CTC Union ICR-4103 Series, User Manual

Page 1: ...i ICR 4103 4G LTE Cellular Router ...

Page 2: ...any other application in which the failure of the product could create a situation where personal injury or death may occur Should the Buyer purchase or use a CTC Union product for any such unintended or unauthorized application the Buyer shall indemnify and hold CTC Union Technologies and its officers employees subsidiaries affiliates and distributors harmless against all claims costs damages exp...

Page 3: ...ntents are subject to change without prior notice Please check CTC Union s website for any updated manual or contact us by E mail at sales ctcu com Please address any comments for improving this manual or to point out omissions or errors to marketing ctcu com Thank you 2019 CTC Union Technologies Co Ltd All Rights Reserved The contents of this document are subject to change without any prior notic...

Page 4: ...2 9 Pin Assignments 15 2 10 Connecting I O Ports 16 2 11 Serial Port COM2 RS 232 17 2 12 Serial Port COM3 RS 485 18 2 13 DIP Switch 18 3 Configuration via Web Browser 19 3 1 Access the Web Interface 19 3 2 Navigate the Web Configurator 21 3 3 Status 22 3 4 System 24 3 4 1 Time and Date 24 3 4 2 COM Ports 27 3 4 3 Logging 28 3 4 3 1 Logging 29 3 4 3 2 Log Data 29 3 4 4 Alarm 30 3 4 5 Ethernet Ports...

Page 5: ... OSPF 68 3 8 4 BGP 72 3 9 VPN 75 3 9 1 OpenVPN 75 3 9 1 1 Edit OpenVPN Connection 75 3 9 1 2 Set up OpenVPN Client 77 3 9 1 3 Set up OpenVPN Server 78 3 9 1 4 Set up OpenVPN Custom 79 3 9 2 IPSec 80 3 9 2 1 Connections 81 3 9 2 2 Authentication IDs 84 3 9 2 3 X 509 Certificates 85 3 9 2 4 CA Certificates 86 3 9 2 5 Net to Net Configuration 89 3 9 2 6 Hub Spoke Topology 103 3 9 3 GRE 113 3 9 4 PPTP...

Page 6: ...andwidth 137 3 10 9 2 QoS 138 3 10 9 3 Status 141 3 10 9 4 The case of Internet Web site access 141 3 10 9 5 Bandwidth divided for each IP address 145 3 11 Management 146 3 11 1 Identification 146 3 11 2 Administration 147 3 11 3 Contacts On Duty 148 3 11 3 1 Contacts 148 3 11 3 2 Duty Schedule 149 3 11 4 SSH 150 3 11 5 WEB 150 3 11 6 Firmware 150 3 11 7 Configuration 151 3 11 8 Load Factory 151 3...

Page 7: ...ork stations data encryption and verification of data integrity The device is administrated via web GUI Telnet SSH v2 and HTTP HTTPS Built for secure and uninterrupted operation in harsh environments ICR 4103 series support extended operating temperature from 20 C to 75 C and a flexible input voltage range of 12 24VDC 8 4 30VDC With DIN rail mounting and IP40 housing protection ICR 4103 series are...

Page 8: ...e between failures 296 306 Hrs MIL HDBK 217 Software Network Protocols IPv4 IPv6 IPv4 IPv6 dual stack DHCP server and client PPPoE Static IP SNTP DNS Proxy Modbus VRRP OSPF Message Queue Telemetry Transport MQTT Broker Routing Firewall NAT Virtual Server DMZ MAC Filter URL Filter IP Filter VLAN Static Routing and RIP 1 2 VPN OpenVPN IPSec 3DES AES128 AES196 AES256 MD5 SHA 1 SHA256 Wireless Connect...

Page 9: ...anel View Index No Description 1 Fast Ethernet port 1 3 2 WAN port 3 SIM card slot 4 SMA antenna connectors 5 LED indicators SYS Call Signal VPN SIM1 SIM2 6 RS 232 Console COM1 7 Reset push button 8 DIP switch 9 Terminal block for DI1 DI2 COM2 RS 232 COM3 RS 485 Alarm 10 Terminal block for power 11 Earth grounding 8 9 11 10 1 2 3 4 4 5 6 7 ...

Page 10: ...ON System UP Normal Signal Low Signal VPN Connected Connected Connected Slow Blinking Booting N A N A WAN Connected Connecting Connecting Fast Blinking N A N A N A N A Error Error OFF Power Down N A N A NO WAN Connection Not Working Not Working Heart Beat N A N A N A N A Reading Reading 2 2 Ethernet Port 1 10 100 Mbps Ethernet LAN1 LAN3 The Ethernet LAN1 3 interfaces are standard RJ45 connectors ...

Page 11: ... RX Pin 4 N A N A 5 N A N A 6 LAN RX 10 100 Mbps LAN RX Pin 7 N A N A 8 N A N A Each Ethernet port has two LED indicators The Green LED indicates Link ACT and the Yellow LED indicates Speed LED Status Description Green Link ACT Off Connection is down Blink Data is being transmitted On Connection is up Yellow Speed Off 10 Mbps Mode On 100 Mbps Mode ...

Page 12: ...ARE INSTALLATION 12 2 3 Serial Port COM1 Console Pin Description Direction 1 N A N A 2 RXD In 3 TXD Out 4 N A N A 5 GND Ground 6 N A N A 7 RTS Out 8 CTS In 9 N A N A The serial port COM1 is a standard Sub D connector ...

Page 13: ...ss the button with a paper clip or suitable tool to eject the SIM card from the drawer 3 Insert the SIM card with the contacts facing up and align it properly into the drawer Make sure your direction of SIM Card and put it into the tray 4 Slide the drawer back and locks it in place Note Please make sure the direction first When pulling into the SIM tray without putting the correct direction the tr...

Page 14: ...s will be blinking to show you have activated the setting successfully 2 6 External Antenna Each unit has two antenna connectors SMA MAIN and AUX Connect the antenna to MAIN when you have only one antenna Please tighten the connecting nut properly to ensure good connection 2 7 Connecting the Power Supply The router requires a DC power supply in the range of 12 24VDC 8 4 30VDC Please ensure all com...

Page 15: ...ATION 15 2 8 Grounding the Router To prevent the noise and surge effect please connect the router to the site ground wire by the ground screw before turning on the router 2 9 Pin Assignments Ring type terminal Fork type terminal ...

Page 16: ...ctional component 2 Digital Output Alarm Contacts The unit has 2 terminals on the terminal block for the Alarm Contacts Photo relay output with current capacity of 500mA 50VDC maximum Pin Description Alarm Alarm negative signal output Alarm Alarm positive signal output Pin Description DI1_I1 Digital INPUT 1 DI1_COM Digital INPUT 1 DI2_I2 Digital INPUT 2 DI2_COM Digital INPUT 2 ...

Page 17: ...RE INSTALLATION 17 2 11 Serial Port COM2 RS 232 The serial port COM2 is a RS 232 interface Pin Description RXD COM2 Serial Port RXD Signal INPUT TXD COM2 Serial Port TXD Signal OUTPUT GND COM2 Serial Port Signal Ground ...

Page 18: ...Resistor SW 1 Pull Low SW 2 Pull High Enable ON ON Disable Default OFF OFF Termination Resistor 120 ohm SW 3 Enable ON Disable Default OFF A built in 120 ohm terminal resistor can be activated by DIP switch Pull high or Pull low resistor adjustments are also available It improves the communication on RS 485 networks for specific application Switch 1 and 2 set the pull high low resistor Switch 3 en...

Page 19: ...ecause the mobile router acts as DHCP server in your network the mobile router will automatically assign IP address for PC or NB in the network Logging in the Router In this section please fill in the default User Name admin and the blank default Password Then Click Login to enter the device For the system security purposes we strongly suggest changing Username and password after the initial login...

Page 20: ...nfirm Then click Apply button The system needs a reboot to take new password into effect Note After changing the User Name and Password we strongly recommend that you save them because another time when you login new User Name and Password have to be used so as to successfully login to the system ...

Page 21: ...or setting fields from main menu and sub menu Title Bar Item Description RSSI Show if the SIM card is inserted in the slot If yes RSSI Received Signal Strength Indicator shows the current signal strength in a wireless network and the name of telecommunication operator Uptime Show the time starting turn on the router until current using WAN Priority Show the three mode of WAN status which is first ...

Page 22: ...t Note After logging in the system you can set up the status of user and divide into three levels for setting user s authority including Super User Administrator and Read Only For Guest this status is without any authority All users log in or log out and they need to have Web UI log records Status Super User Administrator Read Only Guest User name system account admin only Super User can modify on...

Page 23: ...IPv4 Mask LTE IPv4 mask Status WAN Ethernet Item Description Attribute IPv4 Address Ethernet WAN obtain IPv4 Address IPv4 Mask Ethernet WAN obtain IPv4 Mask Status LAN Ethernet Item Description Attribute IPv4 Address Ethernet LAN is assigned IPv4 Address IPv4 Mask Ethernet LAN is assigned IPv4 Mask IPv6 Address Ethernet LAN is assigned IPv6 Address Status WAN DNS Item Description Attribute IPv4 DN...

Page 24: ...e are two modes at Time and Date Setup including Get from Time Server and Manual The default mode is Get from Time Server For Time Zone Setup the Daylight Savings Time allows the device to forward backward the amount of time from Ahead of standard time setting automatically when the time is at the Daylight Savings duration that you have set up before I Get from Time Server Set up the time servers ...

Page 25: ...APTER 3 WEB CONFIGURATIONS II Manual Set up the information of time and date including year month date and hour minute and second Set up your local time zone Click Apply to submit your configuration changes ...

Page 26: ...t is Off Ahead of standard time The forward backward minutes when enter leave Daylight Savings duration Default is 60 minutes Start Date Start Time Time to enter Daylight Savings duration The Month range is 1 12 1 Jan 2 Feb 3 Mar 4 Apr 5 May 6 Jun 7 Jul 8 Aug 9 Sep 10 Oct 11 Nov 12 Dec The Week range is 1 5 1 first week in month 2 second week in month 3 third week in month 4 fourth week in month 5...

Page 27: ...e and the COM 3 is RS485 interface 1 The default is Disable You can click edit button to configure your settings 2 Set up the configuration and Virtual COM After configuring click Save to confirm your settings 3 The console is the command line interface CLI management option for mobile router You can assign the COM port to be a management port by this option Note It is suggested to enable at least...

Page 28: ...the information of Parity Stop Select from 1 bit or 2 bit Flow Control Select from none Xon Xoff or hardware Virtual COM Mode Select from Disable Server or Client Protocol Select from TCP or UDP Host Address The host address is only available on client mode Specify what the domain name or IP address IPv4 or IPv6 to be connected Redirect Port Server Mode This network package of mobile router is on ...

Page 29: ...ou click Refresh the system will update and display the latest data from your mobile router 4 When you click Download Logs the system will download the latest data from your mobile router System Logging Logging Item Description Mode Turn on off the logging configuration Select from Disable or Enable The default is Enable Remote Log The logging messages send to remote log or not Select from Disable...

Page 30: ...h means High Trigger SW is On to trigger SW is OFF in Normal state 3 DI trigger Low means Low Trigger SW is OFF to trigger SW is ON in Normal state System Logging Log Item Description Filter Filter the required data quickly Date Show the date of log for each logging data Group Show the group of software functions Module Show the module of group of software functions Message Show the messages for e...

Page 31: ...igger alarm VPN disconnect All tunnels get disconnected then trigger alarm WAN disconnect All WAN connections get disconnected then trigger alarm Alarm Output Select from SMS DO SNMP trap and E mail as alarm output DI 1 Trigger Select from High or Low The default is High Trigger High SW is On to trigger Low SW is OFF to trigge D1 2 Trigger Select from High or Low The default is High Trigger DO beh...

Page 32: ...vity status of LAN and WAN Configurations Select from Auto 100M Full 100M Half 10M Full 10M Half and Disable WAN Ethernet MTU is the Maximum Transmission Unit that can be sent over the WAN Ethernet interface It allows users to adjust the MTU size to fit into their existing network environment Flow Control Allow user to control the traffic ingress from Ethernet LAN or WAN ...

Page 33: ...e The default list type is both which shows all status when the router is on DHCP Client and Online For DHCP Client type the information shows IP address MAC address Hostname and the expiry time of IP Start End For Online type the information shows IP address and MAC address when the client is online System Modbus Item Description Mode Select from Disable or Enable Port The listening port of Modbu...

Page 34: ...DNS 3 5 1 Priority You can set up the priority of WAN WAN Priority Item Description Priority ETH First WAN Ethernet is first priority and the second priority is LTE The default is ETH First LTE Only The priority is only LTE ETH Only The priority is only Ethernet LTE First WAN LTE is first priority and the second priority is Ethernet ...

Page 35: ... DNS Server it provides three options to set up and each option has provided with From ISP User Defined and None to configure WAN Ethernet Item Description WAN Ethernet There are three options to obtain the IP of WAN Ethernet DHCP Client DHCP server assigned IP address netmask gateway and DNS PPPoE Client Your ISP will provide you with a username and password This option is typically used for DSL ...

Page 36: ...hows the information of configuration including IP Address IP Mask and Gateway Address WAN Ethernet Item Description IPv4 DNS Server 1 IPv4 DNS Server 2 IPv4 DNS Server 3 Each setting DNS Server has three options including From ISP User Defined and None When you select From ISP the IPv4 DNS server IP is obtained from ISP When you select User Defined the IPv4 DNS server IP is input by user ...

Page 37: ... to access internet you can enable Ethernet Ping Health and the system would switch to LTE connection and switch back whenever Ethernet is able to access internet again WAN Ethernet Item Description Static IPv4 Configuration IP Address Fill in the IP Address IP Mask Fill in the IP Mask Gateway Address Fill in Gateway Address DNS Server Configuration IPv4 DNS Server 1 IPv4 DNS Server 2 IPv4 DNS Ser...

Page 38: ...ent Interface when IPv6 is using as WAN connection WAN Ethernet Ethernet Ping Health Item Description Ethernet Ping Health Select from Disable or Enable The default is Enable Interval The interval is from 1 to 60 seconds IPv4 Host 1 Input the address of IPv4 Host 1 IPv4 Host 2 Input the address of IPv4 Host 2 IPv6 Host 1 Input the address of IPv6 Host 1 IPv6 Host 2 Input the address of IPv6 Host 2...

Page 39: ... provided with From ISP User Defined and None to configure WAN IPv6 DNS Item Description DNS Server Configuration IPv6 DNS Server 1 IPv6 DNS Server 2 IPv6 DNS Server 3 Each setting DNS Server has three options including From ISP User Defined and None When you select From ISP the IPv6 DNS server IP is obtained from ISP When you select User Defined the IPv6 DNS server IP is input by user ...

Page 40: ...section allows you to configure LTE Config Dual SIM Usage Display and SMS 3 6 1 LTE Config 3 6 1 1 LTE Configuration You can set up the LTE Configuration and LTE Ping Health For LTE Configuration you can select from Auto 4G Only 3G Only or 2G Only ...

Page 41: ... network only 3G Only Connect to 3G network only 2G Only Connect to 2G network only MTU MTU is the Maximum Transmission Unit that can be sent over the LTE interface It allows user to adjust the MTU size to fit into their existing network environment LTE LTE Config LTE Ping Health Item Description LTE Ping Health Select from Disable or Enable Interval Input the interval seconds of ping IPv4 Host 1 ...

Page 42: ...aming is detected System will switch SIM slot when current SIM is in roaming state and another SIM slot is in READY state If you have selected either SIM1 or SIM2 for the Used SIM to connect the Roaming Switch and Connect Retry Number would not to be shown in the interface You can set up the SIM cards SIM1 Configurations or SIM2 Configurations SIM PIN If you have configured SIM PIN code into SIM c...

Page 43: ...GURATIONS Change SIM PIN If you want to change SIM PIN code you can click Change button and type old SIM PIN code and new SIM PIN code Please aware not to exceed the retry number PIN remaining number and PUN remaining number ...

Page 44: ...44 CHAPTER 3 WEB CONFIGURATIONS Note The interface will be shown the tick symbol at the same time when each SIM Card has been connected ...

Page 45: ...M when roaming is detected System will switch SIM slot when current SIM is in roaming state and another SIM slot is in READY state Connect Retry Number Entry the time when SIM card starts to activate This option is only for Dual SIM mode SIM1 Configurations or SIM2 Configurations Status Display the status of Dual SIM SIM PIN Configure PIN code to unlock SIM PIN Confirmed SIM PIN Confirm PIN code S...

Page 46: ... for Real Time Hourly Daily Weekly and Monthly Data Limitation Mode Turn on off the Data Limitation to disable or enable Already Used Data MB Display current used throughput since last reset Max Data Limitation MB Configure max throughput Monthly Reset Set up the reset time during the month Now Time Show the current time of system ...

Page 47: ... displays real time Download Upload Total MB per seconds for current using SIM card and the view window size is 60 seconds Real Time Usage It displays accumulated real time Download Upload Total MB per seconds for current using SIM card and the view window size is 60 seconds ...

Page 48: ...48 CHAPTER 3 WEB CONFIGURATIONS 2 Hourly Usage It displays Download Upload Total MB per hour in one day for current using SIM card and the view window size is 24 hours ...

Page 49: ...49 CHAPTER 3 WEB CONFIGURATIONS 3 Daily Usage It displays Download Upload Total MB per day in one month for current using SIM card and the view window size is 31 days ...

Page 50: ...50 CHAPTER 3 WEB CONFIGURATIONS 4 Weekly Usage It displays Download Upload Total MB per day in one week for current using SIM card and the view window size is 7 days ...

Page 51: ...51 CHAPTER 3 WEB CONFIGURATIONS 5 Monthly Usage It displays Download Upload Total MB per month in one year for current using SIM card and the view window size is 12 months ...

Page 52: ...section provides two settings one is SMS Action and the other is View SMS 1 When enabling SMS Action it allows you by sending key words SMS to trigger device setting action query status 2 For View SMS this section allows you to review the information of SMS that you have ...

Page 53: ...section displays how to activate DO control via SMS function Apart from setting up configurations in SMS page you also need to set up a list of users contacts that would like to send SMS To do so you can follow the steps described below 1 Add registered user in Contacts On Duty page Go to Management Contacts On Duty Contacts and click Add User button to add a new user entry ...

Page 54: ... CONFIGURATIONS Fill in this user s personal information 2 Create a group for this user Go to Management Contacts On Duty Duty Schedule and click Add Group button to add a new group entry Tick the checkbox if necessary ...

Page 55: ...55 CHAPTER 3 WEB CONFIGURATIONS 3 Enable SMS Action and modify the string on LTE SMS SMS Action page ...

Page 56: ...56 CHAPTER 3 WEB CONFIGURATIONS 4 Send a message to the device which contains the string that you entered ...

Page 57: ...nformation one is Serving Cell and the other is Lock PCI Serving Cell displays all parameters and Lock PCI is to lock physical cell ID RSRP RSRQ and SINR are for LTE connection RSCP is for WCDMA connection Note Some of PCI may not be allowed to be locked It depends on the operator 3 6 6 Lock PCIs ...

Page 58: ...CI Lock Perform lock on specific Frequency PCI Unlock Unlock from the previous lock 3 6 7 Lock Bands This section allows you to select LTE bands that you would like to be locked LTE Lock Bands Item Description LTE Bands Select and check the band items that you would like to lock Uncheck the band items to unlock ...

Page 59: ...ernet DHCP Client Item Description IPv4 DNS Server 1 IPv4 DNS Server 2 IPv4 DNS Server 3 Each setting DNS Server has three options including From ISP User Defined and None When you select From ISP the IPv4 DNS server IP is obtained from ISP When you select User Defined the IPv4 DNS server IP is input by user ...

Page 60: ... Assign DNS Assign and DNS Server LAN IPv4 Item Description LAN IPv4 IP Address 10 1 1 1 IP Mask 255 255 255 0 Both of them are default you can change them according to your local IP Address and IP Mask DHCP Server Configuration Turn on off DHCP Server Configuration Enable to make router can lease IP address to DHCP clients which connect to LAN IP Address Pool Define the beginning and the end of t...

Page 61: ...es in the first column LAN IPv6 Item Description LAN IPv6 This section provides two types including Delegate Prefix from WAN and Static Static Address You need to input the static address when you select the static type Delegate Prefix from WAN Select this option to automatically obtain an IPv6 network prefix from the service provider or an uplink router Static Select this option to configure a fi...

Page 62: ... Trunk or Access The Trunk allows to carry multiple 802 1p VLANs traffic The Access allows the untagged devices to communicate with a specific 802 1p VLAN by assigned PVID LAN VLAN Tag Base Item Description Mode The VLAN mode is Off or Tag Base 802 1p VLAN VLAN Isolation When the mode is Tag Base you can turn on or off VLAN Isolation function Enable The assigned row of settings is enabled Subnet S...

Page 63: ... access internet or the router 3 7 4 Subnet This section allows you to get the information of IP Address and IP Mask and edit for the Subnets from DHCP Server Configuration This Subnet setting is the same with LAN IPv4 setting and follows with Tag Base Mode of VLAN to enable the function LAN VLAN 3 port LANs Port Base Item Description Mode The VLAN mode is Off Tag Base 802 1p VLAN or Port Base Ena...

Page 64: ...his section allows you to configure the Static Route and RIP 3 8 1 IP Static Route This section allows you to configure the Static Route A static route is a pre determined path that network information must follow to reach a specific host or network ...

Page 65: ...from IPv4 and IPv6 at the same time The interface is shown in Apply fail to notice You should select either IPv4 or IPv6 as the address of destination gateway The status tab shows the information from the settings of static route System Static Route Item Description Mode The setting is for full network Select from Off or On Settings Mode The setting is for the specific network Select from Off or O...

Page 66: ...rom Off or On Status Destination Show the status of destination from the setting section Gateway Show the status of gateway from the setting section Interface Show the status of interface from the setting section Protocol Show the status of protocol from the setting section IP Routing RIP General Item Description General Mode Select from Off or On to open or close RIP function Redistribute local r...

Page 67: ...face Select from eth1 WAN Ethernet or LAN Authentication Select from none or md5 to approve authentication Note Please offer Key and Key ID when you select md5 to use HMAC MD5 Key The key used for authentication maxlength 16 Key ID The ID of the key used for authentication 1 255 Passive Select from Off or On to send out or not to send out RIP packets on this interface ...

Page 68: ... OSPF with three sub configurations including General Interfaces and Networks configuration 1 General Configuration You can have these settings for General configuration Mode Redistribute local routes Redistribute connected routes Redistribute RIP routes Redistribute BGP routes ...

Page 69: ...ot redistribute local routes from the device s own routing table On Redistribute local routes from the device s own routing table Redistribute connected routes Off Not redistribute connected routes to networks which are directly connected to the device On Redistribute connected routes to networks which are directly connected to the device Redistribute RIP routes Off Not redistribute RIP routes lea...

Page 70: ...2 WAN LTE or LAN Authentication Select from none or md5 to approve authentication Note Please offer Key and Key ID when you select md5 to use HMAC MD5 Key The key used for authentication maxlength 16 Key ID The ID of the key used for authentication 1 255 Cost The cost for sending packets via this interface 0 OSPF defaults Passive Select from Off or On to send out or not to send out OSPF packets on...

Page 71: ...SPF networks OSPF Networks Add Edit This sub configuration is used to configure all the networks the maximum is 2 IP Routing OSPF Networks Item Description Networks Mode Select from Off or On to enable the network setting Prefix Set Prefix of the network Prefix Length Set Length of the prefix Area Routing area to which this interface belongs 0 65535 0 means backbone ...

Page 72: ...vice s own routing table On Redistribute local routes from the device s own routing table Redistribute connected routes Off Not redistribute connected routes to networks which are directly connected to the device On Redistribute connected routes to networks which are directly connected to the device Redistribute RIP routes Off Not redistribute RIP routes learned via the RIP routing protocol On Red...

Page 73: ...edistributed from other sources as defined on the general sub configuration and the maximum neighbors is 16 IP Routing BGP Neighbor Item Description Neighbor Mode Select from Off or On to enable the neighbor setting IP Address Set IP address of the peer router AS Number Autonomous system number of the peer router Multihop Allow multiple hops between this router and the peer router Update Source Mo...

Page 74: ...74 CHAPTER 3 WEB CONFIGURATIONS IP Routing BGP Networks Item Description Networks Mode Select from Off or On to enable the network Prefix Set Prefix of the network Prefix Length Set Length of the prefix ...

Page 75: ...PN 3 9 1 OpenVPN 3 9 1 1 Edit OpenVPN Connection 1 This section allows you to configure the OpenVPN parameters The default mode is Disable Click button to edit OpenVPN Connection 2 From Setting tab you can set up the connection of OpenVPN ...

Page 76: ...h other servers VPN Type Select the VPN type Roadwarrior or Bridging Status Display the status of OpenVPN TLS Mode Select from Disable or Enable for data security The default is Disable Cipher The OpenVPN format of data transmission IPv6 Mode Select from Disable or Enable The default is Disable Device Select from TUN or TAP The default is TUN Protocol Select from UDP or TCP Client which depends on...

Page 77: ...ter will auto apply the properly routing rules NAT 1 1 NAT Tick to enable NAT Traversal for OpenVPN This item must be enabled when the router under NAT environment Select from Off or On When two routers LAN Subnet are same and create OpenVPN tunnels this function should be turned on Client Security Root CA The Certificate Authority file of OpenVPN server could be downloaded from OpenVPN server Cer...

Page 78: ...rver This section allows you to configure the server status of VPN Mode Note When selecting the On option of Route Client Networks the OpenVPN server will route the client traffic or not You should fill in the client IP and netmask when this option is enabled ...

Page 79: ...VPN Mode Item Description Server Client Mode Only support the Roadwarrior mode VPN Network The network ID for OpenVPN virtual network VPN Netmask The netmask for OpenVPN virtual network Roadwarrior Route Client Networks Select from Off or On The OpenVPN server will route the client traffic or not User should fill in the client IP and netmask when this option is enabled NAT 1 1 NAT Tick to enable N...

Page 80: ...Mode Item Description Mode Select from Disable or Enable The default is Disable VPN Mode Select from custom mode Custom Config Import OpenVPN configuration Username Fill in the username if the imported file has already set up the username Password Fill in the password if the imported file has already set up the password Status Display the connection status of OpenVPN such as IP address and the con...

Page 81: ...utton For the edit you can click the and buttons to edit IPsec phase 1 and phase 2 setting respectively For the advance settings like Dead Peer Detection a k a DPD you can click the button to edit it VPN IPsec General setting Item Description Mode Select from Disable or Enable The default is Disable Type Select from Policy based or Route based The default is Policy based Policy based transmit traf...

Page 82: ...efault or SHA256 DH Group The Diffie Hellman Group Select from 1 768 bit 2 1024 bit 5 1536 bit default 14 2048 bit 15 3072 bit 16 4096 bit 17 6144 bit or 18 8192 bit Lifetime The length of the keying channel of a connection Select from 30 minutes 1 hour 2 hours 3 hours 6 hours 12 hours or 24 hours Local Host The IP address of the router s public network interface If this value is blank the connect...

Page 83: ...this value is blank the connection will set it as the Local Host of Phase 1 setting Note 1 This option only work on Policy based IPsec VPN type Note 2 This option will be setup as 0 0 0 0 0 automatically on IPsec Route based VPN Note 3 This option will be omitted when the service option is L2TP For host to host connection only Remote Subnet The private subnet behind the peer gateway The available ...

Page 84: ... the list of authentication ID is empty You can create the new authentication ID by click Add Authentication ID button Note Please apply the changes before editing the connection settings VPN IPsec Connections Item Description DPD interval The period time interval to detect dead peers The default is 30 seconds DPD retry The max number of retry of dead peer detection The default is 5 times ...

Page 85: ...name CN of X 509 as the ID field 3 9 2 3 X 509 Certificates This section provides the certificates setting which could be used by IPsec authentication ID Each certificate will show the State and Subject information and provide the controlling buttons to let user import download or edit the certificate key files Note Please apply the changes before editing the Authentication IDs settings VPN IPsec ...

Page 86: ...igned CA generated by the router and it supports the user import the self signed CAs to the router The self signed CA will help the router to verify the self signed X 509 certificate which is imported on X 509 Certificates section Each CA certificate will show the State and Subject information and provide the controlling buttons to let user could download or edit the certificate key files ...

Page 87: ...cate by Add X 509 button If it s not existed 4 Click the Edit button to navigate the Certificate Setting page 5 Fill up the informations of the X 509 certificate 6 Click the Generate Certificate button and Save 7 Click the Apply button to apply the changes Certificate Setting VPN IPsec CA Certificates Item Description Country Name The 2 letter country code e g US This option is required for certif...

Page 88: ...he Add X 509 button The list will pop up the balnk X 509 entry 3 Click the Cert Import button 4 Select the X 509 certificate file from browser window 5 When the file be selected and everything all right the state should be Cert or Key is missed 6 Click the Key Import button 7 Select the X 509 key file from browser window 8 When the state shown Imported the importing procedure is completed How to d...

Page 89: ...e Mode from Disable to Enable 2 Navigate to the Authentication IDs tab 3 Add the authentication ID Keep ID as blank Type as PSK and fill the password to Pre shared Key field 4 Apply the changes 5 Navigate to the Connections tab 6 Add IPsec connection 1 Edit the phase 1 setting 2 Change Mode from Disable to Enable 3 Save the changes 4 Edit the phase 2 setting 5 Fill up the Local Subnet and Remote S...

Page 90: ...90 CHAPTER 3 WEB CONFIGURATIONS ...

Page 91: ...ared Key field 4 Apply the changes 5 Navigate to the Connections tab 6 Add IPsec connection 1 Edit the phase 1 setting 2 Change Mode from Disable to Enable 3 Fill the IP address of VPN server to Remote Host Field e g Remote Host 10 0 0 1 4 Save the changes 5 Edit the phase 2 setting 6 Fill up the Local Subnet and Remote Subnet e g Local Subnet 192 168 200 0 24 Remote Subnet 192 168 100 0 24 7 Save...

Page 92: ...92 CHAPTER 3 WEB CONFIGURATIONS ...

Page 93: ...b 2 Edit the self signed CA Skip it if the self signed CA is generated 1 Fill the information of the self signed CA 2 Country Name CN 3 Orgnization Name Company 4 Common Name IPsec ca 5 Click the Generate Certificate button 6 Save the changes 3 The State of self signed CA will be Waiting Apply 4 Apply the changes 5 Waiting for the State of self signed CA become generated 6 Refresh the page ...

Page 94: ... Orgnization Name Company 4 Common Name local IPsec 5 Click the Generate Certificate button 6 Save the changes 4 Click the add button to add the X 509 certificate 5 Edit the newly X 509 certificate for the remote router 1 Fill the information of the X 509 certificate 2 Country Name CN 3 Orgnization Name Company 4 Common Name remote IPsec 5 Click the Generate Certificate button 6 Save the changes 6...

Page 95: ...95 CHAPTER 3 WEB CONFIGURATIONS ...

Page 96: ... Authentication IDs tab 2 Add tow authentication IDs Keep first one s ID as blank Type as RSA and select the C CN O Company CN local IPsec X 509 certificate Keep second one s ID as blank Type as RSA and select the C CN O Company CN remote IPsec X 509 certificate 3 Apply the changes ...

Page 97: ...1 Edit the phase 1 setting 2 Change Mode from Disable to Enable 3 Change Auth Type from PSK to RSA 4 Change the Local ID and select the local IPsec RSA authenticaion ID 5 Save the changes 6 Edit the phase 2 setting 7 Fill up the Local Subnet and Remote Subnet e g Local Subnet 192 168 100 0 24 Remote Subnet 192 168 200 0 24 8 Save the changes 4 Apply the changes ...

Page 98: ... RSA authentication 1 The self signed CA certificate which generated by VPN server 2 The X 509 certificate and key for remote router which generated by VPN server These files could be downloaded from VPN server The detail could reference How to download the certificate section of user manual ...

Page 99: ... import the required files Setup the connection on VPN client 1 Change Mode from Disable to Enable 2 Navigate to the Authentication IDs tab 3 Add one authentication ID Keep second one s ID as blank Type as RSA and select the C CN O Company CN remote IPsec X 509 certificate 4 Apply the changes 5 Navigate to the Connections tab 6 Add IPsec connection ...

Page 100: ...e the Local ID and select the remote IPsec RSA authenticaion ID 5 Fill the IP address of VPN server to Remote Host field e g Remote Host 10 0 0 1 6 Save the changes 7 Edit the phase 2 setting 8 Fill up the Local Subnet and Remote Subnet e g Local Subnet 192 168 200 0 24 Remote Subnet 192 168 100 0 24 9 Save the changes 7 Apply the changes ...

Page 101: ...101 CHAPTER 3 WEB CONFIGURATIONS ...

Page 102: ...102 CHAPTER 3 WEB CONFIGURATIONS IPsec Net to Net with RSA authentication result Server Client ...

Page 103: ...hub n 1 connections for n gateways For example in the Hub and Spoke topology we want to send the essential traffic through IPsec VPN tunnel Thus we will set the Route based VPN and Static Route to handle this situation The Route based VPN will redirect the traffic which is matching the routing table only to IPsec VPN tunnel After setting some configurations the PC1 and PC2 could communicate each o...

Page 104: ...the authentication ID for Spoke 1 ID spoke1 Type PSK Pre shared Key testspoke1 6 Add the authentication ID for Spoke 2 ID spoke2 Type PSK Pre shared Key testspoke2 7 Apply the changes 8 Navigate to the Connections tab 9 Add IPsec connection for Spoke 1 1 Edit the phase 1 setting 2 Change Mode from Disable to Enable 3 Change the Remote ID and select the spoke1 PSK authentication ID 4 Save the chang...

Page 105: ...105 CHAPTER 3 WEB CONFIGURATIONS ...

Page 106: ...106 CHAPTER 3 WEB CONFIGURATIONS ...

Page 107: ...face should be IPsec 1 3 Add the static route for IPsec Spoke 2 connection Mode On Destination 192 168 200 0 24 Interface Select the IPsec interface by connection number e g If your IPsec connection is 2 then the interface should be IPsec 2 4 Apply the changes Spoke 1 configuration Spoke 1 IPsec configuration 1 Change Mode from Disable to Enable 2 Change Type from Policy based to Route based 3 Nav...

Page 108: ... the changes 7 Navigate to the Connections tab 8 Add IPsec connection 7 Edit the phase 1 setting 8 Change Mode from Disable to Enable 9 Change the Local ID and select the spoke1 PSK authenticaion ID 10 Fill the IP address of VPN server to Remote Host field e g Remote Host 10 0 0 1 11 Save the changes 9 Apply the changes ...

Page 109: ...avigate to the IP Routing Static Route page 2 Add the static route for IPsec connection Mode On Destination 192 168 200 0 24 Interface Select the IPsec interface by connection number e g If your IPsec connection is 1 then the interface should be IPsec 1 3 Apply the changes ...

Page 110: ...ID is blank Type PSK Pre shared Key defaultpsk 5 Add one authentication ID ID spoke2 Type PSK Pre shared Key testspoke2 6 Apply the changes 7 Navigate to the Connections tab 8 Add IPsec connection 1 Edit the phase 1 setting 2 Change Mode from Disable to Enable 3 Change the Local ID and select the spoke2 PSK authenticaion ID 4 Fill the IP address of VPN server to Remote Host field e g Remote Host 1...

Page 111: ...111 CHAPTER 3 WEB CONFIGURATIONS ...

Page 112: ...aviagte to the IP Routing Static Route page 2 Add the static route for IPsec connection Mode On Destination 192 168 100 0 24 Interface Select the IPsec interface by connection number e g If your IPsec connection is 1 then the interface should be IPsec 1 3 Apply the changes ...

Page 113: ...er protocols The tunnels behave as virtual point to point links that have two endpoints identified by the tunnel source and tunnel destination addresses at each endpoint The GRE Mode is on VPN GRE Item Description Mode Select from Off or On to enable GRE Local Address Set local address of the GRE tunnel Remote Address Set remote address of the GRE tunnel Tunnel Device Address Set IP address of thi...

Page 114: ...t the existed PPTP clients Add Edit part VPN PPTP Server Item Description Mode Select from Off or On to enable PPTP Server Server Address IP addresses to be used at the local end of the tunneled PPP links between the server and the client Client Address Range A list of IP addresses to assign to remote PPTP clients VPN PPTP Server Clients Item Description Mode Select from Off or On to set the clien...

Page 115: ...llows you to set up L2TP and provides three modes for configuration including Off Server and Client Mode 1 Genernal Mode The defualt mode is Off as shown in the following interface 2 Server Mode Choose the Server mode and the interface will be changed as below ...

Page 116: ...t the client setting Auth The authentication method for L2TP connection Available options PAP CHAP MS CHAP MS CHAPv2 Local IP The virtual IP for L2TP server Remote begin IP The begin address of L2TP client s IP pool Remote end IP The end address of L2TP client s IP pool Username The L2TP client s username Could be used to add the newly client or update existed client Password The L2TP client s pas...

Page 117: ... this L2TP connection Server The L2TP server address or hostname Auth The authentication method for L2TP connection Should same as L2TP server s auth type Username The username for L2TP authentication Password The password for L2TP authentication NAT Turn on to translate the LAN subnet IP to L2TP virtual IP Default route Turn on to redirect all traffic to L2TP tunnel ...

Page 118: ...s to manage the L2TP connection under client mode First Fill in the required parameters Second Click the Add button to create the L2TP connection Tip 2 There are two steps to update the L2TP connection First Click the Edit button Second Update the parameters ...

Page 119: ...119 CHAPTER 3 WEB CONFIGURATIONS 3 9 6 Firewall This section allows you to configurate Port Forwarding DMZ IP Filter MAC Filter URL Filter and NAT ...

Page 120: ...120 CHAPTER 3 WEB CONFIGURATIONS 3 9 6 1 Port Forwarding This section allows you to set up Port Forwarding and click edit button to configure ...

Page 121: ...t from UDP or TCP Client which depends on the application Source Port Begin Fill in the beginning of source port Source Port End Fill in the end of source port Destination IP Fill in the current private destination IP Destination Port Begin Fill in the beginning of private destination port Destination Port End Fill in the end of private destination port Service DMZ Item Description Mode Select fro...

Page 122: ...ONFIGURATIONS 3 9 6 3 IP Filter This section allows you to configure IP Filter After clicking button you can edit your IP protocol source port and destination port 1 The default is Disable Mode as the following interface ...

Page 123: ...lock the specific IP address port listed in the rules On the other hand the White list will accept the specific IP address port listed in the rules Management IP Address This setting is used in White list Since the White list will block all user communication except those have been assigned by rules Therefore it is better to assign a specific IP address for the administrator to access the device P...

Page 124: ...ter After clicking button you can edit your MAC address Note Setting up MAC address please use colon symbol e g xx xx xx xx or hyphen symbol to mark e g xx xx xx xx Service MAC Filter Item Description Mode Select from Disable or Enable The default is Disable MAC Address Fill in your MAC address ...

Page 125: ...g button you can edit the type of filter and information Note Please not include https for the URL address in the Full Filter Service URL Filter Item Description Mode Select from Disable or Enable The default is Disable Filter Select from Key or Full The default is Key Key Full Fill in your Key Full information ...

Page 126: ...address for outgoing packets and allow to receive the destination LAN private IP address for incoming packets 3 9 6 7 IPS This section allows you to set IPS configuration IPS prevents the system from being attacked by the Internet The system is able to limit the max incoming connection number from WAN per source IP address to prevent system resource exhausted Also the system allows to limit the ma...

Page 127: ...lt Total allow incoming connection number The default number is 10 Checkbox Select from Enable or Disable default Max incoming connection retry number The default number is 20 Duration time The default time is 120 seconds Service SNMP Community Item Description Mode Select from Disable or Enable to configure SNMP Community Configure community setting with three options including 1 2 and 3 Mode Sel...

Page 128: ...n from Alarm output of system for your router With SNMP trap setting you can know the status of remote device Service SNMP SNMP v3 User configuration Item Description Mode Select from Disable or Enable to configure SNMP The default is Disable Name Fill in your name Auth Mode Select from Authentication or Privacy Authentication Password Fill in your authentication password Authentication Protocol S...

Page 129: ... 3 WEB CONFIGURATIONS 3 10 2 TR069 This section allows you to set up TR069 client configuration You can get information how to install TR069 Server GenieACS Installation from the application configuration chapter ...

Page 130: ...Periodic Inform Select from Disable or Enable The default is Disable The CPE reports the status to the ACS when enabling a period of time set Periodic Inform Interval Sec Fill in the periodic time The CPE reports to ACS the status according to your duration in seconds of the interval set Connection Request Username Fill in the connection request username to authenticate the ACS if the ACS attempts...

Page 131: ...vider of Dynamic DNS Host Name Fill in your registered Host Name from Service Provider Token ID Fill in your Token ID from Service Provider Host Secret ID Fill in your Secret ID from Service Provider Username Fill in your registered username from Service Provider Password Fill in your registered password from Service Provider Update Period Time Sec Fill in 0 to mean 30 days IP Address Selection Se...

Page 132: ... Service Provider www duckdns org Host Name Register hostname e g tester duckdns org Token ID The token ID e g 12345678 de49 4e97 a33c 98b159aead2b Service Provider no ip com Host Name Register hostname e g tester hopto org Username Register username Password Register password Service provider freedns afraid org Host Name Register hostname e g tester mooo com Username Register username Password Re...

Page 133: ...d for MQTT client in the web UI Service VRRP Item Description Mode Select from Disable or Enable The default is Disable Group ID Specify which VRRP group of this router belong to 1 255 The default is 1 Priority Enter the priority value from 1 to 254 The larger value has higher priority The default is 100 Virtual IP Each router in the same VRRP group must have the same virtual IP address The defaul...

Page 134: ...o read the critical topic Thus only the sub1 and sub3 can receive it when pub1 sending the message Service MQTT Item Description Mode Select from Disable or Enable The default is Disable Port Fill in the port number of MQTT application Manage Users Create the users and show all users names Allow each user to delete their name Username Fill in the username of manage user Password Fill in the passwo...

Page 135: ... create NAT port maps This means that applications that support UPnP and are used with UPnP enabled Mobile Router will not need application layer gateway support on the Mobile Routerto work through NAT 3 10 7 SMTP This section provides you to send your email for the server For instance the email will be sent to notify when the Alarm has a nofitication by the server Service SMTP Item Description Mo...

Page 136: ...ch serving a different purpose IP Alias can be used to provide multiple network addresses on a single physical interface Service IP Alias Item Description Mode Select from Off or On to enable the IP Alias Entries The setting can be edited or deleted the existed entries Add Edit IP Alias Entry Mode select from Off or On to use or not use this entry Interface the interface you want to provide the ad...

Page 137: ... and downstream of specific WAN interface Upstream means from LAN to WAN Downstream means WAN to LAN QoS configuration allows user to classify the traffic Once classified the traffic will have the guarantee minimum and limit maximum bandwidth Status allows user to monitor the dynamic bandwidth usage 3 10 9 1 ISP Bandwidth User can assign the Upstream and Downstream Bandwidth for each interface The...

Page 138: ...of window there are three buttons Edit botton allows you to edit QoS Entry and configure QoS settings Up Down arrow button allow you to adjust priority of the QoS entry The first QoS entry is the highest priority The QoS entry configuration page has three parts for classify traffic assign bandwidth and group IP address bandwidth ...

Page 139: ... LAN server for LAN to WAN traffic the Port Begin End is for LAN server Downstream LAN server is for LAN to WAN traffic and the Port Begin End is for LAN server IPv4v6 Address Choose four types to set address format including All Single Subnet and Range All is for none Single is for single IP address Subnet is for IP address with subnet mask bit Range is for the specified range between two IP addr...

Page 140: ...Rate Max Rate will be divided by the number of IP addresses The available IP type is Subnet and Range User needs to calculate the Min Rate and Max Rate for those IP addresses The subnet mask bit in IP Type Subnet is octet boundary and the number of IP addresses is one octet too 256 from subnet mask bit to subnet mask plus eight bit ...

Page 141: ... IP address show the group IP bandwidth usage Apply Refresh Setting button press this button to take above new setting effect 2 Data part is the content of bandwidth usage 3 10 9 4 The case of Internet Web site access Step 1 Set Main Mode as Enable Step 2 Set QoS Entry 1 Step 2 1 Set Mode as Enable Step 2 2 Set Name as Internet Browse US Step 2 3 Select Interface LTE Step 2 4 Select Upstream Step ...

Page 142: ...TIONS Step 3 Set QoS Entry 2 Step 3 1 Set Mode as Enable Step 3 2 Set Name as Internet Browse DS Step 3 3 Select Interface LTE Step 3 4 Select Downstream Step 3 5 Set Port Begin End as 443 443 Step 3 6 Set Min Max Rate as 300 600 ...

Page 143: ...ed LTE interface Step 6 Start browse the internet from LAN PC Step 7 Check Upstream Status The traffic in entry Internet Browse US is Upstream LAN to WAN and send request to public Web Server with destination port number 443 The base of percentage is ISP Bandwidth LTE Upstream setting It is 1000 kbps in our case ...

Page 144: ... Status Downstream The traffic in entry Internet Browse DS is Downstream WAN to LAN and send response from public Web Server with source port number 443 The base of percentage is ISP Bandwidth LTE Downstream setting It is 1000 kbps in our example ...

Page 145: ... use For example if only 192 168 1 2 have traffic to send receive then it can use all of the 200 kbit s In the same case except changing IPv4v6 address field to 192 168 1 0 192 168 2 0 there are two number of IP addresses The most left different octet is 2 in 192 168 2 0 and 1 in 192 168 1 0 so number of IP addresses is calculated by 2 minus 1 and plus one for boundary The Min rate will be divided...

Page 146: ...age the router set up your administration and know about the status of current software and firmware Also you can back up and restore the configuration 3 11 1 Identification This section allows you to confirm the profile of router current software firmware version and system uptime ...

Page 147: ...y Guest User name system account root admin only Super User can modify only Super User can modify N A Password configurable configurable configurable N A Permission 1 Add Delete Modify all users accounts except Super User 2 Read Write Read Write Configuration only Read Configuration N A Management Identification Item Description Model Name Show the model name of this device MAC Address Show the MA...

Page 148: ...148 CHAPTER 3 WEB CONFIGURATIONS Configuration 3 11 3 Contacts On Duty 3 11 3 1 Contacts ...

Page 149: ...entry Name Enter the user name Phone Enter the new user s phone number E mail Enter the new user s email address Group Select the group from the drop down menu You must create groups before selecting from the drop down menu Management Contacts On Duty Item Description Add Group Click the Add Group button to create a new group entry Name Enter the group name ...

Page 150: ...de button to update Management SSH Item Description Mode Enable or Disable SSH function By default it is enabled Server Port By default SSH function uses server port 22 Access Control Specify access control method This could be Allow All or Allow specified IPv4 or v6 address below Management Web Item Description HTTP Port Specify HTTP port number By default HTTP port number is 80 HTTPS Port Specif...

Page 151: ...nfigurations button to export your current configurations 2 Click Select the configuration file to restore button to import the configuration file 3 11 8 Load Factory This section supports you to load the factory default configuration and restart the device immediately You can click the Load Factory and Restart button 3 11 9 Restart This section allows you to click Restart button and the router wi...

Page 152: ...CHAPTER 3 WEB CONFIGURATIONS 3 11 10 Schedule Reboot The setting allows you to schedule the reboot time regularly Schedule Type Interval Schedule Type Per Day Schedule Type Per Week Schedule Type Per Month ...

Page 153: ... you to diagnose Ping and Traceroute for your Host IP address or Domain Name 3 12 1 Ping Please assign the Host you want to ping The result of the ping is as below 3 12 2 Traceroute Please assign the Host you want to traceroute The result of the traceroute is as below ...

Page 154: ... intentionally left blank 2019 3 19 V1 3 FW1 77 Add vlan translation add LAN DHCP server mac address and IP address binding configuration add DO pulse length config Add White list On line help DDNS IP address selection ...

Page 155: ...155 ...