HY-LINE truecon Router Manual HY-LINE Communication Products
Werbung
HY-LINE truecon Router Manual HY-LINE Communication Products GmbH Inselkammerstr. 10 82008 Unterhaching communication(at)hy-line.de www.hy-line.de Seite 1 HY-LINE truecon Router Manual Copyright 2017 Manual release R1.10.9 English – 01. January 2017 All rights reserved for this documentation. Along with that all photographs and electronic media are the sole property of HYLINE Communication. Technical Modifications The company HY-LINE Communication reserves the right to make changes to the illustrations and information in this documentation without previous announcement. This documentation was created with utmost care and is regularly revised. In spite of all control measures taken it can not be ruled out that technical inaccuracies and typographical errors might have occurred. All errors known to us are eliminated in the next edition. We are always grateful for information regarding errors in this documentation. Support Our technical support pages are on our website www.hy-line.de. New manuals and data sheets are also available there. FAQ pages are also available on our website. If you have further questions please direct them at [email protected] Care and Maintenance Only clean the case with a dry towel, do not use water or any other cleaning agents. Never use a spray can or bottle on the device. Safety Never open the router while it’s connected to a power outlet. Take the power socket out before opening the case. Danger possibility of electric shock. Recycling WEEE IBM PC, AT, XT is trademark from International Business Machine Corporation. Windows™ is trademark from Microsoft Corporation. Java is trademark from Oracle Corporation. Linux is trademark from Linus Torvalds. Errors and omissions excepted. Service addresses, deliveries and replacements: HY-LINE Communication GmbH Inselkammerstr. 10 82008 Unterhaching Germany Tel +49 (0)89/ 61450360 Fax +49 (0)89/ 6140960 E-Mail [email protected] Internet: www.hy-line.de/Communication M2M-Router: www.hy-line.de/router HY-LINE Communication Products GmbH Inselkammerstr. 10 82008 Unterhaching communication(at)hy-line.de www.hy-line.de Seite 2 HY-LINE truecon Router Manual Directory Product description 4 SShd Safety & Regulations 5 Syslogd 43 Router Variations 7 FTP Server 43 Operating elements 8 UDP-Broadcast 44 Quick start 9 Webserver 45 Software reset (factory defaults ) 10 VPN 47 Configuration - Home 11 Base Settings _ 42 VPN-PPTP Server 48 VPN-PPTP Client 49 Identification 14 VPN-OpenVPN Server 53 Network 16 VPN-OpenVPN Client 56 Date & Time 18 VPN-IPsec 57 Connection Settings Advanced Phone Settings 19 Command line interface 63 Internet Settings 20 System settings / Update 66 Dial-In / Call back 22 Logging 67 E-Mail 24 Network tracer 68 I/O-Settings Input / Output 26 User Management 70 Firewall 28 NAT 29 Technical specifications with integr. Switch 71 72 Services – Status 32 Dimensions 73 DHCP/DNS Server 33 Analog modem country code 74 DynDNS 34 InetWD + Redundancy 35 NTPd 39 Ser2TCP 40 SNMP 41 HY-LINE Communication Products GmbH Inselkammerstr. 10 82008 Unterhaching communication(at)hy-line.de www.hy-line.de Seite 3 HY-LINE truecon Router Handbuch Product description M2M Industrial Router with modem, VPN and Firewall The M2M-Industrial router is a simple, secure and global communications solution that will connect you to your Communication and machines where ever you are! Connections to your Communication and machines are made through the integrated firewall, VPN and automated call center. The compact design, with standard European Top Hat Rail connection for easy mounting, as well as the possibility to establish all connections (Analog, ISDN, GSM/GPRS/UMTS, LTE, DSL) in one device, are what make this the leading industrial router on the market. The router has an RS232 port as well as the standard Ethernet connection. On the protocol side the router is capable of SNMP, DynDNS, NTP and DHCP. Configurable alarms can be sent via E-Mail. The digital inputs and outputs offer additional control and alarm possibilities. Every router has an internal HTML web server with complete configuration software. Access, configuration and maintenance are easy and secure with a standard web browser. Installation rd of 3 party software is not necessary or recommended. Order-numbers: see current productlist HY-LINE Communication Products GmbH Inselkammerstr. 10 82008 Unterhaching communication(at)hy-line.de www.hy-line.de 4 HY-LINE truecon Router Handbuch Qualification of personnel This manual is only for trained personnel familiar with the applicable norms and standards. The specialist must have read and understood this documentation and follow the instructions. Safety regulations The responsible staff must ensure that the application or use of the product described fulfill all safety requirements, including any applicable laws, regulations, guidelines and rules. Delivered The product is delivered according to the application and internal modem in particular hardware and firmware configurations. Changes to hardware or software configurations which are not described in this manual are not allowed and nullify the liability of the HY-LINE Communication GmbH The product is made according to current state of the art technical and reliable in operation and left the factory in safety condition state. To maintain this condition over the period of operation, the information in the manual and applicable product change notification should take care of. Obligation of diligence The operator must ensure that • The product is used as intended. • the product is operated working condition. • Only suitably qualified and authorized personnel operate the product. • the personnel is instructed regularly about relevant occupational safety and environmental protection, as well as the manual and especially the safety notes contained herein. The operator must strictly observe the applicable national regulations concerning operation, functional testing, repair and maintenance of electronic equipment note. Intended Use The product is only allowed to use within the specified information from this document and documents referred to. The product must not be used for the following purposes and under these conditions or operated: control of machines and equipment that are not of the Directive 2006/42/EC and Directive 2004/108/EC (EMC - Directive). It is recommended to use the following power supply with the HY-LINE router because all EMC tests were performed with this power supply: - HAP-RUx - UMTS Router Versionen: 12W AC adapter Minwa MC120D050 with ferrite Würth 74270077 - all other router versions: Power supply PHI-CON: PS18A120 12W AC adapter Minwa MC120D050 with ferrite Würth 74270077 Read carefully this documentation before installation and commissioning. Incorrect handling of the product may result in personal injury or property damage. Technical Limits The product is for use only within the specified limits which are in the data sheets determined. Following limiting values are set: • The ambient temperature must not be exceeded or below. • The specified supply voltage must not be exceeded or below. • Humidity must not be exceeded, and condensation should be avoided. • The maximum switching voltage, and maximum switching current must not be exceeded. • The maximum input voltage, and the maximum input current must not be exceeded. HY-LINE Communication Products GmbH Inselkammerstr. 10 82008 Unterhaching communication(at)hy-line.de www.hy-line.de 5 HY-LINE truecon Router Handbuch Warranty provision The product is maintenance free. Opening the case will void the warranty. Repairs should be performed only by authorized personnel. An improper use, disregarding of this documentation, the use of insufficiently qualified personnel as well as unauthorized changes exclude the liability of the manufacturer for any resulting damage. Notes for transport and storage Please avoid environmental conditions for storage like: mechanical stress, temperature, moisture, corrosive atmospheres. The product is packaged so that it is protected against shocks during transport and storage. Please check the product for possible damage that might be caused by improper transport or improper handling before installation. Electrical installation safety Installation must be in accordance with appropriate tools and documentation. The assembly of the product may only occur with switched off power supply. When wiring the cabinet must be secured against being switched on again. National accident prevention regulations must be observed. The electrical installation is in accordance with national regulations done (wire colors, cross sections, fuses, PE connection, etc.) Electrical work must made by authorized personnel. Observe the electrical connection information in the documentation, otherwise the electrical protection can be affected. Disposal The product in its delivery consists of different materials: The individual components must be disposed of properly. All components of the delivery can be returned to HY-LINE system for proper disposal. Transport costs will be paid by the sender. Delivery The scope of supply for the HY-LINE router includes the accessories listed below. Please check that all accessories are included in the box. If anything is missing or damaged, please contact your distributor. 1 HY-LINE router (basic types) 1 Quick Installation Guide 1 GSM antenna with magnetic base (optional for different Router package versions) Further documents for the HY-LINE routers are available at: www.hy-line.de/router Licences The software included in this product contains copyrighted software that is licensed under the GPL or other Free Licenses. You may obtain the complete corresponding source code from us at cost price for a period of three years after our last shipment of this product. Please contact under topic: 'Source code for truecon router': HY-LINE Communication GmbH, Inselkammerstr. 10, 82008 Unterhaching, Germany. E-Mail: [email protected] This offer is valid to anyone in receipt of this information. HY-LINE Communication Products GmbH Inselkammerstr. 10 82008 Unterhaching communication(at)hy-line.de www.hy-line.de 6 HY-LINE truecon Router Handbuch HY-LINE Router product variations • • Analog: HAP-RA with integr. Switch (4x LAN): HAP-RAS • • UMTS : HAP-RU with integr. Switch (4x LAN): HAP-RUS HY-LINE Communication Products GmbH Inselkammerstr. 10 • • HAP-R – without integr. Modem with integr. Switch (4x LAN): HAP-RS • • LTE : HAP-RL with integr. Switch (4x LAN): HAP-RLS 82008 Unterhaching communication(at)hy-line.de www.hy-line.de 7 HY-LINE truecon Router Handbuch Operating elements HAP-R HAP-RI HAP-RA HAP-RG HAP-RU HAP-RL HAP-RS HAP-RIS HAP-RAS HAP-RGS HAP-RUS HAP-RLS HAP-RDS integr. 4--port Switch integr. 4--port Switch SIM-Card Slot Power (10-30VDC) Digital I/Os (Screw terminal, removable) Serial RS232 – SUB-D 9 PIN Antenna 2 - SMA: GSM/UMTS (optional) ISDN/DSL RJ45 Analog RJ11 Antenna 1 - FME: GSM/UMTS Network RJ45 Mounting: Din Rail Mount -> For better shielding (EMC reason) please connect antenna connector (1 and 2) with connector PE. The PE connector should be connected to earth/ground level e.g. from cabinet. Connector layout: Antenna 1: Main Antenna (use this connector if only one antenna is connected) Antenna 2: RX-Diversity/MIMO for 3G/4G (Router automatically recognize Antenna 2) Important: the network RJ45 socket on the side of the router is not connected at router versions with integrated switch and must not be used . This socket is sealed in factory default by a plug. This plug must not be removed. Router Version Connector – ISDN/DSL Connector – Analog LTE/UMTS/GPRS - HAP-RU/RUS Not used Not used DSL - HAP-RDS used (Pin 4/5 – DSL A/B) Not used Analog - HAP-RA/RAS used (Pin 3/4 – TX/RX) ISDN - HAP-RI/RIS Not used used (Pin 3/4/5/6 – TX+/TX-/RX+/RX-) Without internal modem - HAP-R/RS Not used Not used HY-LINE Communication Products GmbH Inselkammerstr. 10 82008 Unterhaching Not used communication(at)hy-line.de www.hy-line.de 8 HY-LINE truecon Router Handbuch Quick start Access to the router through a web browser: http://192.168.101.222/ or https://192.168.101.222/ Administration access: login: manager password: changemetoo (Password can be changed through this account) Visitors access: login: user password: changeme (Password can only be changed through the administrators account) Access to the router through SSH-Secure Shell (TCP/IP): login: root password: changemetoo Settings SSH (TCP/IP): Host-Name or IP-Address: Router-IP Port: 22 Note: After first time power-up the router initializes his SSH-Keys. This process takes about 15 minutes after that the router will be reachable through SSH. Access to router over serial: login: root password: changemetoo no flow control Settings for serial connection: 38.400 bps // 8 bits // no parity // 1 Stop bits // IP-Address changes over SSH or serial console zero modem cable): Login over SSH or serial as described above, Execute the following commands: a. ip address xxx.xxx.xxx.xxx netmask xxx.xxx.xxx.xxx device eth0 b. commit ch c. write disk Installation of the SIM card with a GSM/GPRS/UMTS/LTE-Router: Insert the SIM-Card inside the SIM-card holder with the Chip side (gold) pointing to the printed side of the router case. The SIM card must snap in the SIM card holder. Internet watchdog service: Don’t enable this service until router is ready to access internet connections Download Router Handbook & Firmware: www.hy-line.de/router Firmware update: Please contact our support team: [email protected] Attention: Do not install system.conf files from older firmware version to newer firmware versions or vice versa. HY-LINE Communication Products GmbH Inselkammerstr. 10 82008 Unterhaching communication(at)hy-line.de www.hy-line.de 9 HY-LINE truecon Router Handbuch Software reset Factory default for all settings 1. Disconnect power from the router 2. Set Jumper 3 (see picture) to on position 3. Power up router, wait for flashing LEDs (approx. 2 Min.) 4. Disconnect power from the router 5. Set Jumper 3 (see picture) to off position 6. Power up router, factory default set Important: Power down Router before changing the jumper positions! HY-LINE Communication Products GmbH Inselkammerstr. 10 82008 Unterhaching communication(at)hy-line.de www.hy-line.de 10 HY-LINE truecon Router Handbuch Configuration - Home: The start page holds a general oversight of the router; Firmware version, System updates, serial number, modem type, band type, gsm signal strength, router uptime, PPP-Data Counter (max. 2GB) as well as the status of the digital inputs and outputs HY-LINE Communication Products GmbH Inselkammerstr. 10 82008 Unterhaching communication(at)hy-line.de www.hy-line.de 11 HY-LINE truecon Router Handbuch Configuration - Home: Internal modem 1: analog, isdn, gsm, umts, dsl, lte, none (without modem) Signal strength: Error Bad Low Good Very good Active band: no signal, check antenna and/or SIM-Card and SIM-PIN -113 ... -112 dBm -111 ... – 90 dBm - 89 ... – 56 dBm > -55 dBm lte Umts / WCDMA2100 gsm1800 (gprs-1800 MHz Band) gsm900 (gprs-900 MHz Band) no service (no signal, check antenna and/or SIM-Card and SIM-PIN) Connectivity status: While the router is online it will show the assigned IP address form the service provider (WAN interface). In Online mode you will see the status of the internet connection: WAN Traffic Counter: Traffic counter Internet und PPP-Traffic, max. 2.147.483.648 Bytes Reset-Taste: Reset traffic counter HY-LINE Communication Products GmbH Inselkammerstr. 10 82008 Unterhaching communication(at)hy-line.de www.hy-line.de 12 HY-LINE truecon Router Handbuch Konfiguration - Home: DNS Servers: active DNS server Default Gateway: active gateway (further information on page 16 – LAN settings) Internet Connectivity: Pressing the button send a ping to a host or ip-address configured in ../Services/InetWD. On demand router will be triggered to establish an internet connection Refresh-button: resend ping Home-button: back to home menu Reboot-button: Router (software) reboot Redundancy mode: On/Off – Active/Inactive HY-LINE Communication Products GmbH Inselkammerstr. 10 82008 Unterhaching communication(at)hy-line.de www.hy-line.de 13 HY-LINE truecon Router Handbuch Base Settings - Identification: Router name: Name of router, max. 35 letters characters, name is attached to send E-Mails Location: Location of the router (for informational purposes only) Manager: E-Mail Address of the system manager (Recipient of the dynamic IP address, once the router is connected to the internet) HY-LINE Communication Products GmbH Inselkammerstr. 10 82008 Unterhaching communication(at)hy-line.de www.hy-line.de 14 HY-LINE truecon Router Handbuch Base Settings - Network: HY-LINE Communication Products GmbH Inselkammerstr. 10 82008 Unterhaching communication(at)hy-line.de www.hy-line.de 15 HY-LINE truecon Router Handbuch Base Settings - Network: Configure LAN network parameter. Interfaces are: eth0, eth0:1 und eth0:2. The :x are virtual interfaces mapped to eth0. With this settings it is possible to have more then one subnet on the physical interface of the router. Subnets on the ethernet interface of the router are not isolated against each other. LAN 0 – LAN 2: Local IP-Adresse / Network mask: Parameter for each individual interface (Multirouting) Systemwide Network Settings: DNS Server: Network DNS Server Address (Default is public DNS Server from Arcor) Gateway: Network Gateway Address Activate network changes: check to enable settings after pressing SAVE button immediately Configuration Multi-LAN: - DHCP works only with interface LAN2 (eth0:2) - DHCP Client receives IP address, subnet mask, DNS server and default gateway. External gateway for data communications (Router: no internal modem or not active) - Service: Deactivate Internet-Dial-Up in Service menu ../Services/ - Apply following settings if HY-LINE Router is using an external gateway on WAN side DHCP-Server inactive in external gateway subnet (WAN): LAN 0: Network/subnet Gateway side (WAN) LAN 2: Network/subnet HY-LINE Router Gateway (systemwide): Network/Subnet Gateway side (WAN) DHCP-Server active in ext. gateway subnet: LAN 0: Network/subnet HY-LINE Router LAN 2: Network/subnet Gateway side (WAN - DHCP active) Gateway (systemwide): Network/subnet Gateway side (WAN) HY-LINE Communication Products GmbH Inselkammerstr. 10 82008 Unterhaching communication(at)hy-line.de www.hy-line.de 16 HY-LINE truecon Router Handbuch Base Settings - Network: continue: external gateway for data communications Allow: In- and outgoing data traffic over external WAN gateway Service Menu Firewall: Masquerade srcnet: activate to allow TCP/IP packets to send over standard gateway (no modem gateway) Source net: network ip-mask of outgoing traffic Example: 172.1.2.0/8 - 255.0.0.0 172.1.0.0/16 - 255.255.0.0 172.0.0.0/24 - 255..255.255.0 Ipv4 network adresses and netmasks (Source: Wikipedia: http://de.wikipedia.org/wiki/Netzmaske) Example: HY-LINE Communication Products GmbH Inselkammerstr. 10 82008 Unterhaching communication(at)hy-line.de www.hy-line.de 17 HY-LINE truecon Router Handbuch Base Settings - Date & Time: Date, Time: Date and time of the router Timezone: Timezone in which the router is (Please be aware that the summer and winter time will be automatically switched only in Germany. Settings: Berlin) Time-Server: Time server, standard: ptbtime1.ptb.de: ptbtime1.ptb.de Manual apply: for manual adjustment of the time and date Network sync.: Time and date will be synchronized after pressing SAVE over the internet (The router will dial in to the internet) HY-LINE Communication Products GmbH Inselkammerstr. 10 82008 Unterhaching communication(at)hy-line.de www.hy-line.de 18 HY-LINE truecon Router Handbuch Connectivity Settings – Modem Settings: MSN/Mobile number: Telephone number of the router: only important when it is an ISDN connection: the MSN must be included here. Die MSN (Multiple subscriber Number) is either the dialling number without area code or only the extension number. This is dependent on the setup of the telephone system. GSM band: Set GSM Band manually. Option: 0=auto; 5=gprs; 8=umts; 9=lte SIM-PIN: Enable PIN is only for use with a SIM card in order to log in to the network -> do not enable for use with analog or ISDN connections! PIN: PIN number of the GSM/GPRS SIM card PIN verify: Re-enter the SIMS PIN number HY-LINE Communication Products GmbH Inselkammerstr. 10 82008 Unterhaching communication(at)hy-line.de www.hy-line.de 19 HY-LINE truecon Router Handbuch Connectivity Settings – Internet Settings: HY-LINE Communication Products GmbH Inselkammerstr. 10 82008 Unterhaching communication(at)hy-line.de www.hy-line.de 20 HY-LINE truecon Router Handbuch Connectivity Settings – Internet Settings: Internet Service: Choose an ISP in order to enable Call-by-Call option • • • • • • LTE-UMTS-GPRS (CHAP/PAP/NONE): o default TELEKOM APN Analog-ISDN 1: default Arcor Analog-ISDN 2: default Freenet Analog-ISDN 3: default T-Online Analog-ISDN 4: default Schweiz DSL (CHAP/PAP/NONE) PPPoE – external modem/gateway for data connections (Router: no internal modem or inactive) - PPPoE activation: Connectivity Settings\Internet Settings\Internet Service: choose DSL - Connect external PPPoE modem to any Router ethernet port of HY-LINE router - PPPoE with external modem can’t be used with HY-LINE Router with internal DSL modem APN / Phone number: APN for LTE/UMTS/GPRS Telephone number of the ISPs Call-by-Call center (2 seconds for every comma, i.e. 0,,0625112345) Username: Username for internet service Password: Password for internet service -> Username and password fields mus’t be blank. If no data is required by ISP, leave fields at default settings. Password verify: Re-enter password for internet service Timeout: Time till router hangs up an connection to the Internet due to lack of traffic. No function if router is set to mode: always online IP reporting mode: After Internet login: DynDNS activated and/or dynamic IP address of the router sent per email Network time sync (further settings in service men: ../services/ntpd): - Once (RFC868): Time sync one time after online connection NTP (RF1305): permanent time sync after RFC1305 Network connection mode: Internet dial-up: - On-Demand: connects only when needed, timeout active - Always online: permanent online connection (InetWD Service should be activated) Use peer DNS: DNS server is set from provider (recommended) HY-LINE Communication Products GmbH Inselkammerstr. 10 82008 Unterhaching communication(at)hy-line.de www.hy-line.de 21 HY-LINE truecon Router Handbuch Connectivity Settings – Dial-In / Call Back: PPP-Dial Dial-In: ISDN/Analog/GSM-PPP-Dial-In: the router will pick up after the number of rings and will build the PPP connection. Please wait 30 seconds after cutting the connection in order to build another connection. Internet by call/ Ringing function: Calling the M2M router from any phone line (don’t wait until the router connect the line!) activates the router to log in to the internet. HY-LINE Communication Products GmbH Inselkammerstr. 10 82008 Unterhaching communication(at)hy-line.de www.hy-line.de 22 HY-LINE truecon Router Handbuch Continue: Connectivity Settings – Dial-In / Call Back: Port Speed: with bad analog lines (usually overseas) the routers communication speed can be set down for more stable phone lines Dial-In Server/Client IP: IP addresses of the PPP tunnel should be within the same subnet as the gateway (M2M router IP address). Advantage: The router IP address doesn’t have to be inputted in to the devices gateway address. Configuring Direct Connection to M2M Router over PPP: There is one PPP-User on the router is a permanent account with user name pppuser. This account is not displayed in the User Management. Additional PPP-Users can be added as system user. PPP-Dial-In: -User name: pppuser (can not be changed) -Password: M2MLogin -DFÜ-Client settings: Windows default settings Important: Please make sure that there are no user names registered with the name pppuser in User Management. If there are delete them. Configuration of Call-by-Call access for ISDN / Analog telephone lines No login needed, costs are over the standard telephone bill. Call costs can be found at the website of your provider. ARCOR User: arcor-ibc Password: internet Tel-no.: 0192075 Arcor-DNS: 145.253.2.11 MSN (Microsoft Network) User: [email protected] Password: msn Tel-no: 0193670 MSN-DNS: 145.253.2.11 ARCOR User: arcor Password: internet Tel-no.: 00493412004937 Arcor-DNS: 145.253.2.11 FREENET User: gast Password: internet Tel-no: 019231770 Freenet-DNS: 62.104.191.241 Configuration of Call-by-Call access for ISDN / Analog telephone lines -WORLDWIDE-: No login needed, costs are over the standard telephone bill. Call costs can be found at the website of your provider. Configuration for access to GPRS/UMTS/LTE modem connections with APN: T-MOBILE T-D1 settings with standard APN: Number or APN: internet.t-d1.de User: t-d1 Password: t-d1 HY-LINE Communication Products GmbH Inselkammerstr. 10 82008 Unterhaching communication(at)hy-line.de www.hy-line.de 23 HY-LINE truecon Router Handbuch E-Mail: HY-LINE Communication Products GmbH Inselkammerstr. 10 82008 Unterhaching communication(at)hy-line.de www.hy-line.de 24 HY-LINE truecon Router Handbuch E-Mail: E-Mail address: E-Mail address of the system managers, it can also be set to administrator, in which case copies of all E-Mails would be sent there. SMTP-Server: Address of the SMTP server for the sending of E-Mails (supports DNS addresses as well as IP addresses). Rewrite sender domain: If enabled rewrites the sender domain for outgoing E-Mails. Sender domain: Sender domain for outgoing E-Mails. Encryption: Use TLS encryption StartTLSmode: Use STARTTLS encryption Use TLS Certificate: Use TLS with certificates ESMTP authentication: Whether to use ESTMP Auth for outgoing E-Mails E-Mail address 1-3: E-Mail recipients 1-3 HY-LINE Communication Products GmbH Inselkammerstr. 10 82008 Unterhaching communication(at)hy-line.de www.hy-line.de 25 HY-LINE truecon Router Handbuch I/O-Settings – Digital Input / Output: Activate: If checked the I/O port is monitored for input data Signal action: - System reboot: Restart (Softreset) - Internet dial-in: Dial in to the internet - Alarm send E-Mail: Sends an E-Mail with message text to recipient 1-3 - Alarm once (high) – send Mail: Sends an E-Mail with message text to recipient 1-3 and system manager after power up the router. The E-Mail is send only if Digital Input 1 is high immediately after power-up the router. In normal use Digital Input 1 can’t be triggered - Run user defined script 1/2: Run user defined scripts on Linux. Predefined scripts can be found on ../user/sbin with name user1.sh and user2.sh Please set user rights to execute on both scripts after edit HY-LINE Communication Products GmbH Inselkammerstr. 10 82008 Unterhaching communication(at)hy-line.de www.hy-line.de 26 HY-LINE truecon Router Handbuch I/O-Settings – Digital Input / Output: Activate: If checked the I/O port is used for data output Map digital output: DigEin1, DigEin2 or Online state is mapped to digital output Turn On / Turn off: manual on and off control of the digital output Technical data Digital I/Os: For EMC reason it is recommended to use a ferrite core, if data lines are longer then 3m. (ferrite core Würth 74270090 with two coils) Thisonly belongs to UMTS router version. Digital Input 1 / 2: Triggering from high to low signal change; Potential-free inputs: Factory default setting, Signal action by simple shortcut (self powered) Active input: Switching voltage: apply max. 24VDC/ min. 5mA DIP-Switch1: configures DigIn1, see picture; DIP-Switch2: configures DigIn2, see picture The jumper position in the picture shows configuration for potential free inputs, factory default. Please switch of router before making any changes to the jumper. The router must be voltage free all the time you set jumper on the router. The router case must not b opened! Digital output: Open Collector: Output voltage 12-30VDC (active) / max. 100mA. The output voltage is similar to the power supply voltage applied to the router. DIP-Schalter 1: Digital In 1 HY-LINE Communication Products GmbH Inselkammerstr. 10 82008 Unterhaching DIP-Schalter 2: Digital In 2 Jumper Block 3/4: DIP-Schalter 3: Reset DIP-Schalter 4: ohne Funktion communication(at)hy-line.de www.hy-line.de 27 HY-LINE truecon Router Handbuch Firewall: HY-LINE Communication Products GmbH Inselkammerstr. 10 82008 Unterhaching communication(at)hy-line.de www.hy-line.de 28 HY-LINE truecon Router Handbuch Firewall: The firewall configuration allows the opening and closing of specific services from the internet to the router (arrows left) and from the router to the internet (arrows right). Continue: Firewall: Three standard profiles are available: - Default – Standard, applicable for most uses Custom – Custom profile defined by user, must be set for user configuration Minimum – High security Commit rules: Commit the changes immediately to the firewall configuration when saving Masquerading: Set S-NAT routing options: if activated all data packets will be changed coming from the WAN interface to the local ethernet (eth0) router interface. The router will exchange the public ip for forwarded packets with his own local ip address. This will be used to access devices on the router lan subnet without having set a gateway address in this devices. Outgoing traffic over standard gateway (HY-LINE Router LAN -> externe Gateway) : Masquerade srcnet: activate to allow TCP/IP packets to send over standard gateway (no modem gateway) Source net: network ip-mask of outgoing traffic Example: 172.1.2.0/8 - 255.0.0.0 172.1.0.0/16 - 255.255.0.0 172.0.0.0/24 - 255..255.255.0 Proxy-ARP: Proxy-ARP function is enabled by default. Change configuration via Linux Shell in file: ../etc/amsel/Communication.conf ProxyArp active: "echo 1 > /proc/sys/net/ipv4/conf/eth0/proxy_arp"; ProxyArp inactive: "echo 0 > /proc/sys/net/ipv4/conf/eth0/proxy_arp"; HY-LINE Communication Products GmbH Inselkammerstr. 10 82008 Unterhaching communication(at)hy-line.de www.hy-line.de 29 HY-LINE truecon Router Handbuch NAT (Network Address Translation) NAT (Network Address Translation) is a network procedure where an IP-Address in a data pack is changed in to another. This is usually done to support private IP addresses on to public networks such as the internet. The ports are also translated in the same sense but through a system called PAT (Port Address Translation). Configuration The NAT configuration in the router can be configured through a serial connection over SSH or via the web interface. A maximum of 150 NAT rules can be configured. Following Ports shouldn’t be changed: List of unchangeable ports Service File Transfer Protocol (FTP) SSH Remote Login Protocol (ex. pcAnyWhere) Telnet Simple Mail Transfer Protocol (SMTP) Domain Name Server (DNS) WWW Server (HTTP) HTTPS Post Office Protocol ver.3 (POP3) Network News Transfer Protocol (NNTP) Point-to-Point Tunnelling Protocol (PPTP) pcANYWHEREdata pcANYWHEREstat WinVNC HY-LINE Communication Products GmbH Inselkammerstr. 10 Protocoll TCP UDP TCP TCP UDP TCP TCP TCP TCP TCP TCP UDP TCP 82008 Unterhaching communication(at)hy-line.de Port 21 22 23 25 53 80 443 110 119 1723 5631 5632 5900 www.hy-line.de 30 HY-LINE truecon Router Handbuch Konfiguration via webinterface: Protocol Type: Protocol TCP or UDP Forwarded Port: Incoming port Dest. Address: IP-Address of device the packet is send to Dest. Port: Port of device the packet is send to Iface: Interface active for NAT rules: any=all Interfaces; eth0=lan0/1/2; ppp0=WAN/Internet; tun0=VPN-Tunnel -> Several NAT rules are AND connected Commit rules: Immediately activate NAT rules after pressing save button (no restart required) HY-LINE Communication Products GmbH Inselkammerstr. 10 82008 Unterhaching communication(at)hy-line.de www.hy-line.de 31 HY-LINE truecon Router Handbuch Services - Status: The service menu allows to stop, start and pause the services. HY-LINE Communication Products GmbH Inselkammerstr. 10 82008 Unterhaching communication(at)hy-line.de www.hy-line.de 32 HY-LINE truecon Router Handbuch Services - DHCP/DNS Server: HY-LINE Communication Products GmbH Inselkammerstr. 10 82008 Unterhaching communication(at)hy-line.de www.hy-line.de 33 HY-LINE truecon Router Handbuch Services - DynDNS: DynDNS Service Provider: Choose your provider for the DynDNS server. Username: DynDNS account name Password: DynDNS password Password verify: Re-Enter DynDNS password Host alias: DynDNS Hostname Activate DynDNS Service Modemmode: Activate DynDNS service in ../Connectivity Settings/Internet Settings/ -> IP-Reporting mode! Gateway mode: Activate DynDNS service in Service Menu HY-LINE Communication Products GmbH Inselkammerstr. 10 82008 Unterhaching communication(at)hy-line.de www.hy-line.de 34 HY-LINE truecon Router Handbuch Services - Inetwd + Redundancy: Function: Internet Watchdog (Inetwd): The internet watchdog checks periodically via ping (icmp protocol) the correct access to an ip address or host name on the internet or intranet. If the ip address is not reachable the router will be restart. Important: this function will cause traffic also if there is no other communication over the router Destination host: IP-Address or host name - Layout: www.name.extension Maximum retries: Number of ping trials before router restart Interval: Interval in seconds für ping request Important: Do not activate this service until the router is ready to access the internet. If the service is activated and there is e.g. no sim card installed, the router will reboot every 600seconds by default. Send mail before reboot: before reboot the router sends an email to the system manager HY-LINE Communication Products GmbH Inselkammerstr. 10 82008 Unterhaching communication(at)hy-line.de www.hy-line.de 35 HY-LINE truecon Router Handbuch Function: Redundancy communication a) LAN-Gateway (DHCP) UMTS / PPPoE (intern DSL or external modem) The router is online only on the currently active connection. The primary active communication (after router reboot) is always LAN gateway (DHCP). Once the primary, active communication has failed, the communication is automatically enabled on the redundant communication (UMTS / PPPoE) without a reboot. This function is done by the service InetWD. The active communication is then UMTS / PPPoE. After switching to redundancy mode the router sent an email containing a (definable) information. Switch to the primary communication is done manually through the router web interface, just a reboot or restart of the router (via internet or intranet). b) LAN-Gateway (no DHCP) LAN-Gateway (no DHCP) Function like described in a.) Voraussetzung: es darf kein DHCP Client bei den LAN Einstellungen im Router aktiviert sein, alle LAN-Parameter müssen manuell eingegeben werden. Das Umschalten auf den primären Kommunikationsweg/ Gateway erfolgt manuell über die Router Weboberfläche durch einen Reboot/ Neustart des Routers (übers Internet oder Intranet). Das Umschalten des aktiven Gateways nach erfolglosem Ping des InetWD automatisch auf das redundanten Gateway. Hinweis: Das redundante Gateway wird vom User in den InetWD Dienst eingetragen, dies kann nicht über die Weboberfläche gemacht werden. DHCP must be disabled in the router LAN configuration. All LAN parameters must be entered manually. Switching to the primary communication / Gateway is done manually via the web interface through a router reboot / restart the router (via internet or intranet). Switching to redundancy gateway mode is done after an unsuccessful ping from the InetWD service. HY-LINE Communication Products GmbH Inselkammerstr. 10 82008 Unterhaching communication(at)hy-line.de www.hy-line.de 36 HY-LINE truecon Router Handbuch Continued.: Services - Redundancy Configuration: LAN-Gateway –> UMTS/Gateway Fallback Enable redundancy: Redundancy mode: mode or LAN gateway Fallback gateway: LAN fallback gateway Status Mail modem r.: Send mail with redundancy status Mail Message: Mail text Example hot to configure redundancy: - Redundancy activate (modem oder fallback), angeben - Service Menu: - Internet dial in: Always online - Internet-Dial-Up Service deactivate - Internet Watchdog Service aactivate (InetWD) HY-LINE Communication Products GmbH Inselkammerstr. 10 82008 Unterhaching communication(at)hy-line.de www.hy-line.de 37 HY-LINE truecon Router Handbuch Continued.: Redundancy configuration Configuration LAN-Gateway: see chapter: LAN settings Configuration Firewall:: see chapter firewall, Masquerading srcnet must be activated! Reboot router! Active redundancy: LAN-Gateway –> UMTS Fallback Home Screen shows redundancy settings/mode: If redundncyis activated, home screens shows: After reboot of router the first communication way is active again. HY-LINE Communication Products GmbH Inselkammerstr. 10 82008 Unterhaching communication(at)hy-line.de www.hy-line.de 38 HY-LINE truecon Router Handbuch Services – NTPd Timeserver: Protocoll of the timeserver is NTP RFC1305. NTP Timeserver 1/2: IP address or hostname. Timeserver 2 is automatically used if connection to timeserver 1 failed. NTP Server (RFC 1305): HY-LINE Communication Products GmbH Activate the NTP Server Mode for the local network. Any ip device can update their time over the router via NTP. Inselkammerstr. 10 82008 Unterhaching communication(at)hy-line.de www.hy-line.de 39 HY-LINE truecon Router Handbuch Services - Ser2TCP: The Ser2TCP Service is able to stream data from the serial RS232 Router interface to any ip based device over the ethernet network. Further administration under Linux OS is needed. Please contact HYLINE technical support for assistance. HY-LINE Communication Products GmbH Inselkammerstr. 10 82008 Unterhaching communication(at)hy-line.de www.hy-line.de 40 HY-LINE truecon Router Handbuch Services - SNMP: Please contact HY-LINE technical support to receive the MIB (Management Information Base). HY-LINE Communication Products GmbH Inselkammerstr. 10 82008 Unterhaching communication(at)hy-line.de www.hy-line.de 41 HY-LINE truecon Router Handbuch Services - SSHd: Configuration for access to the router over SSH (Secure Shell TCP/IP Terminal) Secure Shell – secured communication over unsecured networks : Secure Shell (SSH) is a program that allows the communication of computers over unsecured networks through a secure means. It closes many security risks, this is done through the encryption of data. Access to the router through SSH-Secure Shell (TCP/IP): Windows Editor, for example: Winscp login: root password: can be set under User Management Settings SSH (TCP/IP): Host-Name or IP-Address: Router-IP Port: 22 Note: First time power-up (after firmware update) the router initializes his SSH-Keys. This process takes about 15 minutes after that the router will be reachable through SSH. HY-LINE Communication Products GmbH Inselkammerstr. 10 82008 Unterhaching communication(at)hy-line.de www.hy-line.de 42 HY-LINE truecon Router Handbuch Services - Syslogd: Configuration of the log files size, number of logs and remote logins. Services - FTP-Server: • • approx.. 3MB Flash-Memory (persistent, root directory) approx. 8MB RAM-Memory ( ..\tmp) HY-LINE Communication Products GmbH Inselkammerstr. 10 82008 Unterhaching communication(at)hy-line.de www.hy-line.de 43 HY-LINE truecon Router Handbuch Services - UDP Broadcast Proxy: The UDP-Broadcast function is used for discover ip devices on the HY-LINE Router lan subnet. Incoming tcp-ip packets with configured broadcast port will be send automatically to each device in the router network. Each reply will be send back to the sender from the internet. Destination IP range: Destination the broadcast will be send to (usually the HY-LINE Router lan subnet) Destination Netmask: Subnet of destination network Destination Port: Identification of broadcast function and destination port to send to HY-LINE Communication Products GmbH Inselkammerstr. 10 82008 Unterhaching communication(at)hy-line.de www.hy-line.de 44 HY-LINE truecon Router Handbuch Services - Webserver: Use also Port 80 active: Router is accessible via Port 80 and Port 443 over the internet and intranet Attention: Due to security reason it is recommended to disable Port 80 access from the internet Certificate warning: The HY-LINE Router has a standard https certificate installed (common version). This will cause in a browser alert after trying to access the routers web interface. It is possible to use a customer specific certificate to prevent this. This is not a security issue. HY-LINE Communication Products GmbH Inselkammerstr. 10 82008 Unterhaching communication(at)hy-line.de www.hy-line.de 45 HY-LINE truecon Router Handbuch VPN: A Virtual Private Network (VPN) is a computer network that communicates private data through a big open network such as the internet. Members of the VPN that are logged in can exchange data as if they were part of a private LAN. The meaning private implies that the connection is established much like a local LAN but does not imply that the connection is encrypted. A tunnel is established between Client and Server, this connection is the tunnel but VPN tunnels do not have to be encrypted. Secure VPNs use cryptographic tunnelling protocols to provide the intended confidentiality (blocking snooping and thus Packet sniffing), sender authentication (blocking identity spoofing), and message integrity (blocking message alteration) to achieve privacy. When properly chosen, implemented, and used, such techniques can provide secure communications over unsecured networks. This has been the usually intended purpose for VPN for some years. Secure VPN technologies may also be used to enhance security as a "security overlay" within dedicated networking infrastructures. Secure VPN protocols included in the M2M Router are following: IPsec (IP security) – Pre-shared-keys or X.509 certificates PPTP Client and Server (point-to-point tunnelling protocol), Username and password security OpenVPN Client and Server: Certificate authentication, NO username and password possible HY-LINE Communication Products GmbH Inselkammerstr. 10 82008 Unterhaching communication(at)hy-line.de www.hy-line.de 46 HY-LINE truecon Router Handbuch Services - VPN Use IPsec: Enables IPSec server when connected to the internet aktiviert (Pre-shared key, Zertifikate x.509) Use PPTP server: Enables PPTP server (Username and password authentication) Use PPTP client: Enables PPTP Client (Certificate authentication) HY-LINE Communication Products GmbH Inselkammerstr. 10 82008 Unterhaching communication(at)hy-line.de www.hy-line.de 47 HY-LINE truecon Router Handbuch VPN – PPTP Server Configuration: Gateway IP / Client IPv4 range: VPN-Tunnel IP-Subnet must be different from HY-LINE Router LAN subnet HY-LINE Communication Products GmbH Inselkammerstr. 10 82008 Unterhaching communication(at)hy-line.de www.hy-line.de 48 HY-LINE truecon Router Handbuch VPN – PPTP Client Konfiguration: Server address: IP-address or host name of VPN-PPTP server User name: vpn pptp user name, add/edit in ..\Advanced\user management Enable network mode: activate routing to remote network (server subnet) Network address: network ip range on server side (for routing), syntax: xxx.xxx.xxx.0 Route netmask: subnet for routing, syntax: 255.255.255.0 Route manuell setzen auf linux shell: -sys sh -ip route add 192.168.3/24 add ppp1 HY-LINE Communication Products GmbH Inselkammerstr. 10 82008 Unterhaching communication(at)hy-line.de www.hy-line.de 49 HY-LINE truecon Router Handbuch VPN-PPTP SERVER Set up connections example M2M Router settings for us a VPN-PPTP-CLIENT: • Authentication method: o CHAP or MS-CHAP V2 authentication available o Edit: \\etc\runit\pptp\run (File with extension script) CHAP: name +mppe-40 persist maxfail 0 debug \ -> if CHAP not possible, MS-CHAP V2 is used MS-Chap V2: name +mppe-40 refuse-chap persist maxfail 0 debug \ -> only MS-Chap V2 is used • Encryption MPPE: o Edit: \\etc\runit\pptp\run (File with extension script) +mppe-40 +mppe-128 De-activate mppe: remove string (+mppe-40 or +mppe-128) HY-LINE Communication Products GmbH Inselkammerstr. 10 82008 Unterhaching communication(at)hy-line.de www.hy-line.de 50 HY-LINE truecon Router Handbuch Continue: VPN-PPTP SERVER Set up connections example Web interface settings VPN Services: Use PPTP client VPN \ PPTP \ Client : Set PN server Set user name; user must be add in user management, see next page Enable Network Mode, routing is active Network address: subnet on other side of VPN Tunnel, Syntax: x.x.x.0 All other settings like shown in the picture. HY-LINE Communication Products GmbH Inselkammerstr. 10 82008 Unterhaching communication(at)hy-line.de www.hy-line.de 51 HY-LINE truecon Router Handbuch User management: VPN-PPTP Add user via web interface ../Advanced/User Management: User subsystem: PPP/PPTP User Important: if connectionist not working please change following: o Edit: \etc\ppp\chap-secrets o Change username PPP password to username * password * # PPP t-d1 * t-d1 # PPTP vpn ppp 123 * # PPTP username ppp password * change to username * password * Important: this change must be made every time a new user is added/changed or deleted! HY-LINE Communication Products GmbH Inselkammerstr. 10 82008 Unterhaching communication(at)hy-line.de www.hy-line.de 52 HY-LINE truecon Router Handbuch VPN – OpenVPN Server Configuration: Range ip Address: IP-Address range of established OpenVPN tunnels (Format: x.x.x.0) Range ip netmask: IP-Netmask of established OpenVPN tunnels Push route 1-3: IP-Address range, set as route in OpenVPN Client (Format: x.x.x.0) Route 1-3 netmask: IP-Subnet, set as subnet in OpenVPN Client HY-LINE Communication Products GmbH Inselkammerstr. 10 82008 Unterhaching communication(at)hy-line.de www.hy-line.de 53 HY-LINE truecon Router Handbuch VPN – OpenVPN Server Configuration: Duplicate cn: allow multiple clients with same common name to connect to router at the same time Authentication: only with certificate, Username and password not possible Encryption: SHA1 - HMAC and BF-CBC (Blowfish - Cyper-Block-Chaining Mode) Default-Keysize: SHA1: 160 bit ; BF-CBC: 128 bit. (not editable) OpenVPN Client: example for use with windows: http://openvpn.net/index.php/open-source/downloads.html HY-LINE Communication Products GmbH Inselkammerstr. 10 82008 Unterhaching communication(at)hy-line.de www.hy-line.de 54 HY-LINE truecon Router Handbuch VPN – OpenVPN Server Configuration: EXAMPLE OpenVPN Client Configuration on remote side (e.g. PC-System / Hardware-Router): - Store certificate + keys in HY-LINE Router, Format: > ca.crt > ca.key > client.crt > client.key > server.crt > server.key - Copy certificate + keys on the PC (e.g. ..\Programme\OpenVPN\Config - Configure OpenVPN Client Software Config File (e.g. client.ovpn) Successful connection between HY-LINE Router and Windows PC running OPenVPN.org software client. HY-LINE Communication Products GmbH Inselkammerstr. 10 82008 Unterhaching communication(at)hy-line.de www.hy-line.de 55 HY-LINE truecon Router Handbuch VPN – OpenVPN Client configuration: Attention: the router internal clock must be set to correct date and time. Activate OpenVPN Client via Service menu: Server FQHN: openVPN Server IP-Address or Domain-Name Server port: openVPN Server Port Client certificate: Authentication certificate Client key: Keys for Authentication CA certificate: Setup CA-Certificate for authentication in OpenVPN SERVER Menu CA key: Setup CA-Key for authentication in OpenVPN SERVER Menu HY-LINE Communication Products GmbH Inselkammerstr. 10 82008 Unterhaching communication(at)hy-line.de www.hy-line.de 56 HY-LINE truecon Router Handbuch VPN –IPsec Server Configuration: VPN-ipsec Preshared Key Network example: Server room Router-IP WAN: 201.202.203.204 Network : 192.168.180.0/24 Remote Network (HY-LINE Router) Router-IP WAN: dynamic Router-IP LAN: 192.168.3.254 Network : 192.168.3.0/24 255.255.255.0 255.255.255.0 ipsec PHASE 1 PARAMETER (management connection) Encryption : 3DES Authentication (Hash) : SHA1 Preshared Key : 12345 Lifetime : 86400 ipsec PHASE 2 PARAMETER (data connection) Security protocol : ESP (nicht AH) Conection Mode : Tunnel Mode (nicht Transport Mode) Encryption : 3DES Authentication (Hash) : SHA1 Perfect Forward Secrecy (pfs-Group) : 2 (enabled) – DH2: Diffie Hellmann Group 2 ipsec activate: HY-LINE Communication Products GmbH Inselkammerstr. 10 82008 Unterhaching communication(at)hy-line.de www.hy-line.de 57 HY-LINE truecon Router Handbuch VPN –IPsec Server Configuration: ipsec configuration: • • Keep not used values in the default settings (e.g. identifier value, type, etc) ipsec algorithm (encryption/authentication) fill in manually, pay attention to syntax HY-LINE Communication Products GmbH Inselkammerstr. 10 82008 Unterhaching communication(at)hy-line.de www.hy-line.de 58 HY-LINE truecon Router Handbuch VPN –IPsec Server Configuration: ipsec Policies (Routing): RECHENZENTRUM Router-IP WAN: 201.202.203.204 Netz : 192.168.180.0/24 255.255.255.0 Remote Netz (HY-LINE Router) Router-IP WAN: dynamisch Router-IP LAN: 192.168.3.254 Netz : 192.168.3.0/24 255.255.255.0 Hier müssen im HY-LINE Router 2 Routen konfiguriert werden, eine für ausgehenden Traffic (out) und eine für eingehenden Traffic (in). ipsec Policies OUT: HY-LINE Communication Products GmbH Inselkammerstr. 10 82008 Unterhaching communication(at)hy-line.de www.hy-line.de 59 HY-LINE truecon Router Handbuch VPN –IPsec Server Configuration: ipsec Policies IN: HY-LINE Communication Products GmbH Inselkammerstr. 10 82008 Unterhaching communication(at)hy-line.de www.hy-line.de 60 HY-LINE truecon Router Handbuch VPN –IPsec Server Configuration: ipsec Policies summary: Add user: Menu ..\Advanced\User Management : User subsystem: VPN ipsec user Username: public IP-address (WAN) of Server room Password: preshared key HY-LINE Communication Products GmbH Inselkammerstr. 10 82008 Unterhaching communication(at)hy-line.de www.hy-line.de 61 HY-LINE truecon Router Handbuch VPN-ipsec certificate connections Base settings: see VPN with preshared Keys. The HY-LINE router is based on x.509 certificates. The router uses 2 files: the certificate file with extension .crt and the private key file with extension: e.g. p12 for pkcs 12 Files. For x.509 certificates in one file you have to split it into two files. For example with the software: XCA . IMPORTANT: The Private Key File must not be protected by a password. (remove with OpenSSL). Use the software XCA to split the certificate in two files(http://xca.hohnstaedt.de/?page_id=3) Remove password in the Public Key File with OpenSSL (http://www.openssl.org/): Start OpenSSL prompt Check if password protected, you won’t see any information: pkcs12 -in Name_des_Zertifikats.p12 -info Clear password in the private Key File: pkcs12 -in Name_des_Zertifikats.p12 -info -nodes -nocerts -out Name_des_Zertifikats _neu.pem HY-LINE Communication Products GmbH Inselkammerstr. 10 82008 Unterhaching communication(at)hy-line.de www.hy-line.de 62 HY-LINE truecon Router Handbuch Advanced - System: System management: Advanced command line: Command Line Interface HY-LINE Communication Products GmbH Inselkammerstr. 10 82008 Unterhaching communication(at)hy-line.de www.hy-line.de 63 HY-LINE truecon Router Handbuch Advanced - System: Amcli command line: The amcli is a simple command line interface running on the routers linux system OS. Example commands: -c -D -d -f file -R file -h -V -v -g -q -i -s -F -r runlevel -m -p Execute command and exit Dump configuration and exit Write configuration and exit Specify configuration file Read commands from file Show help Verify configuration file and exit Be more verbose Run in CGI mode Quiet mode Run init jobs and exit Shutdown mode for init Forced init (abort on error) Set init runlevel Modify configuration data and exit Purge nodes HY-LINE Communication Products GmbH Inselkammerstr. 10 82008 Unterhaching communication(at)hy-line.de www.hy-line.de 64 HY-LINE truecon Router Handbuch Amcli command line interface Output for command: ping 192.168.101.222 HY-LINE Communication Products GmbH Inselkammerstr. 10 82008 Unterhaching communication(at)hy-line.de www.hy-line.de 65 HY-LINE truecon Router Handbuch Advanced - System: System management: Reboot system: Router reset (Softreset) System configuration management: Download: loads the current configuration of the router to a file (system.conf) Upload: uploads a system.conf file in to the router, restart required configuration file must be from same firmware version Incremental Update Support: Firmware update without the need for a full firmware download HY-LINE Communication Products GmbH Inselkammerstr. 10 82008 Unterhaching communication(at)hy-line.de www.hy-line.de 66 HY-LINE truecon Router Handbuch Advanced - Logging: System Log: The system log will show details about the routers functions, e.g. dial in the internet, sending mails, using DynDNS, etc. Example of logfile: 09:55:46: Internet dial-up und public ip address: 80.187.16.115 09:55:50: DynDNS Alias name update 09:55:53: E-Mail send (ip-address) HY-LINE Communication Products GmbH Inselkammerstr. 10 82008 Unterhaching communication(at)hy-line.de www.hy-line.de 67 HY-LINE truecon Router Handbuch Advanced – Network Tracer: The Network tracer tool logs all network traffic over all interfaces ecxept following traffic: Port 22 (ssh), 80 (http), 443. Enable tracer: check box this box and press save Clear traces: clear all saved logs Trace log: show save logs Example: Tracelog HY-LINE Communication Products GmbH Inselkammerstr. 10 82008 Unterhaching communication(at)hy-line.de www.hy-line.de 68 HY-LINE truecon Router Handbuch Advanced - User Management: User Management: To add, change and delete user on the HY-LINE Router. HY-LINE Communication Products GmbH Inselkammerstr. 10 82008 Unterhaching communication(at)hy-line.de www.hy-line.de 69 HY-LINE truecon Router Handbuch Advanced - User Management: Webserver user have fixed names and belongs to a right system with limited access to router functions - Username: manager Password: changemetoo - Username: service Password: changemetoo - Username: installer Password: changemetoo - Username: user Password: changemetoo Passwords can be changed. Menu ‚List users’ shows only user with same or lower rights. User rights HY-LINE Communication Products GmbH Inselkammerstr. 10 82008 Unterhaching communication(at)hy-line.de www.hy-line.de 70 HY-LINE truecon Router Handbuch Specification HY-LINE Communication Products GmbH Inselkammerstr. 10 82008 Unterhaching communication(at)hy-line.de www.hy-line.de 71 HY-LINE truecon Router Handbuch Specification: Router with integrated 4-port switch Important: the network RJ45 socket on the side of the router is not connected at router versions with integrated switch and must not be used . This socket is sealed in factory default by a plug. This plug must not be removed. HY-LINE Communication Products GmbH Inselkammerstr. 10 82008 Unterhaching communication(at)hy-line.de www.hy-line.de 72 HY-LINE truecon Router Handbuch Empty page HY-LINE Communication Products GmbH Inselkammerstr. 10 82008 Unterhaching communication(at)hy-line.de www.hy-line.de 73 HY-LINE truecon Router Handbuch Dimensions Din Rail Mount (EN 60715), IP20, synthetic material HAP-RS HAP-RIS HAP-RAS HAP-RGS HAP-RUS HAP-RLS HAP-RDS 101mm HAP-R HAP-RI HAP-RA HAP-RG HAP-RU HAP-RL 83mm 60mm 120mm 35mm HY-LINE Communication Products GmbH Inselkammerstr. 10 82008 Unterhaching communication(at)hy-line.de www.hy-line.de 74 HY-LINE truecon Router Handbuch Analog modem country code settings - Log on to the Router via SSH or serial: - Type in following commands (case sensitive) sys sh svactivate stop mgetty-s0 svactivate stop pppd microcom /dev/ttyS0 at+gci=42 (=Germany for example) at&w check country code: at+gci? - please reboot Router HY-LINE Communication Products GmbH Inselkammerstr. 10 82008 Unterhaching communication(at)hy-line.de www.hy-line.de 75