EHE REIN Dee tertia tstnda Deae eei CT etti BM 26 ROUNO M a 27 SS as 27 Statie ROUTES m e EE E I 28 OSPF arnee ei AA E A E A 29 a 31 AVI O AAA AAA AAA AAA 33 FO WAI ona m I 33 6 2 yny P 34 6 3 on ug o MIS fM MM MM MEME RM EEMEE 37 Chapter 7 lig M 39 7 1 IN e 39 7 2 ig c 42 7 3 ege c RR T UU Um 45 7
5. Interface Configuration This page allows user to specify parameters of each interface Interface Cost Priority Transmit Delay Hello Dead Retransmit qe vo pd T mm Ww p 18 qe vo p TT Jo Ww E 98 Badd Interface The Interface name Cost The distance of this link Interface the default is identified depends on what the bandwidth is by the system The value can be changed to decide the best router Priority The priority of this link Interface Set priority to help find the OSPF designated router for a network The default is 1 The range is O to 255 Transmit Delay The transmit delay timer of this link Interface Transmit Delay is the estimated number of seconds to wait before sending a link state update packet The default value is 1 second Hello The Hello timer of this link Interface The value must be the same for all routers switches on a network The default value is 10 seconds The min value is 1 Dead The Dead Interval Timer of this link Interface The Dead timer is the time to identify whether the interface is down or not before the neighbors declare the OSPF router to be down The default value is 4 times 40 seconds than the Hello interval default is 10 Retransmit The count of Retransmit of this link Interface The Retransmit time specifies the number of seconds between link state advertisement transmissions The default value is 5 seconds OSPF Neighbor Status This section allows user to see the OSPF Neighb
6. Port Remote IP Address Protocol openserver S Start no 1194 cus udp A x openclient Stop yes 1559 1194 192 168 10 1 udp 2 w E As Korenix VPN par Test your VPN connection For VPN client test your VPN server is connected Sit at one of your local subnet nodes 192 168 20 1 and ping a subnet node on the other 192 168 1 77 7 2 IPSec Simple Example The VPN tunnel has two participants on its ends called left and right and which participant is considered left or right is arbitrary You can configure various parameters for these two ends via web interface JetBox 5630 JetBox 5630 Left Right 192 168 10 X 24 a 192 168 1 X 24 F 192 168 20 X 24 a L LAN aE 192 168 1 141 192 168 1 140 MN LAN 192 168 10 1 y WAN WAN i 192 168 20 1 Remote aura one arc IP 192 168 20 100 gt cis GW 192 168 20 1 IP 192 168 10 100 GW 192 168 10 1 It defines a tunnel between two nodes on the same LAN with the left one as 192 168 1 141 and the right one as 192 168 1 140 as follows a2 VPN Korenix IPsec Connection Configuration xus Baste Connection Configuration TOF I0 EOE net aa interfaces Interfaces for IPsec to use Authentication method ESP Algorithm AES v left IP address of network interface leftsourceip Connection source IP leftsubnet Private subnets behind the participant 192 158 10 0 24 9 Example 192 168 10 0 24 leftrsasigkey Public key for authentication 0s AGN DBSFpONGexwv
7. Set the name of the local system for authentication purposes to name Password Specifies the password to use for authenticating to the peer redial If set to yes xl2tpd will attempts to redial if the call get disconected Remember to Press Save amp Apply to apply these setting and generate configuration file Back to L2TP pages Press Start button to start L2TP server and Client L2TP Connection Status L2TP instances wevapenapovepasebevapevepesapenapecepesepesapcoabevepesepesap coadpevepasapevencoapesapesepesepevapesapesebecapevepesapevepccapevapavapovesccapesapesapovesenapesabasapevasavapesapesapevapenepesapecepesapenepesapeveposapevepesapovepavabevepesepooapevabeoepesabovapeseboseposepocapesepesepevapovapesapesapevapevepesepecapavepevapesepesapevapevepesepesen es j Below is a list of configured L2TP instances and their current state E Type Stop Status Username Remote Server Ztp_server server Stop Link i x I2tp client client Stop Link korenix 192 168 10 2 g x EM tad Reset WSave amp Apply CS VPN Korenix NOTE A e When you press start button with l2tp client it will also start l2tp server It is normally So remember to stop l2tp server if you do not want to enable l2tp daemon anymore Switch to Global Configuration We also provide the Global section for L2TP As below L2TP Global Settings Additional Field IPSec Saref saref Refinfo Access Control Debug AVP Debug Netw
8. Set tun tap adapter parameters ping timer rem 9 Only process ping timeouts if routes exist persist tun Y Keep tun tap device open on restart persist key O Don t re read key on restart keepalive 10 60 9 Helper directive to simplify the expression of ping and ping restart in server mode configurations route 192 158 1 0 255 255 255 0 E j Example 192 168 10 0 255 255 255 0 Additional Field v Add NOTE e Static key of Client must the same as server So you have to copy the static key from server Can t generate another key on client site Run VPN Server in server site OpenVPN Connection Status pe OpenVPN instances mn Below is a list of configured OpenVPN instances and their current state Start Status Port Remote IP Address Protocol openserver Stop yes 2207 1194 zc udp 4 x openclient no 1194 192 168 10 1 udp x Js Run VPN Client in client site OpenVPN Connection Status NOS OpenVPN instances UTE P A vn V UR dict CR E TAE QR E VC CR TA docs dics dos CR P RR dict dics duos docs dics CA duck E LR dict deca VR P UR dics dues dows P LIC CR d VA UR dics dice dues dics dict LA P eR E DR UR A VAR P VIV dict Y CE UR UR E CRY VR P UR E CR dict V dict UR Y CR E DR P UR dics dict dock dos CR E CAP UR dics dics CA dont divs dict CR P DR dics dict UR PUR dics thet LT UR DIY VR UR Ue dios CR P CP LR ERA S UR P DR Y Below is a list of configured OpenVPN instances and their current state Stop Status
9. bytes 64 bytes from 192 168 1 1 seg 0 ttl 64 time 0 702 ms 64 bytes from 192 168 1 1 seq l ttl 64 time 0 396 ms 64 bytes from 192 168 1 1 seq 2 ttl 64 time 0 336 ms 64 bytes from 192 168 1 1 seq 3 ttl 64 time 0 367 ms 192 168 1 1 ping statistics 4 packets transmitted 4 packets received 0 packet loss j round trip min avg max 0 3360 450 0 702 ms FE Network Korenix Chapter 4 Switch In this chapter we explain how to configure JetBox network configuration via web interface 4 1 Port Status System M Network f Switch Routing B Firewall VPN ff Serial Logout Port Status Port Control VLAN PVID Qos Port Status Port Medium Link State Speed Duplex Flow Control Type vendor Name Wavelength Distance 1 Copper Down Enable 100Mbj s Full Disable 100BASE 2 Copper Up Enable 100Mbj s Full Disable 100BASE TX 3 Copper Down Enable 100Mbj s Full Disable 100BASE wan Copper Up Enable 100Mb s Full 100BASE TX Here you can see the all ports status of JetBox 5630 series 4 2 Port Control System Network B Switch Routing B Firewall M VPN Serial Logout Port Status Port Control vLAN PYID QoS Switch seidvee LAN Port Configuration ERITREA dood duod duos duos died duos dua duvddecd docs duod decd duca ES E duca duos duod duod duod dus decd d od duos ER ES E PRO O deed duod dues duoi duod dec duod duod duos dvd d od duo O A PE duos duoi decd duod DS EPR decd duod duos A duos duod duod O TP d
10. fair queuing Port Setting Port JU CoS Port 2 CoS Port 3 CoS Port WAN IEEE Tag Cos Queve First Priority First Priority First Priority First Priority C Los napping SE ys y Queue 1 075 Queue Z2 4 5 Queue 3 6 7 IP DSCP Map ping Queue 1 01 92 03 04 05 06 07 08 09 10 11 12 13 14 15 Queue r3 e i O Queue 9204 q Tar sor y my J i gar y 26 Cee ht TT y s 24 22 24 25 2 amp 4 2 EARE Pa goa RESI ga Unene 48 49 50 51 52 53 54 55 56 57 58 20 Jc 39 40 41 42 43 44 45 46 47 59 60 61 62 63 e 4 6 Rate Limit Rate limiting is used to control the rate of traffic that is sent or received on a network interface For ingress rate limiting traffic that is less than or equal to the specified rate is received whereas traffic that exceeds the rate is dropped For egress rate limiting traffic that is less than or equal to the specified rate is sent whereas traffic that exceeds the rate is dropped system Network switch Routing rirewan ve seras i ooo S RR Port Status Port Control VLAN PYID QoS Rate Limit Rate Limit Configuration Ingress Rate Range is from 1 Mbps to 1000 Mbps and Zero means no limit Increments of 1Mbps Egress Rate 1 Mbps to 100 Mbps increments of 1Mbps 100 Mbps to 1000 Mbps increments of 10Mbps Zero means no limit Egress packet type is All e Configuration A AS AA SS AS SIS SS DS EOS
11. reconnect e Waiting for router Y Korenix System m 2 8 Reboot This page provide user can reboot the JetBox System Network Switch Routing A Firewall VPN Serial Logout Overview Password Scheduled Tasks Startup General Settings Config Backup Firmware Upgrade Reboot System Reboot Reboots the operating system of your device Perform reboot Chapter 3 Network This chapter includes information about network configuration The information let user can easily set up the network We also provide the wireless settings and network redundant function These features are very useful and important for user 3 1 Status User can see the detail network information about LAN and WAN Interfaces sell Interface Overview diria Network MAC Address 00 18 30 F6 3C 4E NL RX 0 00 B 0 Pkts E TX 468 00 B 6 Pkts B IPv4 192 168 10 1 24 IPv6 FE80 0 0 0 218 30FF FEF6 3CAE 64 MAC Address 00 18 30 F6 3C 4F Sal RX 23 31 MB 167944 Pkts TX 1 86 MB 8854 Pkts wan IPv4 192 168 1 148 24 IPv6 FES0 0 0 0 218 30FF FEF6 3CAF 64 E Network Korenix 3 2 Settings User can change LAN and WAN IP address It can specify Static IP or Dynamic IP System Network Switch Routing Firewall VPN Serial Logout Status Settings WiFi Settings 3G Settings Network Redundancy Diagnostics Network H LAN Settings Apply immediately O Protocol IP Address Netmask SAT RR RR A A A AN RA Apply immediate
12. s 100 100 C8 D3 A3 40 E6 10 Managed 2 412 GHz Channel 1 on 47 dBm 92 dBm 54 Mb s 100 100 richard 2 00 1F 1F CO 44 3C Managed 2 422 GHz Channel 3 on 31 dBm 92 dBm 54 Mb s 100 100 JetWave3200_1_jim 60 02 B4 06 B6 69 Managed 2 437 GHz Channel 6 aff 27 dBm 92 dBm 54 Mb s 100 100 eric test AB8 54 B2 90 CB 00 Managed 2 437 GHz Channel 6 off 25 dBm 92 dBm 54 Mb s 89 100 2450test4p 00 19 70 86 F4 B3 Managed 2 437 GHz Channel 6 on 55 dBm 92 dBm 54 Mb s 100 100 ZyXELO1 00 19 CB BF 1F E3 Managed 2 452 GHz Channel 9 off 35 dBm 92 dBm 54 Mb s 100 100 TEST AP 60 02 B4 78 63 17 Managed 2 452 GHz Channel 9 aff 31dBm 92 dBm 54 Mb s 100 100 BUFFALO 68E334 1 10 6F 3F 68 E3 34 Managed 2 462 GHz Channel 11 off 43 dBm 92 dBm 144 Mbs 100 100 KorenixAP2 AB8 54 B2 90 CC D2 Managed 2 462 GHz Channel 11 on 39 dBm 92 dBm 54 Mb s 99 100 KorenixGuest 00 16 01 29 D9 DC Managed 2 462 GHz Channel 11 on 51 dem 92dBm 270 Mb s c Interface Configuration SES AE SLT LAS REUS E EERE A ES SEEDS A RS AR SEE E SE RI General Setup ESSID 11n AP Mode Encryption No Encryption Y IP Configuration Dynamic IP v Reset E Save amp Apply ESSID Choose your AP name Mode We provide Client and Ad Hoc Mode Encryption Select which encryption mode that you want to connect IP Configuration Select Dynamic IP or Static IP Example WPA PSK Mode gees Interface Configuration Ue EE Rp A HE en IBS Ese EIS HRS Hes SEG in n UB Ros LES rn EIS Is DEAE I Es is on n on L
13. the tty pty pair The default is 115200 bytes per second which some implementations interpret as meaning no limit localip One or many IP addresses to be used at the local end of the tunnelled PPP links between the server and the client If one address only is given this address is used for all clients Otherwise one address per client must be given and if there are no free addresses then any new clients will be refused remoteip A list of remote IP addresses to be used on the tunnelled PPP links between the server and the client debug Turns on debugging mode Korenix VPN a Option File Configuration For PPTP Server dnas Option File Configurations for pptp server CIE TET YET TET TET TNE THS TET TET DET TETTE LISTOS TET TIN EE YT UIT EP DS DES ETE TRE LL ZEE CET DET UPS TEE DOCERE TIT DIS DEE TEY O ORT LS DUE SOE PIPA CEE TEN OR OA TET ERES O LS TOE TUY TETTE auth m Require the peer to authenticate itself before allowing network packets to be sent or received MPPE Encryption Enable MPPE 40 128 bit Enable MPPE 40 126 bit MS DNS Enable MPPE 40 bit Enable MPPE 128 bit e Do not use MPPE OO AAABpO ABA auth Require the peer to authenticate itself before allowing network packets to be sent or received MPPE Encryption Here we provide three MPPE encryption types MPPE with 40 128 bit MPPE with 40 bit MPPE with 128 bit If you want to use CHAP or EAP encryption select Do not us
14. your PC And local time have to be added with Timezone For example The UTC time of PC is 12 00 00 2013 and Timezone is Asia Taipei So the local time will be 18 00 00 2013 2 6 Backup Configuration In Config Backup page user can use it to backup system configuration It will backup all files in etc And user can apply these configurations to other JetBox system Network li Switch M Routing M Firewall Bi VPN Serial Logout Overview Password Scheduled Tasks Startup General Settings Config Backup Firmware Upgrade Reboot Configuration Actions Backup Restore Click Generate archive to download a tar archive of the current configuration files Download backup Generate archive To restore configuration files you can upload a previously generated backup archive here Restore backup ions Upload aris Download Backup Click Generate archive to download a tar archive of the current configuration files Restore Backup Upload a previously generated backup archive to restore configuration files NOTE A e Restore configuration only extract all configuration files to etc It will not delete any files in etc io System Korenix 2 7 Firmware Upgrade It is the same as firmware up command in JetBox User can upgrade firmware via Web or JetBox console Flash image system Switch B Routing li Firewall Bi Logout Overview Password Scheduled Tasks Startup General Settings Config Backup Firmwa
15. 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 d Reset E Save amp Apply All the settings are the same as command in JetBox 5630 console For example Site A 10 42 1 1 sbin ip 12tp add tunnel tunnel id 3000 peer tunnel id 4000 encap udp local 192 168 20 1 remote 192 168 20 2 udp sport 5000 udp dport 6000 Some important parameters like tunnel id peer tunnel id udp sport udp dport etc You have to specify as same as ip command in JetBox 5630 console 2 Start Press Save amp Apply and back to L2TPv3 page Press to create L2TPv3 tunnel Korenix VPN ENS L2TPv3 Connection Status oro L2TPy3 instances RT O A A SR OR OR RR A apoape CR OR LR A A O A OR AR RR O RE RR DR A RR E CR O RT AR RA GR A RR CR A A CS RR O EE A CS RR A O OR A A A A O IR O PR O TA O 9 Below is a list of configured L2TPv3 instances and their current state 3 Stop Link Tunnel ID Session ID Local IP Address Remote IP Address IZtpethO Stop yes 3000 1000 192 168 20 1 192 168 20 2 4 x G Reset Save amp Apply 7 7 CHAP Secrets If you are using chap authentication then you also need to create the secrets file It is etc ppp pap secrets The CHAP secrets file The current pppd version requires that you have mutual authentication methods that is you must allow for both your machine to authenticate the remote server AND the remote server to authenticate your mac
16. 2 168 10 2 BB P ing Timeout second eooo Enable Network Redundancy Check it to start network redundancy when you press Save amp Apply IP Address Because we will use IP address field to check link status So user must to specify it And you can check link status by pressing ping INN Network Korenix Timeout second This value means timeout for ping If it is less it means switch to backup connection will take less time Default is 5 seconds Primary Connection Primary Connection AAA Primary Network Interface IP Address Netmask 255 255 255 0 Y Default Gateway optional Here user can specify the primary connection and set up its IP address We support LAN WAN WiFi 3G and Other network interface Usually LAN or WAN will be specified with primary connection Backup Connection a H Backup Network Interface IP Address leta Default Gateway optional Set up backup connection to make sure the links status can keep alive automatically when primary connection is disconnect Backup connection can be specified with WiFi or 3G interface Backup Connection 3G interface Backup Connection a UL CASA ELL SRS Backup Network Interface 3G v Modem device APN Dial String 39 Username Password Dee 000000 E When you choose 3G interface for backup connection you have to specify some settings like APN Modem device Dial String etc These set
17. 4 PPTP nase 46 7 5 Pj 49 7 6 ij A 52 CHAP S TOE ci osene sco Rae EER RUIN ER N ETIAM as 54 Chapter 8 a A 55 8 1 E A et Eo O A 55 8 2 Sera to NE WO K contorno sacos 55 8 3 MOdBUS Gato Wales 56 Getting Start Korenix Chapter 1 Getting Start 1 1 Web Server In JetBox5630 we will start web server automatically You can see it with ps command 1175 root lib udev udevd 1440 root hostenv sh bin sh fhostenv sh host usr lib lua usr lib lua 1448 root lua fweb lucid lua The default path is web Size Used Available Use Mounted on 35 3M 34 6M 50 7M 36 que 580 0K 5 94 9 feto MEA H M 3 2M 3 35M 49 iweb ubi opt IDEE UM 1U3 3 l opt F 30 OM 92 OK 29 90 0 tnp QO OM 100 OM 0 home 5 0H 4 OK 5 0M O root OM 0 1 04 0 usr etc 1 0M 0 1 04 0 media lucid lua setup lua NOTE e f unnecessary don t modify or delete any content in web e We will keep the latest version and provide firmware to upgrade web server Korenix Getting Start 5 1 2 Preparation for Web Interface Korenix web management page is developed by LUA It allows you to use a standard web browser such as Microsoft Internet Explorer Chrome or Mozila to configure the JetBox from anywhere on the network Befo
18. Apply immediately F Port TCP Port 1 65535 Baud Rate Stop Bits Parity Flow Control Reset E Save amp Apply Korenix Serial ra Apply immediately It means that start ser2net immediately If you do not check it it will kill all ser2net process after pressing Save amp Apply button 8 3 ModBus Gateway In this page we provide the modbus gateway for user can set up If you don t have modbus gateway program it will not run System B Network B Switch M Routing B Firewall B VPN E Serial Logout Port Settings Serial to Network ModBus Gateway ModBus xix Configuration menn Apply immediately O Port 1 Protocol Baud Rate TCP Port 1 65535 Timecut second E Scan Rate ms TCP Aging second Reset Save amp Apply Apply immediately It means that start modbus immediately If you do not check it it will kill all modbus process after pressing Save amp Apply button Protocol Set Modbus protocol Default RTU Baud Rate Set data transfer rate Default 115200 Data Bits Set the length of each data Default 8 bits Stop Bits Set the length of stop bit Default 1 Parity Set parity check parameters to avoid errors during data transferring Default None CS Serial Korenix TCP Port Set the port numbers of Modbus TCP server from 1765535 Default 502 Timeout Set the wait for respond time of data transferring from Modbus TCP to Modbus RTU ASCII through Modbus Gateway Range from 07600 seconds Defaul
19. DAS II IS AS IS IE SI AI SAD Port 1 Broadcast Only Ingress Rate Mbps Egress Rate Mbps fo Ingress Packet Type Ingress Packet type Select the packet type that you want to filter The packet types have all types of packets Broadcast Only Broadcast Unknown Multicast and Broadcast Unknown Multicast Unknown Unicast packets System Network Switch Routing Firewall VPN Serial ld Logout Port Status Port Control VLAN PYID QoS Rate Limit Rate Limit Configuration Ingress Rate Range is from 1 Mbps to 1000 Mbps and Zero means no limit Increments of 1Mbps Egress Rate 1 Mbps to 100 Mbps increments of 1Mbps 100 Mbps to 1000 Mbps increments of 10Mbps Zero means no limit Egress packet type is All sm Configuration DIES E A 4L LES O N E A AA E HR DR E Port Ingress Packet Type Ingress Rate Mbps Egress Rate Mbps 1 Broadcast Only 2 EE n M 3 Broadcast Unknown Multicast D 5 j WAN Broadcast Unknown Multicast Unknown Unicast Reset DApply Ingress Rate Mpbs Ingress rate in Mbps the rate range is from 1 Mbps to 1000 Mbps increments of 1Mbps Zero means no limit The default ingress rate is 10 Mbps Egress Rate Mpbs Egress rate in Mbps the rate range is from 1 Mbps to 100 Mbps increments of 1Mbps 100 Mbps to 1000 Mbps increments of 10Mbps Zero means no limit The default egress rate is no limit Egress rate limiting has an effect on all types of packets in
20. IES LIS HESS A EIS Ete era Les Los Term ses E E ED ES HA LEG HUS Mis HESS As Hos os eos S HRS EA HS Eos ES HA ss Ts LES LEA GR HS HS E CA HS Here SEA Hoa IA EE Hence HOA HET EPA DR SA e DE LEA HET Eo HE i General Setup Encryption Cipher Key IP Configuration uw Network Korenix Firewall VPN 3G Settings Network Redundancy Serial Logout Diagnostics Mode Client SSID 11n 4P M BSSID Not Associated Encryption NONE OPEN 10 Channel 1 2 412 GHz Signal 0 dBm Noise 0 dBm Bit Rate 0 0 MBit s orenix AP2 Client WPA PSK gt X A TD a Bl Dynamic IP Reset WSave amp Apply Example WEP Open System Mode ESSID Mode Encryption Used Key Slot Key 1 e key 2 a e key 9 Key 4 A T IP Configuration Reset El Save amp Apply Example Ad Hoc Mode m OOO CONTIGUOS APA General Setup ESSID Mods IP Address Netmask 255 255 255 0 v Used Key Slt Key 1 y mere a Key 2 e key 9 Je key 4 0 Reset Save amp Apply When you select Ad Hoc mode you must the IP address to connect another AP Press Save amp Apply to save configuration And go back to WiFi settings page to enable wireless device Korenix Network e Wireless Overview OOnnnn OWWMnMnnWWWWnnOWOnnnOOnOnOnnnWWnWWOWnnOnnAnAWWnWWnnOnWWWWOnnwWMOOnWnnnOWWWnWWWnnnWWnnAWWnWWMnnWWWWnW WnAAWOnUWnAnnWnnOnEEEEI es RaLink 802 11 Wireless Controller ra0 Y Channel 11 2 462 GHz Bitrate 54 0 MBit s
21. NPUT i wan p tcp dport 23 j DROP In Web interface System Network Switch Routing Firewall VPN Serial EN Logout Forwarding NAT Filtering Filter Configuration NS Enabled Y Apply Chain to INPUT Y Incoming interface Protocol TCP Y Source address Source port MM Destination address Destination port 3 State any v Action DROP Y Reset Apply Back to Filtering page you can see a rule that you had added System f Network f Switch f Routing Firewall ven seria Logout onward N Filtering Filter Enabled Chain Protocol Source Destination Action Sort test4 Yes INPUT TCP wan 0 0 0 0 0 Device 0 0 0 0 0 23 DROP Ak Reset Apply If you want to delete the rule just click x delete button and press Apply las Firewall Korenix Chapter 7 VPN In this chapter we only provide the basic and simple configuration for user set up the various VPN connections You can set up the VPN easily via web interface If your environment is more complicated We will recommend you to go into JetBox console and use command line and configuration file to set up 7 1 OpenVPN Simple Example A VPN tunnel will be created with a server vpn endpoint of 10 8 0 1 and a client vpn endpoint of 10 8 0 2 Encrypted communication between client and server will occur over UDP port 1194 the default OpenVPN port JetBox JetBox VPNClient VPN Server 192 168 20 X 24 ay 192 168 10 X 24 192 168 1 X
22. TITMITITITITITITITMITIPTMITEMITMITITITMTMITRAITMTMMTMITMRMTRAAPRHMTTATTTHMDTEMTUTT Once you finish configuring the settings click Apply to apply your configuration FN Routing Korenix Chapter 6 Firewall It is the same as iptables command in JetBox console In web interface we provide three basic functions for user to set up firewall in Linux 6 1 Forwarding The FORWARD policy allows an administrator to control where packets can be routed within a LAN For example to allow forwarding for the entire network the following rules can be set In JetBox command iptables A FORWARD i lan o wan j ACCEPT iptables FORWARD i lan o wan j3 ACCEPT iptables L Chain INPUT policy ACCEPT target prot opt source destination Chain FORWARD policy ACCEPT target prot opt source destination ACCEPT all anywhere anywhere destination In web interface you can specify as below Svstem Network Switch Routing Firewall VPN Serial Logout Forwarding WAT Filtering Forward Enabled Incoming interface Outgoing interface Protocol Source address Destination address Action Koren Reset Apply Click on Enabled and it will apply this rule immediately after press Apply Back to Forwarding page you can see a rule that you had added System M Network M Switch M Routing A Firewall B VPN Serial Logout Forwarding WAT Filtering Forwarding Enabled Protocol Sourc
23. al gl oooO Overview Password Scheduled Tasks Startup General Settings Config Backup Firmware Upgrade Reboot Scheduled Tasks This is the system crontab in which scheduled tasks can be defined t t date gt tmp test Reset O Submit E System Korenix 2 4 Startup We provide a Startup script rc local for user can run their program when system boot up For example If we want to add a vlan 2 and set ip address 192 168 20 1 when system boot up we can write these commands here It will run automatically at the end of boot process Overview Password Scheduled Tasks Startup General Settings Config Backup Firmware Upgrade Reboot Local Startup This is the content of etc init d rc local Insert your own commands here to execute them at the end of the boot process HB bin sh Start all init scripts by yourself config add lan 2 untag 1 2 ifconfig lan 2 192 168 20 1 Reset O Submit 2 5 General Settings Here you can configure the basic aspects of your device like its Hostname or the Timezone Overview Password Scheduled Tasks Startup General Settings Config Backup Firmware Upgrade Reboot Settings Here you can configure the basic aspects of your device like its hostname or the timezone General Settings Local Time Mon Mar 31 09 49 16 2014 Sync with PC Hostname etBox5630 UTC Timezone Reset Apply Korenix System o Sync with PC It will get the UTC time from
24. and ping restart in server mode configurations route 192 168 20 0 255 255 255 0 el Example 192 168 10 0 255 255 255 0 2 Additional Field v Add We use a pre shared secret key Static Key mode mode al Generate E You have to generate a static key first You can press 3 button directly with the web interface Or type the following command In JetBox console Generate Secret Key And you can select your key file As below secret etc openvpn static ke By B Enable Static Key encryption model non TLS Location root etc openvpn easv rsa m pm oO i 3 openclient conf enserver conf server cri erver k static EJEJEJEEJEJE E UT VPN Korenix Create OpenVPN Client Configuration OpenVPN IPSec Certificates PPTP L2TP L2TPv3 CHAP Secrets OpenVPN Basic Connection Configuration for openclient Encryption 9 Data Channel Encryption Options Generate Secret Key 3 Generate client 9 Configure client mode remote 192 168 10 1 E O Remote host name or ip address secret etc openvpn static ke E3 J Enable Static Key encryption mode non TLS ifconfig 10 8 0 2 10 8 0 1
25. cluding unicast multicast and broadcast packets Chapter 5 Routing In this chapter we provide users how to configure JetBox routing configuration via web interface We support Static routes OSPF and RIP routing protocol 5 1 Status Check routing status and you also can see ARP table Korenix Routing System E Network Switch Routing Firewall VPN Serial mm Logout Status Static Routes OSPF RIP Routes The following rules are currently active on this system IPv4 Address MAC Address Interface 192 168 1 116 00 07 40 ca 5e 9c wan 192 168 1 72 DO0 0f fe 60 ee cO wan 192 168 1 1 00 05 5d 8d 72 13 wan Active IPv4 Routes Network Target IPv4 Gateway Metric wan 0 0 0 0 0 192 168 1 1 O wan 192 168 1 0 24 0 0 0 0 0 lan 192 168 10 0 24 0 0 0 0 0 5 2 Static Routes You can add static route with this page For example we want to add a rule route add net 192 168 30 0 netmask 255 255 255 0 gw 192 168 10 1 route add n t 192 168 30 0 netmask oo A cu cy route nee IP routi gt pv iT D benma s 34 SEE e a y au NEE 4 J J LES A e vd D 1 0 955 4 2 JM wilt sd Iu Cl eA Sl H 5 Gite In web you can set up as below Interface Target IPv4 Netmask IPv4 Gateway Metric m EEE esa 1 a JAdd In JetBox console add default gateway route add default gw 192 168 1 1 Metric Ref 0 0 O 0 O 0 0 O In web you can set up as be
26. e Destination Action Sort test No Any lan 0 0 0 0 0 wan 0 0 0 0 0 ACCEPT t Ze mo OX o 0 M 9 A A A 4 n A M T Reset 3JApply If you want to delete the rule just click x delete button and press Apply 6 2 NAT Network address translation NAT is the process of modifying network address information in datagram IP packet headers while in transit across a traffic routing device for the purpose of remapping one IP address space into another Postrouting and IP Masquerade Masquerade allow LAN nodes with private IP addresses to communicate with external public networks a Firewall Korenix 192 158 10 10 LAN 192 168 10 1 iptables command iptables t nat A POSTROUTING o WAN j MASQUERADE In Web interface System Network Switch Routing Firewall VPN Serial E Logout Forwarding NAT Filtering 0000 NAT m Configuration tOr tees ee AA AAA AAAA AAA AAAA AAAA Enabled Apply Chain to Outgoing interface WAN Y Protocol any Y Source address Destination address ation Reset Apply DNAT and Prerouting Destination network address translation DNAT is a technique for transparently chang
27. e MPPE and you will see these options pervs Option File Configurations for pptp_server auth Yes a Require the peer to authenticate itself before allowing network packets to be sent or received MPPE Encryption Do not use MPPE v CHAP Require CHAP v EAP Require EAP v MS DNS Lo MS DNS If pppd is acting as a server for Microsoft Windows clients this option allows pppd to supply one or two DNS Domain Name Server addresses to the clients Click Save amp Apply and back to PPTP pages Press Stat button to start PPTP server and Client PPTP Connection Status Below is a list of configured PPTP instances and their current state Type Start Status Username Remote Server ppip_server server Stop Link A x pptp cient client Start Down korenix 192 168 10 2 a x Reset Save amp Apply 4B VPN Korenix 7 5 L2TP Here we provide the basic L2TP settings User can create L2TP tunnel easily via web interface There are two sample configurations Il2tp server I2tp client System M Network B Switch Bi Routing M Firewall VPN Serial Logout OpenVPN IPSec Certificates PPTP L2TP LZTPy3 CHAP Seorets L2TP Connection Status p i L TP instances III III ARI III RIIIE III ICI III III III AIR AIR IIA IIA j Below is a list of configured L2TP instances and their current state Type Start Status Username Remote Se
28. evs dua duod devi duca duod duod duod duod duod dood duod duos PC ON Port State Speed Duplex Flow Control 1 Auto Negotioation v Disable y 2 Auto Negotioation v 3 Auto Negotioation v Disable v deedess WAN Port Configuration SEEPI EAEE A REDEE EEA EEA EEEE E EIEEE EE IEEE EEI DET EEIEIEE EIEEE REDEE EELEE E EEEE I EDI EELE ALDEA EELE DA X Port State Speed Duplex Flow Control 4 Auto Negatioation 7 Y Reset Apply You can set up the each port configuration Just like ethtool command in JetBox console NOTE 1 To change SFP speed you need to reboot the system to make it effective 2 Please make sure the spec of SFP matching with the SFP speed setting or exception conditions would happen 4 3 VLAN You can add or delete vlan interface via web Just like vconfig command in JetBox console system f Network Switch f Routing Firewall YPN Serial Logout Port Status Port Control VLAN PVID QoS General Setup VLAN ID 2 Port 2 Port 3 IP Address Netmask 255 255 255 0 Reset Apply Here you also can directly specify IP address of vlan interface Back to VLAN setting page you can press Enable button to link up the vlan interface And the IP address will be set automatically according to settings System B Network Switch Routing f Firewall B VPN Serial Logout Port Status Port Control VLAN PVID QoS Switch si IGtGH RSC EST Fa ig ee nl URSI RIS geri Network o da2 Interface not present or
29. figurations pptp server pptp client As below System fM Network M Switch M Routing B Firewall B VPN Serial Logout aD E E al PPTP elei Leld DESEES A Ft PPTP Connection Status Below is a list of configured PPTP instances and their current state Type Start Stop Status Username Remote Server pptp server server amp Start Down 2 x pptp_ctient client Start Down korenix 192 168 10 2 2 x Reset Save amp Apply PPTP Server Configuration A PPTP Server Point To Point Tunneling Protocol allows you to connect securely from a remote location such as your home to an LAN Local Area Network located in another location such as your workplace business office etc This way you can use the services provided in your office at the comfort of your home P VPN Korenix PPTP Connection Configuration r Connection Configuration for pptp server cnn Type Select Server or Client Mode stimeout speed HEN locali y remoteip py id debug 169 Turns on debugging mode Aodan Elle Configurations Tor DA sereor ce Deu suth Require the peer to authenticate itself before allowing network packets to be sent or received MS ONS A Reset Save amp Apply stimeout Number of seconds to wait for a PPTP packet before forking the pptpctrl program to handle the client The default is 10 seconds speed Specifies a speed in bits per second to pass to the PPP daemon as the interface speed for
30. hine System Network Switch Routing Firewall VPN Serial LA Logout OpenVPN IPSec Certificates PPTP L2TP L2TPv3 CHAP Secrets CHAP Secrets This requires that you have mutual authentication methods that is you must allow for both your machine to authenticate the remote server AND the remote server to authenticate your machine User Name Hostname Password Acceptable local IP addresses korenx NN tore 0 0 0 vw 9 t JAdd Reset Save amp Apply The field can be a symbol It means any username or hostname CS VPN Korenix Chapter 8 Serial In this chapter we will explain how to set up the mode of serial port via web interface 8 1 Port Settings In this page user can set up the mode of serial port As below System M Network B Switch M Routing B Firewall B YPN f Serial Logout Port Settings Serial to Network ModBus Gateway Settings Net Serial Port Configuration nnne Port 1 Mode Baud Rate Stop Bits ndi Flow Contro Reset Apply Mode We provide RS232 RS422 RS485 4 Wire for user select It is the same as serialctl command The other parameters are the same as general settings of serial port 8 2 Serial to Network In this page user can set up the ser2net function As below System Network Switch Routing i Firew all VPN Serial Logout Porm Settingss Serial to Network uModBus Gateway Ser2Net ae Port Cunflquratlon oes aaa aea ERRARE DALLAS ADEL d
31. ing the destination IP address of an en route packet and performing the inverse function for any replies Any router situated between two endpoints can perform this transformation of the packet Korenix Firewall EN 192 168 10 10 LAN 192 158 10 1 Destination Port WAAMy Server Port 80 iptables command iptables t nat A PREROUTING p tcp i wan dport 8080 j DNAT to destination 192 168 10 10 80 In Web interface System Network Switch Routing Firewall VPN Serial Logout Forwarding NAT Filterin NAT a Configuration for test 2 sss Enabled U Incoming interface LAN y Protocol TCP Y Source address Source port Destination address Destination port Action to destination Reset Apply Back to NAT page you can see a rule that you had added System f Network f Switch f Routing Firewall VPN Serial Logout Forwarding NAT Filtering Network Address Translation Enabled Chain Protocol Source Destination Action Sort test3 No POSTROUTING Any 0 0 0 0 0 wan 0 0 0 0 0 MASQUERADE Ze test2 No PREROUTING TCP lan 0 0 0 0 0 Device 0 0 0 0 0 8080 DNAT e Reset Apply If you want to delete the rule just click 2 delete button and press Apply 6 3 Filter In this page we provide INPUT and OUTPUT chain for user to specify their rules For example If we do not want to access any telnet connection we can use this command iptables A I
32. korenix JetBox 5630 Web User Manual www korenix com Copyright Notice Copyright 2013 Korenix Technology Co Ltd All rights reserved Reproduction without permission is prohibited Information provided in this manual is intended to be accurate and reliable However the original manufacturer assumes no responsibility for its use or for any infringements upon the rights of third parties that may result from its use The material in this document is for product information only and is subject to change without notice While reasonable efforts have been made in the preparation of this document to assure its accuracy Korenix assumes no liabilities resulting from errors or omissions in this document or from the use of the information contained herein Korenix reserves the right to make changes in the product design without notice to its users Acknowledgments Korenix is a registered trademark of Korenix Technology Co Ltd All other trademarks or registered marks in the manual belong to their respective manufacturers Getting Start Korenix Table of Content Chapter 1 1 1 1 2 1 3 Chapter 2 2 1 2 2 2 3 2 4 2 5 2 6 2 7 2 8 Chapter 3 3 1 3 2 3 3 3 4 3 5 3 6 Chapter 4 4 1 4 2 4 3 4 4 4 5 4 6 Chapter 5 5 1 5 2 5 3 5 4 Chapter 6 6 1 Copyright NOLDICB a acea din Ote mind me Md MM ME IM Rd eed 2 Acknowledgments wu i c doce eb ei 2 O eaccuatacaaeees 3 GEES 5 Wer t Im 5 Preparation Tor Web
33. l queue in the page of CoS Queue Mapping CoS Value Traffic Type CI EY 2 Standard Bo Excellent load CoS Class of Service Layer 2 prioritization of packets is based on a CoS value Switch Korenix LEE Controlled load IS Voice and Video 6 Layer 3 network control reserved traffic Layer 2 network control reserved traffic QoS priority level follows 802 1p CoS Queue Mapping The default setting follows IEEE802 1p standard to map the CoS values to the physical queues You can modify the physical queue of each item here fo Noma a medium id C 3 The CoS values map to the physical queues 0 1 2 3 5 6 7 AAA EH EE AAA DSCP Differentiated Services Code Point Layer 3 prioritization of packets is based on a DSCP value A network could have from O to 64 different traffic classes using different markings in the DSCP DSCP Queue Mapping The default setting follows IEEE802 1p standard to map the DSCP values to the physical queues You can modify the physical queue of each item here was iow o e Korenix Switch EF The DSCP values map to the physical queues DSCP Setting DSCP Queue E Xo sp sn xz xp sp xp sp xm xp sp AAA DSCP Queue DSCP 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 DSCP 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 Queue It is the same as ethtool q and ethtool Q command in JetBox console As below ethtool q lan l Queue Scheduling 8 4 2 1 weighted
34. low Interface Target IPv4 Netmask IPy4 Gateway Metric PI CIN i pe DATE a Pad 5 3 OSPF The OSPF is short of the Open Shortest Path First OSPF is a link state protocol The Link is an interface on the router it equips the IP mask the type of network the routers connected to that network The State is its relationship to its neighboring routers The Metric is the distance between the 2 links it is usually the bandwidth of the link in link state protocol The Link State Database is the collection of all these link states The destination network address the shortest metric to the network and the IP address of the next hop are specified in the link state database OSPF Configration OSPF Protocol Disabled v Router ID 192 168 10 1 OSPF Protocol You can Enabled or Disabled OSPF protocol after press Apply button Router ID The router ID can be any IP address however the IP address of the existed local interface is suggested With such IP address you can find the router switch easier Routing For Networks Type the network address and the Area ID in the field Click Add to apply the setting You can see the network table in below a Routing for Networks a T o E e T R Network Address Netmask Area Bru y x gern T x Add Korenix Routing E NOTE All the Area ID of the router switch within the same area should use the same ID All the network address should be added
35. ly Ol Protocol TO OAO T RNC RN RR RR RR RR NUR RN RR RR RN RR RR RR RR RN Default Gateway optional DNS Server optional Reset Save amp Apply And it also provides two optional fields Default Gateway and DNS Server Apply immediately It means that change IP address immediately If you do not check it the IP address will change after reboot the JetBox 3 3 WiFi Settings In JetBox5630 we have built in AWUSO36NEH wireless driver You can easily install and use it to connect Ethernet When you plug in the wireless dongle click the WiFi settings and it will show the default wireless interface ra0 System B Network Switch M Routing M Firewall Serial Logout RaLink 802 11 Wireless Controller ra su Wireless ls disabled or not associated Enable 4 Edi x Remove Click Edit to edit the wireless configuration Korenix Network Ee Press Scan to check how many access point in your environment System Network Switch Routing Status Settings WiFi Settings n General Setup Status Searching wifi network GlScan pu Ww LAN Scan Lic VR PITO VOPI TIVI YO Y RO TO Y Te TRO TONO VOVO VOVO VI VIPI VI VOPI VOVO VO VOVO VOTO 109 1 09 VO VIVI VORI VOVO TOVO VO COSO YR VOTEI VO VI VIPI 1 0 VOTO VO VOVO RIVO TOVI VIVI TRU YT ici wifi networks in your local environment Link ESSID BSSID Mode Channel Encr Signal Noise Bit Rates 63 100 TEST AP2 50 02 B4 78 67 2F Managed 2 412 GHz Channel 1 off 65 dBm 92 dBm 54 Mb
36. m X E Em NE Rm Pe Mm e I Em NE ME ER Mm Network Address Netmask Area 192 168 200 x Dena x Add EN Interface Configuration ENEE RADAR I 12 12 IR IR ID 1R 12 12 12 12 1E 12 19 22 1 I 2 12 TR 12 12 12 432 1T IF P2 DROIR OT GR ODE DR OR CIR OI2 YR IR DR 12 12 C32 22 PR IR O22 IR LEA O12 32 IR O12 IR C22 32 12 IR DR PP 12 AAA TRIS IR P2 3T 2R ODE 2E I2 3Y P CIT AA Interface Cost Priority Transmit Delay Hello Dead Retransmit Add OSPF Neighbor Status AAN ARO A A T e NA ES EE NA e TAS E NU M S An Nee YA e E O To De Nee VA Me NU Vd Re e Mies TAS E E Vie MR Nee LE TA E e Ves MR E E TAS Lee M Ve MAUS Nee TA E De Te MR e Me TUR Mes VS Ue i e Mee Nee Ves Mr AR Ue T Me AU A A Me Me TE Neighbor ID Priority State Dead Time IP Address Interface 192 168 20 200 1 Full DR 32 760s 192 168 20 200 wan 192 168 20 150 Reset Apply 5 4 RIP The RIP is short of the Routing Information Protocol RIP was in widespread use years before it was standardized in as RFC 1058 in 1988 Version 2 of RIP was completed in 1994 RIP is the most known Distance Vector type dynamic routing protocol or known as Hop Based routing protocol It uses hop count as a distance metric each router advertises its routing table every 30 seconds The maximum routers RIP can support is 15 the 16th router represents Infinity RIP Configuration This page shows how to configure RIP protocol Korenix Routing a RIP Protoc
37. nel easily There is a sample configuration as below System B Network Switch E Routing Firewall VPN f Serial Logout OpenvPN IPSec Certificates PPTP L2TP L2TPv3 CHAP Secrets L2TPv3 Connection Status L2TPv3 instances Below is a list of configured L2TPv3 instances and their current state Start Stop Link Tunnel ID Session ID Local IP Address Remote IP Address 2 tpeth amp Start no 3000 1000 192 168 20 2 192 168 20 1 Ax Lo Add Reset Save amp Apply 192 168 20 1 192 168 20 2 a 6 a 192 168 10 100 s r 192 168 1 77 d EI mm eam perd l n L2TPv3 Tunnel 10 42 1 2 I2tpethO 10 42 1 1 route add net 192 168 1 0 netmask 255 255 255 0 gw 10 42 1 1 route add net 192 168 10 0 netmask 255 255 255 0 gw 10 42 1 2 VPN Korenix L2TPv3 Configuration L2TPv3 Peer ar Oe aE eee A A EE Local IP Address 92 168 20 2 Remote IP Address 92 158 20 1 Encapsulation UDP Tunnel ID Peer Tunnel ID UDP Source Port UDP Destination Port Session ID 000 Peer Session ID BID L2TPy3 Interface Address ii ida cacao iia ica Site 4 IP Address 10 42 1 1 Site B IP Address 10 42 1 2 Beco000000000000000000000000000000000000000000000000000000000000000000000900000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000
38. not connected yet Enable F Edit x Delete JAdd new interface Reset Apply 4 4 PVID System f Network Switch Routing M Firewall B VPN f Serial Logout Port Status Port Control PVID Lagos PVID pias PVID Settings nennen Port 1 Port 2 Para Reset DApply E Switch Korenix User can change port s pvid via web It is the same as ethtool P command 4 5 Qos In the past the concept of quality in networks meant that all network traffic was treated equally The QoS Quality of Service concept means that some traffic needs preferential treatment because the requirements of some applications and users are more critical than others In addition QoS for networks is an industry wide set of standards and mechanisms for ensuring high quality performance for critical applications When QoS is enabled packets are queued based on the port trust mode which is derived from the incoming port configurations CoS queue mapping or DSCP queue mapping Through this section you can set up the priority level for port based CoS value incoming CoS CoS Queue Mapping or incoming DSCP DSCP Queue Mapping and define the way to process all ingress packets by either the strict priority scheme or the weighted fair queue according to the priority levels of port based CoS only DSCP only CoS first or DSCP first JetBox 5630 supports 4 physical queues from O to 3 Queue scheduling Use an 8 4 2 1 weighted fair queuing scheme Thi
39. ol Enabled or Disabled OSPF protocol after press Apply button UN RIP Gonfiguration AAA NAAA TANIA LANA AAA TAI bed Sate IATA UR SIA LA REUA EUR URSUS AA LAICA TENIA UU LEIA UU USO UR ATAR AAA AAA RIP Protocol Disabled v AAA Routing for Networks All the networks no matter directly connected or learnt from other router switch should be added to the switch The format is IP Network bit mask DA Routing for Networks iio Network Address Netmask 92 158 20 0 932 158 1 0 JAdd AIT Ed RIP Interface Configuration In RIP Interface Configuration you can configure Send Version and Receiver Version Select the RIP Version of the interface Once you finish configuring the settings click on Apply to apply your configuration Interface Configuration E RR A A A A RA A AR A E A A pid todtabdtsbdtnbdipbdho Interface Send Version Receive Version par A G Add a Ea ea ee 2 ARANA HII AUN RIP Status roberto Both NTILCHCSOSUOPCMLICTNCSUMUONCMUNCNOSUOROBRCMNLTSLHUCRCTROSUSUBURCMLSSUHBUMNOR TPCNCNLISUSURONTHLTRUCNUOSURNCMURCSAU Gateway BadPackets BadRoutes Distance Last Update RIP Status This section allows user to see the RIP Neighbor information Gateway BadPackets BadRoutes Distance Last Update 192 168 20 200 0 0 120 00 00 28 OUUUUUUUUUULDDMDUDUDEUPPEMDEMPEMDEMPEEPEMPUPMMTMPMTPTMTMTMITITTTMITMITMITMITITITITITTITITMITTITMITMITMTTSITMITMTSITSMTMPMTITMIIPSPSIPMTIPITTITMTTITTIITMITMITMITITMITMITMI
40. or information Below is the example of a simple OSPF environment The Hello packets are exchanged between the switch to next switches While the State is changed to Full that means the CS Routing Korenix exchange progress is done The Neighbor ID is the Router ID of the Neighbor routers switches The Priority is the priority of the link The Dead Time is the activated time of the link There are one interface attached the switch you check The IP address shows the learnt IP interface of the next hops And the Interface shows the connected local interface po OSPF Neighbor Status AAA A AAA AAA ADA AAA AAA AAA AAA AAA AA AAA AA AAA AA A AA AAA AA AAA AA AAA AAA AAA AAA AAA AAA UL SA AA LVL I Neighbor ID Priority State Dead Time IP Address Interface 192 168 20 200 1 Full OR 32 7605 192 168 20 200 wan 192 168 20 150 A A Once you finish configuring the settings click Apply to apply your configuration System B Network E Switch Routing Firewall VPN M Serial Logout Status Static Routes OSPF RIP OSPF P OSPF Configuration ARRIAGA ARI INIA IIA IRIARTE AIR ARANA IIA III j i OSPF Protocol Enabled v Router ID 192 158 20 150 Routing for Networks I3 X9 18 IE 2E Lm RE ME RE PR RR ei me Ue M Re 1 Rm M Rm RR Ma e 2m Rm Ne Pe Rm RR RE Am ie Me Me Ree e PR e Ra Ie Ma e Ra Re Rd Rm Aue Mu Ri 2a Rm Mm Rm M Ri PA ie Xe la Rm m e RR Em RR NR Rm Pm E Ii Re RR ME Ki P Rm MA 1
41. ork Debug Packet Debug State Debug Tunnel port Specify which UDP port xl2tpd should use The default is 1701 ipsec saref Use IPsec Security Association trackinng When this is enabled packets received by xl2tpd should have to extra fields refme and refhim which allows tracking of multiple clients using the same internal NATed IP address and allows tracking of multiple clients behind the same NAT router Values can be yes or no The default is no saref refinfo When using IPsec Security Association trackinng a new setsockopt is used If not set the default is to use 30 access control If set to yes the xl2tpd process will only accept connections from peers addresses specified in the following sections The default is no debug avp Set this to yes to enable syslog output of L2TP AVP debugging information Korenix VPN ler debug network Set this to yes to enable syslog output of network debugging information debug packet Set this to yes to enable printing of L2TP packet debugging information Note Output goes to STDOUT so use this only in conjunction with the D command line option debug state Set this to yes to enable syslog output of FSM debugging information debug tunnel Set this to yes to enable syslog output of tunnel debugging information Basically you can create L2TP tunnel easily by using basic configuration 7 6 L2TPv3 In web interface we provide L2TPv3 section for user can create L2TPv3 tun
42. out Overview Password Scheduled Tasks Startup General Settings Config Backup Firmware Upgrade Reboot Status Sus Sy Stem sess System Name JetBox5630 Firmware Version 0 6 2014 03 26 16 59 46 Kernel Version 3 2 0 WebUl Version 0 6 Local Time Mon Mar 31 09 40 26 2014 Uptime Oh 37m 53s Load Average 0 00 0 01 0 05 GIUM e Total Available 494712 kB 511996 kB 96 Free 486900 kB 511996 kB 95 Cached 7812 kB 511996 kB 1 Buffered OkB 511996 kB 0 2 2 Password Change login password System Network Switch Routing Firewall VPN Serial Ld Logout Overview o Password Scheduled Tasks Firmware Upgrade Reboot Password Changes the administrator password for accessing the device Password length 0 28 Password E Confirmation E Reset Save amp Apply Password length 0728 Korenix System E NOTE e When you change web login password it will also change system login password simultaneously 2 3 Scheduled Task It is the same with Cron daemon Syntax A crontab file has five fields for specifying day date and time followed by the command to be run at that interval a 2 ii i A command Lo be executed 1 day of week 0 6 Sunday 0 T WoE Ik IS Gic a acute eL A A hour 0 23 poene qug O O Example System Network switch Routing Firewall f VEN seri
43. pply to save configuration And go back to 3G settings page to enable 3G device System Network Switch Routing ff Firewall Serial Logout Status Settings WiFi Settings 3G Settings _ Network Redundancy Diagnostics 36 Overview 8 Generic 3G Wireless Controller 1 IPv4 100 97 12 137 r Mask 255 255 255 255 Tx 129 129 0 B Rx 78 78 0 B Disable Edit x Remove Connect Successfully Press Disable button to disable wireless device if you don t want to disconnect it Korenix Network p 3 5 Network Redundancy Redundant function checks the link status and the connection integrity When the primary interface fails it will switch to the backup WAN WiFi or 3G automatically to keep the connection alive JetBox 5630 Network Redundancy 5u i DE e Primary Connection LAN Data Center A Remote Controller 3 ES eq a Y r A 7 T AN WiFi p 1 ug y gt E e WAN bt li ba Backup Connecti on Choose one of the two following conditions to activate the backup path 1 Link Check link down 2 Ping Check Sends ping commands to a specific IP address Redundant Configuration i 2 Redundant Configuration YUPTEENES ETT AR IRAN RR TRE TIE TETTE STET TR A ARANA TRE VUE TES TRE TES TESTES TES TENTE ES ARANA AA TREE TETTE TET TAT TET ATP TELE TETTRSY REIES IES TRE TET TETTE TENTI TEARS ESTA AAA IA i Enable Network Redundancy IP Address 19
44. re Upgrade Reboot Actions Flash new firmware image Upload a sysupgrade compatible image here to replace the running firmware mage i Firar Upgrade After select the image file click it to start firmware upgrade It will verify the image is valid or not Wet Flash new firmware image RA A AI A A A AA A ta NI M AUN A OON Upload a sysupgrade compatible image here to replace the running firmware Image Choose File No file chosen Flash image mU OO OUO UU UU UU UU UU nU UIT mI m m m m m m I III ED U M 0MMLOO DD OM A RIO D r MM AD B iii iti titi titi ii iiiit iii titi iie i titiit P Invalid Image If image is valid you will see the checksum and file size Click Proceed to start flash image Flash Firmware Verify The flash image was uploaded Below is the checksum and file size listed compare them with the original file to ensure data Integrity Click Proceed below to start the flash procedure Checksum 19058383c9cfac793fa392feefal 5ce e Size 3 74 MB Cancel Proceed NOTE e When upgrade complete the JetBox will reboot automatically It will connect to web after few minutes The system is flashing now DO NOT POWER OFF THE DEVICE Wait a few minutes until you try to
45. re you attempt to use the embedded web interface to manage JetBox configuration verify that your JetBox 5630 Series is properly installed on your network and that every PC on this network can access the switch via the web browser 1 Verify that your network interface card NIC is operational and that your operating system supports TCP IP protocol Wire DC power to the JetBox and connect it to your computer via LAN port Make sure that the LAN s default IP address is 192 168 10 1 Change your computer IP address to 192 168 10 2 or other IP address which is located in the 192 168 10 x Network Mask 255 255 255 0 subnet 5 Switch to DOS command mode in your computer and ping 192 168 10 1 to verify a normal response time 1 3 System Login Launch the web browser and Login 1 Launch the web browser Internet Explorer or Chrome on the PC 2 Type http 192 168 10 1 or the IP address of the switch And then press Enter 3 The login screen will appear next 5 JetBox5630 LuCI E uE 192 168 10 1 luci Authorization Required Please enter your username and password Username Password Reset Login The default login user is root without password aa Getting Start Korenix Chapter 2 System 2 1 Overview You can see system information on this section Such as Hostname Firmware version WebUI version etc and also display memory information System Network M Switch M Routing M Firewall B VPN M Serial Log
46. rver I2tp server server Start Down Z x I2tp client client S Start Down korenix 192 168 10 2 ig x Reset Save amp Apply L2TP Server Configuration L2TP Connection Configuration x 4a Basic Connection Configuration for I2tp server AFP ox Fox of Po Fic O Fi Fx Pct oe SINE PAIDOS ASS DD hf Pct Pic Fe Fc ix Fc Fev cc ee ex rM Type O Select Server or Client Mode ip range 192 168 10 2 192 168 10 100 example 192168 10 1 192 168 10 100 lacal ip example 192 168 10 1 CHAP ppp debug yes length bit no hi Reset Save amp Apply Ip range Specify the range of ip addresses the LNS will assign to the connecting LAC PPP tunnels Multiple ranges can be defined Ranges are defined using the format IP IP example 1 1 1 1 1 1 1 10 local ip Use the following IP as xl2tpd s own ip address CAHP refuse require chap require or refuse the remote peer to get authenticated via CHAP for the ppp authentication Korenix VPN rug ppp debug This will enable the debug for pppd length bit If set to yes the length bit present in the I2tp packet payload will be used L2TP Client Configuration L2TP Connection Configuration Ns Basic Connection Configuration for I2tp client sss Type 9 Select Server or Client Mode ppp debug yes v Remote Server Address Username Password e redial No v Reset Save amp Apply Remote Server Address Set the DNS name or IP address of the LNS to connect to Username
47. s is also known as WRR Weight Round Robin JetBox 5630 follows the rate of 8 4 2 1 to process the packets with the high the medium the low and the normal priority in a queue For example the system processes 8 packets with the high priority in the queue 4 with medium priority and 2 with low priority and 1 with the normal priority at the same time Use a strict priority scheme Packets with higher priority in the queue will always be processed first unless there is no packet with higher priority in a queue The default is using an 8 4 2 1 weighted fair queuing scheme Queue Scheduling 842 1 weighted fair queuing scheme O Strict priority scheme Port setting Priority Korenix Switch a You can choose the QoS priority levels for each Ethernet port of JetBox 5630 from O to 7 Trust Mode Description Port Based Use the priority level of the port configuration CoS Only Use the priority level of CoS Queue Mapping only DSCP Only Use the priority level of DSCP Queue Mapping only DSCP First Use the priority level of both CoS and DSCP Queue Mapping but DSCP Queue Mapping first CoS First Use the priority level of both CoS and DSCP Queue Mapping but CoS Queue Mapping first Trust Mode Port Priority Trust Mode EST a Pot Base T Ma DSCP First eel Cos Only JetBox 5630 will give all ingress packets the priority tag based on the priority level CoS Value of the ingress port The CoS value maps to physica
48. t 5 seconds Scan Rate Set the scan rate from 0 10000ms Default 200ms TCP Aging The system will automatically interrupt the connection to avoid occupying channel if the TCP connection is failed or idling abnormally Range from 177200 seconds Default 420s Korenix Technology Co Ltd Business service sales korenixembedded com sales korenix com Customer service koreCARE korenix com Web Site http www korenixembedded com http www korenix com Korenix Serial EE
49. tings are the same as network 3G setting Korenix Network oe Backup Connection WiFi interface 0 Backup Connection PARA IIA II IA 1 Backup Network Interface interface name m un v O as m z lt lt E2217 orenixAP2 Encryption WEP Open System Used Key Slot Key 1 Key 1 anna a Key 2 e Key 3 2 a Key 4 FI When you choose WiFi interface for backup connection you have to specify some settings These settings are the same as network WiFi setting besides interface name User has to specify WiFi interface name to make sure that we can use right interface to connect After all setting click Save amp Apply to start Network Redundancy function NOTE e f primary and backup connection can t connect to server both we will disable redundant daemon after retry 10 times 3 6 Diagnostics We provide a network diagnostic tool to verify network connection User can use ping or traceroute function to check it System Network Switch li Routing ll Firewall lj VPN li Serial ll Logout Status Settings WiFi Settings 3G Settings Network Redundancy Diagnostics Diagnostics E Network Utilities Vet 12 32 12 32 32 32 AE 12 12 12 12 V2 12 12 ARPA IET APA APNEA ADA TETTETETT ANAL Te ANNAN METETE ETET ete te 122 201 22712712 TETVPTTITT ETIN Aerie tate teeter lee tee tee ele tects teeta tee 22 iets te tet i 192 168 1 1 Ping 168 95 1 1 Traceroute j PING 192 168 1 1 192 168 1 1 56 data
50. twark Switch Routing Firewall VPN fj Serial Logout OpenVPN IPSec Certificates PPTP L2TP LZTPv3 CHAP Secrets Certificates Management eT Cong on non OO NOOO NR OREO RU ORL ORO ONTO LON RE HO PC HCHOURHEHO HOO OG HO HH LOO HH LOHN ORO ORR CONOR NOR CON CONOR GEM QUE S Download All Certificate Authority Keys into your local machine Download 3 Download archive To upload Certificate Authority to JetBox Default path will be in etc openvpn easy userkeys Upload Choose File No file chosen Upload archive Select your certificate file to delete File List letc openvpn easy rsa keys ca crt v QDelete File Sometimes we need to set up your own Certificate Authority CA and generate certificates and keys for an OpenVPN server and multiple clients So we need to management these keys for example delete backup or copy it to other clients In this page you can manage certificate keys of OpenVPN Usually these keys are in the etc openvpn easy rsa 2 0 keys As below etc openvpn easy r 01 pen MATS EPI 4 pem A d a key lientl crt fetc openvp A sum m LN erial old erver crt client3 key dhlOZ4 pem index txt C 4323709 G2 GSO AA EH B tp mH dh Wie erver csr xt attr server key xt attr old O d Do BN by LJ m E moO O DO G0 D cov COD D D D X If you want to backup these keys click E Download archive
51. y successfully Copy it and paste to these fields Public Key Management A A A LL E Generate Public Key 3 Generate Show Public Key glShow OsAQPMwgHR7Qv7z2 hKS5lrIawFIgeHMiBHhvKLQzz5EOYMBCOS qgTqoFkD68YCzUejepRRkBsiO0O0rpAKISPSoFyAmQ55JkFANH gKaqxzzQhmxxJxandqdirpHnFE c gIK59H9WrENaZGEOykJYuEoYCyakN75hJc MGB2rs4hKRf82 kLI Kk7P2YF nOA7KKkVUUlq9iU ML91261jJfkbEovpdRS398yD20D6WzxwEVRUnV6fXOaO0gezKbdSDwV8XHzphYgqYvcw MHMUdqvWME moLGkwzvN7VjBvh2nJuClen qQOLOs3xdF7PL6Xf49dyMX3AJzwIOiYVVZz6MglSqyugcgIfO0l4vPB2hpLNmAFBeuiczkkm6yNp If you are left site you need to copy the right rsasigkey from right site Vice versa in right site Start to create IPSec Tunnel el Press Start button ipsec net Stop Down 192 168 1 141 192 168 1 140 4 x Test your VPN connection Sit at one of your local subnet nodes 192 168 10 100 and ping a subnet node on the other 192 168 20 1 You will see ESP Encapsulating Security Payload packets moving back and forth between the two gateways at the same frequency as your pings 06 21 59 282435 IP 192 168 1 141 gt 192 168 1 148 ESP spias8x5524C925 seqw0x17 length 188 i 6 22 08 282408 IP 192 168 1 141 gt 192 168 1 148 ESP spis0x5524Cc925 seqs0x18 length 188 If you see this congratulations are in order You have a tunnel which will protect any IP data from one subnet to the other as it passes between the two gates P VPN Korenix 7 3 Certificates System Ne
52. ylvubEvSS5bp zARevicu right IP address of network interface 192 168 1 140 rightsourceip Connection source IP 192 168 201 rightsubnet Private subnets behind the participant 192 168 20 0 24 9 Example 192 168 10 0 24 rightrsasigkey Public key for authentication 0sAQOo0 1DF mfalnLB2WWVsDgaT3Ph5J5nMst Additional Field v Add All settings are the same as etc ipsec conf in JetBox 5630 console Generate a new IPsec RSA key on Left and Right In web interface we provide that user can generate RSA key automatically Just press t Generate button Ad below T Public Key Management vieedusbdusisduvbuusbdvutdusisdevtduebddstdusimusipduvbdueuduetdusipdussduebdustdusidusiduevduebdueipdusideveduiwduelpduutiduebdusuduubduedeebduetduuedusinduspdusedueeduutbdueirduebeVebduoduvtdusuduuvdussduuisdusindvsbduubdustdustddebdudedVetsduvivdevtuiuseduistdueipdusipduwbdusudvutdusaduebddebdueisduusdevbuebdustrduutsdusbdusbduubdueipduee Generate Public Key O Generate ML Generating Show Public Key GlShow Generate Hostkey Successfully n Public Key Management o o E A reas tele oet dese E o ada Uf es Rua o cadi a cn S Moles tT rus ao Ree Tesi O ctus armi ect A Seton Lanes tance NOR cct KT 7 Generate Public Key B Generate Generate Hostkey Successfully Show Public Key _alShow Korenix VPN Ee 1 User has to fill out the leftrsasigkey rightrsasigkey Here you just press giShow after generate hostke
Download Pdf Manuals
Related Search