HY-LINE M2M ROUTER, Manual

Page 1: ...HY LINE truecon Router Handbuch Seite 1 HY LINE Systems GmbH Inselkammerstr 10 82008 Unterhaching systems at hy line de www hy line de systems ...

Page 2: ...nated in the next edition We are always grateful for information regarding errors in this documentation S Su up pp po or rt t Our technical support pages are on our website www hy line de New manuals and data sheets are also available there FAQ pages are also available on our website If you have further questions please direct them at systems hy line de C Ca ar re e a an nd d M Ma ai in nt te en n...

Page 3: ...ings 11 Internet Settings 12 PPP Dial In 14 E Mail 17 I O Settings 19 Firewall 21 NAT 22 Services Status 25 DHCP DNS Server 26 DynDNS 27 InetWD 29 NTPd 30 Proxy 31 Ser2TCP 32 SNMP 33 SShd 34 Syslogd 35 FTP Server 35 VPN 36 VPN PPTP Server 38 VPN PPTP Client 39 VPN IPsec 43 Webserver 49 Advanced System 50 Logging 51 User Management 52 Technical specifications 53 integrated switch 54 Dimensions 55 O...

Page 4: ...Rail connection for easy mounting as well as the possibility to establish all connections Analog ISDN GSM GPRS UMTS in one device are what make this the leading industrial router on the market The router has an RS232 port as well as the standard Ethernet connection On the protocol side the router is capable of SNMP and DHCP Configurable alarms can be sent via SMS or E Mail The digital inputs and o...

Page 5: ... the SSH Keys to be generated This process takes about 10 minutes after this the router will be reachable through SSH login root password changemetoo Settings SSH TCP IP Host Name or IP Address Router IP Port 22 Access to router over serial login root password changemetoo Settings for serial connection 38 400 bps 8 bits no parity 1 Stop bits no flow control IP Address changes over SSH or serial co...

Page 6: ...eneral oversight of the router Firmware version System updates serial number modem type band type gsm signal strength router uptime PPP Data Counter max 2GB as well as the status of the digital inputs and outputs While the router is online it will show the assigned IP address form the service provider With the reboot button a soft start reboot will occur In Online mode you will see the status of t...

Page 7: ...e S Se et tt ti in ng gs s I Id de en nt ti if fi ic ca at ti io on n Device Name Name of the router with a maximum character length of 35 Special characters allowed Location Location of the router for informational purposes only Manager E Mail Address of the system manager Recipient of the dynamic IP address once the router is connected to the internet ...

Page 8: ...4 numbers separated by periods with a value between or equal to 0 and 255 which then is capable of being separated though one point i e 192 168 0 34 or 127 0 0 1 The network mask aka subnet mask is a bit mask where that IP address separates the network from the host A network mask is just as long as an IP address in IP version 4 it is 32 bit in IP version 6 it is 128 bit Every bit of the network m...

Page 9: ...pable of load balancing A Gateway is the basis that allows networking to occur this networking is based on a different set of protocols in order to connect others In addition to this a gateway uses a protocol translator so that different computers can talk to each other i e Linux to Windows Within the gateway is everything allowed in relation to the conversion of protocol as well as the loss of da...

Page 10: ...ime Date and time of the router Timezone Timezone in which the router is Please be aware that the summer and winter time will be automatically switched only in Germany Settings Berlin Time Server IP Time server standard ptbtime1 ptb de Manual sync for manual adjustment of the time and date Network sync Time and date will be synchronized after pressing SAVE over the internet The router will dial in...

Page 11: ...f the router only important when it is an ISDN connection the MSN must be included here Die MSN Multiple subscriber Number is either the dialing number without area code or only the extension number This is dependent on the setup of the telephone system Enable PIN Enable PIN is only for use with a SIM card in order to log in to the network do not enable for use with analog or ISDN connections PIN ...

Page 12: ...ter Handbuch Seite 12 HY LINE Systems GmbH Inselkammerstr 10 82008 Unterhaching systems at hy line de www hy line de systems C Co on nn ne ec ct ti iv vi it ty y S Se et tt ti in ng gs s I In nt te er rn ne et t P PP PP P ...

Page 13: ...the Call by Call Internet access Password Password for the Call by Call Internet access Re enter Password Re enter the password for the Call by Call Internet access Timeout Time till the router hangs up on an inactive connection to the Internet IP reporting mode After Internet login DynDNS activated and or dynamic IP address of the router sent per email Network time sync additional settings under ...

Page 14: ...t 30 seconds after cutting the connection in order to build another connection Internet by call Ringing function Calling the M2M router from any phoneline don t wait until the router connect the line activates the router to log in to the internet Port Speed with bad analog lines usually overseas the routers communication speed can be set down for more stable phone lines Dial In Server Client IP IP...

Page 15: ...lish the more permanent connections PPP today is the standard protocol for ISPs in order for users to log in The specifications of PPP are such that they are not only designed to support TCP IP but many others as well Configuring Direct Connection to M2M Router over PPP There is one PPP User on the router is a permanent account with user name pppuser This account is not displayed in the User Manag...

Page 16: ...193670 MSN DNS Standard DNS verwenden z B Arcor DNS 145 253 2 11 FREENET User gast Password internet Tel Nummer 019231770 Freenet DNS 62 104 191 241 C Co on nf fi ig gu ur ra at ti io on n o of f C Ca al ll l b by y C Ca al ll l a ac cc ce es ss s f fo or r I IS SD DN N A An na al lo og g t te el le ep ph ho on ne e l li in ne es s W WO OR RL LD DW WI ID DE E No login needed costs are over the sta...

Page 17: ...HY LINE truecon Router Handbuch Seite 17 HY LINE Systems GmbH Inselkammerstr 10 82008 Unterhaching systems at hy line de www hy line de systems E E M Ma ai il l ...

Page 18: ...dress of the SMTP server for the sending of E Mails supports DNS addresses as well as IP addresses Rewrite sender address If enabled rewrites the sender domain for outgoing E Mails Sender domain Sender domain for outgoing E Mails Encryption Whether to use SMTP over TLS for outgoing E Mails Use TLS cert Whether to use STARTTLS command for TLS connections Location of TLS certificate Place and name o...

Page 19: ...al in Dial in to the internet Alarm send E Mail Sends an E Mail with message text to recipient 1 3 Alarm once high send Mail Sends an E Mail with message text to recipient 1 3 and system manager after power up the router The E Mail is send only if Digital Input 1 is high immediately after power up the router In normal use Digital Input 1 can t be triggered Run user defined script 1 2 Run user defi...

Page 20: ...the digital output o Digital Input 2 active With impulse intervals of 10sec the digital input 2 will be mapped on to the digital output o Online The Online Offline status is mapped to the digital outputs Digital Output Override manual on and off control of the digital outputs T Te ec ch hn ni ic ca al l i in nf fo or rm ma at ti io on n f fo or r t th he e d di ig gi it ta al l I I O Os s Digital ...

Page 21: ...n allows the opening and closing of specific services from the internet to the router arrows left and from the router to the internet arrows right Three standard profiles are available Default Standard applicable for most uses Custom Custom profile defined by user must be set for user configuration Minimum High security Commit rules Commit the changes to the firewall configuration when saving ...

Page 22: ...s to communicate with the public internet the private IP addresses must be translated in to public address The private address are not reachable from the outside port scanning and the like cant be done C Co on nf fi ig gu ur ra at ti io on n The router has the ability to configure the NAT Network Address Translation The NAT configuration in the router can be configured through a serial connection ...

Page 23: ... line de www hy line de systems N NA AT T C Co on nf fi ig gu ur ra at ti io on n W WE EB B b br ro ow ws se er r Protocol type Protocol TCP or UDP Forwarded Port Incoming port Dest Address IP Address of device the paket is send to Dest Port Destination Port To take affect of the changes the router must be reboot ...

Page 24: ...llowing two lines to the input chain chain input accept proto tcp from iface if_inet to port 5631 accept proto udp from iface if_inet to port 5632 wichtig bei Zugriff auf einen Geräte Webserver Port 80 accept proto tcp from iface if_inet to port 80 accept proto udp from iface if_inet to port 80 chain output services wichtig bei Zugriff auf einen Geräte Webserver Port 80 http_out proto tcp from ifa...

Page 25: ...HY LINE truecon Router Handbuch Seite 25 HY LINE Systems GmbH Inselkammerstr 10 82008 Unterhaching systems at hy line de www hy line de systems S Se er rv vi ic ce es s S St ta at tu us s ...

Page 26: ...INE truecon Router Handbuch Seite 26 HY LINE Systems GmbH Inselkammerstr 10 82008 Unterhaching systems at hy line de www hy line de systems S Se er rv vi ic ce es s D DH HC CP P D DN NS S S Se er rv ve er r ...

Page 27: ... 82008 Unterhaching systems at hy line de www hy line de systems S Se er rv vi ic ce es s D Dy yn nD DN NS S DynDNS Service Provider Choose your provider for the DynDNS server Username DynDNS account name Password DynDNS password Re enter Password Verify Host alias DynDNS Hostname ...

Page 28: ...ncy nor is there any restriction on how the connection can be used beyond those placed on you by your ISP Can a Dynamic DNS service replace my static IP In most situations a static IP is not required The Dynamic DNS service allows your host to be mapped to your IP even when your IP changes However there can be some issues depending on your situation some of which are outlined below 1 If your IP ch...

Page 29: ...t n na am me e o on n t th he e i in nt te er rn ne et t o or r i in nt tr ra an ne et t I If f t th he e i ip p a ad dd dr re es ss s i is s n no ot t r re ea ac ch ha ab bl le e t th he e r ro ou ut te er r w wi il ll l b be e r re es st ta ar rt t I Im mp po or rt ta an nt t t th hi is s f fu un nc ct ti io on n w wi il ll l c ca au us se e t tr ra af ff fi ic c a al ls so o i if f t th he er r...

Page 30: ...me es se er rv ve er r P Pr ro ot to oc co ol ll l o of f t th he e t ti im me es se er rv ve er r i is s N NT TP P R RF FC C1 13 30 05 5 NTP Timeserver 1 2 IP adress or hostname Timeserver 2 is automatically used if connection to timeserver 1 failed Listen on internal IP address Activate the NTP Server Mode for the local network Any ip device can update their time over the router via NTP ...

Page 31: ...HY LINE truecon Router Handbuch Seite 31 HY LINE Systems GmbH Inselkammerstr 10 82008 Unterhaching systems at hy line de www hy line de systems S Se er rv vi ic ce es s P Pr ro ox xy y ...

Page 32: ...ro om m t th he e s se er ri ia al l R RS S2 23 32 2 R Ro ou ut te er r i in nt te er rf fa ac ce e t to o a an ny y i ip p b ba as se ed d d de ev vi ic ce e o ov ve er r t th he e e et th he er rn ne et t n ne et tw wo or rk k F Fu ur rt th he er r a ad dm mi in ni is st tr ra at ti io on n u un nd de er r L Li in nu ux x O OS S i is s n ne ee ed de ed d P Pl le ea as se e c co on nt ta ac ct t ...

Page 33: ...eite 33 HY LINE Systems GmbH Inselkammerstr 10 82008 Unterhaching systems at hy line de www hy line de systems S Se er rv vi ic ce es s S SN NM MP P Pleae contact HY LINE technical support to receive the MIB Management Information Base ...

Page 34: ...is a program that allows the communication of computers over unsecured networks through a secure means It closes many security risks this is done through the encryption of data Access to the router through SSH Secure Shell TCP IP Windows Editor for example Winscp login root password can be set under User Management Settings SSH TCP IP Host Name or IP Address Router IP Port 22 Note First time power...

Page 35: ...ms at hy line de www hy line de systems 35 S Se er rv vi ic ce es s S Sy ys sl lo og gd d The menu for the configuration of the log files size number of logs and remote logins S Se er rv vi ic ce es s F FT TP P S Se er rv ve er r approx 3MB Flash Memory persistent root directory approx 8MB RAM Memory tmp ...

Page 36: ...ng protocols to provide the intended confidentiality blocking snooping and thus Packet sniffing sender authentication blocking identity spoofing and message integrity blocking message alteration to achieve privacy When properly chosen implemented and used such techniques can provide secure communications over unsecured networks This has been the usually intended purpose for VPN for some years Beca...

Page 37: ...rhaching systems at hy line de www hy line de systems 37 V VP PN N S Se er rv vi ic ce es s Use IPsec damon Enables IPSec server when connected to the internet Use PPTP daemon Enables PPTP server when connected to the internet Use PPTP client Enables PPTP clien when connected to the internet ...

Page 38: ...con Router Handbuch Seite 38 HY LINE Systems GmbH Inselkammerstr 10 82008 Unterhaching systems at hy line de www hy line de systems V VP PN N P PP PT TP P S Se er rv ve er r C Co on nf fi ig gu ur ra at ti io on n ...

Page 39: ... at ti io on n Server address IP adress or host name of VPN PPTP server User name vpn pptp user name add edit in Advanced user management Enable network mode activate routing to remote network server subnet Network address network ip range on server side for routing syntax xxx xxx xxx 0 Route netmask subnet for routing syntax 255 255 255 0 set route manuell on linux shell sys sh ip route add 192 1...

Page 40: ... 255 255 0 Remote Network HY LINE Router Router IP WAN dynamisch Router IP LAN 192 168 3 254 Netz 192 168 3 0 24 255 255 255 0 ipsec PHASE 1 PARAMETER management connection Verschlüsselung Encryption 3DES Authentifizierung Hash SHA1 Preshared Key 12345 Lifetime 86400 ipsec PHASE 2 PARAMETER data connection Sicherheits Protokoll ESP nicht AH Conection Mode Tunnel Mode nicht Transport Mode Verschlüs...

Page 41: ...Inselkammerstr 10 82008 Unterhaching systems at hy line de www hy line de systems 41 ipsec configuration Keep not used values in the default settings e g identifier value type etc ipsec algorithmen encryption authentication fill in manually pay attention to syntax ...

Page 42: ...licies Routing RECHENZENTRUM Router IP WAN 201 202 203 204 Netz 192 168 180 0 24 255 255 255 0 Remote Netz HY LINE Router Router IP WAN dynamisch Router IP LAN 192 168 3 254 Netz 192 168 3 0 24 255 255 255 0 Hier müssen im HY LINE Router 2 Routen konfiguriert werden eine für ausgehenden Traffic out und eine für eingehenden Traffic in ipsec Policies OUT ...

Page 43: ...HY LINE truecon Router Handbuch Seite 43 HY LINE Systems GmbH Inselkammerstr 10 82008 Unterhaching systems at hy line de www hy line de systems 43 ipsec Policies IN ...

Page 44: ...stems GmbH Inselkammerstr 10 82008 Unterhaching systems at hy line de www hy line de systems ipsec Policies summary Add user Menu Advanced User Management User subsystem VPN ipsec user Username public IP address WAN of Server room Passwort preshared key ...

Page 45: ... For x 509 certificates in one file you have to split it into two files For example with the software XCA IMPORTANT The Private Key File mus t notbe protected by a password remove with OpenSSL Use the software XCA to split the certificate in two files http xca hohnstaedt de page_id 3 Remove password in the Public Key File with OpenSSL http www openssl org Start OpenSSL prompt Check if password pro...

Page 46: ...v vi ic ce es s W We eb bs se er rv ve er r The menu for the configuration of access to the router over SSH Secure Shell TCP IP How to reach the M2M router if the SSL Access HTTPS is de activated Example Listen Port 443 SSL turned off http IP Adresse des router 443 amcgi cgi Example Listen Port 789 SSL turned off http IP Adresse des router 789 amcgi cgi ...

Page 47: ...tart is will the router work again Hard reset System configuration management Download loads the current configuration of the router in to a file system conf configuration file must be from same firmware version Upload uploads a system conf file in to the router and then restart Important notice The upload and download works error free with a Mozilla Firefox Internet Browser Safarie browser or Mic...

Page 48: ...uters functions e g dial in the interrnet sending mails using DynDNS etc E Ex xa am mp pl le e o of f l lo og gf fi il le e 0 09 9 5 55 5 4 46 6 I In nt te er rn ne et t d di ia al l u up p u un nd d p pu ub bl li ic c i ip p a ad dd dr re es ss s 8 80 0 1 18 87 7 1 16 6 1 11 15 5 0 09 9 5 55 5 5 50 0 D Dy yn nD DN NS S A Al li ia as s n na am me e u up pd da at te e 0 09 9 5 55 5 5 53 3 E E M Ma ...

Page 49: ...9 HY LINE Systems GmbH Inselkammerstr 10 82008 Unterhaching systems at hy line de www hy line de systems 49 A Ad dv va an nc ce ed d U Us se er r M Ma an na ag ge em me en nt t User Management can add change and remove users from the router ...

Page 50: ... Forwarding Services DynDNS DHCP DNS Server Proxy SNMP NTP Timeserver FTP Konfiguration Management HTML Webserver SSH Seriell Alarm management E Mail SMS over digital inputs triggerable Digital Inputs 2x 5 30 VDC VAC current min 5mA Digital Output 1x 24VDC max 100mA short circuit proof Interfaces Ethernet RJ45 10 100 Mbit s RS232 DSUB 9 analog RJ 11 ISDN RJ 45 Status LEDs Run Network Online Digita...

Page 51: ...ings add ons Ethernet Port Integrated 4 port 10 100 Mbit s Base T Ethernet RJ45 Switch in router front panel Auto Negotiation Auto Crossing Auto Polarity Status LEDs Function Link Speed Isolation 1000VAC Ethernet and power supply IEEE 802 3 CSMA CD IEEE 802 3ux Fast Ethernet Full Duplex Mode Power Supply 12 30VDC power consumption 11 Watt max 450mA 24VDC Zulassungen CE EMV EN61000 4 3 EN61000 4 2 ...

Page 52: ...e 52 HY LINE Systems GmbH Inselkammerstr 10 82008 Unterhaching systems at hy line de www hy line de systems D Di im me en ns si io on n Din rial mount case DIN EN 60715 Router with 4 port switch width 60mm compared to 35mm standard router ...

Page 53: ...de www hy line de systems 53 O Op pe en ni in ng g t th he e d de ev vi ic ce e m mo od de em m e ex xc ch ha an ng ge e In order to open the case take out the red top hat rail clip afterwards carfuly pull appart the housing while pushing the clips firmly that hold the housing together found at each corner of the shell ...

Page 54: ...Seite 54 HY LINE Systems GmbH Inselkammerstr 10 82008 Unterhaching systems at hy line de www hy line de systems Modem Processorboard installation HY LINE Router circuit board Pos 1 circuit board Pos 2 socket modem Pos 3 processorboard ...

Page 55: ...buch Seite 55 HY LINE Systems GmbH Inselkammerstr 10 82008 Unterhaching systems at hy line de www hy line de systems 55 Detailed schematic of hole plug for Analog ISDN Router Cap for Analog ISDN Router Case for Analog ISDN Router ...

Page 56: ...de www hy line de systems Technical information Analog modem country code settings Log on to the Router via SSH or seriell Type in following commands case sensitive sys sh svactivate stop mgetty s0 svactivate stop pppd microcom dev ttyS0 at gci 42 Germany for example at w check country code at gci please reboot Router ...

Page 57: ... factory defaults available on Router hardware newer January 2009 1 Turn off router from power supply 2 Set umper 1 to ON position Jumper 1 is located on the router side inside the case 3 Turn ON router reset is finished after 2 minutes when the leds starts flashing permanently 4 Turn off router from power supply 5 Set jumper 1 to OFF position 6 Reset is finished ...