User Manual - Terminal Systems
Contents
1. Application Application the port is used with Figure 10 COM port settings 2 2 4 1 _COM1 Properties e Application Application the port is used with e Work as Configure this end as server or client e Server address Destination IP address or name e TCP redirector port Port to listen on e Bits per second Choose the speed to use e Data bits Choose the data bits e Parity Choose the parity e Stop bits Choose the stop bits e Flow control Choose the flow control SSV Remote Access Gateway User Manual Revision 1 2 Menu Items System 2 2 5 Remote Access In this section you can configure the settings for the SSH server OpenSSH configuration Enable Disable service Enable or disable OpenSSH service or Port to listen on Key regeneration interval sec 600 Interval until the key will be regenerated Permit empty passwords Allow or deny empty user passwords FANE Eu 4 Generate new SSH hostkey Generate Change password for user root New password Enter your new root password Confirm new password Confirm your new root password Confirm password change OK button will change your password Figure 11 Remote access settings 2 2 5 1 OpenSSH configuration e Enable Disable service Enable or disable the OpenSSH service e Port Enter the port to listen on e Key regeneration interval sec Enter the time interval in seconds for the key re generation e Permit emp2. 2 1 Status The Status page shows some information about the device like name time or IP addresses Status System status System host name System name ADNP9200 System Network System location SSV Embedded Systems Location information Contact support ssv embedded de Contact information Time and date Fri 16 04 2010 15 57 53 Current time and date of this system Services Proxies DNS e Filetransfer Telnet SSH others Logout Status LAN1 IP address 192 168 0 75 Current device IP address Subnet mask 255 255 255 0 Current subnet mask of the local network MAC address 02 80 AD 2 1 32 34 Physical media address Status LAN2 IP address 192 168 1 126 Current device IP address Subnet mask 255 255 255 0 Current subnet mask of the network MAC address 02 80 AD 2 1 32 35 Physical media address Current 1st DNS server address Primary DNS server 192 168 0 4 Status route Current default gateway Default gateway 192 168 0 4 Figure 5 Status page of the SSV Remote Access Gateway SSV Remote Access Gateway User Manual Revision 1 2 KA Menu Items System 2 2 System In this section you can configure the basic settings of the device like host name time and administration 2 2 1 System Identification Enter a host name and the location of the device and some contact information The settings in this section are used for certificates System identification
3. Upload self created rules Figure 38 Firewall and NAT rules preconfigured sets e All incoming ports closed VPN allowed Best protection for the VPN server e Selective ports allowed This configuration opens more application ports e User configured script below Upload own firewall rules 2 4 6 3 System specific ports allowed on WAN interface In this subsection you can simply allow or disallow which services may be accessed from unsafe WANs like Internet or GPRS UMTS e VPN server VPN server e SSH access Remote access with SSH e Telnet access Remote access with Telnet e HTTP server Web server access o HTTPS server Secure web server access e Web proxy Access to HTTP proxy ports e FTP proxy Access to FIP proxy ports e TCP proxy Access to TCP proxy ports Telnet SSH others e Web ConfigTool This web configuration site e IPsec IPsec connection SSV Remote Access Gateway User Manual Revision 1 2 EI Menu Items Services See F 2 4 6 4 User specific ports allowed on WAN interface User defined 1 M port Protoco upp TCP User defined 3 l port Protoco up TCP Figure 39 Firewall and NAT rules preconfigured sets User specific ports allowed on WAN interface It is possible to define up to five specific ports for the WAN interface e User defined X Click on the checkbox to enable the port Enter the port number and choose the protocol 2 4 6 5 ICMP prot
4. Enable DynDNS service vi Enable or disable DynDNS service DynDNS service provider generic MM Host FQDN ssv dyndns org Click here for available domain names Update period How often the IP is checked Not running Client status Figure 33 DynDNS configuration e Enable DynDNS service Enable or disable the DynDNS service e DynDNS service provider Choose a DynDNS service provider from the dropdown menu e Host FQDN Enter the full hostname Click on the link here for available do main names e Update period Choose from the dropdown menu how often the IP address is checked e Status Shows the current client status 2 4 4 2 Change DynDNS username and password Change DynDNS username and password New password CCC Enter your new DynDNS password Confirm new password lsocce Sid Confirm your new DynDNS password Figure 34 DynDNS username and password e Username Enter a DynDNS username e New password Enter your new DynDNS password e Confirm new password Confirm your new DynDNS password 2 4 4 3 Notification to webserver after ipaddress changes Notification to webserver after ipaddress changes Enable Notify E Enable or disable notify itiprifwwwserverde Enter full host name Server request icqi bin notity Enter complete request Figure 35 Notification to web server after IP address changes e Enable Notify Enable or disable the notification e Notify to host En
5. SSV Remote Access Gateway Web Config Tool User Manual ADNP 9200 Configuration Local area network configuration Network configuration for LAN1 10 100 MBit Status System Network Enable Disable interface LAN Enable or disable interface LAN1 Device configuration through DHCP server Manual device configuration at e WW wa Vi kb SX WK S WW d Sf S Obtain an IP address automatically Use the following IP address Modem IP address DA n n DA on n DA n n i ii n Services Hd i S d 3 S A piee mM R CO id Bue lt Proxies Logout Enable isable alias IP address Network configuration for LAN2 10 100 Mbps Enable Disable interface LANZ a DNS configuration x Use a DNS server address Fe LO Mm ao co Primary DNS server e Secondary DNS server Tertiary DNS server D UU JI JI Default gateway configuration Use a gateway address Vi Default gateway 192 1 168 L0 WEI SSV Software Systems GmbH Dunenweg 5 D 30419 Hannover Phone 49 0 511 40 000 0 Fax 49 0 511 40 000 40 Document Revision 1 2 E mail sales ssv embedded de Date 2011 01 21 FOR FURTHER INFORMATION REGARDING OUR PRODUCTS PLEASE VISIT US AT WWW SSV EMBEDDED DE CONTENT 1 INTRODUCTION eeeegeeeeeeeg gege ege ege gege 4 E CONV e ere e E E E E E EN eh ogee 4 Le ACM Tay OG E a E E E E dees ent
6. ADNP9200 Enter a device host name ss Embedded Systems Enter the location of device support ssv embedded de Enter contact information Figure 6 System identification settings 2 2 2 System Management System management Reboot system REBOOT REBOOT will shutdown and restart Halt system HALT HALT will shutdown System configuration Configuration download DOWNLOAD Download device configuration Durchsuchen Upload device configuration Configuration upload Figure 7 System management settings 2 2 2 1 System Management e Reboot System Click on REBOOT to shutdown and restart the system Please note You will see the message Rebooting the system The reboot process takes about one minute After that time open the login page and enter your password e Halt System Click on HALT to shutdown the system Please note If the device is shutdown there is no possibility to boot the system from the distance 2 2 2 2 System Configuration e Configuration download Click on DOWNLOAD to save the system configura tion e Configuration upload Click on the button to upload a system configuration Click on OK to save the configuration To use the new configuration the system must be rebooted Please note You should download and save the system configuration before chang ing any settings So the system can be restored if there was a problem 8 SSV Remote Access Gateway User Manual
7. e g port 80 for HTTP e Listen on port Enter a port number 2 5 1 4 SSL certificate SSL certificate Create SSL certificate Fingerprint MD5 70 18 85 6A F8 EA B4 9B 4F 74 4B EA C9 D2 95 A0 Fingerprint SHA1 D6 3C 1B E4 3E 47 83 1F E5 18 76 F7 77 09 C0 FE 8C 95 7 1 7D Figure 44 SSL certificate e Create SSL certificate Click on Create to generate a new SSL certificate e Fingerprint MDS Shows the current MD5 fingerprint e Fingerprint SHA1 Shows the current SHA1 fingerprint SSV Remote Access Gateway User Manual Revision 1 2 27 Menu Items Proxies 2 5 2 DNS In this section you can configure the DNS proxy server settings These settings are only nec essary if the system is configured as a router on LANT 2 5 2 1 General configuration Enable Disable proxy vi Figure 45 General configuration Enable Disable proxy Enable or disable the DNS proxy server e Status Shows the current server status 28 SSV Remote Access Gateway User Manual Revision 1 2 Menu Items Proxies 2 5 3 Filetransfer In this section you can configure the FTP proxy server settings 2 5 3 1 General configuration e Enable Disable proxy Enable or disable the proxy server 2 5 3 2 Proxy redirections Proxy redirections 1 redirection FIP 22101 lt gt 192 168 0 1 21 Figure 46 Proxy redirections This section shows the current FTP proxy redirections Click on edit to change
8. 00 00 mm om openvpn 1056 openypn 1056 openvypn 1056 openvpn 1056 openvpn 1056 openvpn 1056 openvpn 1056 openvpn 1056 openvpn 1056 openvpn 1056 openvpn 1056 openvpn 1056 openvpn 1056 openvpn 1056 openvypn 1056 openvpn 1056 openvpn 1056 openvpn 1056 remoteaccess openvpn 1056 openvpn 1056 openvpn 1056 openvpn 1056 openvpn 1056 openvpn 1056 openvpn 1056 openvpn 1056 openvpn 1056 openvpn 1056 a oo E Figure 13 Log file view Data Channel MTU parms L 1573 D 1450 EF 41 EB 4 ET 32 EL 0 a Local Options hash VER V4 2cSObd2c Expected Remote Options hash VER V4 UDPv4 link local undef UDPv4 link remote 192 166 3 74 1701 TLS Error TLS key negotiation failed to occur within 60 seconds check yo TLS Error TLS handshake failed TCP UDP Closing socket SIGUSRi soft tls error received process restarting Restart pause 2 second s IMPORTANT OpenVPN s default port number is now 1194 based on an official Re using SSL TLS context Control Channel MTU parna L 1573 D 138 EF 38 EHO ET O ELO Data Channel MTU parms L 1573 D 1450 EF 41 EB 4 ET 32 EL O Local Options hash VER V 4 2cSObd2c Expected Remote Options hash VER V4 UDPv4 link local undef UDPv4 link remote 192 166 3 74 1701 Oddbb6e3 Oddbb6e3 New ssh keys created TLS Error TLS key negotiation failed to occur within 60 seconds check yo TLS Error
9. DNS server address Secondary DNS server e i Enter 2nd DNS server address Tertiary DNS server 3 IT e S IT e Enter 3rd DNS server address Figure 16 DNS configuration e Use a DNS server address Enable the DNS server e Primary DNS server Enter the first DNS server IP address e Secondary DNS server Enter the second DNS server IP address e Tertiary DNS server Enter the third DNS server IP address 2 3 1 4 Default gateway configuration Default gateway configuration Use a gateway address vi Set default gateway Default gateway o a Enter default gateway address Figure 17 Default gateway configuration e Usea gateway address Enable the default gateway e Default gateway Enter the default gateway IP address SSV Remote Access Gateway User Manual Revision 1 2 WER Menu Items Network 2 3 2 Modem In this section you can configure the modem settings Please note This section is only usable if a modem is configured in COM ports or network on LAN2 2 3 2 1 Modem configuration e Modem type The dropdown menu offers six different operation modes lt None gt lt Analog gt lt ISDN gt lt GPRS gt lt UMTS gt and lt DSL gt e Check modem Click on Check modem to test the connection with an existing modem In case of aGPRS UMTS modem the SIM card and the Quality of Service QoS are also tested 2 3 2 2 ISP settings Modem configuration ISP
10. Revision 1 2 Menu Items System 2 2 0 Time and Date In this section you can set the system time and date manually or automatically via NTP 2 2 3 1 Local Time zone Configuration e Time zone Choose your time zone from the dropdown menu 2 2 3 2 Time and Date Configuration Local timezone configuration Timezone CET Europe Berlin Choose your timezone Time and date configuration Time Figure 8 Manual time settings e Manual Click on this radio button to set your time and date manually e Date Enter the current date YY YY lt month gt DD e Time Enter the current time HH MM SS Local timezone configuration Timezone CET Europe Berlin e Choose your timezone Time and date configuration Manual Set your time and date manually Via NTP service Get time and date via NTP service Ze Primary NTP server O O Enter address of an NTP server Secondary NTP server Choose an NTP server Time synchronize interval Choose synchronize interval NTP server test Figure 9 Time settings via NTP service e Via NTP service Click on this radio button to get time and date via an NTP service e Primary NTP server Enter the address of an NTP server You can leave this field empty and only use the secondary NTP server e Secondary NTP server Choose an NTP server from the dropdown menu e Time synchronize interval Choose the time synchronization interval e NTP server test Click o
11. must be used if the server works be hind a NAT router e g a DSL modem with port forwarding e Port Enter the port to listen on e VPN compression Enable or disable the VPN compression e Client mode Choose the client mode lt Roadwarrior gt or lt Bridging gt e Network Enter the IP address for Clients e OpenVPN bridge IP Establish a connection to the Web ConfigTool It is recom mended to use the same IP address like LAN1 e Start IP address range Enter the start IP address of an IP address pool e End IP address range Enter the end IP address of an IP address pool e Subnet mask Enter the subnet mask of the IP address pool 2 4 2 4 OpenVPN certificates and keys The following settings are for the OpenVPN client mode OpenVPN certificates and keys Status root CA certificate ca cit Currently root CA certificate Status client key client 1 key Currently used client key Status client certificate client 1 crt Currently used client certificate Import key or certificates Durchsuchen bag single file or configuration Figure 23 OpenVPN client certificates and keys e Status root CA certificate Click on Info to see the currently used root CA cer tificate e Status client key Click on Info to see the currently used client key e Status client certificate Click on Info to see the currently used client certificate e Import Key or certificates Import a single file of a root certificate a clie
12. settings Authentication method smew ER e Confirm password Verify the entered password Figure 18 ISP settings for UMTS modem Please note The ISP settings depend on the choice of the modem type e Provider Choose your Internet Service Provider ISP e Authentication method Choose an authentication method for the ISP e MSN number Enter your ISDN MSN phone number e Dialing phone number Enter the phone number to the ISP e SIM PIN Enter the PIN for your SIM card e Confirm SIM PIN Verify the entered SIM PIN e Quality of Service Profile QSP from the ISP e APN Enter the ISP Access Point Name e Login name Enter the username given to you from the ISP e Password Enter the password given to you from the ISP e Confirm password Verify the entered password SSV Remote Access Gateway User Manual Revision 1 2 Menu Items Network 2 3 2 3 Connection settings Connection settings Disconnect type Disconnect Figure 19 Connection settings e Connect type The dropdown menu offers following connection types lt Manual gt lt System start gt and lt on demand gt e Disconnect type The dropdown menu offers following disconnection types lt Man ual gt lt Timeout gt and lt Always reconnect gt e Idle timeout Disconnect the system after a certain idle time e Max timeout Disconnects the system after a certain time Please note Connections over a GPRS UMTS modem can
13. the redirec tion settings or click on delete to remove the redirection 2 5 3 3 Create Edit a redirection entry Edit redirection entry 1 ev Figure 47 Editing a redirection entry Create a new redirection entry or change an existing redirection by clicking on edit in the section Proxy redirections above e Relay to Enter the IP address and port number typ port 21 for FTP e Listen on port Enter the port number SSV Remote Access Gateway User Manual Revision 1 2 20 Menu Items Proxies 2 5 4 Telnet SSH others In this section you can configure the Telnet SSH or other TCP based proxy server settings 2 5 4 1 General configuration e Enable Disable proxy Enable or disable the proxy server 2 5 4 2 Proxy redirections Proxy redirections 1 redirection TELNET 12304 lt gt 192 168 0 4 23 Figure 48 Proxy redirections This section shows the current Telnet redirections Click on edit to change the settings or click on delete to remove the Telnet redirection 2 5 4 3 Create Edit a redirection entry Edit redirection entry 1 Figure 49 Editing a redirection entry Create a new redirection entry or change an existing redirection by clicking on edit in the section Proxy redirections above e Relay to Enter the IP address and port number e g port 22 for SSH port 23 for Telnet e Listen on port Enter a port number 30 SSV Remote Access G
14. TLS handshake failed TCP UDP Closing socket SIGUSRi soft tls error received Restart pause 2 second s IMPORTANT OpenV PN s default port number is now 1194 based on an official Re using SSL TLS context Control Channel MTU parms L 1573 D 136 EF 38 EB O ETO EL 0 Jj Data Channel MTU parms L 1573 D 1450 EF 41 EB 4 ET 32 EL 0 Local Options hash VER V4 2cSObd2c m D C ga D m D process restarting Irem san m a gn sg e ey h gt Download and save log as file SSV Remote Access Gateway User Manual Revision 1 2 ER Menu Items Network 2 3 Network In this section you can configure the LAN and modem settings 2 3 1 LAN In this section you can configure the settings for LAN1 and LAN2 2 3 1 1 Network configuration for LAN1 Network configuration for LAN1 10 100 MBit Enable Disable interface LAN1 Enable or disable interface LAN1 Device configuration through DHCP server Obtain an IP address automatically Use the following IP address Manual device configuration IP address 92 e oe Device IP address m255 P t fo Subnet mask of the local network Enable or disable alias IP address om Enable Disable alias IP address Figure 14 LANI settings e Enable Disable interface LAN1 Enable or disable interface LAN e Obtain an IP address automatically Device configuration through DHCP server e Use the following IP address Manual device configuration e IP address IP address
15. ateway User Manual Revision 1 2 Menu Items Logout 2 6 Logout Just click on Logout to finish the current session SSV Remote Access Gateway User Manual Revision 1 2 AR Helpful Literature 3 HELPFUL LITERATURE e DIL NetPC ADNP 9200 hardware reference manual CONTACT SSV Software Systems GmbH Diinenweg 5 D 30419 Hannover Phone 49 0 511 40 000 0 Fax 49 0 51 1 40 000 40 E mail sales ssv embedded de Internet www ssv embedded de Forum www ssv comm de forum DOCUMENT HISTORY Revision Date PT emarks Name 1 0 2010 05 25 First version Web ConfigTool Build 4098 WBU det 2010 10 11 Changed cover picture WBU 1 2 2011 01 21 Changed Introduction WBU The content of this document can change any time without announcement There is taken over no guarantee for the accuracy of the statements The user assumes the entire risk as to the accuracy and the use of this document Information in this document is provided as is without warranty of any kind Some names within this document can be trademarks of their respective holders 2011 SSV Software Systems GmbH All rights reserved 32 SSV Remote Access Gateway User Manual Revision 1 2
16. be very cost intensive Please refer to the prices of your provider before connecting the modem for a long time or with high volume traffic 2 3 2 4 DNS server and gateway configuration DNS server and gateway configuration Use automatic static or other DNS ar DNS address E fy Enter IP for primary nameserver Automatic replaces an existing gateway Figure 20 DNS configuration e DNS The dropdown menu offers following settings lt Automatic gt lt Static gt and lt None gt e DNS address Enter the IP address for the primary name server e Gateway lt Automatic gt replaces an existing gateway lt Dynamic gt adds a new gate way only if no other gateway exists SSV Remote Access Gateway User Manual Revision 1 2 17 Menu Items Services 2 4 Services In this section you can configure services like OpenVPN IPsec and DynDNS 2 4 1 General In this section you can enable or disable the general services 2 4 1 1 General service configuration e Telnet server Enable or disable the Telnet server e FTP server Enable or disable the FTP server e Time server Enable or disable the time server e HTTPS Web server Enable or disable the HTTPS web server e Webconfig Enable or disable Web ConfigTool e SSV ConfigTool Enable or disable the external SSV ConfigTool This tool is only available on demand Please contact therefore our support team 2 4 2 OpenVPN In this section you can configure
17. cccccceeessaaaaeeesssseeeeeeeeeeeeeeeeeeeeaaas 14 De Wee DNS CON e e ascitic saclay r T E E TS 15 2 3 1 4 Default gateway configuration 2 0 ccccccccccnsssssseessseeeeeececcececeeeeeeaaaaesssssseseeeeeeeeeeeseeeeaaaas 15 se MO E 16 E ET 16 e RE KE 16 DO 2 SOMME CUOU SENES Eege 17 2 3 2 4 DNS server and gateway Configuraton 17 E EE 18 2 E e 18 2 4 1 1 General service configeuraton n EE E E EEEE EEEa 18 Ge ON EN a E E E 18 i OPONEN Oli OU e 18 See OpenVPN chent conti onra deed 18 24 2 3 Open VPN Server COMMUTATION eener GeeegeEeged deed deeg 19 2424 OpenVPN Cerilicales E 19 24 2 53 Open VPN create certificates eserse er eE EEEE EEEE 20 2 4 2 6 OpenVPN export certfcates 20 2 SSV Remote Access Gateway User Manual Revision 1 2 2A RI 21 De Soden EENEG 21 22 Ne re e E 21 E EN 21 Die EE EE 22 2 4 3 5 Configuration of this side PIPL c ccccc cccsscceesssasasessasseescaceadecceacteceserctiacsseessensasaedecceactaceees 22 2 4 3 6 Configuration of other side ef 22 E MMMM ee tea arse denice TE E E beet cee E aes oic E E E 23 2 4 4 1 DynDNS COMMUTATION 20 00 ss0ssiseessasacnceedcencdedesenducssineetasanndendscnedenessnbucetedeseadasansncodseendeden 23 2 4 4 2 Change DynDNS username and password ccssssceeeeeecceceeeeeeaeaeeeesesesseeeeeeeeeeeeeeeeeaaas 23 2 4 4 3 Notification to webserver after ipaddress changes nne0sssssssooooeeereeerersssessssssssssseeresreee 23 Pig DACP EE 24 DA
18. col Connection protocoll Protocoll Choose protocoll and topology Server or client Choose side of NAT Virtual private IP ranges may occur behind a NAT device Authentification Choose mode Figure 28 IPsec connection protocol e Protocol Choose the connection protocol and topology from the dropdown menu e Server or client Choose the side of the NAT from the dropdown menu e Virtual private Enter the IP ranges which may occur behind the NAT device e Authentication Choose the authentication mode from the dropdown menu 2 4 3 3 IPsec shared keys IPsec shared keys Passphrase Secret shared key Confirm passphrase Confirm secret shared key Figure 29 IPsec shared keys e Pass phrase Enter the pass phrase for the secret shared key e Confirm pass phrase Confirm the pass phrase for the secret shared key SSV Remote Access Gateway User Manual Revision 1 2 AR Menu Items Services 2 4 3 4 IPsec certificates and keys IPsec certificates and keys Root CA certificate Wed Apr 28 18 23 48 2010 Currently used root CA certificate Host certificate Wed Apr 28 18 23 48 2010 Currently used host certificate Wed Apr 28 18 23 48 2010 Currently used host key Figure 30 IPsec shared Keys e Root CA certificate Click on download to save the currently used root CA cer tificate Click on Info to see the currently used root CA certificate e Host certificate Click on download to save the
19. currently used host certificate Click on Info to see the currently used host certificate e Host key Click on Info to see the currently used host key 2 4 3 5 Configuration of this side right Configuration of this side right Identifire Enter identifire for this side RSA Key and certificate Click to create new key and cert RSA signatur key View signatur of RSA key Figure 31 Configuration of this side right e Identifier Enter an identifier for this side e Key and certificate Click on Create to generate a new key and certificate e RSA signature key Click on View to see the signature of the RSA key 2 4 3 6 Configuration of other side left Configuration of other side left OsAwEAAdhXcdLatQcp5 InGlFNrow3Y W30s9F P7n G3f 4 b Figure 32 Configuration of other side left RSA signatur key e Address Enter an IP address or full hostname for the other side e Identifier Enter an identifier for the other side e RSA signature key Enter the signature of the RSA key from the output of the command ipsec show host key left on the IPsec server Please note The signature key is a very long text file Please put it in as one single line without any line breaks 22 SSV Remote Access Gateway User Manual Revision 1 2 Menu Items Services 2 4 4 DynDNS In this section you can configure the DynDNS settings 2 4 4 1 DynDNS configuration DynDNS configuration
20. d afterwards A reboot is not necessary e Cancel Restores old settings but only if the changes were not already saved o soy coca Figure 2 Main buttons of the SSV Remote Access Gateway SSV Remote Access Gateway User Manual Revision 1 2 5 Introduction Important Information Please note Some settings are only visible if the appending function is enabled The figures 3 and 4 illustrate this behaviour The OpenVPN service is disabled so no settings are shown OpenVPN configuration Enable Disable OpenVPN C lt i Enable or disable OpenVPN Running Server or client status Figure 3 OpenVPN service is disabled After enabling the OpenVPN service with the checkbox the settings appear If you switch between server and client mode with the radio buttons the offered settings will change OpenVPN configuration Enable Disable OpenVPN E een Enable or disable OpenVPN Configure this maschine as server or C Server Client beth Running Server or client status OpenVPN client configuration Server address T aws IP address or DNS name Protocol UDP TCP UDP protocol is preferred Server port UDP or TCP Port VPN compression Choose compression Client mode Choose mode Figure 4 OpenVPN client configuration SSV Remote Access Gateway User Manual Revision 1 2 Menu Items Status 2 MENUITEMS The following chapters describe the particular menu items and their functions
21. e created and uploaded as a user script As a template you can use the preconfigured script rules 26 SSV Remote Access Gateway User Manual Revision 1 2 Menu Items Proxies 2 5 Proxies In this section you can configure the proxy server settings 2 5 1 Web In this section you can configure the Web proxy server settings 2 5 1 1 General configuration General configuration Enable Disable proxy Iv Enable or disable proxy Running Serverstatus Figure 41 General configuration e Enable Disable proxy Enable or disable the proxy server e Status Shows the current server status 2 5 1 2 Proxy redirections Proxy redirections 1 redirection HTTPS 1 80 lt gt 192 168 0 10 8080 Figure 42 Proxy redirections This section shows the current HTTP or HTTPS proxy redirections Click on edit to change the redirection settings or click on delete to remove the redirection 2 5 1 3 Create Edit a redirection entry Create a redirection entry i Use HTTPS encrypted tunnel Relay to OO H O HH M ee eee Enter IP address and port number 80 http Listen on port e Enter port number Figure 43 Create a redirection entry Create a new redirection entry or change an existing redirection by clicking on edit in the section Proxy redirections above e Encryption Enable or disable the HTTPS encrypted tunnel e Relay to Enter an IP address and port number
22. er yosnonescereeeen 4 CNR Tasten GT Ini OPE AIO EE 5 2 MENU ITEMS 20 cece ccccceeec cece cece eeeeeeeeeeeseeeseueeseeeseeesaueesueeseeeseueesaeesaeeteueeseeeseeetaes 7 DN GUA TE 7 ie BOYS FCI E 8 EE Fal IO CM MMC AM OM E 8 22s Sye ESTA Ye 2 5 eebe 8 222l System VI AM ACE E 8 Del 22s EE EE 8 GE NIC Al TALC a cee tore cde nasusa E E E E E 9 2 2 31 Local Time Zone Conn GuratOMscssseccnsscscicsscasadivecetacacsseendasaacrtlonazenesaseevsosssaeseesuneaavetenazensneens 9 2da Time and Date Cone ut er isessetecesvsnsdisvwiedatnecsasectenyasnsuuesasdiaunladeduaceatostevietesuuneasdidusiadetnacves 9 ZZ MOM PO ocean eters a score van sane E E ee tencnnasasedeactecse aiceneseedusenuscesonatedeacnesntsesotonsenes 10 DD Pe Mie C OMEP ODN E era nano danse catensiactswattnnaneatsoedsantny A E N 10 E Eege 11 E E D Opens H COMM SU e eea EA NEEN EEE E EER 11 22 2 Chang password Tor user TOOL eisercice aa aE E ea EEEa 11 L A S BEE 12 2 2 6 1 Change web configuration D ssgword 12 2 2 6 2 Change web configuration master password cccccccceeeeeeeceeeeesesseesseeseeseeeeeeeeeeeeeeauaaags 12 a SO x SCS SION IME OW a cccereencuccesenceoaieteqconesenccsessd E R E AE E NE busecdoedencccenee coentees 12 P MO NN erate ceca cen steccecc sere S E ese useearsenunceeiesecneeestecussecns 13 e INCU OU Meo EE 14 De DE EC 14 2 3 1 1 Network configuration for LAN 000 0 E 14 2 3 1 2 Network configuration for LAN2 cccccccccsssssssssssseseeeeee
23. ll important system settings can be configured 1 1 Conventions The following conventions are used in this document Convention Usage Button Name of a button like Apply or Info lt Item gt Name of a dropdown menu item like lt Analog gt monospace Passwords or IP addresses like root or 192 168 0 1 Table 1 Conventions used in this document 1 2 GUI Layout amp Elements ADNP 9200 Configuration OpenVPN configuration E OpenVPN configuration Enable Disable OpenVPN Iv Enable or disable OpenVPN Status System Network Configure this maschine as Csee ciot 4 mO Running Server or client status Services General OpenVPN client configuration Server adaress E CG I aws IP address or DNS name Protocol upp TCP UDP protocol is preferred Choose compression OpenVPN certificates and keys Status root CA certificate ca cit Currently root CA certificate Status client key client 1 key info Currently used client key Status client certificate client 1 crt Currently used client certificate Import key or certificates Durchsuchen heak single file or configuration e IPsec DynDNS DHCP server Firewall and NAT Proxies Logout Figure 1 GUI layout of the SSV Remote Access Gateway 1 Menu 6 Text field 2 Main content 7 Dropdown menu 3 Checkbox 8 Button 4 Radio button 9 Import upload button 5 Short description 10 Main buttons A SSV Remo
24. n Synchronize now to test the connection with the NTP server If the test is successful you should see the following message in the short de scription Time synchronization successful Please note Before enabling the NTP service it is recommended to set the network gateway and DNS correctly SSV Remote Access Gateway User Manual Revision 1 2 9 Menu Items System 2 2 4 Com Ports In this section you can configure with which application each of the three COM ports is used The settings for each port are the same so only the settings for COM1 are described COM1 is typically configured as Remote console gt To use COM for other applications you should remove the RCM jumper from the device please refer to the hardware reference of the device If the device offers a GPRS UMTS modem it is connected to COM3 COM3 must then be set to lt Modem gt COM1 Properties Application Application the port is used with COM Properties Com port redirector C Server Client 92 168 10 1 Application the port is used with Configure this end as server or client Server address Destination IP address or name TCP redirector port Port to listen on Bits per second 1 Choose the speed to use Choose data bits Choose parity Choose stop bits 4 Choose flow control Ru d E 2 z B f 3 n 2 E A K Sch GC S z ae G 5 zii iiz HSiis S Ui TUS D D oO CH 4 4 COM3 Properties Modem
25. nt key and a client certificate You can also import a complete configuration archive tar gz SSV Remote Access Gateway User Manual Revision 1 2 WER Menu Items Services The following settings are for the OpenVPN server mode OpenVPN certificates and keys Root CA certificate modification Fri Apr 16 17 44 48 2010 Server key modification Fri Apr 16 17 44 48 2010 Server certificate modification Fri Apr 16 17 44 48 2010 Diffie hellman parameters modification Fri Apr 16 17 44 48 2010 Figure 24 OpenVPN server certificates and keys e Root CA certificate modification Click on Info to see the currently used root CA certificate e Server key modification Click on Info to see the currently used server key e Server certificate modification Click on Info to see the currently used server certificate e Diffie hellman parameters modification Click on Info to see the currently used Diffie Hellman parameters 2 4 2 5 OpenVPN create certificates OpenVPN create certificates Create root CA key and certificate Click to create server cert Create client key and certificate Key and Certl Click to create desired client key and cert Figure 25 OpenVPN create certificates e Create root CA key and certificate Click on Create to generate a new server cer tificate e Create client key and certificate Choose from the dropdown menu the desired cli ent key and certificate Then click on Create
26. ocols e Enable Disable ping Allow ping on WAN interface 2 4 6 6 Forwarding with IP Masquerading and NAT e Enable Disable forwarding Full routing from internal LAN1 to WAN interface Please note With this option all hosts in the network of LANI may use this device as gateway Be careful with this option if using GPRS UMTS or other modem con nections This can produce very high traffic 2 4 6 7 Firewall and NAT rules script Firewall and NAT rules script Show current settings Script rules Active policies Show settings and state Upload new rules Durchsuchen Select a Firewall Builder output file Figure 40 Firewall and NAT rules script e Show current settings Click on Script rules to show the current rules Click on Active policies to show the current policies e Upload new rules Upload your own rules as a Firewall Builder output file Please note A misconfigured firewall is often the reason for not working services Please disable the firewall before enabling changing services or ports Enable the firewall afterwards If any service does not run properly try it without the firewall enabled Please note LANI and VPN are defined as secure networks and all ports are usable there The port selective options like enabling disabling are only available for the WAN interface The WAN interface can be a GPRS UMTS modem DSL modem or a network on LAN2 To change this definition a full set of rules must b
27. of the device e Subnet mask Subnet mask of the local network e Enable Disable alias IP address Enable or disable the alias IP address e Alias IP address Secondary static IP address for the same interface e Alias subnet mask Subnet mask of the alias network 2 3 1 2 Network configuration for LANZ Network configuration for LAN2 10 100 Mbps Enable Disable interface LAN2 Enable or disable interface LAN2 Use device for DSL Device used to connect to a DSL modem Device configuration through DHCP server Obtain an IP address automatically Use the following IP address Manual device configuration IP address Device IP address 4255 fo Subnet mask of the local network Figure 15 LAN2 settings e Enable Disable interface LAN2 Enable or disable interface LAN2 e Use device for DSL Device is used to connect with a DSL modem e Obtain an IP address automatically Device configuration through DHCP server e Use the following IP address Manual device configuration e IP address IP address of the device e Subnet mask Subnet mask of the local network SSV Remote Access Gateway User Manual Revision 1 2 Menu Items Network 2 3 1 3 DNS configuration In this section you can configure the DNS server settings These settings are only necessary if the system is configured as a router on LANI DNS configuration Use a DNS Server address Iv Set DNS server Primary DNS server oe a Enter 1st
28. s EN Genera CON E HE e E 24 E AE E 24 DA Were wala E WE 25 240l Firewall Olle 1 OU AVI OM erreira Eaa Rei 25 2 4 6 2 Firewall and NAT rules preconfigured setg 25 2 4 6 3 System specific ports allowed on WAN interface cccccccccssssssseeesesseeeeeeeeeeeeeeeeeaaas 25 2 4 6 4 User specific ports allowed on WAN interface cccccccscssssssesssssesseseeeeceeeeeeseesaaaaas 26 ee HEET 26 2 4 6 6 Forwarding with IP Masquerading and NAT 26 240 1 Pirewall and NAT rules SCri pl vsssssevssscasanesacenacosasosseoassasateanranatesasemeasasesaseeaearabesasenatacasenaees 26 2a e EE 21 Zils W EE ZI De bobs Mie ral COM a a eor et coassenctneasencrasnesdGacuaeacsaatenatnsacenecs 21 Pa A E E 27 251 56 Create Edit a redirecUon CMU E 2d e E E sO CUM EE 27 DDD KE 28 ZZ ihe Gereral ON OG ATOM EE 28 isos AVE ASCE E 29 Dyke EE 29 Dy De PORY Te AU CC EE e E R EEEE ESAE 29 25 35 56 Create Edit a redirection entiy sessies r E seddenescdeinnsscucswasestetbedcnddveseaduddes 29 e E TESS E 30 De eer General Cone ura Osses nen n E N ERE O EO EAEE OEE 30 ee POS A E 30 e Create Edit a tredirection CNY ee 30 Di ME OG EE 31 SM A RIES BIR MEI ER EST UE E ER Helef RI Kelt A E ER SSV Remote Access Gateway User Manual Revision 1 2 ER Introduction Conventions 1 INTRODUCTION This document describes the Web ConfigTool of the SSV Remote Access Gateway with the DIL NetPC A DNP 9200 With its intuitively operable GUI Graphical User Interface a
29. te Access Gateway User Manual Revision 1 2 Introduction Important Information 1 3 Important Information To open the login page of the SSV ConfigTool in a Web browser enter this URL http 192 168 0 126 7777 The following passwords can be used to login e The default Web ConfigTool password is adnp This is the standard user and has an idle timeout The password and the timeout can be changed in the menu over System gt Administration e The default Web ConfigTool master password is ssvadmin This is the master user and has no idle timeout The password can be changed in the menu over Sys tem gt Administration Please note If a standard user is already logged in he will be automatically logged out when the master user logs in In contrast to the standard user it is possible to log in more then once at the same time with the master password Although it is possi ble it is not recommended e The default root password for Telnet SSH and FTP access is root This pass word does not work with the Web ConfigTool The root password can be changed in the menu over System gt Remote access The three main buttons are on every page always in the lower right corner of the main con tent They have the following functions e OK Saves changed settings but the system needs to be rebooted e Apply Saves changed settings and applies them immediately The changes can not be cancele
30. ter the full host name e Server request Enter a complete GET request for the URL e g a PHP script SSV Remote Access Gateway User Manual Revision 1 2 23 Menu Items Services 2 4 5 DHCP Server In this section you can configure the DHCP server settings 2 4 5 1 General configuration General configuration Enable Disable DHCP server Iv Enable or disable server Not running Server status Figure 36 General configuration e Enable Disable DHCP server Enable or disable the DHCP server e Status Shows the current server status 2 4 5 2 Address range Address range Range start Range starts from this IP address 166 pae Jie e Liz E t LO LO Range ends on this IP address Range end Figure 37 Address range e Range start Enter the start IP address for the IP address range e Range end Enter the end IP address for the IP address range Please note The DHCP server works on LANI So no other DHCP servers should exist there All hosts in the network of LANI will use this device as gateway 24 SSV Remote Access Gateway User Manual Revision 1 2 Menu Items Services 2 4 6 Firewall and NAT In this section you can configure the firewall and NAT settings 2 4 6 1 Firewall configuration e Enable Disable firewall Enable or disable the firewall 2 4 6 2 Firewall and NAT rules preconfigured sets Le a LC User configurated script below
31. the OpenVPN settings 2 4 2 1 OpenVPN configuration e Enable Disable OpenVPN Enable or disable OpenVPN e Work as Configure the device as server or client e Status Server or client status 2 4 2 2 OpenVPN client configuration OpenVPN client configuration T AWS IP address or DNS name UDP TCP UDP protocol is preferred Choose compression Figure 21 OpenVPN client configuration e Server address Enter the IP address or DNS name of the OpenVPN server If you use a cloud service you can activate the checkbox AWS and enter the bucket name in the text field instead of an IP address e Protocol Choose the protocol The UDP protocol is preferred e Server port Enter the UDP or TCP port e VPN compression Enable or disable the VPN compression e Client mode Choose the client mode lt Roadwarrior gt or lt Bridging gt e OpenVPN bridge IP Establish a connection to the Web ConfigTool It is recom mended to use the same IP address like LAN1 WER SSV Remote Access Gateway User Manual Revision 1 2 Menu Items Services 2 4 2 3 OpenVPN server configuration OpenVPN Server configuration Protocol upp TCP UDP protocol is preferred ort Port to listen on VPN compression Choose compression Client mode Choose mode oe o Network for Clients Subnet mask 255 255 255 PR Subnet mask Figure 22 OpenVPN server configuration e Protocol The UDP protocol is preferred TCP
32. to generate a new key and certificate Please note The generation of the OpenVPN certificates can take up to 30 minutes Do not interrupt the process and wait until you have no new timestamps in OpenVPN certificates and keys overview Click in the menu on OpenVPN to re fresh this page 2 4 2 6 OpenVPN export certificates OpenVPN export certificates Export root CA certificate Root CA Click to download Export client 1 key and certificate M Valid Click to download Figure 26 OpenVPN export certificates e Export root CA certificate Click on Info to see the currently used root CA cer tificate Click on Root CA to download the current certificate e Export client 1 key and certificate Click on Info to see the currently used client key and certificate Click on Key 1 to download the current key Click on Cert 1 to download the current client certificate 20 SSV Remote Access Gateway User Manual Revision 1 2 Menu Items Services 2 4 3 IPsec In this section you can configure the IPsec settings 2 4 3 1 IPsec configuration IPsec configuration Enable Disable IPsec v Enable or disable IPsec IPsec SA established Connection status Figure 27 IPsec configuration e Enable Disable IPsec Enable or disable IPsec e Status Shows the current connection status Click on Routes to see the routes Click on Status to see all connection details 2 4 3 2 Connection proto
33. ty passwords Allow or deny empty user passwords e Generate new SSH host key Click on Generate to create a new SSH host key Please note The key generation can take up to five minutes Do not interrupt the process and wait until you see this message Key generation successful 2 2 5 2 Change password for user root e New password Enter your new root password e Confirm new password Confirm your new root password e Confirm password change Click on OK to save your new password Please note The default password for root is root It is highly recommended to change the password before using the device in unsafe environments like the Inter net SSV Remote Access Gateway User Manual Revision 1 2 AR Menu Items System 2 2 6 Administration In this section you can set the login passwords for the Web ConfigTool and the idle time for a session Change web configuration password Enter your old password Old password New password Enter your new password Confirm new password Confirm your password Change web configuration master password Old master password New master password Confirm new master password Session timeout Enter your old master password Enter your new master password Confirm your master password DI idle time in minutes 0 no time out Figure 12 Administration settings 2 2 6 1 Change web configuration password e Old password Enter yo
34. ur old password e New password Enter your new password e Confirm new password Confirm your new password 2 2 6 2 Change web configuration master password e Old master password Enter your old master password e New master password Enter your new master password e Confirm new master password Confirm your new master password Please note The master password does not depend on a session timeout and can be used to revoke logins with the standard password 2 2 6 3 Session timeout e Idle time Idle time in minutes 0 no time out SSV Remote Access Gateway User Manual Revision 1 2 2 2 Logging Menu Items System In this section you can view and download the system log file Click on Download to save the log as a file Apr Apr Apr Apr Apr Apr Apr Apr Apr Apr Apr Apr Apr Apr Apr Apr Apr Apr Apr Apr Apr Apr Apr Apr Apr Apr Apr Apr Apr EE Download log file 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 aart And air aa kat ai LTE ITE vies alte aart aalt zit at dd Lait THE az air de ai at vies e ad e oer 49 49 49 49 49 sm jnl Gil 50 Sms Sells S Sls S0 191 ss Sms s03 ST mal a h S1 S1 Jh LTE zit Lait alte Aart 52 52 52 ER 52 56 56 56 56 56 56 56 56 56 56 55 55 58 55 55 55 55 55 34 55 58 55 55 55 21910 00 00
Download Pdf Manuals
Related Search