Geneko GWR402HSW User Manual
Contents
1. e Click OK Policies From Untrust To Trust SSG140RBGE i Se Juniper SSG 140 Name optional New Address Z pte oc 192 168 1004 wy E O New Address le SA Bick aT 10 0 0 0 24 x 7 Service ANY Y Giro Application None wal hal O web Filtering Action Permit Antivirus Profile None x Antispam enable Tunnel vpn None C modify matching bidirectional VPN policy LaTe None Logging at Session Beginning E E a 5 E Position at Top Figure 113 Policies from untrust to trust zone Geneko GWR High Speed Router Series 113 e Click Policies in main menu e Click New button from trust to untrust zone Source Address 10 10 10 0 24 Destination Address 192 168 10 0 24 Services Any e Click OK Juniper OO 00 all is 3 E k Ld _ None Y i h O K Figure 114 Policies from trust to untrust zone Geneko GWR High Speed Router Series A 10 0 0 0 24 a 192 168 10 0 24 ETEA l User Manual SSG140RBGE 114 User Manual OpenVPN tunnel between GWR HS router and OpenVNP server Overview OpenVPN site to site allows connecting two remote networks via point to point encrypted tunnel OpenVPN implementation offers a cost effective simply configurable alternative to other VPN technologies OpenVPN allows peers to authenticate each other using a pre shared se2. GSM UMTS Network Static WAN 172 29 8 5 Static WAN 172 29 8 4 Cisco Router VPN HO Site Figure 67 GRE tunnel between Cisco router and GWR HS Router GRE tunnel is created between Cisco router with GRE functionality on the HO Site and the GWR HS Router on the Remote Network In this example it is necessary for both routers to create tunnel interface virtual interface This new tunnel interface is its own network To each of the routers it appears that it has two paths to the remote physical interface and the tunnel interface running through the tunnel This tunnel could then transmit unroutable traffic such as NetBIOS or AppleTalk The GWR HS Router uses Network Address Translation NAT where only the mobile IP address is visible to the outside All outgoing traffic uses the GWR HS Router WAN VPN mobile IP address HQ Cisco router acts like gateway to remote network for user in corporate LAN It also performs function of GRE server for termination of GRE tunnel The GWR HS Router act like default gateway for Remote Network and GRE server for tunnel 1 HQ router requirements e HQ router require static IP WAN address e Router or VPN appliance has to support GRE protocol e Tunnel peer address will be the GWR HS Router WAN s mobile IP address For this reason a static mobile IP address is prefer
3. Failover O Enable IKE Failover IKE 5A Retry Restart PPP After IKE SA Retry Exceeds Specified Limit O Enable Tunnel Failover Ping IP Or Hostname Ping Interval Packet Size Advanced Ping Interval Advanced Ping Wait For A Response Maximum Number Of Failed Packets Advanced O Compress Support IP Payload Compression Protocol IPComp O Dead Peer Detection DPD sec NAT Traversal Send Initial Contact Geneko GWR High Speed Router Series 102 User Manual Figure 96 IPSec configuration page lll for GWR HS Router Click Start button on Internet Protocol Security page to initiate IPSEC tunnel Click Start button and after that Connect button on Internet Protocol Security page to initiate IPSEC tunnel Internet Protocol Security Summary Tunnels used 1 Maximum number of tunnels 5 Add New Tunnel Log level control Name Enabled Status _Enc Auth Grp Local Group Remote Group Remote Gateway Phi 3DES SHA1 2 aggressive 192 168 10 0 10 10 10 0 Reducing the MTU size on the client side can help eliminate some connectivity problems occurring at the protocol level Start Stop Refresh Recommended MTU size on client side is 1300 Tunnel status description started ipsec is running stopped ipsec is not running or tunnel is not enabled connecting ipsec is trying to establish connection waiting for connection ipsec is waiting for other end to connect estab
4. Figure 104 Network Interfaces list unnumbered Untrust Tunnel tunnel 3 unnumbered Untrust Tunnel Ready 0 0 0 0 0 ea lt User Manual SG140RBGE e Bind New tunnel interface to Untrust interface outside int with public IP addresss e Use unnumbered option for IP address configuration dy Juniper NETWORKS SSG 140 VR Untrust trust vr al face ethernet0 2 trustvr Y D f P a Figure 105 Network Interfaces edit Geneko GWR High Speed Router Series SSG140RBGE Back To Interface List 109 User Manual Step 2 Create New VPN IPSEC tunnel e Click VPNs in main menu To create new gateway click Gateway on AutoKey Advanced tab 00 00 Figure 106 AutoKey Advanced Gateway e Click New button Enter gateway parameters Gateway name TestGWR HS Security level Custom Remote Gateway type Dynamic IP address because your GWR HS router are hidden behind Mobile operator router s firewall NAT Peer ID 172 30 147 96 Presharedkey 1234567890 LocalID 150 160 170 1 VPNs gt AutoKey Advanced gt Gateway gt Edit SSG140RBGE El Figure 107 Gateway parameters e Click Advanced button Security level User Defined custom Phase 1 proposal pre g2 3des sha Geneko GWR High Speed Router Series 110 User Manual Mode Agressive must be aggressive because of NAT Nat Traversal enabled
5. Pingable if Ethernet IP address of the router is in the same IP subnet as PC interface then this field will be marked i e you can access router over web interface Geneko GWR High Speed Router Series 1 3 User Manual Mila A GWR352 192 168 13 15 2 19 29 29 352 em GWR352 152 168 23 17 2 1 9 29 29 352 em GWR352 192 1605 33 18 2132923 352 em 132 168 13 13 2 19 29 29_ 3502 e GWR352_PH8 2 19 29 29 352 phe Reset device to default settings Figure 54 Connection Wizard Router Detection When you select one of the routers from the list and click Next you will get to the following screen Geneko Wireless Router Connection Wizard IP address 10 00 1017 Subnet mask 255 7552550 Figure 55 Connection Wizard LAN Settings If you selected to configure LAN and WAN interface click upon entering LAN information click Next and you will be able to setup WAN interface Geneko GWR High Speed Router Series 14 User Manual 4 GWR Connection Wizard s Geneko Wireless Router Connection Wizard WAN Settings 4 Enabled Provider geneko Authentication PAP Usemame geneko Password geneko Dial string ATD So 1 Initial string at cgdcont 1 1P intemet Number of retry 6 G Geneko Y Establish connection Figure 56 Connection Wizard WAN Settings After entering the configuration parameters if you mark option Establish connection router will start with connection establ
6. Port 180 Input interface ppp_0 Output interface Source a ddress Single IP v 212 62 38 210 C Inverted source address rule logic Destination address Any vj Inverted destination address rule logic Packet state NEW v Policy ACCEPT v Distributed Denial Of Service O Enable Maximum average matching rate Maximum initial number of packets to match Figure 135 Allowing WEB access After configuration is finished SAVE button should be selected and user is returned to main configuration page 7 FTP traffic is allowed New rule should be added by selecting ADD NEW RULE button Policy should be configured in following way Rule name Allow FTP Enable selected Chain INPUT Service FTP Protocol TCP Port 21 Input interface ppp_0 Source address Any Destination address Any Packet state NEW Policy ACCEPT After configuration is finished SAVE button should be selected and user is returned to main configuration page Priority of rule is changed by selecting number in drop down menu In this example number 8 is selected 8 Access from LAN to router is allowed This is first rule in predefined firewall settings Allow ALL from local LAN It is recommended to have this rule enabled to allow access to management interfaces of the router As this rules is already configured it is enough just to enable it to have access to router from LAN 9 Select EDIT of the rule Enable selected SAVE and e
7. The subnet mask specifies the network number portion of an IP address The GWR Subnet Mask HS Router support sub netting You must specified subnet mask for your LAN TCP IP settings Primary Local DNS IP address of your primary local DNS server Secondary local DNS IP address of your secondary local DNS server Local Gateway All incoming packets are forwarded to IP address defined in this field Reload Click Reload to discard any changes and reload previous settings Click Save button to save your changes back to the GWR HS Router Whether you Save make changes or not router will reboot every time you click Save Table 3 Network parameters In the Figure 16 you can see screenshot of Network Tab configuration menu Network 7 Help Network Settings Use the following IP address IP Address 1192 168 35 2 Subnet Mask 255 255 255 0 Primary Local DNS 8 8 8 8 Secondary Local DNS 8 8 4 4 Local Gateway Caution Changes to IP address subnet mask and local DNS require a reboot to take effect Caution Use local gateway option carefully Router becomes unreachable from local subnet when this option is enabled Figure 16 Network parameters configuration page Geneko GWR High Speed Router Series 24 User Manual Settings DHCP Server The GWR HS Router can be used as a DHCP Dynamic Host Configuration Protocol server on your network A DHCP server automatically assigns available IP addresses to co
8. 1 0 0 2014061619355 00006 00 05 18 060312KB 255 255 255 0 1500 started LAN Statistics Data received bytes 132391 Received packet 1464 Error packet 0 Dropped packet 0 Data transmited bytes 20344 Transmited packet 225 Error packet 0 Dropped packet D V WAN Information Modem manufacturer Sierra Wireless Incorporated Modem model MC7710 Modem serial number 3581 78042166555 Revision SVVI9200 03 05 24 ODap r5792 c WAN Connection Operator mts Cell ID 00007DD3 Signal strength f dBm Radio access technology Connection status connected Activity time 00 05 32 WAN address 172 27 234 54 PPP address 172 27 234 54 Primary DNS address 195 178 38 3 Secondary DNS address 195 178 38 8 VIWAN Statistics Data received bytes Error packet Data transmited bytes Error packets 656 696 0 Received packets Dropped packets Transmited packets Dropped packets Y Automatic refresh after 60 vsec Figure 15 Router monitoring Geneko GWR High Speed Router Series 23 User Manual Settings Network Click Network Tab to open the LAN network screen Use this screen to configure LAN TCP IP settings Network Tab Parameters Label Use the following IP Choose this option if you want to manually configure TCP IP parameters of Ethernet address port Type the IP address of your GWR HS Router in dotted decimal notation 192 168 1 1 IP Address is the factory default IP address
9. Directive 2004 108 EC EN 301 489 1 V1 6 1 2005 09 EN 301 489 7 V1 3 1 2005 11 EN 60950 1 2001 1st Ed and or EN 60950 1 2001 Complies with Directive 1999 05 EC standards R amp TTE ETSI EN 301 511 V9 0 2 EN 301 908 1 EN 301 908 2 v2 2 1 Directive 2002 95 EC RoHS EU Commission 2005 618 EC 2005 717 EC 2005 747 EC 2006 310 EC 2006 690 EC 2006 691 EC and 2006 692 EC Connector RJ 45 Standard IEEE 802 3 Ethernet interface Physical layer 10 100Base T Speed 10 100Mbps Mode full or half duplex 1 xUART RS 232C 1 x USB Host LTE 800 900 1800 2100 2600 MHz UMTS HSDPA HSUPA 900 2100MHz GSM GPRS EDGE Quad band 850 900 1800 1900MHz GPRS EDGE multi slot class 12 mobile station class B ake LTE DL 100 Mbps UL 50 Mbps RF characteristics GWR402 HSPA DL 42 Mbps UL 5 76 Mbps HSUPA DL 7 2Mbps HSDPA UL 5 76Mbps Other interfaces UMTS DL 384Kbps UL 384Kbps EDGE DL 236 8Kbps UL 236 8Kbps GPRS DL 85 6Kbps UL 85 6Kbps RF Connector MAS 500 Ethernet activity network A Power on Status LED GSM link activity Signal quality WiFi Operation 10 Cto 55 C 14 F to 131 F Environmental Storage 20 C to 85 C 4 F to 185 F Relative humidity 5 to 95 non condensing Dimensions and Width Length Height 95mm 135mm 35mm Weight 380g weight Table 1 Technical parameters Geneko GWR High Speed Router Series 10 User Manual Protocols and fea
10. Syslog parameters Logout The Logout tab is located on the down left hand corner of the screen Click this tab to exit the web based utility If you ex it the web based utility you will need to re enter your User Name and Password to log in and then manage the Router Geneko GWR High Speed Router Series 18 User Manual Configuration Examples GWR HS Router as Internet Router The GWR HS Routers can be used as Internet router for a single user or for a group of users entire LAN NAT function is enabled by default on the GWR HS Router The GWR HS Router uses Network Address Translation NAT where only the mobile IP address is visible to the outside world All outgoing traffic uses the GWR HS Router mobile IP address GSM UMTS Network Figure 59 GWR HS Router as Internet router e Click Network Tab to open the LAN NETWORK screen Use this screen to configure LAN TCP IP settings Configure IP address and Netmask IP address 10 1 1 1 Netmask 255 255 255 0 e Press Save to accept the changes e Use SIM card with a dynamic static IP address obtained from Mobile Operator Note the default gateway may show or change to an address such as 10 0 0 1 this is normal as it is the GSM UMTS provider s network default gateway e Click WAN Settings Tab to configure parameters necessary for GSM UMTS connection All parameters necessary for connection configuration should be provided by your mobile operator e Che
11. WAN Settings SIM 1 sim2 Enabled Cl Enabled Provider Provider Authentication PAP CHAP Authentication Username Username Password genekogwr Password APN lgenekoqwr APN Connection type Automatic A Connection type Automatic Y Dial string Dial string CIPIN enabled PIN enabled O Enable roaming O Enable roaming O Enable operator locking Enable operator locking Number of reties le Number of retries 6 Enable failover after mins Connection settings Persistent connection Cl Reboot after failed connections Cl Enable SIM 1 keepalive O Enable SIM 1 data limit O Enable SIM 2 keepalive Cl Enable SIM 2 data limit Mobile status Mobile device Mobile communication Mobile provider Interface MC7710 UMTS imt s ppp 0 Current SIM card SIM 1 Current WAN address 172 27 234 54 Connection up time 00 00 49 Connection request start Connection status connected Figure 18 WAN Settings configuration page Provider This field specifies name of mobile operator You can setup any name for provider This field specifies password authentication protocol Select the appropriate protocol pumneneicatlon from drop down list PAP CHAP PAP CHAP This field specifies Username for client authentication at GSM UMTS network Mobile Username h T provider will assign you specific username for each SIM card This field specifies Password for client authentication at GSM UMTS network Mobile provider will assign y
12. 192 168 2 0 Netmask 255 255 255 0 Interface gre_x Routing Routing Table Settings Current static routes DestNetwork Netmask Gateway Metric _ Interface p Jeen oer Action DestNetwork Netmask i AAA O ECT Figure 63 Routing configuration page for GWR HS Router 1 Optionally configure IP Filtering and TCP service port settings to block any unwanted incoming traffic On the device connected on GWR HS router 1 setup default gateway 192 168 4 1 The GWR HS Router 2 configuration Click Network Tab to open the LAN NETWORK screen Use this screen to configure LAN TCP IP settings Configure IP address and Netmask IP Address 192 168 2 1 Subnet Mask 255 255 255 0 Press Save to accept the changes Geneko GWR High Speed Router Series 81 User Manual Network Network Settings Use the following IP address IP Address 192 168 2 1 Subnet Mask 255 255 255 0 Primary Local DNS Secondary Local DNS Local Gateway Caution Ch to IP address subnet mask and local DNS i boot to take effect Cation ion E par een as ad when this option is enabled Figure 64 Network configuration page for GWR HS Router 2 e Use SIM card with a static IP address obtained from Mobile Operator Note the default gateway may show or change to
13. Click Return and OK i 15 a VPNs gt AutoKey Advanced gt Gateway gt Edit S SG140RBGE El Figure 108 Gateway advanced parameters Step 3 Create AutoKey IKE e Click VPNs in main menu Click AutoKey IKE e Click New button de Juniper SSG 740 VPNs AutoKey IKE 5S5G140RBGE El ust 20 Viper page LinkToTehnika VPNtoTehnika TestGWR VPNtoUSSD Figure 109 AutoKey IKE AutoKey IKE parameters are VPNname TestGWR HS Security level Custom Remote Gateway Predefined Choose VPN Gateway from step 2 Geneko GWR High Speed Router Series 111 VPNs gt AutoKey IKE gt Edit VPN Name Tes WR Security Level standard Compatible Basic custom Remote Gateway Predefined TestGWR v O Create a Simple Gateway User Manual O Dynamic IP O Dialup User O Dialup Group Security Level standard O Compatible Outgoing Interface ethernet0 0 v 9 9 9 5 1 aya oe Dona Figure 110 AutoKey IKE parameters e Click Advanced button Security level User defined custom Phase 2 proposal pre g2 3des sha Bind to Tunnel interface tunnel 3 from step 1 Proxy ID Enabled LocallP netmask 10 10 10 0 24 RemotelP netmask 192 168 10 0 24 Click Return and OK VPNs gt AutoKey IKE gt Edit gt ie Juniper Security Leve
14. TCP UDP Select server mode in order to listen for incoming connection or client mode to establish one Number of the TCP UDP port to accept connections for this device Only on server Bind to TCP UDP port side Server IP address Specify server IP address Only on client side Geneko GWR High Speed Router Series 98 User Manual Connect to TCP UDP port a of the TCP UDP port to accept connections from this device Only on client Either raw or telnet Raw enables the port and transfers all data like between the port Type of socket and the log Telnet enables the port and runs the telnet protocol on the port to set up telnet parameters Enable local echo Enable the local echo feature Enable timeout After defined period of inactivity port is closed default is 1 hour Check TCP connection Enable connection checking Kepalive idle time Set keepalive idle time in seconds Kepalive interval Set time period between checking Log level Set importance level of log messages Reload Click Reload to discard any changes and reload previous settings Click Save button to save your changes back to the GWR HS Router and Save activate deactivate serial to Ethernet converter Table 20 Serial Port over TCP UDP parameters Click Serial Port Tab to open the Serial Port Configuration screen Use this screen to configure the GWR HS Router serial port parameters Figure 37 Serial Port Serial Port Settings Genera
15. Use this screen to configure CLI parameters Figure 50 Command Line Interface Command Line Interface CLI Settings CLI service on serial port Enable telnet service Enable ssh service View Mode Username View Mode Password SSSSSTSSS Confirm Password View Mode Timeout 2 min Edit Mode Timeout 2 min CLI Status Serial stopped Telnet started SSH started Figure 50 Command Line Interface Label CLI service on serial port nable telnet service nable SSH service View Mode Username View Mode Password Password for View mode Confirm Password Confirm password for View mode View Mode Timeout Inactivity timeout for View mode in minutes After timeout session will auto logout Inactivity timeout for Edit mode in seconds Note that Username and Password for Edit Mode Timeout Edit mode are the same as Web interface login parameters After timeout session will auto logout Click Save to save your changes back to the GWR HS Router Click Reload to discard any changes and reload previous settings Table 25 Command Line Interface parameters Geneko GWR High Speed Router Series 70 User Manual Detailed instructions related to CLI are located in other document Command_Line_Interface paf file on CD that goes with the router You will find detailed specifications of all commands you can use to configure the router and monitor routers performance Management Remote Management Remote Management
16. more restrictive condition compared to SIM1 Keepalive action switch SIM Connection settings Persistent connection Cl Reboot after failed connections Enable SIM 1 keepalive Ping target 8 8 8 8 Ping interval 120 sec Advanced ping interval 10 sec Advanced ping wait for a response 5 sec Maximum number of failed packets 80 Keepalive action switch SIM vw Enable SIM 2 keepalive Ping target 212 62 32 1 Ping interval 120 sec Advanced ping interval 10 sec Advanced ping wait for a response 5 sec Maximum number of failed packets 40 Keepalive action switch SIM Y CJ Enable SIM 1 data limit Cl Enable SIM 2 data limit SIM 1 connection type Auto lt SIM 2 connection type Auto MJ Figure 139 Configuration page for GSM keepalive Apendix A How to Achieve Maximum Signal Strength with GWR HS Router The best throughput comes from placing the device in an area with the greatest Received Signal Strength Indicator RSSI RSSI is a measurement of the Radio Frequency RF signal strength between the base station and the mobile device expressed in dBm The better the signal strength the less data retransmission and therefore better throughput RSSI information is available from several sources e The LEDs on the device give a general indication e Via the GWR HS Router local user interface Signal strength LED indicator Geneko GWR High Speed Router Series 132 User Manual 101 or less dBm Unacceptab
17. pre shared secret Select this option if you want to use PSK as a authentication method Authenticate Mode username password Select this option if you want to use username password along with CA Certificate as a authentication method X 509 cert client Select this option if you want to use X 509 certificates as a authentication method in client mode X 509 cert server Select this option if you want to use X 509 certificates as a authentication method in server mode Encrypt packets with cipher algorithm The default is BF CBC an abbreviation for Blowfish in Cipher Block Chaining mode Blowfish has the advantages of being fast Encryption Cipher very secure and allowing key sizes of up to 448 bits Blowfish is designed to be used in situations where keys are changed infrequently OpenVPN supports the CBC cipher mode Authenticate packets with HMAC using message digest algorithm The default is SHA1 HMAC is a commonly used message authentication algorithm MAC that uses a data string a secure hash algorithm and a key to produce a digital signature OpenVPN s usage of HMAC is to first encrypt a packet then HMAC the resulting ciphertext In TLS mode the HMAC key is dynamically generated and shared between peers via the TLS control channel If OpenVPN receives a packet with a bad HMAC it will drop the packet HMAC usually adds 16 or 20 bytes per packet Set none to disable authentication NOTE Depending on the options selec
18. 09 02 13 35 47 Operator Cell ID Mobile communication Signal Strength mts DODA7DD3 UMTS 75dBm Mobile Statistics Mode Interface WAN Address Primary DNS Address Data Received 656 Data Transmitted 696 DirectiP ppp O 172 27 234 54 195 178 38 3 RX Packets 2 TX Packets 2 Activity Time 00 01 23 PPP Address 172 27 234 54 Second DNS Address 195 178 38 8 RX Error Packets 0 RX Dropped Packets TX Error Packets 0 TX Dropped Packets Figure 12 WAN Information As a primary and secondary DNS are always displayed DNS servers assigned by provider They are not necessarily used by the router If Local DNS is configured it has priority to those DNS servers Status Firewall Firewall Information Tab provides information about active firewall and MAC filtering rules divided in three groups INPUT FORWARD and OUTPUT chain Each of these groups has packet counter which can be cleared with one of three displayed button Reset INPUT Reset FORWARD and Reset OUTPUT Firewall MAC Filter Active Rules Bridge table filter Bridge chain INPUT entries 1 policy ACCEPT 1 p IPv4 i ethO ip proto udp ip sport 67 ip dport 68 j DROP pent 1 bent 328 Bridge chain FORWARD entries 1 policy ACCEPT 1 p IPv4 i ethO ip proto udp ip sport 67 ip dport 68 j DROP pent 0 bent 0 Bridge chain OUTPUT entries 0 policy ACCEPT IP Filter Active Rules Chain INPUT policy ACCEPT
19. 10 1 The GWR HS Router 2 configuration e Click Network Tab to open the LAN NETWORK screen Use this screen to configure LAN TCP IP settings Configure IP address and Netmask e IP Address 192 168 10 1 e Subnet Mask 255 255 255 0 Press Save to accept the changes Geneko GWR High Speed Router Series 90 User Manual Network Network Settings IP Address Subnet Mask Primary Local Cd ES a ok Secondary Local DNS Local Gateway Use the following IP address 192 168 10 1 255 255 255 0 DNS aution Changes to IP address subnet mask and local DNS require a reboot to take effect ion Use local gateway option carefully Router becomes unreachable from local subnet when this option is enabled Figure 77 Network configuration page for GWR HS Router 2 e Use SIM card with a static IP address obtained from Mobile Operator e Click WAN Settings Tab to configure parameters necessary for GSM UMTS connection All parameters necessary for connection configuration should be required from mobile operator e Check the status of GSM UMTS connection WAN Settings Tab If disconnected please click Connect button E e Click VPN Settings gt IPSEC to configure IPSEC tunnel parameters Click Add New Tunnel button to create new IPSec tunnel Tunnel parameters are Add New Tunnel e Tunnel Name IPsec tunnel e Enable true Local Group Setup Local Security Gateway
20. 168 13 0 mask 255 255 255 0 2 2 2 10 third remote location 2 GWR HS router is configured with SIM card which has internet access Configuration of OpenVPN is following Add New Tunnel Tunnel Number 1 Tunnel Name Enable Te st OpenVPN Settings Tunnel Interface Configuration Local Interface IP Address Remote Interface IP Address Interface Type TUN Authenticate Mode pre shared secret vi Encryption Cipher BF CEC 128 bit v Hash Algorithm ASA SHA1 160 bit ho Protocol UDP connect UDP Port 11194 LZO Compression NAT Rules O Keep Alive Ping Interval 30 sec Ping Timeout 60 sec Max Fragment Size 1300 bytes A O Generate PSK Pre shared Secret OPaste PSK Caution On some GSM UMTS networks recommended time for Keepalive Ping Interval is grater than 10 seconds Local Remote Group Settings Remote Host or IP Adress 1 34 55 22 1 Redirect Gateway O Figure 117 OpenVPN GWR HS settings Where pre shared secret you paste from the key txt file which you generate on OpenVPN server In routing table static ip route to local OpenVPN server network in this case it is 192 168 2 0 24 should be entered Geneko GWR High Speed Router Series 117 User Manual BIO IEC ooso Ih E Bem El fisersezo j552552550 e n tv Rem Figure 118 Static routes on GWR HS TUN1 interface isn t available before you start the OpenVPN tunnel s
21. 38 Modbus gateway configuration PAGE cooooooocccncccconooooannnoncnonanannnnnncnnnnnn ono nnnnnononnnnnnnnnnnccnnnnnnnnnnnnccnnnnannnnnoccnons 61 Figure 39 SIMS remote CONTLOL GCONTGUIATION i EE 63 FIGUVO AO SENG MS ii 63 Figure 41 Device Identity Settings configuration PAGE ccesccccccceesesscceececessesseeeecceeceeeeesaseeeceeeeeessaseeeeseseeaseeeeeees 64 Figure 42 Router Management configuration PAGE ccccnnnooooonnnccnonnnononnnnncconanonononnnccnnnnnnnnnnnnocnnnnnnnonnnnnccnnnnanonnnnnnocos 65 Figure 43 Date Time Settings configuration PAGE oococccccccccccnnnnnananananananononononocononnnanann ono nnnnnnnnnonocononnnnannnn ono nnnnnnnos 66 Figure 44 Diagnostic Padel aS 67 Figure 45 Update Firmware page oooocnnnnnninininininininininnnnnirnrrrrrr a e e a a e a aaae 67 Figure 46 Export Import the configuration on the rOuUteT ccccnnnnnnooonoooononnnononononononananann nono nnnnnnnonocconnnnnnann ono nnnnnnnnns 68 FIGUIO AZ Ele COWIMO AGS iaa da a a EENE 68 Flquie4s DefqultSstnas Padre 69 FIGUNE AO System REDOOU Pad acid 69 Figure 50 Command Line Mtera Eora a a E ia 70 Figure Sk REMOte VidhagemMen anuki tata belt lo 71 Figure 52 Connection Mana aa 72 Figure 53 Connection Wizard Mal Step cu A A vs anaes besten RL AS 73 Geneko GWR High Speed Router Series 4 User Manual Figure 54 Connection Wizard Router Detection ooocccccccnnnonnnonononnnnnnnnnnnn
22. 66623 packets 22M bytes num pkts bytes target prot opt in out source destination Chain FORWARD policy ACCEPT O packets O bytes num pkts bytes target prot opt in out source destination Chain OUTPUT policy ACCEPT 7547 packets 1385K bytes num pkts bytes target prot opt in out source destination Reset INPUT Reset FORWARD Reset OUTPUT Figure 13 Firewall Information Geneko GWR High Speed Router Series 22 Status Routes User Manual Routes Tab provides information about currently active routes on the router The same information can be previewed on Routing page in first routing table Firewall Active Routes default via 172 27 234 54 dev ppp_O scope link metric 1 127 0 0 0 8 dev lo scope link 172 27 234 0 24 dev ppp_0 proto kernel scope link src 172 27 234 54 192 168 1 0 24 dev brO proto kernel scope link src 192 168 1 1 Figure 14 Information about active routes Status Router Monitoring Router Monitoring Tab provide statistics Router Monitoring s summarized information about router router s interfaces and traffic Base Information Model Kernel version Total memory Free memory LAN Information IP address Broadcast Primary local DNS DHCP server status GYWR402HSW S 3 2 0 256 201403171250 254084KB 193772KB 192 168 1 1 192 168 1 255 started Firmware version Up time Used memory Netmask MTU Secondary local DNS DNS server status
23. Chain INPUT si Service Custom r Protocol ICMP y Port All Undef Input interface ppp_0 y Output interface lo bd Source address Single IP 5 El Inverted source address rule logic Destination address Any inverted destinstion address rule logic Packet state NEW r Policy ACCEPT A r Distributed Denial Of Service O Enable Maximum average matching rate Maximum initial number of packets to match Figure 133 Allowing ICMP traffic ICMP type echo request r 212 62 38 196 After configuration is finished SAVE button should be selected and user is returned to main configuration page Priority of rule is changed by selecting number in drop down menu In this example number 5 is selected Geneko GWR High Speed Router Series 126 User Manual 4 Establishing of IPSec tunnel is allowed Firewall has to allow IKE and ESP protocol for IPSec tunnel establishment If NAT traversal is used one additional port has to be allowed All these rules are predefined and they have priorities 10 11 and 12 in default firewall configuration they are named as Allow IPSec tunnels on ppp_0 protocol IKE and NATt As these rules are already configured it is enough just to enable them to have IPSec passed through firewall POSO O b Pm i Albow IPSec tunnels on 12 mop 0 IKE NaTr Y8 INPUT Custom a500 ppp none ACCEPT Edit Delete Figure 134 IPSec firewall rules These three rules are en
24. In this scenario aggressive mode will be used Configurations for Router 1 and Router 2 are listed below The GWR HS Router 1 configuration Click Network Tab to open the LAN NETWORK screen Use this screen to configure LAN TCP IP settings Configure IP address and Netmask IP Address 10 0 10 1 e Subnet Mask 255 255 255 0 e Press Save to accept the changes Network Network Settings Use the following IP address IP Address Subnet Mask Primary Local DNS Secondary Local DNS Local Gateway E ion Use local gateway option c 10 0 10 1 255 255 255 0 on Changes to IP address subnet mask and local DNS require a reboot to take effect l arefully Router becomes unreachable from local subnet when this option is enabled Reload Save Figure 72 Network configuration page for GWR HS Router 1 e Use SIM card with a static IP address obtained from Mobile Operator e Click WAN Settings Tab to configure parameters necessary for GSM UMTS connection All parameters necessary for connection configuration should be required from mobile operator e Check the status of GSM UMTS connection WAN Settings Tab If disconnected please click Connect button e Click VPN Settings gt IPSEC to configure IPSEC tunnel parameters Click Add New Tunnel button to create new IPSec tunnel Tunnel parameters are e Add New Tunnel Tunnel Name IPsec tunnel Enable true e Local Group Se
25. Network IP Network IP 192 168 0 0 24 19 168 1 0 24 192 168 0 2 LAN 192 168 1 2 Figure 26 OpenVPN example Click VPN Settings OpenVPN to open the VPN configuration screen At the Figure 24 IPSec Summary screen you can see OpenVPN Summary This screen gathers information about settings of all defined OpenVPN tunnels Up to 5 OpenVPN tunnels can be defined on GWR HS router OpenVPN Summary and OpenVPN Settings are briefly displayed in following figures and tables Open PN Summary Tunnels used 1 Maximum number of tunnels 5 Add New Tunnel Ce a a Remote eae Tunnel status description Stop started openVPN is running stopped openVPN is not running or tunnel is not enabled connecting openVPN is trying to establish connection established tunnel is up error error during establishing openVPN tunnel Figure 27 OpenVPN Summary screen Geneko GWR High Speed Router Series 46 User Manual OpenVPN Description r D a IP Filtering Tunnel Number Automatically assigned number of the tunnel Tunnel Name This field specifies tunnel name Check this setting in order to enable OpenVPN tunnel Allow access from the following devices Interface Type There are two modes of OpenVPN tunnel routed and bridged mode yp For routed mode select option TUN and for bridged TAP Choose one of the following options none Select this option if you do not want to use any kind o authentication
26. Phase 1 Encryption Phase 1 Authentication Phase 1 SA Life Time Perfect Forward Secrecy Phase 2 DH Group IKE with Preshared key v main v Groupe 1024 3DES y MD5 vw 28800 sec Groupe 1024 Phase 2 Encryption 3DES vi Phase 2 Authentication MD5 v Phase 2 SA Life Time 3600 sec 12y5hrr divbdy Preshared Key Failover O Enable IKE Failover IKE SA Retry Restart PPP After IKE SA Retry Exceeds Specified Limit O Enable Tunnel Failover Ping IP Or Hostname Ping Interval sec Packet Size Advanced Ping Interval see Advanced Ping Wait For A Response see Maximum Number Of Failed Packets Advanced O Compress Support IP Payload Compression Protocol IPComp O Dead Peer Detection DPD sec NAT Traversal Send Initial Contact Figure 25 IPSec Settings Geneko GWR High Speed Router Series 42 User Manual VPN Settings IPSec Settings Tunnel Number This number will be generated automatically and it represents the tunnel number Tunnel Name Enter a name for the IPSec tunnel This allows you to identify multiple tunnels and does not have to match the name used at the other end of the tunnel Check this box to enable the IPSec tunnel When SIM Card is selected the WAN or Internet IP address of the Router automatically P appears If the Router is
27. ROI process for each one of possible applications The list of most common GWR HS router applications is presented bellow Geneko GWR High Speed Router Series 8 User Manual Typical application Data collection and system supervision Extra high voltage equipment monitoring e Running water gas pipe line supervision e Centralized heating system supervision e Environment protection data collection e Flood control data collection e Alert system supervision e Weather station data collection e Power Grid e Oilfield e Light Supervision Solar PV Power Solutions Financial and department store e Connection of ATM machines to central site e Vehicle based bank service e POS e Vending machine e Bank office supervision Security e Traffic control e Video Surveillance Solutions Other e Remote Office Solution e Remote Access Solution There are numerous variations of each and every one of above listed applications Therefore GENEKO formed highly dedicated top rated support team that can help you analyze your requirements and existing system chose the right topology for your new system perform initial configuration and tests and monitor the complete system after installation Enhance your system performance and speed up the RO with high quality cellular routers and all relevant knowledge of GWR HS support team behind you Geneko GWR High Speed Router Series 9 User Manual Technical Parameters
28. Remote Security Group Type subnet v IP Address 10 0 10 0 Subnet Mask 255 255 255 0 Figure 78 IPSEC configuration page for GWR HS Router 2 IPSec Setup Key Exchange Mode Mode Phase 1 DH Group IKE with Preshared key aggressive Y Group 1024 Phase 1 Encryption 3DES v Phase 1 Authentication Phase 1 SA Life Time 8800 sec Perfect Forward Secrecy Phase 2 DH Group Groupe 1024 Phase 2 Encryption 3DES Phase 2 Authentication Phase 2 SA Life Time 600 sec 1234567890 Preshared Key Figure 79 IPSec configuration page Il for GWR HS Router 2 NOTE Options NAT Traversal and Send Initial Contact are predefined Failover O Enable IKE Failover IKE SA Retry Restart PPP After IKE SA Retry Exceeds Specified Limit O Enable Tunnel Failover Ping IP Or Hostname Ping Interval Packet Size Advanced Ping Interval Advanced Ping Wait For A Response Maximum Number Of Failed Packets Advanced O Compress Support IP Payload Compression Protocol IPComp C Dead Peer Detection DPD sec NAT Traversal Send Initial Contact Figure 80 IPSec configuration page Ill for GWR HS Router 2 Geneko GWR High Speed Router Series 92 User Manual Click Start button on Internet Protocol Security page to initiate IPSEC tunnel NOTE Firmware version used in this scenario also provides options for Connection mode of IPSec tunnel If connection mode C
29. Tab If disconnected please click Connect button Click VPN Settings gt GRE to configure GRE tunnel parameters Enable yes Local Tunnel Address 10 10 10 1 Local Tunnel Netmask 255 255 255 252 Unchangeable always 255 255 255 252 Tunnel Source 10 251 49 2 select HOST from drop down menu if you want to use host name as peer identifier Tunnel Destination 10 251 49 3 select HOST from drop down menu if you want to use host name as peer identifier KeepAlive enable no Period none Retries none Press ADD to put GRE tunnel rule into GRE table Press Save to accept the changes VPN Settings GRE Generic Routing Encapsulation GRE Tunneling Enable Local Tunnel Address Local Tunnel Netmask Tunnel Destination KeepAlive Enable Period Retries Action v a mom es e AA Local Tunnel Address IP Address of virtual tunnel interface Local Tunnel Netmask Unchangeable always 255 255 255 252 Tunnel Source IP address of tunnel source Tunnel Destination IP address of tunnel destination Period Valid values 3 60 Retries Valid values 1 10 v Pese e CO 10 259 49 3 Rem pozo we Oo O E 255 255 255 252 IP v Figure 62 GRE configuration page for GWR HS Router 1 Click Routing on Settings Tab to configure GRE Route Parameters for this example are Destination Network
30. Type SIM card Local ID Type IP Address IP Address From SIM 1 WAN connection is established over SIM 1 Local Security Group Type IP IP Address 192 168 10 1 Remote Group Setup Remote Security Gateway Type IP Only IP Address 172 29 8 4 Remote ID Type IP Address Remote Security Group Type Subnet IP Address 10 0 10 0 Subnet 255 255 255 0 IPSec Setup Keying Mode IKE with Preshared key Mode aggressive Phase 1 DH group Group 2 Phase 1 Encryption 3DES Phase 1 Authentication MD5 Phase 1 SA Life Time 28800 Perfect Forward Secrecy true Phase 2 DH group Group 2 Phase 2 Encryption 3DES Phase 2 Authentication MD5 Phase 2 SA Life Time 3600 Preshared Key 1234567890 Failover Enable Tunnel Failover false Advanced e Compress Support IP Payload Compression Protocol IPComp false e Dead Peer Detection DPD false e NAT Traversal true e Send Initial Contact true Press Save to accept the changes Geneko GWR High Speed Router Series 91 User Manual Device 2 Device Tunnel Add New Tunnel Tunnel Number 1 Tunnel Name IPsec tunnel Enable Local Group Setup Local Security Gateway Type SIM Card Y Local ID Type IPAddress IP Address From SIM 1 v Local Security Group Type IP v IP Address 192 168 10 1 Remote Group Setup Remote Security Gateway Type IP Only v IP Address 172 29 8 4 Remote ID Type IP Address Y
31. VSP startup 4 Don t create VSP Port if Ping to remote device failed Y Connect to device even if VSP Port is closed Y Automatically renew connection after connection lost FF Start HW VSP with Windows startup Save Settings Now 4 Report VSP Setting A Final Networking products group www HW group com Version 2 4 Embedded Ethernet Devices Figure 127 Virtual COM port application In Virtual Serial Port tab settings should be following HW Virtual Serial Port Virtual Serial Port UDP Search Binary 1 0 Settings License WS Port Status fis Status Created iame enver Po Baud Bits NYT 2217 Yes Device Mode Client Parity Ethernet Status Stop Bits Client Connection Handflow Server Connection Listen Ax Bytes 0 RxBytes O TxBytes O Tx Bytes 0 cate COM X Delete COM Y Hide 4 18 2013 13 31 17 Sending test ping to device 4 18 2013 13 31 17 Virtual serial port COM10 created A Final Nebworking products group www HW group com lt gt Version 2 4 Embedded Ethernet Devices Figure 128 Settings for virtual COM port IP address not used in server mode Port 1234 Server Port 1234 Port Name COM10 random selected After Create COM is activated if everything is alright in log will be shown message that port COM10 is created like in picture above In communication with remote serial device COM10 should be selected on workstation Geneko GWR High Spee
32. With this option pppd will not omit the connection ID byte from Van Jacobson compressed TCP IP headers protocol pida Disable protocol field compression negotiation in both directions Compression ld Disable Address Control compression in both directions Compression de Disable or enable accept or agree to Predictor 1 compression Compression BSD Compression Disable or enable BSD Compress compression Deflate Compression Disable or enable Deflate compression Disable CCP Compression Control Protocol negotiation This option should only be required if the peer is buggy and gets confused by requests from pppd for CCP Compression Compression Control Protocol negotiation negotiation Magic Number Disable magic number negotiation With this option pppd cannot detect a looped negotiation back line This option should only be needed if the peer is buggy Enables the passive option in the LCP With this option pppd will attempt to initiate Passive Mode a connection if no reply is received from the peer pppd will then just wait passively for a valid LCP packet from the peer instead of exiting as it would without this option With this option pppd will not transmit LCP packets to initiate a connection until a Silent Mode valid LCP packet is received from the peer as for the passive option with ancient versions of pppd Append domain name Append the domain name d to the local host name for authentication
33. an address such as 10 0 0 1 this is normal as it is the GSM UMTS provider s network default gateway e Click WAN Settings Tab to configure parameters necessary for GSM UMTS connection All parameters necessary for connection configuration should be required from mobile operator e Check the status of GSM UMTS connection WAN Settings Tab If disconnected please click Connect button e Click VPN Settings gt GRE to configure GRE tunnel parameters Enable yes Local Tunnel Address 10 10 10 2 Local Tunnel Netmask 255 255 255 252 Unchangeable always 255 255 255 252 Tunnel Source 10 251 49 3 select HOST from drop down menu if you want to use host name as peer identifier Tunnel Destination 10 251 49 2 select HOST from drop down menu if you want to use host name as peer identifier e KeepAlive enable no Period none Retries none Press ADD to put GRE tunnel rule into GRE table e Press Save to accept the changes VPN Settings GRE Generic Routing Encapsulation GRE Tunneling Enable Local Tunnel Address Local Tunnel Netmask Interface KeepAlive Enable 10 10 10 2 255 255 255 252 10 251 49 3 10 251 49 2 loet JH Local Tunnel Address IP Address of virtual tunnel interface Local Tunnel Netmask Unchangeable always 255 255 255 252 Reload Save Tunnel Source IP address of tunnel sourc
34. bind at O User defined Default 2602 Routing Information Protocol Status Status stopped Figure 21 RIP configuration page Geneko GWR High Speed Router Series 35 User Manual RIP Settings Description Routing Manager rompt name that will be displayed on telnet console assword Login password nable log Enable log file ort to bind at ocal port the service will listen to Prompt name that will be displayed on telnet console of the Routing Information Protocol Manager Login password Local port the service will listen to Routing Information Protocol Status Start Start RIP Stop Stop RIP Restart Restart RIP Save Click Save to save your changes back to the GWR HS Router Reload Click Reload to discard any changes and reload previous settings Table 9 RIP parameters RIP routing engine for the GWR HS Router Use telnet to enter in global configuration mode telnet 192 168 1 1 2602 telnet to ethO at TCP port 2602 To enable RIP use the following commands beginning in global configuration mode router router rip To associates a network with a RIP routing process use following commans router network A B C D Mask By default the GWR HS Router receives RIP version 1 and version 2 packets You can configure the GWR HS Router to receive an send only version 1 Alternatively you can configure the GWR HS Router to receive and send only version 2 packets To configure GWR HS R
35. capability Select None to stop the DHCP Server from assigning DNS server IP address When you select None computers must be manually configured with proper DNS IP address Select Used by ISP to have the GWR HS Router assign DNS IP address to DHCP clients DNS address is provided by ISP automatically obtained from WAN side This option is available only if GSM connection is active Please establish GSM connection first and then choose this option Select Used Defined to have the GWR HS Router assign DNS IP address to DHCP clients DNS address is manually configured by user Enable DHCP Server This field specifies IP addresses that will be dedicated to specific DHCP Client based on MAC address DHCP server will always assign same IP address to appropriate client NddreceEvclacion lt This field specifies IP addresses that will be excluded from the pool of DHCP IP address DHCP server will not assign this IP to DHCP clients Static Lease Reservation Click Remove to delete selected item from table Add Click Add to insert add new item in table to the GWR HS Router D O 3 lt Click Save to save your changes back to the GWR HS Router Click Reload to discard any changes and reload previous settings Table 4 DHCP Server parameters Geneko GWR High Speed Router Series 29 User Manual DHCP Server IP Address range Lease duration 1 days D hrs O mins From 1192 168 1 101 To 1192 168 1 132 Gateway Ne
36. cccccccssessssececcecessssseeeecceeeessseeeeccceeeeesssseeseeeeeesssaeeeeees 131 Figure 139 Configuration page for GSM keepalive cccccsssscccccessessssceeccceesessseeecceeesessseeeecceeeeessaeeeseeeeeeesaeeeeeees 132 Geneko GWR High Speed Router Series 6 User Manual List of Tables Tables Fechnical Data metes As 10 Table 2 GWR HS ROUTE rte a tres AS AAA a 12 Table 3 NetWork para Nele Sarai dida 24 Table4 DHCP Server parameters aoine A AAA A a 25 Table WAN Daramnete Sis daria A Ad iaa 29 Table 6 Advanced WAN Settings sa a 31 Table Z Wireless Settings eenaa e e nn aaa oN 32 Fables ROUTING Darameters nostra 34 Table RIP Patata id a aia 36 lo as AA a aE pn Cn Re er Pr OER rc ene ee CeCe eer ee ee reer ere 38 Table GREDIaMEele Sia 40 table 12 IPSecsUMMa did ciohis 42 Table 1PSecParameters tan a ti eee Re Ee 45 Table 14 OBenVPN para Meter Said A 48 Tablets PPP parameter a SA is 51 Table To 12 IP Parane tor a EA A AE haa EA AA AA eee 52 Table 17 Firewall parame tel ida di NNN 54 Table 1 3 MAG TIMERING parame COIS enra E N 55 Table Tos DYNONS parameters ar is 57 Table 20 Sejial Portover TCP UDP parameters sonriendo tiiir A A ii enes 59 Table 21 Modbus gateway paraMeterS ccccnnnnnucucooononnnonononnnnnnnnnnnononnnnnnnnnnnnnnnnnnnnnnnnnn ono nnnnnnnnnnnnnnnnnnnnnnnnnnonnnnnnnnnnnnnnnnnns 60 Table 22 Device Identity parameters sunno dia cil 64 Table 23 Router Management RA a aaa UASI 65 Table 24 Date Ume
37. disabled Click Back to return on IPSec Summary screen Click Reload to discard any changes and reload previous settings Save Click Save to save your changes back to the GWR HS Router After that router automatically goes back and begin negotiations of the tunnels by clicking on the Start Table 13 IPSec Parameters Send initial contact Geneko GWR High Speed Router Series 45 User Manual OpenVPN OpenVPN site to site allows connecting two remote networks via point to point encrypted tunnel OpenVPN implementation offers a cost effective simply configurable alternative to other VPN technologies OpenVPN allows peers to authenticate each other using a pre shared secret key certificates or username password When used in a multiclient server configuration it allows the server to release an authentication certificate for every client using signature and Certificate authority It uses the OpenSSL encryption library extensively as well as the SSLv3 TLSv1 protocol and contains many security and control features The server and client have almost the same configuration The difference in the client configuration is the remote endpoint IP or hostname field Also the client can set up the keepalive settings For successful tunnel creation a static key must be generated on one side and the same key must be uploaded on the opposite side Remote Endpoint IP MMM MMM _XMK XK ee Intemet Server Client Tunnel IP 10 0 0 1 I 10 0 0
38. like real network interfaces as opposed to using IPSec by itself which can t encrypt multicast traffic Some examples of multicast traffic are OSPF EIGRP Also a number of video VoIP and streaming music applications use multicast e You have a protocol that isn t routable such as NetBIOS or non IP traffic over an IP network You could use GRE to tunnel IPX AppleTalk through an IP network e You need to connect two similar networks connected by a different network with different IP addressing Click VPN Settings Tab to open the VPN configuration screen In the Figure 23 you can see screenshot of GRE Tab configuration menu VPN Settings GRE Tunneling Parameters Label Description This check box allows you to activate deactivate VPN GRE traffic ocal Tunnel Address This field specifies IP address of virtual tunnel interface This field specifies the IP netmask address of virtual tunnel This field is unchangeable always 255 255 255 252 unnel Source This field specifies IP address or hostname of tunnel source unnel Destination This field specifies IP address or hostname of tunnel destination nterface This field specifies GRE interface This field gets from the GWR HS Router Check for keepalive enable Defines the time interval in seconds between transmitted keepalive packets Enter a Period number from 3 to 60 seconds i Defines the number of times retry after failed keepalives before determining that the Retries
39. marked with red are changeable First field is phone number where is sent SMS to Second field is message itself Third field is authorization username password encrypted in BASE64 Link for online BASE64 encryption is following http www base64encode org Username and password has to be written in format username password Geneko GWR High Speed Router Series 63 User Manual Maintenance The GWR HS Router provides administration utilities via web interface Administrator can setup basic router s parameters perform network diagnostic update software or restore factory default settings Maintenance Device Identity Settings Within Device Identity Settings Tab there is an option to define name location of device and description of device function These data are kept in device permanent memory Device Identity Settings window is shown on Figure 41 Device Identity Settings Description This field specifies name of the GWR HS Router This field specifies description of the GWR HS Router Only for information purpose ocation This field specifies location of the GWR HS Router Only for information purpose ave Click Save button to save your changes back to the GWR HS Router Reload Click Reload to discard any changes and reload previous settings Table 22 Device Identity parameters Device Identity Settings Settings Name Test241 Description TestNewFW Location PPLab Figure 41 Device Iden
40. not yet connected to the GSM UMTS network this field is yp without IP address Local ID Type Authentication identity for one of the participant Can be an IP address or fully yp qualified domain name preceded by IP Address From Select SIM card over which the tunnel is established Select the local LAN user s behind the Router that can use this IPSec tunnel Select the Local Security Group type you want to use IP or Subnet Local Security gateway Type NOTE The Local Security Group Type you select should match the Remote Security Group Type selected on the IPSec device at the other end of the tunnel IP Address Only the computer with a specific IP address will be able to access the tunnel Subnet Mask Enter the subnet mask Remote Security Select the remote IP address behind the Router at the other end that can use this IPSec Gateway Type tunnel Select the type you want to use IP or Subnet IP Address Only the computer with a specific IP address will be able to access the tunnel Remote ID Type Authentication identity for one of the participant Can be an IP address or fully del qualified domain name preceded by Select the remote IP address hostname behind the Router at the other end that can use Remote Security Group this IPSec tunnel Select the type you want to use IP Only or hostname Type NOTE The Remote Security Group Type you select should match the Local Security Group Type selected on the IPSec device at
41. parameter enn rta te iia 66 Table 25 Command Line Interface paraMeterS ooooococooooooooooooonooooonnnnnnnnnnnnnonnnnnnnnononononnnnnnnnnonononnnnnnnnnnnno nono nnnononnnnnnnns 70 Table 26 Remote Management parameters ccsssesssssssssssssssssessesssssssseceeeeeeeeeeeeeeesseseeeeseesseseseeseeeeseeseeeeeseeeeceeees 71 Table27 SNMP parame lE Suer nn a NE NE 76 Fable ZG Syslog parameter ica 78 Geneko GWR High Speed Router Series User Manual Description of the LTE Router Series GWR HS routers represent a robust solution designed to provide remote connectivity across cellular networks Low transmission delay and very high data rates offered by existing cellular networks completely eliminate the need for expensive wired infrastructure GWR HS series brings scalability of even most demanding corporate networks on highest possible level Installing a reliable high performance backup solution for existing land lines or satellite networks is now a simple task thanks to modern cellular networks Therefore no matter if the goal is to provide primary internet access or backup solution for already existing network GWR HS router series represents a top rated solution Figure 1 GWR HS Router There are practically no limits when it comes to possible application of GWR HS routers Wired infrastructure is no longer necessary for building scalable and high performance systems GWR HS routers will reduce the costs and speed up the
42. purposes Show PAP password in When logging the contents of PAP packets this option causes pppd to show the O password string in the log message Time to wait before re Specifies how many seconds to wait before re initiating the link after it terminates initiating the link sec The holdoff period is not applied if the link was terminated because it was idle If this option is given pppd will presume the peer to be dead if n LCP echo requests are sent without receiving a valid LCP echo reply If this happens pppd will terminate LCP Echo Failure the connection This option can be used to enable pppd to terminate after the physical connection has been broken e g the modem has hung up in situations where no hardware modem control lines are available If this option is given pppd will send an LCP echo request frame to the peer every n seconds Normally the peer should respond to the echo request by sending an echo reply This option can be used with the Icp echo failure option to detect that the peer is no longer connected Use Peer DNS With this option enabled router resolves addresses using ISP s DNS servers LCP Echo Interval Geneko GWR High Speed Router Series 30 Modem Initialization This field provides an option to directly specify AT commands User Manual By enabling this option router will erase LOCI Elementary File in SIM card This will cause SIM card to scan all available networks when registe
43. responding side in negotiation process og level Set IPSec log level Click on this button to add a new Device to Device IPSec tunnel After you have added Add New Tunnel E the tunnel you will see it listed in the Summary table Geneko GWR High Speed Router Series 41 User Manual This button starts the IPSec negotiations between all defined and enabled tunnels If the IPSec is already started Start button is replaced with Restart button Stop _ This button will stop all IPSec started negotiations Click on this button to refresh the Status field in the Summary table Table 12 IPSec Summary To create a tunnel click Add New Tunnel button Depending on your selection the Local Group Setup and Remote Group Setup settings will differ Proceed to the appropriate instructions for your selection Device 2 Device Tunnel Add New Tunnel Tunnel Number ft Tunnel Name IPsec tunnel Enable Local Group Setup Local Security Gateway Type SIM Card Local ID Type Custom x Custom Peer ID IP Address From SIM 1 x Local Security Group Type Subnet IP Address 192 16810 Subnet Mask 255 255 255 0 Remote Group Setup Remote Security Gateway Type IP Only v IP Address 1172 27 234 34 7 Remote ID Type IP Address v Remote Security Group Type Subnet e IP Address 192 168 2 0 Subnet Mask 255 255 255 0 IPSec Setup Key Exchange Mode Mode Phase 1 DH Group
44. the other end of the tunnel IP Address Only the computer with a specific IP address will be able to access the tunnel Subnet Mask Enter the subnet mask In order to establish an encrypted tunnel the two ends of an IPSec tunnel must agree on the methods of encryption decryption and authentication This is done by sharing a key to the encryption code For key management the Router uses only IKE with Preshared Key mode IKE with Preshared Key IKE is an Internet Key Exchange protocol used to negotiate key material for Security Association SA IKE uses the Preshared Key to authenticate the remote IKE peer Both ends of IPSec tunnel must use the same mode of key management Mode One of following IPSec modes can be choosed MAIN or AGGRESSIVE Phase 1 is used to create the SA DH Diffie Hellman is a key exchange protocol used during Phase 1 of the authentication process to establish pre shared keys There are three groups of different prime key lengths Group 1 is 768 bits Group 2 is 1024 bits and Group 5 is 1536 bits long If network speed is preferred select Group 1 If network security is preferred select Group 5 Select a method of encryption DES 56 bit 3DES 168 bit or AES 128 128 bit The method determines the length of the key used to encrypt or decrypt ESP packets AES 128 is recommended because it is the most secure Make sure both ends of the IPSec tunnel use the same encryption method Phase 1 Authentication Sel
45. toll on bandwidth utilization For example IPsec ESP headers and trailers can add 20 30 or more overhead Geneko GWR High Speed Router Series 133
46. type of a VPN tunnels with a secure tunneling method Simple network with two GWR HS Routers is illustrated on the diagram below Figure 71 Idea is to create IPSec tunnel for LAN to LAN site to site connectivity Static WAN Static WAN 172 29 8 4 17 2 29 8 5 GWR 1 GWR 2 LAN 10 0 10 1 LAN 192 165 10 1 ee cc ean A LAN 192 168 10 100 3 A OA Gateway 192 168 10 1 Se Figure 71 IPSec tunnel between two GWR HS Routers The GWR HS Routers requirements e Static IP WAN address for tunnel source and tunnel destination address e Dynamic IP WAN address must be mapped to hostname with DynDNS service for synchronization with DynDNS server SIM card must have internet access GSM UMTS APN Type For GSM UMTS networks GWR HS Router connections may require a Custom APN A Custom APN allows for various IP addressing options particularly static IP addresses which are needed for most VPN connections A custom APN should also support mobile terminated data that may be required in most site to site VPNs For the purpose of detailed explanation of IPSec tunnel configuration two scenarios will be examined and network illustrated in the Figure 62 will be used for both scenarios Geneko GWR High Speed Router Series 87 Scenario 1 User Manual Router 1 and Router 2 presented in the Figure 64 have firmware version that provides two modes of negotiation in IPSec tunnel configuration process e Aggressive e Main
47. 0 Preshared Key 1234567890 e Failover Enable Tunnel Failover false e Advanced e Compress Support IP Payload Compression Protocol IPComp false e Dead Peer Detection DPD false e NAT Traversal true e Send Initial Contact Notification true Press Save to accept the changes Geneko GWR High Speed Router Series 101 Device 2 Device Tunnel User Manual Add New Tunnel Tunnel Number Tunnel Name Enable ol IPsec tunnel Local Group Setup Local Security Gateway Type Local ID Type IP Address From Local Security Group Type IP Address Subnet Mask A Remote Group Setup Remote Security Gateway Type IP Address Remote ID Type Remote Security Group Type IP Address Subnet Mask IPSec Setup Key Exchange Mode Mode Phase 1 DH Group Phase 1 Encryption Phase 1 Authentication Phase 1 SA Life Time Perfect Forward Secrecy Phase 2 Encryption Phase 2 Authentication Phase 2 SA Life Time Preshared Key SIM Card Mi IPAddress SIM 1 v Subnet v 192 168 10 0 255 255 255 0 aaa IP Only Mi 150 160 170 1 IPAddress Y Subnet v 10 10 10 0 255 255 255 0 Figure 94 IPSEC configuration page for GWR HS Router IKE with Preshared key Group2 1024 3DES w SHAI 8800 sec 1234567890 Figure 95 IPSec configuration page ll for GWR HS Router
48. 0 0 255 255 255 0 Figure 100 IPSEC configuration page for GWR HS Router IPSec Setup Key Exchange Mode Mode Phase 1 DH Group Phase 1 Encryption Phase 1 Authentication Phase 1 5A Life Time Perfect Forward Secrecy Phase 2 DH Group Phase 2 Encryption Phase 2 Authentication Phase 2 SA Life Time Preshared Key Failover O Enable IKE Failover IKE SA Retry IKE with Preshared key aggressive iY Group2 1024 3DES vj SHAI E 28800 sec Group2 1024 3DES SHA1 3600 sec 1234567890 Figure 101 IPSec configuration page Il for GWR HS Router Restart PPP After IKE SA Retry Exceeds Specified Limit O Enable Tunnel Failover Ping IP Or Hostname Ping Interval Packet Size Advanced Ping Interval Advanced Ping Wait For A Response Maximum Number Of Failed Packets Advanced O Compress Support IP Payload Compression Protocol IPComp O Dead Peer Detection DPD sec NAT Traversal Send Initial Contact Figure 102 IPSec configuration page III for GWR HS Router Geneko GWR High Speed Router Series 107 User Manual e Click Start button on Internet Protocol Security page to initiate IPSEC tunnel Click Start button and after that Connect button on Internet Protocol Security page to initiate IPSEC tunnel Internet Protocol Security Summary Tunnels used 1 Maximum number oftunnels 5 Add New Tunne
49. 120 sec Kepalive interval 60 sec Log Settings Log level level 1 v Status started Figure 126 GWR HS settings for Serial to IP conversion General Settings e Serial port over TCP UDP settings Serial port settings e Bits per second 57600 Data bits 8 Parity none Stop bits 1 Flow control none TCP UDP Settings Protocol TCP Mode client Server IP address 96 34 56 2 IP address of server Connect to TCP port 1234 Type of socket raw Enable local echo Disabled Enable timeout 3600 sec Keepalive Settings e Check TCP connection Enable e Keepalive idle time 120 sec e Keepalive interval 60 sec Log Settings e Log level level 1 When serial port is configured button SAVE should be selected and STATUS of the service should change to started like on the picture above Geneko GWR High Speed Router Series 121 User Manual 2 Application settings In this example is used application HW Virtual Serial Port which is installed on workstation on central location When application is started on Settings tab option HW VSP works as the TCP Server only should be enabled HW Virtual Serial Port Virtual Serial Port UDP Search Binary 1 0 Settings License TEA Key gt NVT Y NYT Enable Y NYT Filter M NYT Port Setup M Use TEA Auth V Keep Connection 3 O9DADBOC 4 OSDADBOC V Log files enabled Y HW VSP works as the TCP Server only Create YSP Port when Hw VSP startup Hide to Tray when HW
50. 170 1 255 255 255 252 ip nat outside no ip route cache no ip mroute cache duplex auto speed auto crypto map GWR HS interface FastEthernet0 1 description LAN INTERFACE ip address 10 10 10 1 255 255 255 0 ip nat inside no ip route cache no ip mroute cache duplex auto speed auto ip route 0 0 0 0 0 0 0 0 150 160 170 2 ip http server no ip http secure server ip nat inside source list nat_list interface FastEthernet0 0 overload ip access list extended nat_list deny ip 10 10 10 0 0 0 0 255 192 168 10 0 0 0 0 255 permit ip 10 10 10 0 0 0 0 255 any ip access list extended 121 permit ip 10 10 10 0 0 0 0 255 192 168 10 0 0 0 0 255 access list 23 permit any line con O line aux 0 line vty 0 4 access class 23 in privilege level 15 login local transport input telnet ssh line vty 5 15 access class 23 in privilege level 15 login local transport input telnet ssh end User Manual Use this section to confirm that your configuration works properly Debug commands that run on the Cisco router can confirm that the correct parameters are matched for the remote connections Geneko GWR High Speed Router Series 104 User Manual e show ip interface Displays the IP address assignment to the spoke router show crypto isakmp sa detail Displays the IKE SAs which have been set up between the IPsec initiators show crypto ipsec sa Displays the IPsec SAs which have been set up between the IPse
51. 2 Antenna placement a 133 Antenna ODIOS Ne eee en 133 Geneko GWR High Speed Router Series 3 User Manual List of Figures Figure Tt GWR HS ROUTE AA A 8 Figure 2 GWR HS ROULEK TFOME Pane laurin A ES 13 Figure 3 GWR HS Router back panel without WiFi SUPPOrted ccc ccccecseeeeeeeeeessesssssesseseeeceeeeeeeeeeeeeeeeeeeeeeeeees 14 Figure 4 GWR HSW Router back panel WiFi supported ccccesssssesseseeseeeeeeeeceeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeees 14 Figure 5 GWR HS Router top panel side Figure 6 GWR HSW Router top panel side 15 Figure 7 Declaration Of conformity eecesscccsssssseceesssnseeecesseseecessessseeceeseseeeceseeaseeecsseuseeceseessseseesessseesesseenaeeeeeaes 17 Figure S User atenta 18 Figure 9 General router nformat N s rosier e n a a a a a rni 20 Figure Tos Network Infor Mat iii is 21 Figure T1 DACP iin OF MVAUIOMN 0 aid ii 21 FIG Ube T2 WAN INONMA tiO Mu o ie dieron 22 Figure 15 Firewall One CON dic 22 Figure 14 Information about active FOUTES nosimi an e E E E T EA O EO Tn 23 FIGUKE 15 Router Montons a E a ld Velo 23 Figure 16 Network parameters configuration PAGE ccccnnnooononnnoccnonononnnonoccnnnnnnnnnnnnncnonnnnnnnnnnocnnnnnnnnnnnnnncnnnnannnnnnnnnnos 24 Figure 17 DHCP Server configuratiON Page anana E A TE T E ENEA 26 Figure 18 WAN Settings configuration PATO ds 27 Figure 19 Wireless configuration PAGE ccc
52. 2 sec Period 1800 sec Status started Click the Save button to start DynDNS synchronizing Figure 35 DynDNS settings DynDNS abel Enable DynDNS Cilent Enable DynDNS Client cervice The type of service that you are using try one of no ip dhs pgpow dyndns dyndns static dyndns custom ods easydns dyns justlinux and zoneedit Custom Server IP The server IP to connect to Hostname String to send as host parameter Defines interval between updates of the DynDNS client Default and minimum value Update cycle for all DynDNS services except No IP service is 86400 seconds Update cycle value for No IP service is represented in minutes and minimum is 1 minute Number of tries default 1 if network problem Geneko GWR High Speed Router Series 96 User Manual The amount of time to wait on I O network problem Time between update retry attempts default value is 1800 Click Reload to discard any changes and reload previous settings Click Save to save your changes back to the GWR HS Router Table 19 DynDNS parameters Geneko GWR High Speed Router Series 9 User Manual Settings Serial Port Using the router s serial port it is possible to perform serial to ethernet conversion Serial port over TCP UDP and ModbusRTU to TCP conversion Modbus gateway Initial Serial Port Settings page is shown in figure bellow By default above described features are disabled Selecting one of two possible applicati
53. 5 10001 10002 2221 17227 2344 5006 20002 4004 2222 down _ Edit Delete L2TP Static Unmanaged Tunnel Settings Number 2 Enabled O Tunnel name Local IP address Tunnel ID UDP Source Part Session ID Cookie Peer IP address Peer Tunnel ID UDP Destination Port Peer Session D Peer Cookie Encapsulation UDP Bridged O Interface IP Address Peer Interface IP Address MTU 11488 Figure 31 L2TP configuration page Enable Optionfortunnelenabing SSS IP address of the local interface is used for the tunnel This address must be the address Local IP address of a local interface Tunnel ID is a 32 bit integer value Uniquely identifies the tunnel The value used must Tunnel ID i match the peer tunnel id value being used at the peer UDP Source Port UDP source port is used for the tunnel Must be present when UDP encapsulation is Geneko GWR High Speed Router Series 51 User Manual selected Ignored when IP encapsulation is selected Session ID is a 32 bit integer value Uniquely identifies the session being created The Session ID O j value used must match the peer_session id value being used at the peer Optional cookie value is assigned to the session This is a 4 or 8 byte value specified as Cookie 8 or 16 hex digits e g 014d3636deadbeef The value must match the peer cookie value set at the peer The cookie value is carried in L2TP data packets and is chec
54. 55 MAC Address format KIKIKI Caution Carefully review settings before applying changes Incorrect settings can make the inaccessible from the local network Reload Save Figure 33 MAC filtering configuration page DMZ Host Demilitarized Zone DMZ allows one IP Address to be exposed to the Internet Because some applications require multiple TCP IP ports to be open DMZ provides this function by forwarding all the ports to one computer at the same time In the other words this setting allows one local user to be exposed to the Internet to use a special purpose services such as Internet gaming Video conferencing and etc It is recommended that you set your computer with a static IP if you want to use this function DMZ Host Demilitarized Zone Host Settings O Enable IP address from LAN Figure 34 DMZ Host configuration page Geneko GWR High Speed Router Series 99 User Manual Settings DynDNS Dynamic DNS is a domain name service allowing to link dynamic IP addresses to static hostname To start using this feature firstly you should register to DDNS service provider Section of the web interface where you can setup DynDNS parameters is shown in Figure 35 Dynamic DNS DynDNS Settings Enable DynDNS Client Service no ip x Custom server IP Custom server port 80 Hostname geneko no ip org Username edun yahoo com Password vo Update cycle 86400 min Number of tries 1 Timeout 22
55. Enter a number from 1 to 60 seconds and the number of times to retry after failed keepalives before determining that the tunnel endpoint is down Enter a number from 1 to 10 times Geneko GWR High Speed Router Series 40 User Manual Internet Protocol Security IPSec Internet Protocol Security IPSec is a protocol suite for securing Internet Protocol communication by authenticating and encrypting each IP packet of a data stream Click VPN Settings IPSec to open the VPN configuration screen At the Figure 24 IPSec Summary screen you can see IPSec Summary This screen gathers information about settings of all defined IPSec tunnels Up to 5 IPSec tunnels can be defined on GWR HS router If you cannot use IP address as a peer identifier at one side of the tunnel private IP subnet aggressive mode has to be utilized IPSec Summary and IPSec Settings are briefly displayed in following figures and tables Internet Protocol Security Summary Tunnels used 1 Maximum number of tunnels 5 Add New Tunnel Log level control vi Reducing the MTU size on the clientside can help eliminate some connectivity problems occurring atthe protocol level Start Stop Refresh Recommen ded MTU size on client side is 1300 p stopped ipsec is not running or tunnel is not enabled ipsec is trying to establish connection p ipsec is waiting for other end to connect Figure 24 IPSec Summary screen VPN Settings IPSec Su
56. IPSec Setup Key Exchange Mode IKE with Preshared key Mode main Phase 1 DH Group Groupe 1024 Phase 1 Encryption 3DES v Phase 1 Authentication MD5 Phase 1 SA Life Time 28800 sec Perfect Forward Secrecy Phase 2 DH Group Preshared Key Groupe 1024 v Phase 2 Encryption 3DES Phase 2 Authentication MD5 Phase 2 SA Life Time 3600 sec 1234567890 Failover O Enable IKE Failover IKE SA Retry O Enable Tunnel Failover Ping IP Or Hostname Restart PPP After IKE SA Retry Exceeds Specified Limit Ping Interval sec Packet Size Advanced Ping Interval sec Advanced Ping Wait For A Response sec Maximum Number Of Failed Packets Figure 89 IPSEC configuration page II for GWR HS Router 2 Geneko GWR High Speed Router Series 98 User Manual Advanced O Compress Support IP Payload Compression Protocol IPComp O Dead Peer Detection DPD sec NAT Traversal send Initial Contact Figure 90 IPSEC configuration page III for GWR HS Router 2 NOTE Firmware version used in this scenario also provides options for Connection mode of IPSec tunnel If connection mode Connect is selected that indicates side of IPSec tunnel which sends requests for establishing of the IPSec tunnel If connection mode Wait is selected that indicates side of IPSec tunnel which listens and res
57. NP LES osado coa SUicaiaNS 79 GWR HS ROUTERAS INTERNET ROUTER a 79 GRE TUNNEL CONFIGURATION BETWEEN TWO GWR HS ROUTERS cceccececececececceueueucceeeeuauavaeceeeeseauaceeesuauavaveeeeeneneas 80 GRE TUNNEL CONFIGURATION BETWEEN GWR HS ROUTER AND THIRD PARTY ROUTER 0cececeecececececeeeevavaceeeeeeeavavaveeeuens 84 IPSEC TUNNEL CONFIGURATION BETWEEN TWO GWR HS ROUTERS 0cececececeeeeeecececeeeeeeuavacceeseeuavauaeeeeavavaeeeeeeneavanass 8 E A A A sue E 88 at Vo re nr Om SO PS TF eT PRE CE A ECO TT NACE SEP ENO PPE ET TTT aT 94 IPSEC TUNNEL CONFIGURATION BETWEEN GWR HS ROUTER AND CISCO ROUTER ccececececececeeeuaeeueeeueeseeeeeneueeeuenenenes 100 IPSEC TUNNEL CONFIGURATION BETWEEN GWR HS ROUTER AND JUNIPER SSG FIREWALL 0cecececeseeeesevececeeeeeavaveeeeeees 105 OPENVPN TUNNEL BETWEEN GWR HS ROUTER AND OPENVNP SERVER 0cececececeeececeeeeeecesesececeseeeeeeeeeeeeueeueueneeeeeeess 115 PORTFORWARDING EXAMPLE ececececcecececececececececececececucucueuceeueeeeeeeeceeeeeeueueececeeeeeeaeaeauavavavavavavavavavavauauauauaenes 118 SERIAL PORT EXAMPLE is ici a e latin e OM Lk e lo ar le OO dute dt a UN SRL Cecile il 120 FIREWALLS EXAMPLE eiar a a a ee OT SE Ce Pn en eter ere 123 SIMS MANAGEMENT SEX AMPUE ai lia iia 130 DEFININGKEEPALIVEFUNCNONAL Vit a 131 APENDIX idas o ccoansoo aaa ate 132 A HOW TO ACHIEVE MAXIMUM SIGNAL STRENGTH WITH GWR HS ROUTER oooocccccncncncncncncncncnnononorororononononononaranananns 13
58. P Challenge Handshake Authentication Protocol authentication Set the maximum number of CHAP challenge transmissions to n default 10 Set the CHAP restart interval retransmission timeout for challenges to n seconds default 3 Geneko GWR High Speed Router Series 29 User Manual Refuse MS CHAP With this option pppd will not agree to authenticate itself to the peer using MS CHAP Refuse MS CHAPv2 With this option pppd will not agree to authenticate itself to the peer using MS CHAPv2 Refuse EAP With this option pppd will not agree to authenticate itself to the peer using EAP s Enables connection debugging facilities If this option is selected pppd will log the Connection debugging contents of all control packets sent or received in a readable form Set the MTU Maximum Transmit Unit value to n Unless the peer requests a smaller value via MRU negotiation pppd will request that the kernel networking code send data packets of no more than n bytes through the PPP network interface Maximum Transmit Unit bytes Set the MRU Maximum Receive Unit value to n Pppd will ask the peer to send packets of no more than n bytes The value of n must be between 128 and 16384 the default is 1500 Maximum Receive Unit bytes VJ Compression Disable Van Jacobson style TCP IP header compression in both directions VJ Connection ID Disable the connection ID compression option in Van Jacobson style TCP IP header compression
59. Phase 2 SA Life Time 3600 Preshared Key 1234567890 e Local Group Setup Local Security Gateway Type SIM card Local ID Type IP Address IP Address From SIM 1 WAN connection is established over SIM 1 Local Security Group Type IP IP Address 192 168 10 1 e Remote Group Setup Remote Security Gateway Type IP Only IP Address 172 29 8 4 Remote ID Type IP Address Remote Security Group Type Subnet IP Address 10 0 10 0 Subnet 255 255 255 0 e Failover Geneko GWR High Speed Router Series 9 User Manual Enable IKE failover false Enable Tunnel Failover false e Advanced e Compress Support IP Payload Compression Protocol IPComp false e Dead Peer Detection DPD false e NAT Traversal true e Send Initial Contact true Press Save to accept the changes Device 2 Device Tunnel Add New Tunnel Tunnel Number 1 Tunnel Name IPsec tunnel Enable Local Group Setup Local Security Gateway Type SIM Card Local ID Type IP Address IP Address From SIM 1 v Local Security Group Type IP i IP Address 192 168 10 1 Remote Group Setup Remote Security Gateway Type LIP Only Y IP Address 172 29 8 4 Remote ID Type IPAddress Y Remote Security Group Type Subnet v IP Address 110 0 10 0 Subnet Mask 1255 255 255 0 Figure 88 IPSEC configuration page for GWR HS Router 2
60. Preshared key Mode main Phase 1 DH group Group 2 Phase 1 Encryption 3DES Phase 1 Authentication MD5 Phase 1 SA Life Time 28800 Perfect Forward Secrecy true Phase 2 DH group Group 2 Phase 2 Encryption 3DES Phase 2 Authentication MD5 Phase 2 SA Life Time 3600 Preshared Key 1234567890 Local Group Setup Local Security Gateway Type SIM card Local ID Type IP Address IP Address From SIM 1 WAN connection is established over SIM 1 Local Security Group Type Subnet IP Address 10 0 10 0 Subnet Mask 255 255 255 0 Remote Group Setup Geneko GWR High Speed Router Series 94 e Remote Security Gateway Type IP Only e IP Address 172 29 8 5 e Remote ID Type IP Address e Remote Security Group Type IP e IP Address 192 168 10 1 e Failover e Eanble IKE failover false e Enable Tunnel Failover false e Advanced e Compress Support IP Payload Compression Protocol IPComp false e Dead Peer Detection DPD false e NAT Traversal true e Send Initial Contact true Device 2 Device Tunnel User Manual Add New Tunnel Tunnel Number 1 Tunnel Name IPsec tunnel Enable Local Group Setup Local Security Gateway Type SIM Card Y Local ID Type IPAddress IP Address From SIM 1 v Local Security Group Type Subnet IP Address 10 0 10 0 Subnet Mask 1255 255 255 0 Remote Group Setup Remote Security Gateway Type IP Only K IP Addr
61. RE S OF TWARE ENGIHEERIANG DECLARATION OF CONFORMITY We hereby declare that following product GENEKO GWR HIGH SPEED CELLULAR ROUTER _Model Type reference Trade Mark Ratings GWR352HS X GWR352H5W X GENEKO Input 12V m 1A GWH402HS X GWR402H5W X Enoi GIA module are inconformity with standards harmonized with directives LWD JEC 60950 1 2005 Second Edition Am 1 2009 Test report No 1223 0061 14 EME EN 3014891 V1 6 12005 09 EN 301 489 7 V1 3 1 2005 1 1 EN 301489 7 11 5 112010 10 EN 61000 3 3 200641 2009442 2009 EN 61000 3 3 2008 Test report No T251 0039 14 RATTE Artiche 10 5 and Annex Vaf RETTE Directive 1999 5 EC EN 605950 1 2006 4711 2009 EN 301 4891 41 6 102005 09 EN 301 489 7 41 3 102005 11 EN 301 4859 24 41 5 12010 10 EN 301511 9 0 2 EN 301 908 1 V3 2 1 EM 301 908 2 V321 Statement of Opinion No C20132200 1 304 ATTE O26 CO dd Ba A dla 0 Year of affixing of CE mark Direktor 2014 CE 1304 BorisayBojlvi Place and date Belgrade March 31 2014 RB GeneralEkonomik Bul Despota Seina 59 11000 Belgrade Serbia Phone 4381 11 3340 5901 3340179 Fasc 4381 113224437 o ficeageneko ls wewqeneko rs Figure 7 Declaration of conformity Geneko GWR High Speed Router Series 17 User Manual Device Configuration There are two methods which can be used to configure the GWR HS Router Administrator can use following methods to access router e Web brow
62. TE CONTROL ss Ao 62 SM SIC M aea E ado diiciaiass 63 MAINTENANCE oe E A ADA A A A AAA AI A 64 Maintenance Device Identity Settings ccccnnnnooooooooooconnnnonnnnnnnnannanannnnnnnnnnnnnnnnnnnnnnnnnn ono nnnnnnnnnnnnnnnnnnnnnn 64 Geneko GWR High Speed Router Series 2 User Manual Maintenance Administrator PassWord iii A A A A E A ii erate 64 Maintenance Date Time SENOS ni A i eal 66 Maintenance DiaGQnOstics it das 67 Maintenance U palate FIRMIW al ral a A A 67 Maintenance Settings BAKU cis ca 68 IMPOR CONAGUA TONTO AA AAA AAA A A A eae 68 EXPOrECONAQUEA ON AMO A A A A AR 68 Maintenance Default Sendai di ains 69 Maintenance System RebOOt ocononnncccuooonocccononoconononananononononnnnnnnnnnnnnnnnnnnnnnnnn nr nnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnannninns 69 MANAGEMENT GOMMAND LINE INTERFACES as 70 MANAGEMENT REMOTE MANAGEMENT 0cecececececececececececeucucusucucucususesaneauavauauauauaueususususeseseseseneseneteneceseneseaeaess 71 MANAGEMENT CONNECTION MANAGER cecececececececececececcucucucucucusususeseseuuavauauauauausususususesesesenenaseseneneseseueseseaess 72 Getting started with the Connection Wizard oooococcccnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnonnnnnnnnnnnnnnnnnnnos 72 MANAGEMENT SIMPLE MANAGEMENT PROTOCOL SNMP ccecececeeeceececececececececececeeeeeeeceeeueeueueueeeeseeeneueeeeeeeeeeees 76 MANAGEMENT LOS ds 77 EA PPP A 78 CONFIGURATION EXA
63. Utility is a standalone Windows application with many useful options for configuration and monitoring of GWR HS routers More information about this utility can be found in other document Remote_Management pdf In order to use this utility user has to enable Remote Management on the router Figure 57 Remote Management Remote Management Settings C Enable Remote Management Protocol Geneko Bind to ppp TCP port 7878 Username Password Remote Management Status Status stopped abel Enable Remote Management rotocol ind to CP port Password Save eload Figure 51 Remote Management Command Line Interface Description Enable or disable Remote Management Choose between Geneko and Sarian protocol Specify the interface Specify the TCP port pecify the username Specify the password Click Save to save your changes back to the GWR HS Router Click Reload to discard any changes and reload previous settings Table 26 Remote Management parameters Geneko GWR High Speed Router Series 11 User Manual Management Connection Manager Enabling Connection Manager will allow Connection Wizard located on setup CD that goes with the router to guide you step by step through the process of device detection on the network and setup of the PC to device communication Thanks to this utility user can simply connect the router to the local network without previous setup of the router Connection
64. Wizard will detect the device and allow you to configure some basic functions of the router Connection Manager is enabled by default on the router and if you do not want to use it you can simply disable it Figure 52 Connection Manager Connection Manager O Enable Connection Manager Connection Manager Status g Status stopped Figure 52 Connection Manager Getting started with the Connection Wizard Connection Wizard is installed through few very simple steps and it is available immediately upon the installation After starting the wizard you can choose between two available options for configuration e GWR HS Router s Ethernet port With this option you can define LAN interface IP address and subnet mask e GWR HS router s Ethernet port and GPRS EDGE HSPA HSPA LTE network connection Selecting this option you can configure parameters for LAN and WAN interface Geneko GWR High Speed Router Series 12 User Manual Geneko Wireless Router Connection Wizard Configure GWR Router s Ethernet port Configure GWR Router Ethernet port and GPRS EDGE 3G HSDPA network connection Figure 53 Connection Wizard Initial Step Select one of the options and click Next On the next screen after Connection Wizard inspects the network whole broadcast domain you ll see a list of routers present in the network with following information Serial number Model Ethernet IP Firmware version
65. _ 4222 or 345fa929b8c3e This field allows a maximum of 1023 characters and or hexadecimal values Both ends of the Preshared Key IPSec tunnel must use the same Preshared Key NOTE It is strongly recommended that you periodically change the Preshared Key to maximize security of the IPSec tunnels Enable IKE failover Enable IKE failover option which try periodically to eestablish security association Number of IKE retries before failover Restart PPP After IKE SA Retry Exceeds Specified IKE SA retry With this option enabled PPP connection is restarted when IKE SA retry reaches defined Limit number of failed attempts After restart SIM1 is used for connection Enable tunnel failover If there is more than one tunnel defined this option will failover Enable tunnel failover to other tunnel in case that selected one fails to established connection IP address Hostname at remote side of tunnel which will be pinged in order to Ping IP or Hostname determine current state Ping interval Specify time period in seconds between two ping Packet size Specify packet size for ping message Geneko GWR High Speed Router Series 44 User Manual Advanced Ping Interval Time interval between advanced ping packets Advanced Ping Wait For A Response Maximum number of Advanced ping proofing timeout failed packets Set percentage of failed packets until failover action is performed Compress IP Payload Compressi
66. a tunnel endpoint is down Enter a number from 1 to 10 times Click Add to insert add new item in table to the GWR HS Router Click Remove to delete selected item from table Local Tunnel Netmask KeepAlive Enable Geneko GWR High Speed Router Series 39 User Manual Reload Click Reload to discard any changes and reload previous settings Click Save to save your changes back to the GWR HS Router Table 11 GRE parameters Generic Routing Encapsulation GRE Settings Local Tunnel Local Tunnel KeepAlive Tunnel Source Tunnel Destination Interface p Period Address Netmask Enable Local Tunnel Address IP Address of virtual tunnel interface Local Tunnel Netmask Unchangesble slwsys 255 255 255 252 Reload Save Tunnel Source IP address of tunnel source Tunnel Destination IP address of tunnel destination Period Valid values 2 60 Retries Valid values 11 10 Figure 23 GRE tunnel parameters configuration page GRE Keepalive GRE tunnels can use periodic status messages known as keepalives to verify the integrity of the tunnel from end to end By default GRE tunnel keepalives are disabled Use the keepalive check box to enable this feature Keepalives do not have to be configured on both ends of the tunnel in order to work a tunnel is not aware of incoming keepalive packets You should define the time interval in seconds between transmitted keepalive packets
67. a transmitted data package Valid data bits are 8 and Es Checks for the parity bit Valid parity are none even and odd None is the default The stop bit follows the data and parity bits in serial communication It indicates the end of transmission Valid stop bits are 1 and 2 The default is 1 Flow control manages data flow between devices in a network to ensure it is processed efficiently Too much data arriving before a device is prepared to manage it causes lost or retransmitted data None is the default This field determines the TCP port number that the serial server will listen for connections on The value entered should be a valid TCP port number The default Modbus TCP port number is 502 nda des When this field is set to a value greater than 0 the serial server will close connections Connection timeout a pe that have had no network receive activity for longer than the specified period Select RTU based on the Modbus slave equipment attached to the port This is the timeout in milliseconds to wait for a response from a serial slave device before retrying the request or returning an error to the Modbus master Should no valid response be received from a Modbus slave the value in this field determines the number of times the serial server will retransmit request before giving up Table 21 Modbus gateway parameters Geneko GWR High Speed Router Series 60 User Manual Serial Port 7 Help Serial Port Settin
68. abled in following way Select EDIT of the rule Enable selected SAVE and exit 5 SSH access is allowed from IP range 212 62 38 210 220 New rule should be added by selecting ADD NEW RULE button Policy should be configured in following way Rule name Allow SSH Enable selected Chain INPUT Service Custom Protocol TCP Port Custom 22 Input interface ppp_0 Source address Range 212 62 38 210 212 62 38 220 Destination address Any Packet state NEW Policy ACCEPT After configuration is finished SAVE button should be selected and user is returned to main configuration page Priority of rule is changed by selecting number in drop down menu In this example number 6 is selected 6 WEB access is allowed from 212 62 38 210 IP address In default firewall configuration rule for allowing WEB traffic is predefined rule with priority 4 named Allow HTTP on ppp_0 This rule can be used in example with additional restriction in source IP address to 212 62 38 210 Policy should be configured in following way Enable selected Source address Single IP 212 62 38 210 All other settings should remain the same like in the picture below Geneko GWR High Speed Router Series 127 User Manual Firewall Rules Firewall Rule Basics Rule name Allow HTTP on ppp_0 Enable M Firewall Rule Settings Ch INPUT Serice HTTP v Protocol TCP
69. ake effect Caution Use local gateway option carefully Router becomes unreachable from local subnet when this option is enabled Figure 93 Network configuration page for GWR HS Router Geneko GWR High Speed Router Series 100 User Manual e Click WAN Settings Tab to configure parameters necessary for GSM UMTS connection All parameters necessary for connection configuration should be required from mobile operator e Check the status of GSM UMTS connection WAN Settings Tab If disconnected please click Connect button e Click VPN Settings gt IPSEC to configure IPSEC tunnel parameters Click Add New Tunnel button to create new IPSec tunnel Tunnel parameters are e Add New Tunnel e Tunnel Name IPsec tunnel e Enable true e Local Group Setup Local Security Gateway Type SIM card Local ID Type IP Address IP Address From SIM 1 WAN connection is established over SIM 1 Local Security Group Type Subnet IP Address 192 168 10 0 Subnet Mask 255 255 255 0 e Remote Group Setup Remote Security Gateway Type IP Only IP Address 150 160 170 1 Remote ID Type IP Address Remote Security Group Type Subnet IP Address 10 10 10 0 Subnet Mask 255 255 255 0 e IPSec Setup Keying Mode IKE with Preshared key Mode aggressive Phase 1 DH group Group 2 Phase 1 Encryption 3DES Phase 1 Authentication SHA1 Phase 1 SA Life Time 28800 Phase 2 Encryption 3DES Phase 2 Authentication SHA1 Phase 2 SA Life Time 360
70. ault route e Port translation Reroute TCP and UPD packets to desired destination inside the network Routing Settings Routing Table This check box allows you to activate deactivate this static route This parameter specifies the IP network address of the final destination Routing is always based on network number If you need to specify a route to a single host use a subnet mask of 255 255 255 255 in the subnet mask field to force the network number to be identical to the host ID This parameter specifies the IP netmask address of the final destination This is the IP address of the gateway The gateway is a router or switch next hope on the same network segment as the device s LAN or WAN port The gateway helps forward packets to their final destinations For every routing rule enter the IP address of the gateway Please notice that pppO interface has only one default gateway provided by Mobile operator and because of that that there is no option for gateway when you choose pppo interface Geneko GWR High Speed Router Series 33 User Manual Metric represents the cost of transmission for routing purposes IP routing uses hop count as the measurement of cost with a minimum of 1 for directly connected Metric networks Enter a number that approximates the cost for this link The number need not be precise but it must be between 1 and 15 In practice 2 or 3 is usually a good number Interface represents the ex
71. ay parameters cccccccssssssssssssssssssessseseeeseeesesseeseeeeeeseeeeseeseeeeeseeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeees 110 Figure 108 Gateway advanced parameters cccsssssscccccccccccceesseseessnssneeeeeeeeeceeeeeeeseeeeeessaeeeeeeeeeeeeeeeeeseeeeesssaaeaees 111 Geneko GWR High Speed Router Series 9 User Manual PIQUE TO9 gt AUtOK CY IRE iii bill ede 111 Figure 110 AutoKey IKE parameters cccccscssssesesssseeeeeessssssssssesessseseeseseeseseeseeeseeeeeeeeeeeesenssesssssssseeeeeeeeeeeeeseeeeees 112 Figure 111 AutoKey IKE advanced parame ters ccccccccccccccccccesssssssssssnsaeeeeeeeecceeeeesseeeessssaeeeeeeeeeeeeeeeseseeeeeesaaaaaeees 112 Figure 112 ROUTING parameters lie 113 Figures Policies tromuntrust tOUS t ZO Otras 113 FIQure 1 14 lt Policies Tron trust TO UNTUSEZONE a A A A A hae aw seve alas 114 Figure 115 Multipoint OpenVPN topology Vii A 115 Figure 116 OpenVPN application settings oinei a E AA O A E AA T 116 Figure 117 OpenVPN GWR HS Settings 0 it 117 Figure 118 Static routes On GWR HAS ASS 118 Figure 119 Starting OpenVPN applicatio M aona a E A N 118 Figure 120 OpenVPN status On PC EA a AA A 118 Figure 121 O0penVPN Status ON GIRA S iee a a a een adele ee naa 118 Figure 1225 Portforwarding exampl E A 119 Figure 123 GWR HS portforwarding CONfiguratiON ccccccccnnnnnanananonananonononnnononononanana nono nononnnnnnncconnnnnnnann nora nnnn
72. bile Status Current SIM card SMS service center number is automatically obtained Short Message Service SIM1 Settings SIM2 Settings Enable Remote Control O Enable Remote Control Ml Use default SMSC Use default SMSC Custom SMSC Custom SMSC Phone Number 1 381635938558 Phone Number 1 Phone Number 2 381649098473 Phone Number 2 Phone Number 3 381609459439 Phone Number 3 Phone Number 4 Phone Number 4 Phone Number 5 i Phone Number 5 Phone Number example 38164111222 7 Reload i Figure 138 Configuration page for SMS management Settings are following e Enable Remote Control Enabled e Use default SMSC Enabled e Phone Number 1 2 5 Allowed phone number From the mobile phone user can send 6 different commands for router management Commands are following 1 PPP CONNECT 2 PPP DISCONNECT 3 PPP RECONNECT 4 PPP STATUS Reply to this command is one of four possible states CONNECTING CONNECTED WAN_IP WAN IP address DISCONNECTING DISCONNECTED 5 SWITCH SIM for changing SIM slot 6 REBOOT for router reboot After every SMS sent to the router reply is sent back with status information about SMS received by the router Defining keepalive functionality Keep alive mechanism works through two simple steps First step is STANDARD ping proofing This ping periodically checks if link is alive Standard ping has 4 packets which are sent
73. c initiators debug crypto isakmp Displays messages about Internet Key Exchange IKE events debug crypto ipsec Displays IPsec events debug crypto engine Displays crypto engine events IPSec Tunnel configuration between GWR HS Router and Juniper SSG firewall IPSec tunnel is a type of a VPN tunnels with a secure tunneling method On the diagram below Figure 87 is illustrated simple network with GWR HS Router and Cisco Router Idea is to create IPSec tunnel for LAN to LAN site to site connectivity Private Static WAN Public Static WAN 172 30 147 96 150 160 170 1 GWR Initiator Juniper SSG firewall VPN terminator LAN 192 168 10 1 LAN 10 10 101 LAN 192 168 10 x LAN 10 10 10 x Gateway 192 168 10 1 Gateway 10 10 10 1 Figure 98 IPSec tunnel between GWR HS Router and Cisco Router The GWR HS Routers requirements e Static IP WAN address for tunnel source and tunnel destination address e Source tunnel address should have static WAN IP address e Destination tunnel address should have static WAN IP address GSM UMTS APN Type For GSM UMTS networks GWR HS Router connections may require a Custom APN A Custom APN allows for various IP addressing options particularly static IP addresses which are needed for most VPN connections A custom APN should also support mobile terminated data that may be required in most site to site VPNs The GWR HS Router configuration e Click Network Tab to open t
74. ccccssssssececcceeseesssseeeeceeeseessseeeececeseeseaeeeecceeesessaseeeseceeeeessseeeeceeeeeesaaeeeeeees 31 Foure 20 ROUTING COMMOUPAtION PAT nl idos 33 Figure 2 1 RIP COMTGUPATION PAT A AAA ANA AA 35 FIGURE 22 VRRP CONNU ON Page A Sosdzae a a a 37 Figure 23 GRE tunnel parameters configuration page coccccccccnnnnnononanananonononoconononananananann non nn nonnnnnnnonnnnnanann non nnnnnnnos 40 Figure 24 IPSEC Summary SEC eN isso iio 41 Or e A vatecaucasaa tual taaunaaidaaeetescessedeeiceey 42 Figure 26 OpenVPN example scr iii 46 Figure 27 OpenVPN Summary screen ssessesssesserrresrsrrsserersrereresrereessrssseerseressesesesrseseseressseseeeeeeeeeseeseeseseeeeeeeeeeeeeees 46 Eiguire 28 OpenVPN CONQUE ON Page meir aenn a e e a E iii 49 Figure 29 OpenVPN network topology ccccccnnonoooooooonccononococnconnananonononnnnnnnnnnncnnnnnnnnnnnononornnnnnnnnnnnnnnnnnnnnnnnnn no nnnnnnnnnos 49 Foure o PP Tir COMMOULALION Pag iia iio 50 Foures EMP COntlOUl AOI PAG erat 51 FIGUKE 32 FIFeWal l GOMMOULATON ACC silat A AA A T 54 Figure 33 MAG filtering configuration Page viii ts 55 Fidtire 34 DMZ HOSE CONMGUPAtION Page tas aaa 55 Foure es DYNDN S SENGS ene A A eeed iad whan Pe taudse lect guest 56 Figure 36 Serial Port Settings initial Menu oonnnnnouooonococcnonononononnnnnononononnnnnnnnnnncnnnnnnnnnnnnn ono nnnnnnnnnnnnnnnnnnnnnnnn nro nnnnnnnnos 58 Foures 7 Setlal POREcCON gua padje saae dai 59 Figure
75. cessfully finished process of authentication of Username Password you can access Main Configuration Menu You can set all parameters of the GWR HS Router using web application All functionalities and parameters are organized within few main tabs windows Geneko GWR High Speed Router Series 18 User Manual Add Remove Update manipulation in tables To Add a new row new rule or new parameter in the table please do following e Enter data in fields at the bottom row of the table separated with a line e After entering data in all fields click Add link To Update the row in the table e Change data directly in fields you want to change To Remove the row from the table e Click Remove link to remove selected row from the table Save Reload changes To save all the changes in the form press Save button By clicking Save data are checked for validity If they are not valid error message will be displayed To discard changes press the Reload button By clicking Reload previous settings will be loaded in the form Geneko GWR High Speed Router Series 19 Status Information User Manual The GWR HS Router s Status menu provides general information about router as well as real time network information Status information is divided into following categories General Information Network Information LAN WAN Information DHCP Firewall Routes Router Monitoring Status General General Information Tab
76. ck the status of GSM UMTS connection WAN Settings Tab If disconnected please click Connect button Check Routing Tab to see if there is default route should be there by default Router will automatically add default route via pppO interface Optionally configure IP Filtering and TCP service port settings to block any unwanted incoming traffic Configure the GWR HS Router LAN address 10 1 1 1 as a default gateway address on your PCs Configure valid DNS address on your PCs Geneko GWR High Speed Router Series 19 User Manual GRE Tunnel configuration between two GWR HS Routers GRE tunnel is a type of a VPN tunnel but it is not a secure tunneling method Simple network with two GWR HS Routers is illustrated on the diagram below Figure 60 Idea is to create GRE tunnel for LAN to LAN site to site connectivity Static WAN Static WAN GWR 1 10 251 49 2 10 251 49 3 GRE Tunnel LAN 192 168 4 1 LAN 192 168 2 1 ARA LAN 192 168 4 x LAN 192 168 2 x lt S i Gateway Gatewav 192 168 4 1 a 192 168 2 1 Figure 60 GRE tunnel between two GWR HS Routers The GWR HS Routers requirements e Static IP WAN address for tunnel source and tunnel destination address e Source tunnel address should have static WAN IP address e Destination tunnel address should have static WAN IP address GSM UMTS APN Type For GSM UMTS networks GWR HS Router connections may require a Custom APN A Custom APN allows for variou
77. cncnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnn ono nnnnnnnnnos 74 Figure 55 Connection Wizard LAN Settings ooooooooooccccnonononcnonnnananononnnnnnononnnnnnnnnnnnnnnn nono nnnnnnnnnnnnnnnnnnnnnnnn non nnnnnnnnos 74 Figure 56 Connection Wizard WAN SettinQS ooonococoooooocnononocccononananononononnnnnnnnnnnnnnnnnnnnnnn non nnnnnnnnnnnnnnnnnnnnnannn ono nnnnnnnnos 79 ElgUire 57 SNMPconfiguratioh Paga ii 76 Figure Se Sy log Conga ton PATO 77 Figure 59 GWR HS Router as Internet router sssseseessesersrerererererrrsrsssrsssesssreressssssersessessesssesereesseeseesesseseeeeeeeeeeees 79 Figure 60 GRE tunnel between two GWR HS Routers ococccccccnnnnnononooonnnnnnnnnnnnncnnnnnnnnnnnononnnnnnnnnnnnnnnnnnnnnnannn ono nnnnnnnnos 80 Figure 61 Network configuration page for GWR HS Router 7 cccccnnnccooonnnoncnnnoonnnnnccnonanonononnnnncconnnnnnnnnnnccnnananonnnncnos 80 Figure 62 GRE configuration page for GWR HS Router 1 oooooooocccccccnonooonononoccnonanannnononcconnnnnnnnnnncconnnnnnnnnnnccnnnnanonnnnnnnnos 81 Figure 63 Routing configuration page for GWR HS Router 7 occcnnnocooonnncccnononannnononcnonanonnnnnnncnonnnnnonnnnncccnnnanonannnncnos 81 Figure 64 Network configuration page for GWR HS Router Z cccccnnnnoooonnncccnnononnnnoncnonanonnnnnnnnnccnnnnnnnnnnnnccnnnnannnnnnccos 82 Figure 65 GRE configuration page for GWR HS Router 2 oooooooooccnccccnonooononnnoconononannnononcnonnnnnn
78. cret key certificates or username password When used in a multiclient server configuration it allows the server to release an authentication certificate for every client using signature and Certificate authority It uses the OpenSSL encryption library extensively as well as the SSLv3 TLSv1 protocol and contains many security and control features The server and client have almost the same configuration The difference in the client configuration is the remote endpoint IP or hostname field Also the client can set up the keepalive settings For successful tunnel creation a static key must be generated on one side and the same key must be uploaded on the opposite side OpenVPN configuration Open VPN is established between one central locations and three remote locations with Geneko router configured in TCP client mode Authentication used is pre shared key Lan interface PLC 192 168 11 192 168 11 2 GSM UMTS provider o 02168 12 4 col o Internet PLC 192 168 12 2 Open VPN Server IP address LAN interface 134 45 22 1 192 168 13 1 PLC 192 168 13 2 Figure 115 Multipoint OpenVPN topology Configuration 1 Open VPN server is in TCP listening mode and it is reachable from the internet over static public IP address 134 45 22 1 and TCP port 1194 default Open VPN port 2 Configuration file in Open VPN server is applied in following way a Open any Text Editor application and make configuration txt fi
79. ction INPUT for traffic going to the interface OUTGOING for traffic originated at the router going out of the interface and FORWARD for traffic routed from one interface to another originated outside the router Predefined list of well known ports and Custom option for user defined services Type of protocol TCP UDP UDPLITE AH SCTP ESP ICMP Custom Number of port Four options are available FULL UNDEF all port numbers RANGE ET TEE 2 13 9 9 O me Co S ss Port for range of ports CSV multiport for defining more than one noncontinuous port numbers CUSTOM for single port ICMP type ICMP l l des ES protocol is selected List of ICMP packet types are displayed ICMP is filtered in general or by specific type Protocol number Custom protocol is Protocol number is chosen between 1 and 255 selected Selection of firewall input inspection interface when OUTPUT chain is selected this Input Interface field cannot be chosen Selection of firewall output inspection interface when INPUT chain is selected this field cannot be chosen Source address This field specifies packets with source IP address on which firewall rule is applied Ea This field specifies packets with destination IP address on which firewall rule is Destination address applied For defined IP address in Source or Destination IP address inverts logic of the filter Instead of applying firewall rule on defined IP addresses al
80. cuted router sends a confirmation SMS with OK if the command is executed without errors or ERROR if something went wrong during the execution of the command In order to obtain the current router status user should send SMS containing following string PPP STATUS After the command is executed router sends one of the following status reports to the user CONNECTING CONNECTED WAN_IP WAN IP address or the router DISCONNECTING DISCONNECTED In order to establish PPP connection over the other SIM card user should send SMS containing following string SWITCH SIM After the command is executed router sends a confirmation SMS with OK if the command is executed without errors or ERROR if something went wrong during the execution of the command In order to restart whole router user should send SMS containing following string REBOOT After the command is executed router sends a confirmation SMS with OK if the command is executed without errors or ERROR if something went wrong during the execution of the command Remote control configuration page is presented on the following figure In order to use this feature user must enable the SMS remote control and specify the list of SIM card numbers that will be used for SMS remote control The SIM card number should be entered in the following format Country Code Mobile Operator Prefix Phone Number for example 38164111222 SMS service centr
81. d Router Series 122 User Manual Firewall example Firewall implemented in GWR HS routers has numerous options for matching interesting traffic Traffic flow is controlled through the router with three actions triggered by firewall 1 ACCEPT traffic is passed through the router without any changes implemented 2 REJECT traffic is blocked with ICMP error messages 3 DROP traffic is blocked without any error messages connection is retried until the threshold for retransmission is exceeded By default all traffic is PERMITTED To block all the traffic not defined under stated rules last entry in firewall table should be DROP ALL Rule priority defines order by which router matches inspected packets After first match between rule and packet no other rule is compared against matched traffic Firewall has 17 predefined rules for the most common usage These 17 rules are following 1 Allow ALL from local LAN All traffic originating from local subnet is allowed to access router Ethernet interface It is important to keep this rule enabled to prevent losing local management interface 2 Allow already established traffic For inbound TCP only Allows TCP traffic to pass ifthe packet is a response to an outbound initiated session 3 Allow TELNET on ppp_0 Accepts telnet connection from the outside to router s WAN interface for management over CLI interface 4 Allow HTTP on ppp_0 Accepts WEB traffic from the outside to router s WAN inte
82. d with IPSec tunnel in Main mode Configurations for Router 1 and Router 2 are listed below The GWR HS Router 1 configuration Click Network Tab to open the LAN NETWORK screen Use this screen to configure LAN TCP IP settings Configure IP address and Netmask Network IP Address 10 0 10 1 Subnet Mask 255 255 255 0 Press Save to accept the changes Network Settings IP Address Subnet Mask Caution Cauti Primary Local DNS Secondary Local DNS Local Gateway Use the following IP address 10 0 10 1 255 255 255 0 Changes to IP address subnet mask and local DNS require a reboot to take effect aution Use local gateway option carefully Router becomes unreachable from local subnet when this option is enabled Figure 82 Network configuration page for GWR HS Router 1 e Use SIM card with a static IP address obtained from Mobile Operator e Click WAN Settings Tab to configure parameters necessary for GSM UMTS connection All parameters necessary for connection configuration should be required from mobile operator e Check the status of GSM UMTS connection WAN Settings Tab If disconnected please click Connect button e Click VPN Settings gt IPSEC to configure IPSEC tunnel parameters Click Add New Tunnel button to create new IPSec tunnel Tunnel parameters are Add New Tunnel Tunnel Name IPsec tunnel Enable true IPSec Setup Keying Mode IKE with
83. default settings of the GWR HS Router hold the RESET button pressed for a few seconds Restoration of the default configuration will be signaled by blinks of the first and last signal strength LED on the top panel This will restore the factory defaults and clear all custom settings of the GWR HS Router You can also reset the GWR HS Router to factory defaults using the Maintenance gt Default Settings screen Back panel On the back panel of device Figure 3 and Figure 4 the following connectors are located e slot for SIM cards e SMA connector for connection of the GSM UMTS LTE antenna Geneko GWR High Speed Router Series 13 User Manual 3 o aes MAIN ANT AUX ANT SIM CARD 1 SIM CARD 2 Figure 3 GWR HS Router back panel without WiFi supported MAIN ANT WiFi ANT AUX ANT SIM CARD 1 SIM CARD 2 Figure 4 GWR HSW Router back panel WiFi supported Top Panel There is a sequence of 8 LED indicators on the top of this device by which the indication of the system current state WiFi state device power supply and presence of GSM UMTS LTE network as well as signal level is performed Geneko GWR High Speed Router Series 14 User Manual AS cenexo CELL LINK D CELL LINK ur Lte D POWER Lte SIGNAL SIGNAL GVWR HAS ROUTER GWR AS ROUTER Figure 5 GWR HS Router top panel side Figure 6 GWR HSW Router top panel side LED Indicator Description Cell Link green LED wi
84. e Tunnel Destination IP address of tunnel destination Period Valid values 3 60 Retries Valid values 1 10 Figure 65 GRE configuration page for GWR HS Router 2 e Configure GRE Route Click Routing on Settings Tab Parameters for this example are Destination Network 192 168 4 0 e Netmask 255 255 255 0 Geneko GWR High Speed Router Series 82 User Manual Routing Table Settings Current static routes DestNetwork Netmask Gateway Scr sss oomo sses dr erso ET rm poa o DestNetwork Netmask 0 0 0 0 0 0 0 0 E 192 168 4 0 255 255255 0 o Figure 66 Routing configuration page for GWR HS Router 2 e Optionally configure IP Filtering and TCP service port settings to block any unwanted incoming traffic e Onthe device connected on GWR HS router 2 setup default gateway 192 168 2 1 Geneko GWR High Speed Router Series 83 User Manual GRE Tunnel configuration between GWR HS Router and third party router GRE tunnel is a type of a VPN tunnels but it isn t a secure tunneling method However you can encrypt GRE packets with an encryption protocol such as IPSec to form a secure VPN On the diagram below Figure 67 is illustrated simple network with two sites Idea is to create GRE tunnel for LAN to LAN site to site connectivity Ethernet
85. e 1 SA Life Time 28800 Perfect Forward Secrecy true Phase 2 DH group Group 2 Phase 2 Encryption 3DES Phase 2 Authentication SHA1 Phase 2 SA Life Time 3600 Preshared Key 1234567890 e Local Group Setup Local Security Gateway Type IP Only Local ID Type Custom Custom Peer ID 172 30 147 96 IP Address SIM 1 Local Security Group Type Subnet IP Address 192 168 10 0 Subnet Mask 255 255 255 0 e Remote Group Setup Remote Security Gateway Type IP Only IP Address 150 160 170 1 Remote ID Type IP Address Remote Security Group Type Subnet IP Address 10 10 10 0 Subnet Mask 255 255 255 0 e Advanced e Compress Support IP Payload Compression Protocol IPComp false e Dead Peer Detection DPD false e NAT Traversal true e Press Save to accept the changes Geneko GWR High Speed Router Series 106 Device 2 Device Tunnel Add New Tunnel Tunnel Number Tunnel Name Enable 1 IPsec tunnel User Manual Local Group Setup Local Security Gateway Type Local ID Type Custom Peer ID IP Address From Local Security Group Type IP Address Subnet Mask Remote Group Setup Remote Security Gateway Type IP Address Remote ID Type Remote Security Group Type IP Address Subnet Mask SIM Card Custom 1172 30 147 96 SIM1 Subnet v 192 168 10 0 255 255 255 0 IP Only v 150 160 170 1 IP Address Subnet v L 10 10 1
86. e a i did ICE IEA SA CC wm e ES e fell pine e o o Pe er A A a RO AE EIA 0 CAME o o CC E omon R Jair 99 90 n ee eS AAA S S ial aaa ale als lobe gt a e aa gt tale CE EC e Do Pe ae gt lala tos mo mom soa omo mu a CIEN no no no no no no Pe fe 0 Dose ee gt 8 a ea aa m z a no Add New Rule Carefully review settings before applying changes Incorrect settings cal n make the inaccessible from the network Apply Rules Figure 32 Firewall configuration page Settings Firewall MAC Filtering MAC filtering can be used to restrict which Ethernet devices can send packets to the router If MAC filtering is enabled only Ethernet packets with a source MAC address that is configured in the MAC Filter table will be allowed If the source MAC address is not in the MAC Filter table the packet will dropped Geneko GWR High Speed Router Series 94 User Manual abel nable MAC Filtering nable ame Field shows the Rule Name that is given to the MAC filtering rule MAC address The Ethernet MAC source address to allow Reload Click Reload to discard any changes and reload previous settings ave Click Save to save changes back to the GWR HS router Table 18 MAC filtering parameters MAC Filtering MAC Filtering Settings CJ Enable MAC filtering MAC Address 155500
87. e number can be obtained automatically option Use default SMSC is enabled or manually by entering number under field Custom SMSC As presented in the figure configuration should be performed separately for both SIM cards After the configuration is entered user must click on Save button in order to save the configuration Geneko GWR High Speed Router Series 62 User Manual Short Message Service SIM1 Settings SIM2 Settings O Enable Remote Control O Enable Remote Control Use default SMSC Use default SMSC Custom SMSC Custom SMSC Phone Number 1 Phone Number 1 Phone Number 2 Phone Number 2 Phone Number 3 Phone Number 3 Phone Number 4 Phone Number 4 Phone Number 5 Phone Number 5 Phone Number example 38164111222 Figure 39 SMS remote control configuration SMS Send SMS SMS send feature allows users to send SMS message from WEB interface In following picture is page from where SMS can be sent There are two required fields on this page Phone number and Message Short Message Service Send SMS Phone number Message Phone Number example 38164111222 Figure 40 Send SMS SMS Gateway is used for sending SMS with GET query Command format is following 192 168 1 1 cgi send_exec lua group sms amp phone 2B381641 12233 amp message hello world amp auth YWRtaW46YWRtaW4 Field
88. e with different remote interface IP address and virtual network adapter Second virtual network adapter you can create by selecting Add a new TAP Win32 virtual ethernet adapter The same way you can create the third virtual adapter Name virtual adapters as adap1 adap2 and adap3 For example configuration file for second remote location can be proto tcp server dev tun ifconfig 2 2 2 5 2 2 2 6 dev node adap2 secret key txt ping 10 comp Izo disable occ Only difference to previous configuration is 2 2 2 5 2 2 2 6 IP address of local and remote interface and dev node adap2 Configuration file for third remote location is proto tcp server dev tun ifconfig 2 2 2 9 2 2 2 10 Geneko GWR High Speed Router Series 116 User Manual dev node adap3 secret key txt ping 10 comp lzo disable occ All three configuration files e g Server1 ovpn Server2 ovpn Server3 ovpn have to be saved in same directory C Program Files OpenVPN config Name of configuration file is name of your OpenVPN tunnel e Workstation where OpenVPN server is installed should have ip route to subnet which is on the other end of the OpenVPN tunnel This subnet is reachable over remote OpenVPN interface which is in this case 2 2 2 2 Enter following command in the command prompt route p add 192 168 11 0 mask 255 255 255 0 2 2 2 2 first remote location route p add 192 168 12 0 mask 255 255 255 0 2 2 2 6 second remote location route p add 192
89. ect a method of authentication MD5 or SHA1 The authentication method determines how the ESP packets are validated MD5 is a one way hashing algorithm IPSec Setup Key Exchange mode Phase 1 Encryption Geneko GWR High Speed Router Series 43 User Manual that produces a 128 bit digest SHA1 is a one way hashing algorithm that produces a 160 bit digest SHA1 is recommended because it is more secure Make sure both ends of the IPSec tunnel use the same authentication method Configure the length of time IPSec tunnel is active in Phase 1 The default value is Phase 1 SA Life Time 28800 seconds Both ends of the IPSec tunnel must use the same Phase 1 SA Life Time setting If the Perfect Forward Secrecy PFS feature is enabled IKE Phase 2 negotiation will generate new key material for IP traffic encryption and authentication so hackers using brute force to break encryption keys will not be able to obtain future IPSec keys Both ends of the IPSec tunnel must enable this option in order to use the function Perfect Forward Secrecy If the Perfect Forward Secrecy feature is disabled then no new keys will be generated so you do not need to set the Phase 2 DH Group There are three groups of different prime key lengths Group 1 is 768 bits Group 2 is 1024 bits and Group 5 is 1536 bits long If network speed is preferred select Group 1 If network security is preferred select Group 5 You do not have to use the same DH Group tha
90. ecurity features such as authentication or content encryption VPNs for example can be used to separate the traffic of different user communities over an underlying network with strong security features A VPN may have best effort performance or may have a defined Service Level Agreement SLA between the VPN customer and the VPN service provider Generally a VPN has a topology more complex than point to point The distinguishing characteristics of VPNs are not security or performance but that they overlay other network s to provide a certain functionality that is meaningful to a user community Generic Routing Encapsulation GRE Originally developed by Cisco generic routing encapsulation GRE is now a standard defined in RFC 1701 RFC 1702 and RFC 2784 GRE is a tunneling protocol used to transport packets from one network through another network If this sounds like a virtual private network VPN to you that s because it theoretically is Technically a GRE tunnel is a type of a VPN but it isn t a secure tunneling method However you can encrypt GRE with an encryption protocol such as IPSec to form a secure VPN In fact the point to point tunneling protocol PPTP actually uses GRE to create VPN tunnels For example if you configure Microsoft VPN tunnels by default you use PPTP which uses GRE Solution where you can use GRE protocol e You need to encrypt multicast traffic GRE tunnels can carry multicast packets just
91. elected from the main menu Configuration of the examples described above is presented in the following picture Forward TCP UDP connections from external networks to the following internal devices Enable Protocol Interface Source IP Source Netmask Destination IP Destination Netmask Destination Port Forward to IP Forward to port Action a IT E 602 ezies1i2 22 TCP m ppp_0 M 72 27 2340 255 255 255 0 foso f921688 13 fpo Delete TCP Miler o A HN 300 400 192 168 14 12345 TCP v bro v 192 168 15 55 255 255 255 0 0 00 0000 B0 f2126249 109 80 E BO C E O A C CE A E Figure 123 GWR HS portforwarding configuration Geneko GWR High Speed Router Series User Manual Serial port example For connecting serial devices from remote locations to central location serial transparent conversion can be used Serial communication is encapsulated in TCP IP header and on the central location is recognized by the Virtual COM port application This way serial communication is enabled between two distant locations In the picture below serial communication is achieved over GWR HS router in client mode on remote location and Virtual COM port application on central side As application is in server mode IP address of the workstation has to be accessible from the router In this example that is IP address GWR HS routers supports bot
92. encryption and MPPC Microsoft compression protocols Encryption f If this option is enabled tunnel will try to reconne Persist A Maxfail Debug Enable extra information in system log Max number of retries to reconnect 0 for infinite retries Y N X v N E Y UM M lt MO w Y z Q M MM 7 Z Edit is used to edit selected tunnel from the table Delete Delete is used to delete selected tunnel from table Geneko GWR High Speed Router Series 50 User Manual Reload is used to discard any changes and reload previous settings Save Save is used to create new or save changes to existing tunnel Table 15 PPTP parameters Layer2 Tunneling Protocol L2TP The GWR HS router can be used as a L2TP peer L2TP is suitable for Layer 2 tunneling Static tunnels are useful to establish network links across IP networks when the tunnels are fixed L2TP tunnels can carry data of more than one session Each session is identified by a session id and its parent tunnel s tunnel id A tunnel must be created before a session can be created in the tunnel L2TP Static Unmanaged Tunnel P L2TP Static Unmanaged Tunnel Status Local Remote No Enabled Name IP UDP Tunnel Session Interface IP IP address UDP Tunnel Session Interface IP Status Action address Port ID ID Address z Port ID ID Address J K V y a a E 1 Ve TY 1 yes Test 10 1 11 500
93. eneric Routing Encapsulation GRE Tunneling Enable Y remos Je oes ge grel Local Tunnel Address IP Address of virtual tunnel interface Local Tunnel Netmask Unchangeable always 255 255 255 252 Tunnel Source IP address of tunnel source Tunnel Destination IP address of tunnel destination Period Walid values 3 60 Retries Walid walues 1 10 Figure 69 GRE configuration page User Manual Local Tunnel Address Local Tunnel Netmask KeepAlive Enable Period Retries Action 10 10 10 1 255 255 255 252 FU 7 pO E OOO T a Configure GRE Route Click Routing on Settings Tab Parameters for this example are Destination Network 10 2 2 0 Netmask 255 255 255 0 Routing Routing Table Settings Current static routes DestNetwork Netmask Gateway Metric 2552556255455 10 64 64 64 10 10 10 0 192 168 3 0 255 255 255 0 0 0 0 0 192 168 2 0 255 255 255 0 0 0 0 0 0 0 0 0 1 EA e pss O 0 e e Add Figure 70 Routing configuration page Optionally configure IP Filtering and TCP service port settings to block any unwanted incoming traffic Geneko GWR High Speed Router Series 86 User Manual IPSec Tunnel configuration between two GWR HS Routers IPSec tunnel is a
94. ervice TELNET x Protocol TCP Port 23 Input interface ppp_0 Output interface Source address Any Inverted source address rule logic Destination address Any Inverted destinstion address rule logic Packet state NEW Policy REJECT y Reject with icmp port unreachable Distributed Denial Of Service E Enable Maximum average matching rate Maximum initial number of packets to match Back Reload Save Figure 131 Filtering of Telnet traffic ENABLE option should be selected to have this rule active To deny Telnet traffic POLICY should be changed from ACCEPT to REJECT ICMP error message type can be selected when policy reject is selected After that SAVE button should be pressed and user is returned to main configuration page 2 ICMP traffic is denied from all IP addresses except 212 62 38 196 New rule should be added by selecting ADD NEW RULE button Policy should be configured in following way Rule name Deny PING to ppp_0 interface Enable selected Chain INPUT Service Custom Protocol ICMP ICMP Type echo request Input interface ppp_0 Source address Single IP 212 62 38 196 Inverted source address rule logic selected Destination address Any Packet state NEW Policy REJECT Reject with icmp port unreachable Configuration should be like on the picture below Geneko GWR High Speed Router Series 125 Firewall Rules User Manual Firewal
95. ess 1172 29 8 5 Remote ID Type IP Address i Remote Security Group Type IP v IP Address 192 168 10 1 Figure 83 IPSEC configuration page for GWR HS Router 1 Geneko GWR High Speed Router Series 95 User Manual IPSec Setup Key Exchange Mode IKE with Preshared key Mode A Phase 1 DH Group Group2 1024 Phase 1 Encryption 3DES Phase 1 Authentication MD5 vw Phase 1 SA Life Time 26800 Perfect Forward Secrecy Phase 2 DH Group Group2 1024 Phase 2 Encryption 3DES Phase 2 Authentication MD5 vw Phase 2 SA Life Time 3600 sec 1234567890 Preshared Key Failover C Enable IKE Failover IKE SA Retry Restart PPP After IKE SA Retry Exceeds Specified Limit O Enable Tunnel Failover Ping IP Or Hostname Ping Interval Packet Size Advanced Ping Interval Advanced Ping Wait For A Response Maximum Number Of Failed Packets Figure 84 IPSEC configuration page II for GWR HS Router 1 Advanced O Compress Support IP Payload Compression Protocol IPComp C Dead Peer Detection DPD NAT Traversal Send Initial Contact sec i Figure 85 IPSEC configuration page III for GWR HS Router 1 NOTE Firmware version used in this scenario also provides options for Connection mode of IPSec tunnel If connection mode Connect is selected that i
96. et button Update Firmware Update Caution 1 Upgrading firmware will take a few minutes please wait and do not turn offthe power or press the reset button 2 Please dont close the window or disconnect the link during the upgrade process 3 In order to activate new firmware version it is necessary that the user performs system reboot 4 Clear browser cache after firmware update Current firmware version 3 0 0_raz_lab_276_ 352 Select firmware No file selected O Reset to factory default after firmware upgrade Upload Figure 45 Update Firmware page In order to activate new firmware version it is necessary that the user performs system reset In the process of firmware version change all configuration parameters are not changed and after that the system continues to operate with previous values Geneko GWR High Speed Router Series 67 User Manual Maintenance Settings Backup This feature allows you to make a backup file of complete configuration or some part of the configuration on the GWR HS Router In order to backup the configuration you should select the part of configuration you would like to backup The list of available options is presented on the Figure 46 To use the backup file you need to import the configuration file that you previously exported Settings Backup Import Configuration File Select file E Browse Import Export Configuration File The item to back
97. following picture Firewall General Settings Tenable Firewall Rules Dynamic Routing Protocol Seer RIP VPN pean Priority mame ain Service r oves Antio he E EA MA e e E _ mew teictonime s ro uevelraner ter me mo omy my mow ocr e p fee O E CIO E E Dee Edit Delete 8 Edit Delete a Edit Delete l Edit Delete A a AAA S Aa cren ro uerfomon vee sme ome rome my my new coer e E vor frome fay my ow E cet J Bett ESCALAS e EDO II a a a e in Delete Add New Rule Carefully review settings before applying changes Incorrect settings can make the inaccessible from the network Apply Rules Copyright 2008 2012 Geneko All rights reserved hitn dhan eka ra Figure 130 Initial firewall configuration on GWR HS Geneko GWR High Speed Router Series 124 User Manual Firstly firewall should be enabled that is done by selecting Firewall General Settings gt Enable Firewall can be configured by enabling or editing existing predefined rules or by adding new one Firewall is configured in following way 1 Telnet traffic is denied Select predefined rule number 3 Configuration page like on picture below is shown Firewall Rules Firewall Rule Basics Rule name Deny TELNET on ppp_0 Enable 7 Firewall Rule Settings Chain INPUT y S
98. gs General Settings O Disable all O Serial port over TCP UDP settings Modbus gateway settings Serial Port Settings Bits per second Data bits Parity Stop bits Flow control Modbus Gateway Settings TCP accept port Connection timeout Modbus Serial Settings Transmission mode Response timeout Maximum number of retries Log Settings Reload Save Figure 38 Modbus gateway configuration page Geneko GWR High Speed Router Series 61 User Manual SMS SMS Remote Control SMS remote control feature allows users to execute a short list of predefined commands by sending SMS messages to the router GWR HS router series implement following predefined commands 1 In order to establish PPP connection user should send SMS containing following string PPP CONNECT After the command is executed router sends a confirmation SMS with OK if the command is executed without errors or ERROR if something went wrong during the execution of the command In order to disconnect the router from PPP user should send SMS containing following string PPP DISCONNECT After the command is executed router sends a confirmation SMS with OK if the command is executed without errors or ERROR if something went wrong during the execution of the command In order to reestablish reconnect the router the PPP connection user should send SMS containing following string PPP RECONNECT After the command is exe
99. h server and client mode so you can use one GWR HS router on both side of communication link one in server and one in client mode Server Virtual COM port GWR client application Mera ha Pot OO Search ray Li Tar Lede Fica Par VE Pe Elia ATA Figure 124 Transparent serial connection 1 Settings on GWR HS router From the main menu on the left side of web interface option SERIAL PORT should be selected and following page is displayed Serial Port Serial Port Settings Disable all O Serial port over TCP UDP settings O Modbus gateway settings Status stopped Figure 125 GWR HS Serial port settings Option SERIAL PORT OVER TCP UDP SETTINGS is used for configuration of transparent serial communication Configuration parameters are presented in picture below Geneko GWR High Speed Router Series 120 User Manual Serial Port Serial Port Settings General Settings O Disable all Serial port over TCP UDP settings O Modbus gateway settings Serial Port Settings Bits per second 57600 v Data bits 8 v Parity none v Stop bits 1 v Flow control none v TCP UDP Settings Protocol TCP Mode client v Server IP address 96 34 56 2 Connect to TCP port 1234 Type of socket raw v O Enable local echo Enable timeout 3600 sec Keepalive Settings Check TCP connection Kepalive idle time
100. he LAN NETWORK screen Use this screen to configure LAN TCP IP settings Configure IP address and Netmask e P Address 192 168 10 1 e Subnet Mask 255 255 255 0 e Press Save to accept the changes Geneko GWR High Speed Router Series 105 User Manual Network Network Settings Use the following IP address IP Address 192 168 10 1 Subnet Mask 255 255 255 0 Primary Local DNS Secondary Local DNS Local Gateway Caution Changes to IP address subnet mask and local DNS require a reboot to take effect Caution Use local gateway option carefully Router becomes unreachable from local subnet when this option is enabled Figure 99 Network configuration page for GWR HS Router e Use SIM card with a static IP address obtained from Mobile Operator e Click WAN Settings Tab to configure parameters necessary for GSM UMTS connection All parameters necessary for connection configuration should be required from mobile operator e Check the status of GSM UMTS connection WAN Settings Tab If disconnected please click Connect button e Click VPN Settings gt IPSEC to configure IPSEC tunnel parameters Click Add New Tunnel button to create new IPSec tunnel Tunnel parameters are e Add New Tunnel e Tunnel Name IPsec tunnel e Enable true e IPSec Setup Keying Mode IKE with Preshared key Mode aggressive Phase 1 DH group Group 2 Phase 1 Encryption 3DES Phase 1 Authentication SHA1 Phas
101. iption Mark this option in order to disable Syslog feature Start logging facility locally Mark this option in order to enable logging on remote machine Remote Syslog The GWR HS Router can send a detailed log to an external Syslog server The Router s Syslog captures all log activities and includes this information about all data transmissions every connection source and destination IP address IP service and number of bytes transferred Enter the Syslog server name or IP address Service Server IP Sets the port on which Syslog data has been sent The default is 514 Service Port You can specify port by marking on user defined and specify port you want Syslog data to be sent Geneko GWR High Speed Router Series 11 User Manual User defined Set manually port number Use standard port number for this service 514 Local syslog Local Syslog file is stored locally on the router USB Flash Syslog file is stored on flash memory attached to USB interface Set log size on one of the six predefined values 10 20 50 100 200 500 kb Choose which events to be stored You can store System Ipsec events or both of them Log to Enable syslog saver Save logs periodically on filesystem Save log every Set time duration between two saves Reload Click Reload to discard any changes and reload previous settings Click Save button to save your changes back to the GWR HS Router and Save enable disable Syslog Table 28
102. is means that Modbus serial slaves can be directly attached to the unit s serial ports without any external protocol converters Generic Routing Encapsulation is a tunneling protocol that can encapsulate a wide variety of network layer protocol packet types inside IP tunnels GRE keepalive Keepalive for GRE tunnels e Cisco compliant GRE max number of tunnels IPSec pass through ESP tunnels ec Internet Protocol Security is a suite of protocols for securing IP communications by authenticating and encrypting each IP packet of a data stream e Authentication and key management Perfect Forward Secrecy Diffie Hellman Group 1 2 5 14 DPD for constant connection NAT Traversal Send Initial Contact IP Payload Compression Protocol UI O Geneko GWR High Speed Router Series 11 User Manual OpenVPN site to site graphical user interface GUI implementation allows connecting two remote networks via point to point encrypted tunnel OpenVPN implementation offers a cost effective simply configurable alternative to other VPN technologies over TCP and a GRE tunnel operating to encapsulate PPP packets L2TP L2TP is suitable for Layer 2 tunneling L2TP max number of tunnels GSM UMTS features Dual SIM support For operator backup SIM card detection Status of active SIM card PIN enabler Enable locking of SIM card with PIN code Automatic change of SIM card after defined number of failed attempts Advanced CHAT
103. ishment immediately when you press Finish button If not you have to start connection establishment manually on the router s web interface Geneko GWR High Speed Router Series 19 User Manual Management Simple Management Protocol SNMP SNMP or Simple Network Management Protocol is a network protocol that provides network administrators with the ability to monitor the status of the Router and receive notification of any critical events as they occur on the network The Router supports SNMP v1 v2c and all relevant Management Information Base II MIBII groups The appliance replies to SNMP Get commands for MIB II via any interface and supports a custom MIB for generating trap messages Simple Network Management Protocol SNMP Settings Y Enable SNMP Get Community public Service Port O User Defined Default 161 Service Access All v SNMP Status Status stopped Reload Save Figure 57 SNMP configuration page SNMP Settings Description SNMP is enabled by default To disable the SNMP agent click this option to unmark Get Communit Create the name for a group or community of administrators who can view SNMP y data The default is public lt supports up to 64 alohanumeric characters Service Port Sets the port on which SNMP data has been sent The default is 161 You can specify port by marking on user defined and specify port you want SNMP data to be sent Service Access Sets the interface enabled f
104. it of transmission for routing purposes In this case bro represents LAN interface eth2 wireless interface and ppp0 represents GSM UMTS mobile interface of the GWR HS Router TCP UDP Traffic forwarding This check box allows you to activate deactivate this static port translation Choose between TCP and UDP protocol Select interface where portforwarding is done Portforwarding from outside WAN interface to inside LAN interface is done on PPP and in reverse direction on brO interface Destination IP This field specifies IP address of the incoming traffic Destination Netmask This field specifies netmask for the previous address Destination Port This is the TCP UDP port of application This filed specifies IP address where packets should be forwarded Forward to port Specify TCP UDP port on which the traffic is going to be forwarded TI O 3 lt 5 3 S gt 8 Sa a 0 O Im O Sy gt Click Add to insert add new item in table to the GWR HS Router Delete Click Remove to delete selected item from table Reload Click Reload to discard any changes and reload previous settings Click Save to save your changes back to the GWR HS Router After pressing Save button it make take more than 10 seconds for router to save parameters and become operational again Save Table 8 Routing parameters Port translation For incoming data the GWR HS Router forwards IP
105. ked for expected value at the peer Default is to use no cookie eer IP Address IP address of the remote peer Peer tunnel ID is a 32 bit integer value assigned to the tunnel by the peer The value Peer Tunnel ID used must match the tunnel ID value being used at the peer UDP Destination Port UDP destination port is used for the tunnel Must be present when UDP encapsulation is selected Ignored when IP encapsulation is selected Peer session ID is a 32 bit integer value assigned to the session by the peer The value Peer Session ID used must match the session ID value being used at the peer Optional peer cookie value is assigned to the session This is a 4 or 8 byte value Peer Cookie specified as 8 or 16 hex digits e g 014d3636deadbeef The value must match the cookie value set at the peer It tells the local system what cookie value to expect to find in received L2TP packets Default is to use no cookie Encapsulation type of the tunnel Valid values for encapsulation are UDP IP The two interfaces can be configured with IP addresses if only IP data is to be carried Bridge To carry non IP data the L2TP network interface is added to a bridge instead of being assigned its own IP address Since raw ethernet frames are then carried inside the tunnel the MTU of the L2TP interfaces must be set to allow space for those headers nterface IP Address Local private P t P IP address eer Interface IP Address Remote private P t P IP address MTU
106. l Log level control v No Name Enabled Status _Enc Auth Grp Local Group Remote Group Remote Gateway Action Connection mode IPsec tunnel Ph1 3DES SHA1 2 aggressive 192 168 10 0 10 10 10 0 Ph2 3DES SHA1 2 255 955 25510 266 255 650 a Connec war Reducing the MTU size on the clientside can help eliminate some connectivity problems occurring atthe protocol level Recommended MTU size on client side is 1300 Tunnel status description started ipsec is running stopped ipsec is not running or tunnel is not enabled connecting ipsec is trying to establish connection waiting for connection ipsec is waiting for other end to connect established tunnel is up Figure 103 IPSec start stop page for GWR HS Router On the device connected on GWR HS router setup default gateway 192 168 10 1 Geneko GWR High Speed Router Series 108 The Juniper SSG firewall configuration Step1 Create New Tunnel Interface e Click Interfaces on Network Tab Network gt Interfaces List List 20 Y per page dy Juniper tist ALL 14 Y Interfaces SSG 149 ethernet0 0 ethernet0 1 ethemet0 3 10 0 10 254 28 Trost Up ethernet0 4 0 0 0 0 0 Null Unused Dovm ethernet0 5 0 0 0 0 0 Null Unused Dovm ethernet0 6 0 0 0 0 0 Null Unused Dovm ethernet0 7 0 0 0 0 0 Null Unused Dovm ethernet0 8 0 0 0 0 0 Null Unused Dovm ethernet0 9 0 0 0 0 0 Null Unused Dovm Til el i
107. l See Predefined O standard Compatible Basic User Defined 2 Custom px Phase 2 Proposal a g2 esp 3des sha vi None ml as None i None v B H Replay Protection _ z Transport Mode _ For L2TP over IPSec only E Bind to O None ESOO a Tunnel Interface tunnel 3 7 O Tunnel Zone Untrust Tun Proxy ID y US Local IP Netmask 10 10 10 0 las MIE TE VPN Group None Y Weight 0 ess VPN Monitor _ Source Interface default v a Destination IP Sut o Optimized g Rekey _ ee Figure 111 AutoKey IKE advanced parameters Step 4 Routing e Click Destination tab on Routing menu Geneko GWR High Speed Router Series SSG140RBGE 7 112 User Manual e Click New button Routing parameters are IP Address 192 168 10 0 24 Gateway tunnel 3 tunnel interface from step 1 Network gt Routing gt Routing Entries gt Configuration SG140RBGE 1 Virtual Router Name trust vr IP Address Netmask 152 165 10 0 E NextHop 2 virtual Router untrustvr Y O cateway Interface tunnel 3 v Gateway IP Address 0 0 0 0 Permanent a Metric 1 prat o ahaa RAT A DRT alt 1 n Figure 112 Routing parameters Step 5 Policies e Click Policies in main menu e Click New button from Untrust to trust zone Source Address 192 168 10 0 24 Destination Address 10 10 10 0 24 Services Any
108. l IP addresses EXCEPT defined are covered by firewall rule Selection of traffic by packet state INVALID is for unrecognized packet state traffic Polic Options for firewall rule action ACCEPT forward traffic REJECT deny traffic with y ICMP error returned DROP drop traffic Reject with Select the reject type of the rule The default error message is to send a port Output Interface Inverted destination address rule logic Geneko GWR High Speed Router Series 99 Maximum average matching rate Maximum initial number of packets to User Manual unreachable to the host This field is visible only if selected policy is REJECT Distributed DoS Enable This box enables Distributed DOS Maximum average matching rate specified as a number with an optional time unit second minute hour or day the default is 3 hour Maximum initial number of packets to match this number gets recharged by one every time the limit specified above is not reached up to this number the default is match Click Back to return on firewall home page Click Reload to discard any changes and reload previous settings Click Save to save your changes back to the GWR HS Router New rule to firewall table is added Save changes to table of firewall rules Table 17 Firewall parameters Firewall Firewall General Settings Firewall Rules Add New Rule DDos Policy nai i n Input Output Source estination p l
109. l Rule Basics Rule name Deny PING to ppp_JO interface Enable Firewall Rule Settings Chain INPUT Service Custom Protocol ICMP Port All Undet Input interface ppp_0 Output interface lo Source address Single IP Y Inverted source address rule logic Destination address Inverted destination address rule logic Packet state NEW Policy REJECT Distributed Denial Of Service O Enable Maximum average matching rate Maximum initial number of packets to match Figure 132 Filtering of ICMP traffic ICMP type echo request 212 62 38 196 Reject with icmp port unreachable After configuration is finished SAVE button should be selected and user is returned to main configuration page Priority of rule is changed by selecting number in drop down menu In this example number 4 is selected 3 ICMP traffic is allowed from single IP addresses With firewall rule configuration shown above IP address stated in Source address field is excluded from REJECT policy but in order to allow ping from that IP address it has to be matched with another rule Configuration of appropriate rule for allowing ping traffic originating from precise IP address is shown below Firewall Rules 71 Help Firewall Rule Basics Rule name Allow ping Enable Firewall Rule Settings
110. l Settings O Disable all 2 Serial port over TCP UDP settings Modbus gateway settings Bits per second 115200 x Data bits EN Y Parity none x Stop bits z y Flow control none v Protocol TCP az Mode client Server IP address Connect to TCP port Type of socket raw Si CI Enable local echo O Enable timeout sec Keepalive Settings O Check TCP connection Kepalive idle time sec Kepalive interval sec Log Settings Log level level 1 v status stopped Figure 37 Serial Port configuration page Geneko GWR High Speed Router Series 99 User Manual Modbus Gateway settings The serial server will perform conversion from Modbus TCP to Modbus RTU allowing polling by a Modbus TCP master The Modbus IPSerial Gateway carries out translation between Modbus TCP and Modbus RTU This means that Modbus serial slaves can be directly attached to the unit s serial ports without any external protocol converters Click Serial Port Tab to open the Modbus Gateway configuration screen Choose Modbus Gateway options to configure Modbus At the Figure 38 Modbus gateway configuration page you can see screenshot of Modbus Gateway configuration menu Modbus Gateway Parameters The unit and attached serial device such as a modem must agree on a speed or baud rate to use for the serial connection Valid baud rates are 300 1200 2400 4800 9600 19200 38400 57600 or 115200 Indicates the number of bits in
111. le In this example configuration file looks like this proto tcp server TCP server protocol mode dev tun dev tun mod of Open VPN server ifconfig 2 2 2 1 2 2 2 2 Local and remote IP address of the Open VPN tunnel both addresses must be within Geneko GWR High Speed Router Series 115 User Manual 255 255 255 252 subnet dev node adap Selection of virtual network adapter named adap1 secret key txt Implementing file with pre shared secret named key txt ping 10 Keepalive comp Izo LZO compression enabled disable occ disable option consistency b Save configuration file in C Program Files OpenVPN config as name ovpn file It is OpenVPN configuration file directory and you can reach it directly through Start menu gt OpenVPN where you get options SB OpenVPN GUI m Uninstall Opent PM Add a new TAP Wind2 virtual ethernet adapter Delete ALL TAP Wind2 virtual ethernet adapters ai Generate a static OpenY PN key 9 OpenVPN configuration file directory OpenVPN GUI ReadMe 9 OpenVPN log file directory Open PN Manual Page 9 OpenVPN Sample Configuration Files E OpenVPN Web Site E OpenvPN Wind README Figure 116 OpenVPN application settings c Generate a static OpenVPN key from the menu above File will be automatically Saved in Open VPN configuration file directory Configuration file and pre shared key must be in same directory d Ifyou have more remote locations every location has to have its own configuration fil
112. le running LED 100 to 91 dBm Weak 1 LED 90 to 81 dBm Moderate 2 LED 80 to 75 dBm Good 3 LED 74 or better dBm Excellent 4 LED 0 is not known or not detectable running LED Antenna placement Placement can drastically increase the signal strength of a cellular connection Often times just moving the router closer to an exterior window or to another location within the facility can result in optimum reception Another way of increasing throughput is by physically placing the device on the roof of the building in an environmentally safe enclosure with proper moisture and lightning protection e Simply install the GWR HS Router outside the building and run an RJ 45 Ethernet cable to your switch located in the building e Keep antenna cable away from interferers AC wiring Antenna Options Once optimum placement is achieved if signal strength is still not desirable you can experiment with different antenna options Assuming you have tried a standard antenna next consider e Check your antenna connection to ensure it is properly attached e High gain antenna which has higher dBm gain and longer antenna Many cabled antennas require a metal ground plane for maximum performance The ground plane typically should have a diameter roughly twice the length of the antenna NOTE Another way of optimizing throughput is by sending non encrypted data through the device Application layer encryption or VPN put a heavy
113. lished tunnel is up Figure 97 IPSec start stop page for GWR HS Router e On the device connected on GWR HS router setup default gateway 192 168 10 1 The Cisco Router configuration version 12 4 service timestamps debug datetime msec service timestamps log datetime msec no service password encryption hostname Cisco Router boot start marker boot end marker username admin password 7 XFEEH4444 X no aaa new model no ip domain lookup Keyring that defines wildcard pre shared key crypto keyring remote pre shared key address 0 0 0 0 0 0 0 0 key 1234567890 ISAKMP policy crypto isakmp policy 10 encr 3des authentication pre share group 2 lifetime 28800 I Profile for LAN to LAN connection that references I the wildcard pre shared key and a wildcard identity crypto isakmp profile L2L description LAN to LAN vpn connection keyring remote match identity address 0 0 0 0 Geneko GWR High Speed Router Series 103 l crypto ipsec transform set testGWR HS esp 3des esp sha hmac I Instances of the dynamic crypto map I reference previous IPsec profile crypto dynamic map dynGWR HS 5 set transform set testGWR HS set isakmp profile L2L match address 121 Crypto map only references instances of the previous dynamic crypto map crypto map GWR HS 10 ipsec isakmp dynamic dynGWR HS interface FastEthernet0 0 description WAN INTERFACE ip address 150 160
114. ll blink when connection is active 2 WiFi green LED will blink when WiFi interface is enabled 3 Power status green LED on Power supply Power status LED will blink when the GWR HS Router is in initializing state 4 Signal strength LED indicator e 1070rless dBm Unacceptable 1 LED 107 to 98 dBm Weak 2 LED 98 to 87 dBm Moderate 3 LED 87 to 76 dBm Good 4 LED 76 or better dBm Excellent 5 LED 0 is not known or not detectable running LED Signal strength LED will blink when GPRS EDGE HSPA HSPA LTE connection is not active When connection is active Signal strength LED is on Reset condition will be indicated by blinks of the first and last Signal strength LED When signal quality is not known or not detectable there will be running LED indication Geneko GWR High Speed Router Series 15 User Manual Putting Into Operation Before putting the GWR HS Router in operation it is necessary to connect all components needed for the operation e GSM antenna e Ethernet cable and e SIM card must be inserted And finally device should have powered up using power supply adaptor Power consumption of GWR HS router is 2W in standby and 3W in burst mode SIM card must not be changed installed or taken out while device operates This procedure is performed when power supply is not connected Geneko GWR High Speed Router Series 16 User Manual Declaration of conformity RB General Exonomik HARGOWA
115. mmary Label Description unnels Used This is the number of IPSec tunnels being defined Maximum number of This is the maximum number of tunnels which can be defined tunnels This filed indicates the number of the IPSec tunnel Field shows the Tunnel Name that you gave to the IPSec tunnel This field shows if tunnel is enabled or disabled After clicking on Start button only enabled tunnels will be started Field indicates status of the IPSec tunnel Click on Refresh button to see current status Status i of defined IPSec tunnels This field shows both Phase 1 and Phase 2 details Encryption method DES 3DES AES Enc Auth Grp Authentication method MD5 SHA1 and DH Group number 1 2 5 that you have defined in the IPSec Setup section Field shows the chosen mode of IPSec and options from IPSec Advanced section by Advanced E displaying the first letters of enabled options ocal Group Field shows the IP address and subnet mask of the Local Group emote Group Field displays the IP address and subnet mask of the Remote Group emote Gateway Field shows the IP address of the Remote Device ction Edit This link opens screen where you can change the tunnel s settings ction Delete Click on this link to delete the tunnel and all settings for that particular tunnel 9 a Field displays connection mode of the current tunnel Connection mode Connect IPSec tunnel initiating side in negotiation process Wait IPSec tunnel
116. mputers on your network If you choose to enable the DHCP server option all of the computers on your LAN must be set to obtain an IP address automatically from a DHCP server By default Windows computers are set to obtain an IP automatically To use the GWR HS Router as your network s DHCP server click DHCP Server Tab for DHCP Server setup The GWR HS Router has built in DHCP server capability that assigns IP addresses and DNS servers to systems that support DHCP client capability DHCP Server Parameters DHCP Dynamic Host Configuration Protocol allows individual clients workstations to obtain TCP IP configuration at startup from a server When configured as a server the GWR HS Router provides TCP IP configuration for the clients To activate DHCP server click check box Enable DHCP Server To setup DHCP server fill in the IP Starting Address and IP Ending Address fields Uncheck Enable DHCP Server check box to stop the GWR HS Router from acting as a DHCP server When Unchecked you must have another DHCP server on your LAN or else the computers must be manually configured pie RALES This field specifies the first of the contiguous addresses in the IP address pool IP Ending Address To This field specifies last of the contiguous addresses in the IP address pool Lease Duration This field specifies DHCP session duration time This field specifies IP addresses of DNS server that will be assigned to systems that support DHCP client
117. n Time zone Universal Y Reload Save Figure 43 Date Time Settings configuration page Date Time Settings abel Description Manually Sets date and time manually as you specify it rom time server Sets the local time using the Network Time Protocol NTP automatically This field species Date and Time information You can change date and time by changing parameters Sync Clock With Client Date and time setting on the basis of PC calendar ime Protocol Choose the time protocol ime Server Address Time server IP address Automatically synchronize NTP Setup automatic synchronization with time server Update time every Time interval for automatic synchronization ime Zone Enables daylight saving time and GMT offset based on TZ database ave Click Save button to save your changes back to the GWR HS Router eload Click Reload to discard any changes and reload previous settings Table 24 Date time parameters Geneko GWR High Speed Router Series 66 User Manual Maintenance Diagnostics The GWR HS Router provide built it tool which is used for troubleshooting network problems The ping test bounces a packet of machine on the Internet back to the sender This test shows if the GWR HS Router is able to connect the remote host If users on the LAN are having problems accessing service on the Internet try to ping the DNS server or other machine on network Click Diagnostic tab to provide basic diagnostic tool for
118. n allows usage of OpenVPN tunnel as a default route Tunne Interrdce Pull tunnel interface configuration from server side Configuration Manual configuration OCON MENOLGIE Specify the IP address of the local VPN tunnel endpoint Address e id Specify the IP address of the remote VPN tunnel endpoint Network Topology Specify topology of OpenVPN interfaces NET30 P2P or SUBNET Click Back to return on IPSec Summary screen Click Reload to discard any changes and reload previous settings Click Save to save your changes back to the GWR HS Router After that router automatically goes back and begin negotiations of the tunnels by clicking on the Start button Table 14 OpenVPN parameters Geneko GWR High Speed Router Series 48 User Manual OpenVPN Add New Tunnel Tunnel Number fie 4 Tunnel Name lygilkij Enable OpenVPN Settings Interface Type TUN Authenticate Mode pre shared secret v Encryption Cipher BF CBC 128 bit Hash Algorithm RSA SHA 160 bit v Protocol UDP Port 1194 LZO Compression O NAT Rules O Keep Alive O Max Fragment Size Generate PSK Pre shared Secret O Paste PSK Figure 28 OpenVPN configuration page Local Remote Group Settings Remote Host or IP Adress Redirect Gateway Tunnel Interface Configuration Network Topology Figure 29 OpenVPN network topology Geneko GWR High Speed Router Series 49 User Man
119. ncnos 96 Figure 86 IPSec start stop page for GWR HS Router 7 cccccccccnnnnnonannananannnnnnnonoconononnnnnnnn nono nnnnnnnnncccconnnnnnanan ono nnonnnnnos 96 Figure 87 Network configuration page for GWR HS Router Z cccccnnnocoonnnnnccnnononnnnnccnonnonannnononocnonanonononnnccnnananonanoccos 97 Figure 88 IPSEC configuration page for GWR HS Router Z ooo ccccccnnnoooonnnnnccononooonnnnoncnonnnnnnnnnnocnonnnnnonnnnnoconanannnannnncnos 98 Figure 89 IPSEC configuration page II for GWR HS Router Z ccccnnnnooonnnnnccononoonnnnnoncnonanononnnnoccnnnnnnnnnnnnccnnnnanonnnnnnccos 98 Figure 90 IPSEC configuration page lll for GWR HS Router 2 ccccnnnooonnncccononononnnnnncconanannnnnncccononanononnncccnnnannnnnnnnccos 99 Figure 91 IPSec start stop page for GWR HS Router iii ii a a dass dia 99 Figure 92 IPSec tunnel between GWR HS Router and Cisco Router occccccccccnnnnnnnononononnnnnnnnnoncccnnnnnnnnnnanononnnnnnos 100 Figure 93 Network configuration page for GWR HS RouUteT cccccnnnnnnoonooannnnnonoconononananananononononononononocononannnanonononnnnss 100 Figure 94 IPSEC configuration page for GWR HS ROuUter ccccccsssssscccceeeessssseeeecccesesssssseeeecceeesssseeeeceeeeeesaeeeeeees 102 Figure 95 IPSec configuration page Il for GWR HS Router ooooooccccccnnnooonnnnoccnononannnonocconanononnnnnccnnnnnnnnnnnnccnnnnnnnnnnancccos 102 Figure 96 IPSec configuration page lll for GWR HS Rou
120. ndicates side of IPSec tunnel which sends requests for establishing of the IPSec tunnel If connection mode Wait is selected that indicates side of IPSec tunnel which listens and responses to IPSec establishing requests from Connect side Internet Protocol Security Summary Tunnels used Maximum number of tunnels Add New Tunnel Log level control v Enabled Status Enc Auth Grp Local Group Remote Group Remote Gateway Action Connection mode Ph1 3DES MD5 2 main 10 0 10 0 irm Ph2 3DES MD5 2 ma la zc li Ne oes come ve Reducing the MTU size on the clientside can help eliminate some connectivity problems occurring at the protocol level Start Stop Refresh Recommended MTU size on client side is 1300 Tunnel status description started ipsec is running stopped ipsec is not running or tunnel is not enabled connecting ipsec is trying to establish connection waiting for connection ipsec is waiting for other end to connect established tunnel is up Figure 86 IPSec start stop page for GWR HS Router 1 Click Start button and after that Connect button on Internet Protocol Security page to initiate IPSEC tunnel Geneko GWR High Speed Router Series 96 User Manual e On the device connected on GWR HS router 1 setup default gateway 10 0 10 1 The GWR HS Router 2 configuration e Click Network Tab to open the LAN NETWORK screen Use this screen to configure LAN TCP IP settings Config
121. nnectivity Private Static WAN 7 Public Static WAN 172 30 147 96 150 160 170 1 GWR Cisco 1841 iiini n 4 VAERE PEPINO LAN 192 168 10 1 LAN 10 10 10 1 LAN 192 168 10 x LAN 10 10 10 x cS Gateway 192 168 10 1 Gateway 10 10 10 1 SS Figure 92 IPSec tunnel between GWR HS Router and Cisco Router The GWR HS Routers requirements e Static IP WAN address for tunnel source and tunnel destination address e Dynamic IP WAN address must be mapped to hostname with DynDNS service for synchronization with DynDNS server SIM card must have internet access GSM UMTS APN Type For GSM UMTS networks GWR HS Router connections may require a Custom APN A Custom APN allows for various IP addressing options particularly static IP addresses which are needed for most VPN connections A custom APN should also support mobile terminated data that may be required in most site to site VPNs The GWR HS Router configuration e Click Network Tab to open the LAN NETWORK screen Use this screen to configure LAN TCP IP settings Configure IP address and Netmask IP Address 192 168 10 1 Subnet Mask 255 255 255 0 Press Save to accept the changes Network Network Settings Use the following IP address IP Address 192 168 10 1 Subnet Mask 255 255 255 0 Primary Local DNS Secondary Local DNS Local Gateway Caution Changes to IP address subnet mask and local DNS require a reboot to t
122. nnnnccnnnnnnnonnnnnccnnnnanonnnnnncnos 82 Figure 66 Routing configuration page for GWR HS Router Z ccccnnnncoonnnncccnnnnoonannnoncnonnnannnnnnncconnannnnnnnnccnnnnanonnnnnnccos 83 Figure 67 GRE tunnel between Cisco router and GWR HS Router ooocoooooooocccccccccccccnnnnnnnnnoonnnnnnnnnnnncnnnnnnnnnnnnnnn nn nnnnnnnoos 84 Figure 68 Network configuration Page ccccccccssssssccccccessesssseeeeceeceeessseeeececeseessseeeescceeseesaeeeeceeeseessaseeeeeeseseeaseeeeeees 85 FIGUKE69 GRE CONMGUTALION page sorrisi a 86 Figure 70 Routing configuration PAGE ccccccccessssscccccceeesesssseeeeceeeeeeeesasecececeessaeeeeeceseseesaseeeececeseessseeeseseceeseaaeeeeeees 86 Figure 71 IPSec tunnel between two GWR HS Routers occccccccnnnnnooooononcnononononcccnnnnnnnnnnnn nn nnnnnnnnnnncccnonnnnnnn nono nnnnnnnnns 87 Figure 72 Network configuration page for GWR HS Router 7 cccccnnnnooononnncconononnnnncccnnnonannnononoccnnnnononnnnnccnnananananncnos 88 Figure 73 IPSEC configuration page for GWR HS Router 1 eecccsssscccccccesssssseceeccceesessssaseeceeeeeesssseeeeeeeeeessaeeeeeees 89 Figure 74 IPSec configuration page ll for GWR HS Router 1 ce ecceesssccccceesessssseeecceeessessaeeeecceeseesssaeeeeeeeeeessaseeeeeees 89 Figure 75 IPSec configuration page lll for GWR HS Router 7 cccccnnncononnnncnonononannnonoconanonnnnnnoccnnnnannnnnnncccnnnannnnnnnncnos 90 Figure 76 IPSec s
123. nnnnnnnnnnonannnrnnconnnnnnnnnnnnnnnnnnnnnnrnnnnnnnnnnnnnnnnrnnnnnnnanininnoss 23 SETEINGS NETWORK A 24 SETTINGS DHCP SERVERiaisdcundersdasvodesdiueesudadsiatectenshcnsdecbalsudadsratasccustasndadbataaddubasadadubehestenstensdedeadocdiutsaexedwvatane 25 SETTINGS WAN SETTING iia a ti ii tia 217 SETTINGS WIRELESS A aa AA AE A AAA AAA A AA Raced tenen 31 SETTINGS S ROUTING sd A nda 33 PORTON ITINERANTE AAA A 34 SEMNGS DYNAMIC ROUTING PROTOCOL a 35 Routing Mtormation Protoco RIP A adenine aiiauetareecuss 35 RIP routing engine for the GWR HS ROUtel sscccccccsssssssccsccesssessscceccesssnssnaesecceseeesaaeseceeseeesaaeeseeesenaaaeesceeseeeeesaaeeseesseegs 36 Virtual Router Reaundancy Protocol VRRP ia 37 SETTINGS VPN Ser MING ii iii 39 Generic Routing Encapsulation GRE ooccccncnnnnnnnnnnnnnnnnnnnnnnnnnnnnnononononnnnnnnnnononnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnos 39 GRE HCCI ING iaa latas 40 Internet Protocol SECURITY IPSOG asycuansaiesntorns 41 OPEN A e o o dl ee 46 Point to Point Tunneling Protocol PP TP lucia dicas baii iii bale 50 Layer TUNMEMMG PFOtOCOl Ez caused ad AT O AAAA 51 SETUNGS FIREWALE 1P ETERNOS AA A rience tile aia baled naa Cle ie Aa 53 SETTINGS FIREWALL MAG FILTERING catan at ion 54 IZ TAC Si ares cate O O 55 SETHINGS DYND NS inca 56 SE FRINGS SERIA ORT ei yiGiet sincroetbinted air ooo 58 Serial port Over TCP UDP Setting cios iii int cias 58 Modbus Gateway settings alas 60 SIVIS SIMS REMO
124. nnnos 119 Figure 124 Transparent serial connection cccssssssssssncceeeeeecceeeeessesesessseaaaeeeeeeeeeeeeeeeseseneeesaaaaaeeeeeeeeeeesseeeseeeeeegs 120 Figure 125 GWR HS Serial port Settings ccccnnnnnocoooononccnnnnnoconononannnononnnnnnnnnnnnnnnnnnnnnnnnn non nnnnnnnnnnnnnnnnnnnnnnnnn nro nnnnnnnnos 120 Figure 126 GWR HS settings for Serial to IP conversion ccccccnnnnnnnonononananonononoconononananann non nnnnnnnnnccnonononnnnnnn ono nonononoss 121 Figure 127 Virtual COM port application ssssssssssssssssssssssssssssssssssesssssssssesssesssseseesessesessseecesesesceseeecseeceeeeeees 122 Elquires1 28 Settinastor vital COMPO Mr a A e A eae Secaestlacae 122 Foure 129 Firewall example mn ia ii dc 124 Figure 130 Initial firewall configuration ON GWR HS ooooooccccccccononananananananononononoconononaconannnnnnnnnnnnnnnccnoonnnnanannn non nnnnnnnss 124 Fig Gres Eltering OF Telnet did 125 FIGUKe 132 Filtening O CMP Tal Ei ad d 126 Roure 133 AllOWING IGMP TAN A A A A ok vapatonaeiaes 126 Figure 134 PSEC IRE W ail PUES ci a A autun dee est aaa idee 127 FIGURE 135 ANOWING WEB ACCESS ll alas e ale add 128 Figure 136 Outbound rule for WEB aCC SS ceeceesssscccceessesscceecceessessaeeecceeeseesseeeecceesesesaaeeeeeeeesessaaeeeeeeeeeeeesaeeeeeees 129 FIGULe 137 Complete firewall CONMIGO UN ATION enne at bat a ai 130 Figure 138 Configuration page for SMS ManagGeMeNt
125. o you must start it first That accomplishes configuration of the GWR HS regarding establishing the OpenVPN and routing through it Implementation You start Open VPN tunnel on server side by right click on the icon in notification bar You choose Open VPN tunnel Server1 and click Connect The same procedure repeat for Server2 and Server3 Connect servers Servers view Log Proxy Settings Edit Conti About Change Password Exit Figure 119 Starting OpenVPN application When OpenVPN tunnel is up on the Open VPN server you should get following notification y Serverl is now connected Assigned IP 2 2 2 1 Figure 120 OpenVPN status on PC On the GWR HS side status of the OpenVPN tunnel should be established No Name Enabled Status Auth Mode Advanced F Figure 121 OpenVPN status on GWR HS Portforwarding example Portforwarding feature enables access to workstations behind the router and redirecting traffic in both traffic flow directions inbound and outbound Direction is selected by interface PPPO for inbound WAN gt ETHO and brO for outbound traffic ETHO gt WAN In the following example there are three types of access to LAN network enabled every workstation with different service allowed from the outside LAN is accessed through the WAN IP of the router Second and forth rule have additional limitation per source IP address of the incoming packets The forth defined access flow is
126. of the L2TP interface Default 1446 for bridged or 1488 for Layer 3 tunnel Edit is used to edit selected tunnel from the table Delete Delete is used to delete selected tunnel from table Reload Reload is used to discard any changes and reload previous settings Save Save is used to create new or save changes to existing tunnel Table 16 L2TP parameters Geneko GWR High Speed Router Series 92 User Manual Settings Firewall IP Filtering TCP IP traffic flow is controlled over IP address and port number through router s interfaces in both directions With firewall options it is possible to create rule which exactly matches traffic of interest Traffic can be blocked or forward depending of action selected It is important when working with firewall rules to have in mind that traffic for router management should always be allowed to avoid problem with unreachable router Firewall rules are checked by priority from the first to the last Rules which are after matching rule are skipped abel Description Firewall General Settings nable This field specifies if Firewall is enabled at the router Add New Rule Applies configured rules to router mn Firewall rules Firewall rules are evaluated from the top down The first rule to match is executed immediately and the rest are skipped Description of applied rule This field specifies if rule is enabled in the firewall There are three options available in this se
127. om 1 to 1024 In case of reaching defined data traffic limit one of two possible actions will be performed SIM1 SIM2 data limit 1 Switch SIM switches network connection from the SIM card on which data traffic limit has been reached to another SIM card 2 Disconnect disconnects network connection over the SIM card on which data traffic limit has been reached Displays amount of traffic that has been transferred over SIM card from the moment of enabling SIM data limit option In order to refresh the displayed value in the Current traffic field please click on Refresh Geneko GWR High Speed Router Series 28 User Manual Reset current traffic Click on Reset resets a value of the current traffic to zero value Reset current traffic value on specified day of the month Every month on the specified day a value of the current traffic will be reset to zero The day of reset is specified by ordinal number Displays data related to mobile connection current WAN address uptime connection status Click Reload to discard any changes and reload previous settings Click Save to save your changes back to the GWR HS Router Click Switch SIM try to establish the connection using the other SIM card Click Refresh to see updated mobile network status Click Connect Disconnect to connect or disconnect from mobile network Table 5 WAN parameters Figure 18 shows screenshot of GSM UMTS tab configuration men
128. on Protocol IP Comp IP Payload Compression is a protocol that reduces the size of IP datagram Select this option if you want the Router to propose compression when it initiates a connection When DPD is enabled the Router will send periodic HELLO ACK messages to check the status of the IPSec tunnel this feature can be used only when both peers or IPSec Dead Peer Detection devices of the IPSec tunnel use the DPD mechanism Once a dead peer has been DPD detected the Router will disconnect the tunnel so the connection can be re established Specify the interval between HELLO ACK messages how often you want the messages to be sent The default interval is 20 seconds Both the IPSec initiator and responder must support the mechanism for detecting the NAT Traversal NAT router in the path and changing to a new port as defined in RFC 3947 NOTE NAT T function is enabled by default and cannot be disabled The default interval for keep alive packets is 20 seconds The initial contact status message may be used when one side wishes to inform the other that this is the first SA being established with the remote system The receiver of this Notification Message might then elect to delete any existing SA s it has for the sending system under the assumption that the sending system has rebooted and no longer has access to the original SA s and their associated keying material NOTE Send initial contact function is enabled by default and cannot be
129. onnect is selected that indicates side of IPSec tunnel which sends requests for establishing of the IPSec tunnel If connection mode Wait is selected that indicates side of IPSec tunnel which listens and responses to IPSec establishing requests from Connect side Internet Protocol Security Summary Tunnels used 1 Maximum number of tunnels 5 No Name Log level control v Enabled Status Enc Auth Grp Advanced Local Group Remote Group Connection mode waiting for Ph1 3DES7 MD5 2 aggressive 10 0 10 0 r lila tunel yes wating on Ph2 3DES MD5 2 na 192188101 255 255 2550 112984 Reducing the MTU size on the client side can help eliminate some connectivity problems occurring atthe protocol level Start Stop Recommended MTU size on client side is 1300 Tunnel status description started ipsec is running stopped ipsec is not running or tunnel is not enabled connecting ipsec is trying to establish connection waiting for connection ipsec is waiting for other end to connect established tunnel is up Figure 81 IPSec start stop page for GWR HS Router 2 Click Start button and after that Wait button on Internet Protocol Security page to initiate IPSEC tunnel e On the device connected on GWR HS router 2 setup default gateway 192 168 10 1 Geneko GWR High Speed Router Series 93 Scenario 2 User Manual Router 1 and Router 2 presented in the Figure 64 are configure
130. ons of Serial port opens up additional options available for configuration Serial Port E Serial Port Settings General Settings Disable all O Serial port over TCP UDP settings O Modbus gateway settings Status stopped Reload Save Figure 36 Serial Port Settings initial menu Serial port over TCP UDP settings The GWR HS Router provides a way for a user to connect from a network connection to a serial port lt provides all the serial port setup a configuration file to configure the ports a control login for modifying port parameters monitoring ports and controlling ports The GWR HS Router supports RFC 2217 remote control of serial port parameters Serial Port over TCP UDP Settings The unit and attached serial device such as a modem must agree on a speed or baud rate to use for the serial connection Valid baud rates are 300 1200 2400 4800 9600 19200 38400 57600 or 115200 Indicates the number of bits in a transmitted data package Checks for the parity bit None is the default The stop bit follows the data and parity bits in serial communication It indicates the Stop bits mn end of transmission The default is 1 Flow control manages data flow between devices in a network to ensure it is Flow control processed efficiently Too much data arriving before a device is prepared to manage it causes lost or retransmitted data None is the default Protocol Choose which protocol to use
131. or SNMP traps The default is Both Reload Click Reload to discard any changes and reload previous settings Click Save button to save your changes back to the GWR HS Router and Save enable disable SNMP Table 27 SNMP parameters Geneko GWR High Speed Router Series 76 User Manual Management Logs Syslog is a standard for forwarding log messages in an IP network The term syslog is often used for both the actual syslog protocol as well as the application or library sending syslog messages Syslog is a client server protocol the syslog sender sends a small less than 1KB textual message to the syslog receiver Syslog is typically used for computer system management and security auditing While it has a number of shortcomings syslog is supported by a wide variety of devices and receivers across multiple platforms Because of this syslog can be used to integrate log data from many different types of systems into a central repository System Logger Syslog Status Disable Local syslog O Remote local syslog Status stopped Local Syslog Log ta syslog file size KB Event log Enable syslog saver Save log every hours Remote Syslog Service server IP service protocol Service port User defined Default 514 Figure 58 Syslog configuration page The GWR HS Router supports this protocol and can send its activity logs to an external server Syslog Settings Descr
132. ors in D Dropps in O Bytes out 392745 Packets out 3943 Errors out 0 Dropps out O Name ethO Type Ethernet MAC 00 1E 5C 00 43 84 MTU 1500 Bytes in 4474537 Packets in 343916 Errors in 0 Dropps in 0 Bytes out 412629 Packets out 4051 Errors out 0 Dropps out O Servers Information DHCP DNS Server status started Access Point status stopped NAT status started Interface Statistics Figure 10 Network Information Status DHCP DHCP Information Tab provides information about DHCP clients with IP addresses gained from DHCP server MAC addresses expiration period and lease status DHCP DHCP Active IP Table IP Address MAC Address Expires O 192 168 539 128 00 1e 5c 00 42 9b Thu Jan 2 13 14 27 2014 Figure 11 DHCP Information Status WAN Information WAN Information Tab provides information about GPRS EDGE HSPA HSPA LTE connection and traffic statistics WAN information menu has three submenus which provide information about GPRS EDGE HSPA HSPA LTE mobile module manufacturer and model Mobile operator and signal quality Mobile traffic statistics in bytes Screenshot of WAN information from the router is shown in Figure 12 Geneko GWR High Speed Router Series 21 User Manual WAN Information Mobile Information Modern Manufacturer Modern Model Modem Serial Number Revision Mobile Connection Sierra Wireless Incorporated MC7710 358178042166555 SVVI9200X 03 05 24 00ap r5792 carmd en 10527 2013
133. ou specific password for each SIM card This field specifies APN Specifies the type of connection router will try to establish There are eight available options Automatic LTE preferred UMTS 3G only GSM 2G only UMTS 3G preferred GSM 2G preferred GSM and UMTS only LTE only and finally LTE UMTS GSM Password This field specifies Dial String for GSM UMTS LTE modem connection initialization In most cases you have to change only APN field based on parameters obtained from Dial String Geneko GWR High Speed Router Series 2 User Manual Mobile Provider This field cannot be altered PIN enabled Option used when SIM card is locked with PIN code Enable Roaming By enabling this option router will be able to connect to roaming network Option that allows a user to lock a SIM card for a desired operator by specifying PLMN Enable operator locking id of the operator This option is very useful in border areas since you can avoid roaming expenses r Number of unsuccessful connection attempts after which router switches to second Number of retries SIM Check this field in order to enable failover feature This feature is used when both SIM are enabled You specify the amount of time after which Failover feature brings down current WAN connection SIM2 and brings up previous WAN connection SIM1 IEN Keep connection alive after Do not exit after a connection is terminated Instead try to Persistent connection reo
134. outer You can use static routing to allow different IP domain users to access the Internet through the GWR HS Router Static routing is a powerful feature that should be used by advanced users only In many cases it is better to use dynamic routing because it enables the GWR HS Router to automatically adjust to physical changes in the network s layout The GWR HS Router is a fully functional router with static routing capability Figure 20 shows screenshot of Routing page Routing Routing Table Settings Current static routes _ DestNetwork Netmask Gateway Metric Interface 127 0 0 0 255 0 0 0 0 lo 192 168 40 0 255 255 255 0 j EN Apply the following static routes to the routing table Enable Dest Network Netmask Gateway Metric Interface Action ECC a IO A E Forwarding Enable Network Address Translation NAT Forward TCP UDP connections from external networks to the following internal devices Enable Protocol Interface Source IP Source Netmask Destination IP Destination Netmask Destination Port Forward to IP Forward to port Action Destination Port can also be defined as a range e g 2025 2027 which means destination ports are 2025 2026 and 2027 Reload Save Figure 20 Routing configuration page Use this menu to setup all routing parameters Administrator can perform following operations e Create Edit Remove routes including def
135. outer to send and receive packets from only one version use the following command router rip version 1 2 Same as other router Enable route redistribution router redistribute kernel Redistribute routes defined on WEB interface router redistribute static Redistribute routes defined locally in RIP configuration router redistribute connected Redistribute directly connected routes Disable RIP update optional Geneko GWR High Speed Router Series 36 router passive interface ppp_0 router no passive interface ppp_0 User Manual RIP is commonly used over Ethernet interface and PPP interface should be set up as passive Routing protocols use several timer that determine such variables as the frequency of routing updates the length of time before a route becomes invalid an other parameters You can adjust these timer to tune routing protocol performance to better suit your internetwork needs Use following command to setup RIP timer router timers basic UPDATE INTERVAL INVALID TIMEOUT GARBAGE COLLECT router no timers basic Configure interface for RIP protocol router interface greX router ip rip send version VERSION router ip rip receive version VERSION Disable rip authentication at all interface Router interface no ip rip authentication mode md5 text Debug commands router debug rip router debug rip events router debug rip packet router terminal monitor Virtual Route
136. over the link and if all 4 are returned keep alive remains in standard ping proofing mode If two or more of 4 packets are dropped keep alive activates ADVANCED ping proofing ADVANCED ping proofing is second step in link quality detection Advanced ping proofing sends 5 ping packets in short period of time and gives statistic how much packets are dropped for example if 4 packets are dropped ping lost is 80 If this value is defined as 100 for example that means only if all packets are dropped action will be performed switch SIM or PPP restart Value which is entered here depends on that how many Geneko GWR High Speed Router Series 131 User Manual packets can be tolerated to lose on the link For example if value 60 is entered 2 packets of 5 40 are lost keep alive is returned to step one standard ping proofing with no action performed If PPP should be restarted only when all packets are dropped defined value should be 100 In following example keepalive is enabled on both SIM cards Action defined is SWITCH SIM so router will change SIM card when link failure is detected Settings are following SIM1 Ping target 8 8 8 8 Ping interval 120 Advanced ping interval 10 Advanced ping wait for response 5 Maximum number of failed packets 80 Keepalive action switch SIM SIM2 Ping target 212 62 32 1 Ping interval 120 Advanced ping interval 10 Advanced ping wait for response 5 Maximum number of failed packets 40
137. p Ola Passwora the GWR HS Router New password for GWR HS Router Your password must have 20 or fewer characters and cannot contain any space Confirm Password Re enter the new password to confirm it New Password EnableRADIUS Activation or deactivation of function for authentication via remote RADIUS server Authentication Enable or disable usage of this radius server Remote radius server IP address or hostname Remote RADIUS server port Remote RADIUS server shared secret Remote RADIUS server timeout in seconds 1 60 Bind HTTP to specified port Bind HTTPS to specified port ind HTTP and HTTPS to specified port WEB session timeout Click Save button to save your changes back to the GWR HS Router Click Reload to discard any changes and reload previous settings Table 23 Router Management Geneko GWR High Speed Router Series 65 User Manual Maintenance Date Time Settings To set the local time select Date Time Settings using the Network Time Protocol NTP automatically or Set the local time manually Date and time setting on the GWR HS Router are done through window Date Time Settings Date Time Settings Current Date and Time Date 2014 06 02 Time 15 16 04 Date and Time Setup Update router date and time Manually O From time server Date 2014 w s 06 w f 02 Time 1s lie mj 14 ml Time protocol Time server address Automatically synchronize NTP Update time every mi
138. pe IP Only v IP Address 172 29 8 5 Remote ID Type IPAddress Remote Security Group Type IP v IP Address 192168101 Figure 73 IPSEC configuration page for GWR HS Router 1 IPSec Setup Key Exchange Mode IKE with Preshared key Mode aggressive Y Phase 1 DH Group Group2 1024 Phase 1 Encryption 3DES v Phase 1 Authentication MDS v Phase 1 SA Life Time 26800 sec Perfect Forward Secrecy Phase 2 DH Group Groupe 10249 Phase 2 Encryption 3DES v Phase 2 Authentication MD5 Phase 2 SA Life Time 3600 sec 1234567890 Preshared Key Figure 74 IPSec configuration page ll for GWR HS Router 1 NOTE Options NAT Traversal and Send Initial Contact are predefined Geneko GWR High Speed Router Series 89 User Manual Failover IKE SA Retry Restart PPP After IKE SA Retry Exceeds Specified Limit O Enable Tunnel Failover Ping IP Or Hostname Ping Interval sec Packet Size Advanced Ping Interval sec Advanced Ping Wait For A Response sec Maximum Number Of Failed Packets Advanced O Compress Support IP Payload Compression Protocol IPComp C Dead Peer Detection DPD sec NAT Traversal send Initial Contact Figure 75 IPSec configuration page lll for GWR HS Router 1 Click Start button on Internet Protocol Securi
139. pen the connection PERDO Gier ranea Reboot after n consecutive failed connection attempts connections Enable SIM1 SIM2 Make some traffic periodically in order to maintain connection active You can set keepalive keepalive interval value in minutes This field specifies the target IP address for periodical traffic generated using ping in Ping target eee order to maintain the connection active Pinginterval hi field specifies ping interval for keepalive option Advanced ping interval This field specifies the time interval of advanced ping proofing Advanced ping WaitIor This field specifies the timeout for advanced ping proofing a response Maximum number of This field specifies maximum number of failed packets in percent before keepalive failed packets action is performed This menu provides a choice between two possible keepalive actions in case maximum number of failed packets is exceeded If Switch SIM option is selected router Keepalive action will try to establish the connection using the other SIM card after the maximum number of failed packets is exceeded If Current SIM option is selected router will only restart the PPP connection Per e IZ gata Enable traffic data limit per SIM Defines maximum data amount transferred over SIM card When traffic limit is reached Traffic limit SIM card cannot be longer used for network connection Traffic limit can be defined in units of KB from 1 to 1024 MB from 1 to 1024 or GB fr
140. ple number 9 is selected Additionally to these 11 rules two more rules are enabled Allow already established traffic priority number 2 Reject all other traffic priority number 22 After all rules are configured and saved button APPLY RULES in bottom right corner should be selected to activate traffic filtering When all 13 rules from this example is configured firewall should look like this Geneko GWR High Speed Router Series 129 User Manual 171 Help 212 62 38 196 212 62 38 220 212 62 38 210 212 62 38 210 O imartace a Allow ALL from local LAN Allow alraa0y established trafic Deny TELNET on ppp_0 Deny PING to Allow HTTP on Rule Firewall General Settings Firewall Rules Add New Firewall Y Enable i unreachable REJECT all other tramo e el Add New Rule Figure 137 Complete firewall configuration SMS management example GWR HS routers can be managed over the SMS messages Commands from the SMS are executed on the 130 Geneko GWR High Speed Router Series User Manual router with status report sent back to the sender On the picture below are settings for SMS management where three mobile phone numbers are allowed to send commands to the router over first SIM card In this example management over SIM2 is not enabled Please have in mind that router can receive messages only on SIM card which is currently selected This information is displayed in WAN settings page Mo
141. ponses to IPSec establishing requests from Connect side Internet Protocol Security Summary Tunnels used 1 Maximum number of tunnels 5 Add New Tunnel Log level control v No Name Enabled Status Enc Auth Grp Local Group Remote Group Remote Gateway IPsec tunnel yes Ph1 3DES MD5 2 main 10 0 10 0 Ph2 3DES MD5 2 A ao NEO Connect Reducing the MTU size on the clientside can help eliminate some connectivity problems occurring at the protocol level Start stop Refresh Recommended MTU size on client side is 1300 Tunnel status description started ipsec is running stopped ipsec is not running or tunnel is not enabled connecting ipsec is trying to establish connection waiting for connection ipsec is waiting for other end to connect established tunnel is up Figure 91 IPSec start stop page for GWR HS Router 1 Click Start button and after that Wait button on Internet Protocol Security page to initiate IPSEC tunnel e On the device connected on GWR HS router 2 setup default gateway 192 168 10 1 Geneko GWR High Speed Router Series 99 User Manual IPSec Tunnel configuration between GWR HS Router and Cisco Router IPSec tunnel is a type of a VPN tunnels with a secure tunneling method On the diagram below Error Reference source not found is illustrated simple network with GWR HS Router and Cisco Router Idea is to create IPSec tunnel for LAN to LAN site to site co
142. provides general information about device type device firmware version kernel version CPU vendor Up Time since last reboot hardware resources utilization and MAC address of LAN port Screenshot of General Router information is shown at Figure 9 Data in Status menu are read only and cannot be changed by user If you want to refresh screen data press Refresh button SIM Card detection is performed only at time booting the system and you can see the status of SIM slot by checking the Enable SIM Card Detection option General Information Router Information Model Name Firmware Version RootFS Version Kernel Version CPU Info Current Time Uptime Total Memory Used Memory Free Memory MAC Address GWR4D2H5WW S 1 0 0 201405161355 00006 201403171250 3 2 0 256 201403171250 ARMyv Processor rev 2 v71 am335xevm 2014 01 01 21 45 36 01 43 06 254084KB 059788KB 194296KB 00 1e 5c 00 43 8a Refresh Figure 9 General router information Status Network Information Network Information Tab provides information about Ethernet port and Ethernet traffic statistics in bytes Screenshot of Network Router information is shown in Figure 10 Geneko GWR High Speed Router Series 20 User Manual Network Information LAN IP Information IP Address 192 168 1 1 Broadcast 192 168 1 255 Netmask 259 2592990 Metric 1 Interface Statistics Name brO Type Bridge MAC 00 1E 5C 00 43 8A4 MTU 1500 Bytes in 3183387 Packets in 32483 Err
143. r Redundancy Protocol VRRP VRRP is a protocol which elects a master server on a LAN and the master answers to a virtual ip address If it fails a backup server takes over the ip address In following screen are represented VRRP settings Virtual Router Redundancy Protocol VRRP settings Enabled O Virtual Router ID Priority 1100 Password hexkey Virtual IP address VRRP Status Status disabled Figure 22 VRRP configuration page Geneko GWR High Speed Router Series Ra se 37 User Manual VRRP abel Description nabled This option is selected to enable VRRP service Virtual Router ID Virtual Router IDentifier VRID 1 255 is the same for all physical routers for virtual router with this ID in the network Routers have a priority of between 1 255 and the router with the highest priority will Priority become the master assword Enter authentication password as hexkey 0 9a fA F Virtual IP address Ip address es of the virtual server eload Click Reload to discard any changes and reload previous settings ave Click Save to save changes Table 10 VRRP parameters Geneko GWR High Speed Router Series 38 User Manual Settings VPN Settings Virtual private network VPN is a communications network tunneled through another network and dedicated to a specific network One common application of VPN is secure communication through the public Internet but a VPN need not have explicit s
144. raw data rate of 11 Mbit s 802 11bg mixed mode operates 802 11 Protocol ata maximum physical layer bit rate of 54 Mbit s or about 22 Mbit s average throughput 802 11bgn mixed mode has a maximum raw data rate of 72 2 Mbit s None disables the use of power save modes and forces chip to remain in Active mode Fast forces chip to remain in Fast Power Save mode where it will enter 802 11 power save mode after 2 seconds of WLAN inactivity Full forces chip to remain in Full Power Save mode where it is always in 802 11 power save mode Auto restores control of Power Save mode to the factory default Beacon Interval This is the time interval between beacon transmissions This value determines the interval of the Delivery Traffic Indication Message DTIM in beacon Intervals The radio preamble is a section of data at the head of a packet The length of the preamble can affect the time it takes to transmit data by increasing the packet overhead Maximum number of clients allowed to connect to Access Point Click Reload to discard any changes and reload previous settings Click Save button to save your changes back to the Geneko Router Whether you make changes or not router will reboot every time you click Save Table 7 Wireless Settings Geneko GWR High Speed Router Series 32 User Manual Settings Routing The static routing function determines the path that data follows over your network before and after it passes through the GWR HS R
145. red on the GWR HS Router WAN GPRS side e Remote Subnet is remote LAN network address and Remote Subnet Mask is subnet of remote LAN Geneko GWR High Speed Router Series 84 User Manual 2 The GWR HS Router requirements e Static IP WAN address e Peer Tunnel Address will be the HQ router WAN IP address static IP address e Remote Subnet is HQ LAN IP address and Remote Subnet Mask is subnet mask of HQ LAN GSM UMTS APN Type For GSM UMTS networks GWR HS Router connections may require a Custom APN A Custom APN allows for various IP addressing options particularly static IP addresses which are needed for most VPN connections A custom APN should also support mobile terminated data that may be required in most site to site VPNs Cisco router sample Configuration Interface FastEthernet 0 1 ip address 10 2 2 1 255 255 255 0 description LAN interface interface FastEthernet 0 0 ip address 172 29 8 4 255 255 255 0 description WAN interface interface TunnelO ip address 10 10 10 2 255 255 255 252 tunnel source FastEthernet0 0 tunnel destination 172 29 8 5 ip route 10 1 1 0 255 255 255 0 tunnelO The GWR HS Router Sample Configuration e Click Network Tab to open the LAN NETWORK screen Use this screen to configure LAN TCP IP settings Configure IP address and Netmask IP Address 10 1 1 1 e Subnet Mask 255 255 255 0 Press Save to accept the changes Network Network Settings Use the following IP addre
146. redirecting all WEB traffic from the local workstation to one outside IP address web authentication server for example Geneko GWR High Speed Router Series 118 User Manual Implemented rules are following 1 Traffic destined to WAN IP by port 5022 is forwarded to workstation 192 168 1 2 and port 22 Result SSH is accessible from the outside to the first workstation 2 Traffic destined to WAN IP by port 8080 is forwarded to workstation 192 168 1 3 and port 80 Result WEB is accessible from the outside to the second workstation This rule is limited only to traffic coming from the 172 16 234 0 24 subnet 3 Traffic destined to WAN IP from port range 300 400 is forwarded to workstation 192 168 1 4 to port 12345 4 WEB traffic from the workstation 192 168 1 5 is forwarded to one outside IP address 212 62 49 109 for example If Source IP and Source Netmask fields are empty stated entry is applied to all incoming packets When PPPO interface is selected Destination IP and Netmask are predefined to WAN IP and subnet 32 and cannot be changed On the following picture are marked traffic flows stated above WEB to authentication e server gt 192 168 1 5 SSH access to 192 168 1 2 192 168 1 2 22 A 5 MP WEB access to 192 168 1 3 2168 13 Bi O i gg ER a Access to 192 168 1 4 1192 168 1 4 12345A Figure 122 Portforwarding example Portforwarding is configured on the ROUTING page s
147. rface for management over WEB interface 5 Allow PING on ppp_0 with DDoS filter ICMP traffic to WAN interface of the router is allowed with prevention of Distributed Denial of service attack Allow RIP protocol 6 Allow RIP on ppp_0 7 Allo RIP on ppp_0 route Allow GRE protocol 8 Allow GRE tunnels on ppp_0 9 Allow GRE Keepalive on ppp_0 Allow IPSec protocol 10 Allow IPSec tunnels on ppp_0 protocol 11 Allow IPSec tunnels on ppp_0 IKE 12 Allow IPSec tunnel on ppp_0 IKE_NATt Allow OpenVPN protocol 13 Allow OpenVPN tunnels on ppp_0 UDP 14 Allow OpenVPN tunnels on ppp_0 TCP 15 Allow SNMP on ppp_0 SNMP requests are allowed to be sent to the router over WAN interface 16 Allow MODBUS on ppp_0 MODBUS conversion over default port UDP 502 is permitted 17 REJECT all other traffic All packets which are not stated as ACCEPT in previous rules are denied If this rule is not enabled all packets which are not stated as DROP REJECT are permitted Geneko GWR High Speed Router Series 123 User Manual In following example 8 traffic flows are defined under firewall rules In the picture presented with green are marked permitted packets and with red blocked Incoming traffic Firewall Telnet IMP E IPSec WEB to authentication server SSH Access from LAN WEB E FTP ee Figure 129 Firewall example Firewall is enabled in SETTINGS gt FIREWALL page Page for firewall configuration is presented in the
148. ring Settings Wireless for GWR HSW router type Table 6 Advanced WAN Settings This option is used for enabling Wireless local coverage Router can work in Access Point AP mode to collect wireless clients or in Station mode where router is connected as wireless client to other router In following figure are represented wireless settings Wireless Wireless Settings DTIM Preamble Max Stations Made Station cc SSID Authentication Type WPA2 PSK Y Passphrase Show Passphrase Ol Channel 602 11 Protocol Advanced Wireless Settings Power Save i Beacon Interval ms 100 range 151000 range 1 255 Service Status DHCP DNS Server status started NAT status started Access Point status stopped station status stopped Figure 19 Wireless configuration page Each field is described in the table below Wireless Settings Mode Select for enabling wireless Access Point or Station SSID is a case sensitive up to 32 alphanumeric characters length name that identifies a wireless network Choose Wi Fi Protected Access II Pre shared key mode recommended or Open SSID Authentication Type Password for WPA2 PSK Input from 8 to 63 printable characters Select one from list of legally allowed Wireless LAN channels using IEEE 802 11 or Channel Auto for automatic channel selection access Geneko GWR High Speed Router Series 31 User Manual 802 11b has a maximum
149. s IP addressing options particularly static IP addresses which are needed for most VPN connections A custom APN should also support mobile terminated data that may be required in most site to site VPNs The GWR HS Router 1 configuration e Click Network Tab to open the LAN NETWORK screen Use this screen to configure LAN TCP IP settings Configure IP address and Netmask IP Address 192 168 4 1 e Subnet Mask 255 255 255 0 e Press Save to accept the changes Network Network Settings Use the following IP address IP Address 192 168 4 1 Subnet Mask 255 255 255 0 Primary Local DNS Secondary Local DNS Local Gateway Caution Changes to IP address subnet mask and local DNS require a reboot to take effect Caution Use local gateway option carefully Router becomes unreachable from local subnet when this option is enabled Figure 61 Network configuration page for GWR HS Router 1 e Use SIM card with a static IP address obtained from Mobile Operator Note the default gateway may show or change to an address such as 10 0 0 1 this is normal as it is the GSM UMTS provider s network default gateway Geneko GWR High Speed Router Series 80 User Manual Click WAN Settings Tab to configure parameters necessary for GSM UMTS connection All parameters necessary for connection configuration should be required from mobile operator Check the status of GSM UMTS connection WAN Settings
150. script settings Advanced chat settings for ppp connection Auto reconnect or manual Selection between automatic and manual re connection GSM UMTS keepalive Keepalive messages for link state detecting User friendly WEB GUI HTTP based CLI e SSH Remote management over SSH e telnet Remote management over Telnet o serial Trafficand eventlog RADIUS client Authentication via remote RADIUS server Ping utility Settings backup Export of configuration Factory default settings External taster and configuration application Table 2 GWR HS Router features OpenVPN Geneko GWR High Speed Router Series 12 User Manual Product Overview Front panel On the front panel Figure 2 the following connectors are located one RJ45 connector Ethernet port for connection into local computer network one RJ45 connector for RS232 serial communication reset button one USB connector for connection of additional device Power supply connector Ethernet connector LED e ACT yellow on Network traffic detected off when no traffic detected e Network Link green LED on Ethernet activity or access point engaged RST Figure 2 GWR HS Router front panel The Reset button can be used for a warm reset or a reset to factory defaults Warm reset If the GWR HS Router is having problem connecting to the Internet press and hold the reset button for a second using the tip of a pen Reset to Factory Default To restore the
151. ser e Command line interface Default access method is by web interface This method provides administrator full set of privileges for configuring and monitoring the router Configuration administration and monitoring of the GWR HS Router can be performed through the web interface The default IP address of the router is 192 168 1 1 Another method is by command line interface This method has limited options for configuring the GWR HS Router but still represents a very powerful tool when it comes to router setup and monitoring Another document deals with CLI commands and instructions Device configuration using web application The GWR HS Router s web based utility allows you to set up the Router and perform advanced configuration and troubleshooting This chapter will explain all of the functions in this utility For local access to the GWR HS Router s web based utility launch your web browser and enter the Router s default IP address 192 168 1 1 in the address field A login screen prompts you for your User name and Password Default administration credentials are admin admin If you want to use web interface for router administration please enter IP address of router into web browser Please disable Proxy server in web browser before proceed y Geneko GWR ROUTER CONFIGURATION CONSOLE HARDWARE Username Password Copyright 2008 Geneko All rights reserved Figure 8 User authentication After suc
152. ss IP Address 10 1 1 1 Subnet Mask 255 255 255 0 Primary Local DNS Secondary Local DNS Local Gateway Caution Changes to IP address subnet mask and local DNS require a reboot to take effect Caution Use local gateway option carefully Router becomes unreachable from local subnet when this option is enabled Reload Save Figure 68 Network configuration page e Use SIM card with a dynamic static IP address obtained from Mobile Operator Note the default gateway may show or change to an address such as 10 0 0 1 this is normal as it is the GSM UMTS provider s network default gateway e Click WAN Settings Tab to configure parameters necessary for GSM UMTS connection All parameters necessary for connection configuration should be required from mobile operator e Check the status of GSM UMTS connection WAN Settings Tab If disconnected please click Connect button Click VPN Settings gt GRE Tunneling to configure new VPN tunnel parameters Enable yes Local Tunnel Address 10 10 10 1 Local Tunnel Netmask 255 255 255 252 Unchangeable always 255 255 255 252 Geneko GWR High Speed Router Series 85 User from remote LAN should be able to communicate with HO LAN VPN Settings GRE Tunnel Source 172 29 8 5 Tunnel Destination 172 29 8 4 KeepAlive enable no Period none Retries none Press ADD to put GRE tunnel rule into VPN table Press Save to accept the changes G
153. t you used for Phase 1 but both ends of the IPSec tunnel must use the same Phase 2 DH Group Phase 2 is used to create one or more IPSec SAs which are then used to key IPSec sessions Select a method of encryption NULL DES 56 bit 3DES 168 bit or AES 128 128 bit It determines the length of the key used to encrypt or decrypt ESP packets Phase 2 Encryption AES 128 is recommended because it is the most secure Both ends of the IPSec tunnel must use the same Phase 2 Encryption setting NOTE If you select a NULL method of encryption the next Phase 2 Authentication method cannot be NULL and vice versa Select a method of authentication NULL MD5 or SHA1 The authentication method determines how the ESP packets are validated MD5 is a one way hashing algorithm that produces a 128 bit digest SHA1 is a one way hashing algorithm that produces a Phase 2 Authentication 160 bit digest SHA1 is recommended because it is more secure Both ends of the IPSec tunnel must use the same Phase 2 Authentication setting NOTE If you select a NULL method of authentication the previous Phase 2 Encryption method cannot be NULL Phase 2 SA Life Time Configure the length of time an IPSec tunnel is active in Phase 2 The default is 3600 seconds Both ends of the IPSec tunnel must use the same Phase 2 SA Life Time setting This specifies the pre shared key used to authenticate the remote IKE peer Enter a key of keyboard and hexadecimal characters e g Ay
154. tart stop page for GWR HS Router 7 cccccccccnnnnnnanonananannnnnnnnnoconononananano nono nnnnnnononccononnnnannnn nono nononnnos 90 Figure 77 Network configuration page for GWR HS Router Z cccccnnnnoooonnncccnononannnoncnonanannnnnnnnncconnnononnnnnccnnnnnnnanncnos 91 Figure 78 IPSEC configuration page for GWR HS Router 2 cccccsssssccccceeessssseeeecceeesessnsaseeceeeseessseeeeeeeeeeessaaeeeeeees 92 Figure 79 IPSec configuration page ll for GWR HS Router 2 cccccnnnoooooncncccnonanonannnoncnonannnnnnnnocconnnnnnnnnnncccnananannnnnoncos 92 Figure 80 IPSec configuration page lll for GWR HS Router Z occccnnnooononcnccnnnononannnonoconanonnnnnnnccnonnnnnnnnnncccnnnnnnnnnnnncnos 92 Figure 81 IPSec start stop page for GWR HS Router Z ccccccccnnnnnnnnonananananonnnonococononnnanann nono nnnnnnnnonocononnnnnann ono nnnnnnnnos 93 Figure 82 Network configuration page for GWR HS Router 7 occccnnnonooonnnoccnononnnnnnncnonanonnnnnnnnoccnnnnnnnnnnnnccnnanannnnnnncos 94 Figure 83 IPSEC configuration page for GWR HS Router 1 oo ccccccnnnooonannnoccnononannnnnoncconnonanonnnncconnnnnnnnnnnccnnnnnnnnnnnnnnnos 95 Figure 84 IPSEC configuration page II for GWR HS Router 7 cccccnnnonononnnoccnonononannnoncnonanannnnnnocnonnnnnononnncccnnnanonnnnnnccos 96 Figure 85 IPSEC configuration page III for GWR HS Router 1 cccnnnnnononnncccnononanannnoncnonnnnnnnnnnnccononnnonnnnncccnnnanonnnnn
155. ted in the previous steps some of the following options will be available for configuration Selection between TCP in server or client mode and UDP protocol in connect or wait Protocol mode TCP UDP port Depending on the selected protocol port number should be specified LZO Compression Check the box to enable fast adaptive LZO compression NAT Rules Enables NAT through the tunnel Keep Alive Check the box if you want to use keepalive Ping Interval This field specifies the target IP address for periodical traffic generated using ping in Geneko GWR High Speed Router Series 47 User Manual OS order to maintain the connection active Ping Timeout This field specifies ping interval for keepalive option Generate or Paste the Pre shared Secret You have an additional option to Export the Pre shared Secret PSK If you select UDP protocol whether in connect or wait mode you must specify Max Max Fragment Size Fragment Size default is 1300 bytes If you prefer to keep fragmentation disabled enter 0 Renegotiate interval Specify renegotiate interval if username password is selected as authentication method CA Certificate Specify the CA Certificate Local Certificate Specify the local certificate Local Private Key Specify the local private key DH Group Choose the DH Group from the following 786 bits 1024 bits 1536 bits 2048 bits Amore OSE OENE Specify server IP address or hostname Address Redirect Gateway This optio
156. ter oo occccccnnnooonncnoconononancnonocononononnnnnocononnnnnnnnncccnnnannnnnnnnonos 103 Figure 97 IPSec start stop page for GWR HS ROUt8T ccccccccccnnnnnnonanananananonononococonononannnn nono nnnnnnnnnnnnononnnnnnnnn nro nnnnnnnnss 103 Figure 98 IPSec tunnel between GWR HS Router and Cisco Router occcccccccccnnnnonononononnnnnnnnnnnnccnnnnnnnnananonnnnnnnnos 105 Figure 99 Network configuration page for GWR HS RoOUteT cccccnnnnnnoonononnnononoconononanananan nono nnnnnonononococonononnnnnnnnnnnnos 106 Figure 100 IPSEC configuration page for GWR HS ROUteT ooooooooccccnonooononcnocononononnnonocconnnononononnnccnnnnnnnnnncccnnnanonnnanncnos 107 Figure 101 IPSec configuration page Il for GWR HS Router cccccnnncooonnnncccnnonoonnnnnocconananononnnccnnnnnnnnnnnncccnanannnnnnnncnos 107 Figure 102 IPSec configuration page lll for GWR HS Router cccccnnnonononnncccnononannnnnccononannnnnnnocnnnnnnnnnnnncccnnnnnnnnnnnnncos 107 Figure 103 IPSec start stop page for GWR HS Router c ooooooooocncccccccccnoconananananonononnnnnnonononononnnanann non nnnnnnnnncccccnnnananannnn ns 108 Figure 104 Network Interfaces Suennen EA E E AOA ATE EAT OAE EATE i 109 Figure 105 Network Interfaces Edit nishansi a a E ATEA E A NA 109 Figure 106 AutoKey Advanced GatewWay cccccccccnnnnnonoonononnnnnnnnnnncncnnnnnnnnnnnn ono nnnnnnnnnnnnnnnnnnnnnnnnnn nro nnnnnnnnnnnnnnnnnnnnnnnnnnns 110 Figure 107 Gatew
157. testing network connectivity Insert valid IP address in Hostname box and click Ping Every time you click Ping router sends four ICMP packets to destination address Before using this tool make sure you know the device or host s IP address Diagnostics III Ping Utility Ping the IP address of a device in order to communicate with it IP Address 192 168 1 20 Average response time is 2 6ms Average response time is 1ms Average response time is 1 2ms Average response time is 1 8ms Response Figure 44 Diagnostic page Maintenance Update Firmware You can use this feature to upgrade the GWR HS Router firmware to the latest version If you need to download the latest version of the GWR HS Router firmware please visit Geneko support site Follow the on screen instructions to access the download page for the GWR HS Router If you have already downloaded the firmware onto your computer click Browse button on Update firmware Tab to look for the firmware file After selection of new firmware version through Browse button mechanism the process of data transfer from firmware to device itself should be started This is done by Upload button The process of firmware transfer to the GWR HS device takes a few minutes and when it is finished the user is informed about transfer process success NOTE The Router will take a few minutes to upgrade its firmware During this process do not power off the Router or press the Res
158. tity Settings configuration page Maintenance Administrator Password By Administrator Password Tab it is possible to activate and deactivates device access system through Username and Password mechanism Within this menu change of authorization data Username Password is also done Administer Password Tab window is shown on Figure 42 NOTE The password cannot be recovered if it is lost or forgotten If the password is lost or forgotten you have to reset the Router to its factory default settings this will remove all of your configuration changes Geneko GWR High Speed Router Series 64 User Manual Administrator Password Password Enable Password Authentication User Name New Password lsssssssss Confirm Password Radius Authentication O Enable Radius Authentication Enable mle Server Port Shared secret Timeout 1 60 O 1812 3 1812 3 O 1812 13 WEB Access O HTTP O HTTPS HTTP HTTPS HTTP port 180 HTTPS port 1443 WEB idle timeout 115 min Reload Save Figure 42 Router Management configuration page Administrator Password abel Description Enable Password By this check box you can activate or deactivate function for authentication when Authentication you access to web console application Username This field specifies Username for user administrator login purpose Old password configured on router The default is admin when you first power u
159. traffic destined for a specific port port range or GRE IPsec protocol from the cellular interface to a private IP address on the Ethernet side of the GWR HS Router Geneko GWR High Speed Router Series 34 User Manual Settings Dynamic Routing Protocol Dynamic routing performs the same function as static routing except it is more robust Static routing allows routing tables in specific routers to be set up in a static manner so network routes for packets are set If a router on the route goes down the destination may become unreachable Dynamic routing allows routing tables in routers to change as the possible routes change Routing Information Protocol RIP The Routing Information Protocol RIP is a dynamic routing protocol used in local and wide area networks As such it is classified as an interior gateway protocol IGP using the distance vector routing algorithm The Routing Information Protocol provides great network stability guaranteeing that if one network connection goes down the network can quickly adapt to send packets through another connection Click RIP Tab to open the Routing Information Protocol screen Use this screen to configure the GWR HS Router RIP parameters Figure 21 Routing Information Protocol Routing Manager Hostname Router Password zebra Enable log O Port to bind at O User defined i Default 2601 RIPD Hostname ripd Password zebra Port to
160. tup Local Security Gateway Type SIM card Local ID Type IP Address IP Address From SIM 1 WAN connection is established over SIM 1 Local Security Group Type Subnet IP Address 10 0 10 0 Subnet Mask 255 255 255 0 e Remote Group Setup Remote Security Gateway Type IP Only IP Address 172 29 8 5 Remote ID Type IP Address Remote Security Group Type IP IP Address 192 168 10 1 e IPSec Setup Key Exchange Mode IKE with Preshared key Mode aggressive Geneko GWR High Speed Router Series 88 User Manual e Phase 1 DH group Group 2 e Phase 1 Encryption 3DES e Phase 1 Authentication MD5 e Phase 1 SA Life Time 28800 e Perfect Forward Secrecy true e Phase 2 DH group Group 2 e Phase 2 Encryption 3DES e Phase 2 Authentication MD5 e Phase 2 SA Life Time 3600 e Preshared Key 1234567890 e Failover e Enable Tunnel Failover false e Advanced e Compress Support IP Payload Compression Protocol IPComp false e Dead Peer Detection DPD false e NAT Traversal true e Send Initial Contact true Device 2 Device Tunnel Add New Tunnel Tunnel Number i Tunnel Name IPsec tunnel Enable Local Group Setup Local Security Gateway Type SiM Card v Local ID Type IPAddress IP Address From SM1 e Local Security Group Type Subnet IP Address 10 0 10 0 Subnet Mask 255 255 255 0 Remote Group Setup Remote Security Gateway Ty
161. tures Short description DHCP Server e Static lease reservation DHCP Server support e Address exclusions The Routing Information Protocol is a dynamic routing protocol used in local and wide area networks VRRP protocol Increases the availability and reliability of routing VRRP i paths via automatic default gateway WiFi for GWR402HSW models WiFi interface with two modes supported Access point and Station IP forwarding IP TCP UDP packets from WAN to LAN DMZ support DMZ host is a host on the internal network that has all ports exposed PP except those ports otherwise forwarded Simple Network Management Protocol is used in network management systems to monitor network attached devices for conditions that warrant administrative attention NTP RFC1305 Mai Time Protocol is a protocol for synchronizing the clocks Client for various dynamic DNS services This is a small utility for updating your host name for the any of the dynamic DNS service offered at http www ez ip net http www justlinux com http www dhs org http www dyndns org http www ods org http www dyn ca http www tzo com http www easydns com http www dyns cx http www zoneedit com http www no PAT IP filtering MAC filtering The serial server will perform conversion from Modbus TCP to Modbus RTU allowing polling by a Modbus TCP master The Modbus IP Serial Gateway carries out translation between Modbus TCP and Modbus RTU Th
162. twork 192 168 1 0 Netmask 200 209 299 0 Primary DNS Secondary DNS None None O Used by ISP O Used by ISP O User defined O User defined Static Lease Reservations IP addresses that will be dedicated to specific DHCP Client based on MAC address Enable IP Address MACAddress Action nE a el A Address Exclusions Exclude these address from the DHCP IP address pool Enable Stan Address End Address Action e rs DHCP Server Settings Y Enable DHCP server Status DHCP DNS Server status started MAC Address format KIKIKI The IP address pool must specify addresses that are in the subnetwork of the Geneko Router The DHCP server will not operate if this configuration does not meet this requirement Reload Save FA reservation IP address must not be the same asthe IP address of the DHCP server itself lt must be a valid IP address in the subnetwork of the DHCP server The DHCP server will ignore a reservation that does not meet these requirements An IP address exclusion range must specify valid IP addresses in the subnetwork of the DHCP server The DHCP server will ignore an exclusion that does not meet this requirement Figure 17 DHCP Server configuration page Geneko GWR High Speed Router Series 26 User Manual Settings WAN Setting Click WAN Settings Tab to open the Wireless screen Use this screen to configure the GWR HS Router GPRS EDGE HSPA HSPA LTE parameters Figure 18
163. ty page to initiate IPSEC tunnel NOTE Firmware version used in this scenario also provides options for Connection mode of IPSec tunnel If connection mode Connect is selected that indicates side of IPSec tunnel which sends requests for establishing of the IPSec tunnel If connection mode Wait is selected that indicates side of IPSec tunnel which listens and responses to IPSec establishing requests from Connect side Internet Protocol Security Summary Tunnels used 1 Maximum number of tunnels 5 Add New Tunnel Log level No Name Enabled Status Enc Auth Grp Local Group Remote Group Remote Gateway Action Connection mode Ph1 3DES MD5 2 aggressive 10 0 10 0 Ph2 3DES MD5 2 Na 256 256 2560 192108101 172285 Delete Connex Reducing the MTU size on the clientside can help eliminate some connectivity problems occurring at the protocol level Start Stop Refresh Recommended MTU size on client side is 1300 Tunnel status description started ipsec is running stopped ipsec is not running or tunnel is not enabled connecting ipsec is trying to establish connection waiting for connection ipsec is waiting for other end to connect established tunnel is up Figure 76 IPSec start stop page for GWR HS Router 1 Click Start button and after that Connect button on Internet Protocol Security page to initiate IPSEC tunnel e On the device connected on GWR HS router 1 setup default gateway 10 0
164. u GSM UMTS menu is divided into two parts e Upper part provides all parameters for configuration GSM UMTS connection These parameters can be obtained from Mobile Operator Please use exact parameters given from Mobile Operator e Bottom part is used for monitoring status of GSM UMTS connection create maintain destroy GSM UMTS connection Status line show real time status connected disconnected If your SIM Card credit is too low the GWR HS Router will performed periodically connect disconnect actions WAN Settings advanced Label This field specifies if Advanced WAN settings is enabled at the GWR HS Router Accept Local IP Address With this option pppd will accept the peer s idea of our local IP address even if the local IP address was specified in an option Accept Remote IP With this option pppd will accept the peer s idea of its remote IP address even if the Address remote IP address was specified in an option Idle time before Specifies that pppd should disconnect if the link is idle for n seconds The link is idle disconnect sec when no data packets are being sent or received Refuse PAP With this option pppd will not agree to authenticate itself to the peer using PAP Require PAP Require the peer to authenticate using PAP Password Authentication Protocol authentication Refuse CHAP With this option pppd will not agree to authenticate itself to the peer using CHAP Require CHAP Require the peer to authenticate using CHA
165. ual Point to Point Tunneling Protocol PPTP The Geneko Router can be used as a PTPP Point to Point Tunneling Protocol client PPTP uses a control channel over TCP and a GRE tunnel operating to encapsulate PPP packets Point to Point Tunneling Protocol Client PPTP Client Status _No Enabled Name Server Network Netmask Domain Username Encryption Debug Status Action 1 yes Test 1722723456 10 0 0 0 255 255 255 0 geneko rs admin yes yes down Reload PPTP Tunnel Settings Number 12 Enabled O Tunnel name PPTP server IP address or hostname Remote network Remote netmask Domain Username Password Encryption Persist O Maxfail 110 Debug O Figure 30 PPTP configuration page VPN Settings PPTP Tunneling Parameters Label Number Description Selected tunnel number Number of PPTP tunnels is limited to 5 Option for tunnel enabling unnel Name Unique tunnel identifier IPv4 address of remote PPTP server or Hostname emote network After the tunnel is established route to this network will be added emote netmask etmask of remote subnet to route WN ome PPTP servers require domain name for authentication sername to authenticate local user to remote server C Username assword assword to authenticate local user to remote server This option should be leaved enabled to use default MPPE Microsoft
166. ult reset System will be reset after pressing Restore button Default Settings Settings Be carefull when restoring factory default settings The factory settings will clear all current settings and reboot the system LU Keep network settings Figure 48 Default Settings page Maintenance System Reboot If you need to restart the Router Geneko recommends that you use the Reboot tool on this screen Click Reboot to have the GWR HS Router reboot This does not affect the router s configuration Reboot System Reboot Click reboot button if you want to reboot the system The reboot process need about 1 minute to complete Figure 49 System Reboot page Geneko GWR High Speed Router Series User Manual Management Command Line Interface CLI command line interface is a user text only interface to a computer s operating system or an application in which the user responds to a visual prompt by typing in a command on a specified line and then receives a response back from the system In other words it is a method of instructing a computer to perform a given task by entering a command The system waits for the user to conclude the submitting of the text command by pressing the Enter or Return key A command line interpreter then receives parses and executes the requested user command On router s Web interface in Management menu click on Command Line Interface tab to open the Command Line Interface settings screen
167. up Figure 46 Export Import the configuration on the router Import Configuration File To import a configuration file first specify where your backup configuration file is located Click Browse and then select the appropriate configuration file After you select the file click Import This process may take up to a minute Restart the Router in order to changes will take effect Export Configuration File To export the Router s current configuration file select the part of the configuration you would like to backup and click Export Opening confFile bkg You have chosen to open ES confFile bkg whichis a BEG File From http 110 0 10 150 What should Firefox do with this file O FlashGot O Save File Figure 47 File download Select the location where you want to store your backup configuration file By default this file will be called confFile bkg but you may rename it if you wish This process may take up to a minute Geneko GWR High Speed Router Series 68 User Manual Maintenance Default Settings Use this feature to clear all of your configuration information and restore the GWR HS Router to its factory default settings Only use this feature if you wish to discard all the settings and preferences that you have configured Click Default Setting to have the GWR HS Router with default parameters Keep network settings check box allows user to keep all network settings after factory defa
168. ure IP address and Netmask IP Address 192 168 10 1 Subnet Mask 255 255 255 0 Press Save to accept the changes Network Network Settings Use the following IP address IP Address 192 168 10 1 Subnet Mask 255 255 255 0 Primary Local DNS Secondary Local DNS Local Gateway Caution Changes to IP address subnet mask and local DNS require a reboot to take effect Caution Use local gateway option carefully Router becomes unreachable from local subnet when this option is enabled Figure 87 Network configuration page for GWR HS Router 2 e Use SIM card with a static IP address obtained from Mobile Operator e Click WAN Settings Tab to configure parameters necessary for GSM UMTS connection All parameters necessary for connection configuration should be required from mobile operator e Check the status of GSM UMTS connection WAN Settings Tab If disconnected please click Connect button e Click VPN Settings gt IPSEC to configure IPSEC tunnel parameters Click Add New Tunnel button to create new IPSec tunnel Tunnel parameters are e Add New Tunnel e Tunnel Name IPsec tunnel e Enable true e IPSec Setup Keying Mode IKE with Preshared key Mode main Phase 1 DH group Group 2 Phase 1 Encryption 3DES Phase 1 Authentication MD5 Phase 1 SA Life Time 28800 Perfect Forward Secrecy true Phase 2 DH group Group 2 Phase 2 Encryption 3DES Phase 2 Authentication MD5
169. www 3grouterstore co uk GWR High Speed Cellular Router Series User Manual version 1 1 Date June 2014 UK SALES 0800 508 8366 User Manual Content LIST OF EGURES donan naaa 4 LISTOF TABLES asada Ea 7 DESCRIPTION OF THE LTE ROUTER SERIES oooococcocccoccconocconoccononccnoncconocconoccononccnoncconocconoccononcnnoncconocconccononcnnoss 8 TAPICALA EO ES E EE E dae de Lada Do 9 TECHNICAE PL ARAMETER Sidi A AAA A A A A A A dla ci 10 PROTOCOLS AND FEATURES oia da de 11 PRODUCT OVERVIEW einnar A n 13 VOR ED ING iaasa rial ellas 13 Ba EPAR a AEAN A A EAN a ds 13 TOO Pan A E E AER O N A E OA EN A 14 PUTTINGINTO OPERATION cuanna is A ti dc 16 DECLARATION OF CONFOR Msi ide 17 DEVICE CONFIGURATION eeoseoossooseesssosssesssesseossseosseooseoseooseoosecosecoseossecosecosecosecosessssosssesssossosssosssesssesssosssesssesseoso 18 DEVICE CONFIGURATION USING WEB APPLICATION occoccoconccconoocononccnoncconoccononcononccnonoconccononcononccnoncconccononcono 18 ADD REMOVE UPDATE MANIPULATION IN TABLES ccececcccecececececesececececececeeueecucucesueeuecececeeueeeueueeeueueueeceeaeeuanaeavanas 19 SAVE RELOAD CHANGES iio 19 STATUS INFORMATION St A A A ia 20 A O E O SPRINT ON AN I 20 Status NetWork INTORMAtI ON scr A da 20 Stats OAC Parlante eiii aiana 21 Status WAN INTO NAO A ets eabs 21 A A anes bree e 22 SUSS ROE Seann a a a a a a a a 23 Status Router Monitoring cccccccncnnnonnnonononononnccnnnononon
170. xit WEB traffic is permitted only to 212 62 38 210 from LAN This rule is example of traffic filtering in direction from inside to outside New rule should be added by selecting ADD NEW RULE button Policy should be configured in following way Rule name Allow HTTP from LAN Enable selected Chain FORWARD Service HTTP Geneko GWR High Speed Router Series 128 User Manual Protocol TCP Port 80 Input interface ethO Output interface ppp_0 Source address Any Destination address Any Packet state NEW Policy ACCEPT Configuration is shown in following picture Firewall Rules Firewall Rule Basics Rule name Allow HTTP from LAN Enable Firewall Rule Settings Chain FORWARD v Service HTTP lt j Protocol TCP Port 80 Input interface eth Output interface ppp_0 v Source address Any Inverted source address rule logic Destination address An iv Inverted destination address rule logic Packet state NEW v Policy ACCEPT v Distributed Denial Of Service O Enable Maximum average matching rate Maximum initial number of packets to match Figure 136 Outbound rule for WEB access After configuration is finished SAVE button should be selected and user is returned to main configuration page Priority of rule is changed by selecting number in drop down menu In this exam
Download Pdf Manuals
Related Search