User Manual Document History Date Description Author Comments 24.12.2015 User Manual Tanja Savić Firmware versions: 1.1.2 Document Approval The following report has been accepted and approved by the following: Signature Printed Name Title Date Dragan Marković Executive Director 24.12.2015 GWR High Speed Cellular Router Series...
User Manual Content DOCUMENT APPROVAL ............................2 LIST OF FIGURES ..............................5 LIST OF TABLES ..............................8 DESCRIPTION OF THE GPRS/EDGE/HSPA ROUTER SERIES ..............9 ..........................10 YPICAL APPLICATION ......................... 11 ECHNICAL ARAMETERS ........................14 ROTOCOLS AND FEATURES ..........................17 RODUCT VERVIEW Front panel ...............................
Page 4
User Manual – PPTP............................ 56 ETTINGS – L2TP ............................ 57 ETTINGS – F – IP F ....................... 59 ETTINGS IREWALL ILTERING – F – MAC F ....................61 ETTINGS IREWALL ILTERING – D DNS ........................62 ETTINGS YNAMIC – S .........................
User Manual Description of the GPRS/EDGE/HSPA Router Series GWR routers represent a robust solution designed to provide remote connectivity across cellular networks. Low transmission delay and very high data rates offered by existing cellular networks completely eliminate the need for expensive wired infrastructure. GWR series brings scalability of even most demanding corporate networks on highest possible level.
There are numerous variations of each and every one of above listed applications. Therefore GENEKO formed highly dedicated, top rated support team that can help you analyze your requirements and existing system, chose the right topology for your new system, perform initial configuration and tests and monitor the complete system after installation.
User Manual Technical Parameters Wireless Interfaces – WWAN Sierra Wireless MC7710 or MC7304 (available on 4G models) DD800/900/1800/2100/2600 MHz Transfer rate (max): 100 Mbps down, 50 Mbps up 900/2100MHz UMTS/HSPA+/DC- HSPA+ Transfer rate (max): 21.1 Mbps down, 5.76 Mbps up GSM/GPRS/EDGE 900/1800/1900 MHz Transfer rate (max): 236.8 Kbps down, 236.8 Kbps up...
Page 12
User Manual Modes Access point, Client Transmit Power 18.1 dBm max Receive Sensitivity 54 Mbps / -75.7 dBm and 11 Mbps / -88.7 dBm Security 64/128/256-bit WEP, TKIP or AES keys; WPA and WPA2 Connector 1 x 50 Ω RP-SMA (Center pin: male) Wired Interfaces –...
Page 13
User Manual LCD view port 67 mm x 39 mm (W x H) LCD viewing angle 6 o’clock LCD background color Black LCD segment colors White, green, red, yellow LCD information Present SIM’s, active SIM, GSM provider, SMS available, roaming, signal strength, GSM technology, interfaces, uptime, IP addresses, firmware version LCD navigation One button used to select interface for which IP is...
User Manual Approvals Safety EN 60950-1:2006 + A1:2010 + A2:2013 + A11:2009 + A12:2011 EN 301 489-1 V1.9.2, EN 301 489-7 V1.3.1, EN 301 489-17 V2.1.1, EN 301 489-24 V1.5.1 Radio Spectrum EN 301 511 v9.0.2, EN 301 908-2 v5.2.1, EN 301 908-13 v5.2.1, EN 300 328 v1.8.1 Table 1 –...
Page 15
TCP and a GRE tunnel operating to encapsulate PPP packets. PPTP – max. number of tunnels The Geneko Router can be used as a L2TP peer. L2TP is suitable for Layer-2 tunneling. Static tunnels are useful to establish network links across IP networks when the tunnels are fixed.
User Manual This menu provides a choice between two possible keepalive actions in case maximum number of failed packets is exceeded. If Switch SIM option is selected router will try to establish the GSM/UMTS keepalive connection using the other SIM card after the maximum number of failed packets is exceeded.
User Manual Product Overview Front panel On the front panel (Error! Reference source not found.) the following connectors are located: One or four RJ45 connector(s) – Ethernet port for connection into local computer network One RJ45 connector for RS232 serial communication (ADSL or WAN) ...
User Manual The Display button can be used to see current firmware version or current ip address on the screen. The Reset button can be used for a warm reset or a reset to factory defaults. Warm reset: If the GWR Router is having problem connecting to the Internet, press and hold the reset button for a second using the tip of a pen.
User Manual Putting Into Operation Before putting the GWR Router in operation it is necessary to connect all components needed for the operation: GSM/UMTS/LTE antenna, Ethernet cable and SIM card must be inserted. And finally, device should have powered up using power supply adapter. Power consumption of GWR router is 2W in standby and 3W in burst mode.
User Manual Figure 5 – Inserting SIM card CONNECTING ROUTER Warning: Use only the router’s box power supply. * Connect antennas to router. Make sure to tighten antennas so that they are not loose. * Plug AC/DC adapter cable into POWER CONNECTOR on your router. * Plug AC/DC adapter into wall power socket.
TURN LOGGING ON When troubleshooting router make sure logs are turned on. You should send logs to Geneko when submitting support request. * Click on MANAGEMENT -> LOGS link from the menu on the left side of the screen. * Click on LOCAL SYSLOG radio button, and then click on SAVE button.
User Manual Device configuration using web application The GWR Router’s web–based utility allows you to set up the Router and perform advanced configuration and troubleshooting. This chapter will explain all of the functions in this utility. For local access to the GWR Router’s web–based utility, launch your web browser, and enter the Router’s default IP address, 192.168.1.1, in the address field.
User Manual Status Information The GWR Router’s Status menu provides general information about router as well as real–time network information. Status information is divided into following categories: General Information Lan Port Information DHCP WAN Information* or ADSL Information ...
User Manual Figure 8 – LAN Port Information Status – DHCP DHCP Information Tab provides information about DHCP clients with IP addresses gained from DHCP server, MAC addresses, expiration period, and lease status. Figure 9 – DHCP Information Status- WAN Information* WAN Port Information Tab provides information about WAN port and WAN traffic statistics ( IP address, netmask, Broadcast address, Gateway, WAN traffic statistics (in bytes) etc.) Screenshot of WAN Port Information is shown in Figure 8...
User Manual Figure 10– WAN Port Information Status- ADSL Information ADSL Port Information Tab provides IP status information about interface, WAN address, primary DNS address, DSL information about upstream speed and downstream speed and Line information. Line information display ADSL line status, ADSL mode, upstream speed, downstream speed. GWR High Speed Cellular Router Series...
User Manual Figure 11– ADSL Port Information Status – Mobile Information Mobile Information Tab provides information about GPRS/EDGE/HSPA/HSPA+/LTE connection and traffic statistics. Mobile information menu has three submenus which provide information about: GPRS/EDGE/HSPA/HSPA+/LTE mobile module(manufacturer and model), Mobile operator and signal quality, Mobile traffic statistics (in bytes) ...
User Manual Status – Wireless Information Wireless Information Tab provides information about Interface Statistics, traffic statistics (in bytes), MAC address, Access Point Status, DHCP/DNS Server status and NAT status. Screenshot of Wireless Information from the router is shown in Error! Reference source not found.. Figure 13–...
User Manual Settings –WAN Port* Click WAN Ports Tab, to open the WAN network screen. Use this screen to configure LAN TCP/IP settings. Figure 17– WAN Ports WAN Port Parameters Label Description Method Choose Method Static, DHCP, PPoE Metric Choose metrics to make routing decisions. Type the IP address of your GWR Router in dotted decimal notation.
User Manual LAN Ports Parameters Label Description Metric Choose metrics to make routing decisions. Type the IP address of your GWR Router in dotted decimal notation. IP Address 192.168.1.1 is the factory default IP address. The subnet mask specifies the network number portion of an IP address. The Subnet Mask GWR Router support sub–netting.
User Manual To use the GWR Router as your network’s DHCP server, click DHCP Server Tab for DHCP Server setup. The GWR Router has built–in DHCP server capability that assigns IP addresses and DNS servers to systems that support DHCP client capability. DHCP Server Parameters Label Description...
User Manual Settings – Mobile Settings Click Mobile Settings Tab, to open the Mobile Settings screen. Use this screen to configure the GWR Router GPRS/EDGE/HSPA/HSPA+/LTE parameters (Error! Reference source not found.). Figure 20– Mobile Settings configuration page Mobile Settings Label Description This field specifies name of GSM/UMTS/LTE ISP.
Page 34
User Manual This field specifies Dial String for GSM/UMTS/LTE modem connection Dial String initialization. In most cases you have to change only APN field based on parameters obtained from Mobile Provider. This field cannot be altered. SIM PIN locking Enable locking of SIM card with PIN code. (PIN enabled) Enable operator This option forces your SIM card to register to predefined PLMN only.
User Manual 1) Switch SIM – switches network connection from the SIM card on which data traffic limit has been reached to another SIM card, 2) Disconnect – disconnects network connection over the SIM card on which data traffic limit has been reached. Displays amount of traffic that has been transferred over SIM card from the moment of enabling "SIM data limit"...
User Manual Settings-ADSL Port Click ADSL Port Tab, to open the ADSL Settings screen. Use this screen to configure the username and password parameters (Error! Reference source not found.). Enable radio button Default route. Figure 21– ADSL Port Settings Settings – Wireless Settings Wireless settings for GWR router will give you good performance, reliability and security when using Wi-Fi.
72.2 Mbit/s. Reload Click Reload to discard any changes and reload previous settings. Click Save button to save your changes back to the Geneko Router. Whether you Save make changes or not, router will reboot every time you click Save.
User Manual Settings – Routing The static routing function determines the path that data follows over your network before and after it passes through the GWR Router. You can use static routing to allow different IP domain users to access the Internet through the GWR Router.
User Manual Interface represents the “exit” of transmission for routing purposes. In this case Interface Eth0 represents LAN interface and ppp0 represents GSM/UMTS mobile interface of the GWR Router. Table 8 – Routing parameters Port forwarding Port forwarding is an application of NAT ( Network Address Translation) that redirects a communication request from one address and port number combination to another while the packets are traversing a network gateway.
Label Description DMZ Settings Enable This field specifies if DMZ settings is enabled at the Geneko Router. IP address from LAN IP address to secure an internal network from external access. Reload Click Reload to discard any changes and reload previous settings.
User Manual Figure 25– RIP configuration page RIP Settings Label Description Routing Manager Hostname Prompt name that will be displayed on telnet console. Password Login password. Enable log Enable log file. Port to bind at Local port the service will listen to. RIPD Prompt name that will be displayed on telnet console of the Routing Hostname...
Page 42
User Manual To enable RIP, use the following commands beginning in global configuration mode: ripd> ripd> en ripd# ripd# configure terminal ripd (config)# ripd(config)# router rip ripd(config-router)# To associates a network with a RIP routing process, use following commands: ripd(config-router)# network A.B.C.D/Mask By default, the GWR Router receives RIP version 1 and version 2 packets.
User Manual Settings – VRRP Settings VRRP (Virtual Router Redundancy Protocol) is a protocol which elects a master server on a LAN and the master answers to a 'virtual ip address'. If it fails, a backup server takes over the ip address. VRRP specifies an election protocol to provide the virtual router function described earlier.
User Manual Generic Routing Encapsulation (GRE) Originally developed by Cisco, generic routing encapsulation (GRE) is now a standard, defined in RFC 1701, RFC 1702, and RFC 2784. GRE is a tunneling protocol used to transport packets from one network through another network. If this sounds like a virtual private network (VPN) to you, that’s because it theoretically is: Technically, a GRE tunnel is a type of a VPN —...
User Manual Figure 27– GRE tunnel parameters configuration page GRE Keep alive GRE tunnels can use periodic status messages, known as keepalives, to verify the integrity of the tunnel from end to end. By default, GRE tunnel keepalives are disabled. Use the keepalive check box to enable this feature.
User Manual Internet Protocol Security (IPSec) IPSec (Internet Protocol Security) is a protocol suite for securing Internet Protocol communication by authenticating and encrypting each IP packet of a data stream. Click VPN Settings - IPSec, to open the VPN configuration screen. At the Figure 28– IPSec Summary screen you can see IPSec Summary.
User Manual Remote Group Field displays the IP address and subnet mask of the Remote Group. Remote Gateway Field shows the IP address of the Remote Device. Action - Edit This link opens screen where you can change the tunnel’s settings. Action - Delete Click on this link to delete the tunnel and all settings for that particular tunnel Field displays connection mode of the current tunnel.
User Manual Figure 29– IPSec Settings VPN Settings / IPSec Settings Label Description Tunnel Number This number will be generated automatically and it represents the tunnel number. Enter a name for the IPSec tunnel. This allows you to identify multiple tunnels Tunnel Name and does not have to match the name used at the other end of the tunnel.
Page 49
User Manual NOTE: The Local Security Group Type you select should match the Remote Security Group Type selected on the IPSec device at the other end of the tunnel. IP Address Only the computer with a specific IP address will be able to access the tunnel. Subnet Mask Enter the subnet mask.
Page 50
User Manual hackers using brute force to break encryption keys will not be able to obtain future IPSec keys. Both ends of the IPSec tunnel must enable this option in order to use the function. If the Perfect Forward Secrecy feature is disabled, then no new keys will be generated, so you do not need to set the Phase 2 DH Group.
Compress (IP Payload IP Payload Compression is a protocol that reduces the size of IP datagram. Select Compression Protocol this option if you want the Geneko Router to propose compression when it (IP Comp)) initiates a connection. When DPD is enabled, the Geneko Router will send periodic HELLO/ACK messages to check the status of the IPSec tunnel (this feature can be used only when both peers or IPSec devices of the IPSec tunnel use the DPD mechanism).
User Manual OpenVPN OpenVPN site to site allows connecting two remote networks via point–to–point encrypted tunnel. OpenVPN implementation offers a cost–effective simply configurable alternative to other VPN technologies. OpenVPN allows peers to authenticate each other using a pre–shared secret key, certificates, or username/password.
User Manual Figure 31– OpenVPN example 1 Click VPN Settings -OpenVPN, to open the VPN configuration screen. At the Figure 28– IPSec Summary screen you can see OpenVPN Summary. This screen gathers information about settings of all defined OpenVPN tunnels. Up to 3 OpenVPN tunnels can be defined on GWR router. OpenVPN Summary and OpenVPN Settings are briefly displayed in following figures and tables.
Page 54
User Manual pre–shared secret (Select this option if you want to use PSK as a authentication method), username/password (Select this option if you want to use username/password along with CA Certificate as a authentication method), X.509 cert. (client) (Select this option if you want to use X.509 certificates as a authentication method in client mode), ...
User Manual Remote Interface IP Specify the IP address of the remote VPN tunnel endpoint. Address Pull from server Back Click Back to return on IPSec Summary screen. Reload Click Reload to discard any changes and reload previous settings. Click Save to save your changes back to the GWR Router. After that router Save automatically goes back and begin negotiations of the tunnels by clicking on the Start button.
User Manual Settings – PPTP The GWR Router can be used as a PTPP (Point-to-Point Tunneling Protocol) client. PPTP uses a control channel over TCP and a GRE tunnel operating to encapsulate PPP packets. Figure 34– PPTP configuration page PPTP Label Description Number...
User Manual Figure 35– PPTP Summary screen Settings – L2TP L2TP is suitable for Layer-2 tunneling. Static tunnels are useful to establish network links across IP networks when the tunnels are fixed. L2TP tunnels can carry data of more than one session. Each session is identified by a session id and its parent tunnel's tunnel id.
User Manual Set the session id, which is a 32-bit integer value. Uniquely identifies the Session ID session being created. The value used must match the peer_session id value being used at the peer. Sets an optional cookie value to be assigned to the session. This is a 4 or 8 byte value, specified as 8 or 16 hex digits, e.g.
User Manual Settings – Firewall – IP Filtering TCP/IP traffic flow is controlled over IP address and port number through router’s interfaces in both directions. With firewall options it is possible to create rule which exactly matches traffic of interest. Traffic can be blocked or forward depending of action selected.
User Manual does match, then the next rule is specified by the value of the policy, which can be one of the values ACCEPT, DROP, REJECT. ACCEPT means to let the packet through. DROP means to drop the packet on the floor.The REJECT policy works basically the same as the DROP policy, but it also sends back an error message to the host sending the packet that was blocked.
User Manual Settings – Firewall – MAC Filtering MAC filtering can be used to restrict which Ethernet devices can send packets to the router. If MAC filtering is enabled, only Ethernet packets with a source MAC address that is configured in the MAC Filter table will be allowed.
User Manual Settings – Dynamic DNS Dynamic DNS is a domain name service allowing to link dynamic IP addresses to static hostname. To start using this feature firstly you should register to DDNS service provider. Section of the web interface where you can setup DynDNS parameters is shown in Error! Reference source not found..
User Manual Number of tries Number of tries (default: 1) if network problem. Timeout The amount of time to wait on I/O (network problem). Period Time between update retry attempts, default value is 1800. Reload Click Reload to discard any changes and reload previous settings. Save Click Save to save your changes back to the GWR Router.
User Manual Data bits Indicates the number of bits in a transmitted data package. Parity Checks for the parity bit. None is the default. The stop bit follows the data and parity bits in serial communication. It Stop bits indicates the end of transmission. The default is 1. Flow control manages data flow between devices in a network to ensure it is Flow control processed efficiently.
User Manual Click Serial Port Tab to open the Serial Port Configuration screen. Use this screen to configure the GWR Router serial port parameters . Figure 42– Serial Port configuration page Modbus Gateway settings The serial server will perform conversion from Modbus/TCP to Modbus/RTU, allowing polling by a Modbus/TCP master.
User Manual Checks for the parity bit. Valid parity is: none, even and odd. None is the Parity default. The stop bit follows the data and parity bits in serial communication. It Stop bits indicates the end of transmission. Valid stop bits are: 1 and 2. The default is 1. Flow control manages data flow between devices in a network to ensure it is Flow control processed efficiently.
User Manual SMS – SMS Remote Control SMS remote control feature allows users to execute a short list of predefined commands by sending SMS messages to the router. GWR router series implement following predefined commands: In order to establish PPP connection, user should send SMS containing following string: :PPP–CONNECT After the command is executed, router sends a confirmation SMS with “OK”...
User Manual Figure 44– SMS remote control configuration SMS – Send SMS SMS send feature allows users to send SMS message from WEB interface. In following picture is page from where SMS can be sent. There are two required fields on this page: Phone number and Message. Sending SMS messages is possible with this application.
User Manual Maintenance The GWR Router provides administration utilities via web interface. Administrator can setup basic router’s parameters, perform network diagnostic, update software or restore factory default settings. Maintenance – Device Identity Settings Within Device Identity Settings Tab there is an option to define name, location of device and description of device function.
User Manual Figure 47– Router Management configuration page Administrator Password Label Description Enable Password By this check box you can activate or deactivate function for local (passwd) Authentication authentication when you access to web/console application. Username This field specifies Username for user (administrator) login purpose. Enter a new password for GWR Router.
User Manual Maintenance – Date/Time Settings To set the local time, select Date/Time Settings using the Network Time Protocol (NTP) automatically or Set the local time manually. Date and time settings on the GWR Router are done through window Date/Time Settings. Figure 48–...
You can use this feature to upgrade the GWR Router firmware to the latest version. If you need to download the latest version of the GWR Router firmware, please visit Geneko support site. Follow the on– screen instructions to access the download page for the GWR Router.
User Manual Maintenance – Settings Backup This feature allows you to make a backup file of complete configuration or some part of the configuration on the GWR Router. In order to backup the configuration, you should select the part of configuration you would like to backup.
Figure 52– Default Settings page Maintenance – System Reboot If you need to restart the Router, Geneko recommends that you use the Reboot tool on this screen. Click Reboot to have the GWR Router reboot. This does not affect the router’s configuration.
User Manual Management – Command Line Interface CLI (command line interface) is a user text–only interface to a computer's operating system or an application in which the user responds to a visual prompt by typing in a command on a specified line and then receives a response back from the system.
Label Description Enable Remote Enable or disable Remote Management. Management Protocol Choose between Geneko and Sarian protocol. Bind to Specify the interface. TCP port Specify the TCP port. Save Click Save to save your changes back to the GWR Router.
User Manual Getting started with the Connection Wizard Connection Wizard is installed through few very simple steps and it is available immediately upon the installation. It is only for Windows OS. After starting the wizard you can choose between two available options for configuration: ...
User Manual Figure 59– Connection Wizard – Router Detection When you select one of the routers from the list and click Next you will get to the following screen. Figure 60– Connection Wizard – LAN Settings GWR High Speed Cellular Router Series...
User Manual If you selected to configure LAN and WAN interface click, upon entering LAN information click Next and you will be able to setup WAN interface. Figure 61– Connection Wizard – WAN Settings After entering the configuration parameters if you mark option Establish connection router will start with connection establishment immediately when you press Finish button.
User Manual Management – Simple Management Protocol (SNMP) SNMP (Simple Network Management Protocol), is a network protocol that provides network administrators with the ability to monitor the status of the Router and receive notification of any critical events as they occur on the network. The Router supports SNMP v1/v2c and all relevant Management Information Base II (MIBII) groups.
User Manual Management – Logs Syslog is a standard for forwarding log messages in an IP network. The term "syslog" is often used for both the actual syslog protocol, as well as the application or library sending syslog messages. Syslog is a client/server protocol: the syslog sender sends a small (less than 1KB) textual message to the syslog receiver.
User Manual The Geneko Router can send a detailed log to an external syslog server. The Router’s syslog captures all log activities and includes this information about Service server IP all data transmissions: every connection source and destination IP address, IP service, and number of bytes transferred.
Page 84
User Manual alias echo ipsec-status read times egrep iptables-view readarray arping elif jobs readlink touch else json2lua readonly basename enable kill realpath traceroute bash killall reboot trap esac return true bind eval less rip-ripd-conf break exec rip-zebra-conf type builtin exit typeset bunzip2 export...
User Manual Configuration Examples GWR Router as Internet Router The GWR Routers can be used as Internet router for a single user or for a group of users (entire LAN). NAT function is enabled by default on the GWR Router. The GWR Router uses Network Address Translation (NAT) where only the mobile IP address is visible to the outside world.
User Manual GRE Tunnel configuration between two GWR Routers GRE tunnel is a type of a VPN tunnel, but it is not a secure tunneling method. Simple network with two GWR Routers is illustrated on the diagram below (Error! Reference source not found.). Idea is to create GRE tunnel for LAN to LAN (site to site) connectivity.
User Manual Figure 66– Network configuration page for GWR Router 1 Use SIM card with a static IP address, obtained from Mobile Operator. (Note the default gateway may show, or change to, an address such as 10.0.0.1; this is normal as it is the GSM/UMTS provider’s network default gateway).
User Manual Click Static Routes on Routing Tab to configure GRE Route. Parameters for this example are: Destination Network: 192.168.2.0, Netmask: 255.255.255.0, Interface: gre_x. Figure 68– Routing configuration page for GWR Router 1 Optionally configure IP Filtering to block any unwanted incoming traffic. ...
User Manual parameters necessary for connection configuration should be required from mobile operator. Check the status of GSM/UMTS connection (Mobile Settings Tab). If disconnected please click Connect button. Click VPN Settings > GRE to configure GRE tunnel parameters: ...
User Manual GRE Tunnel configuration between GWR Router and third party router GRE tunnel is a type of a VPN tunnels, but it isn't a secure tunneling method. However, you can encrypt GRE packets with an encryption protocol such as IPSec to form a secure VPN. On the diagram below (Error! Reference source not found.) is illustrated simple network with two sites.
User Manual The GWR Router requirements: Static IP WAN address, Peer Tunnel Address will be the HQ router WAN IP address (static IP address), Remote Subnet is HQ LAN IP address and Remote Subnet Mask is subnet mask of HQ LAN. GSM/UMTS APN Type: For GSM/UMTS networks GWR Router connections may require a Custom APN.
User Manual IPSec Tunnel configuration between two GWR Routers IPSec tunnel is a type of a VPN tunnels with a secure tunneling method. Simple network with two GWR Routers is illustrated on the diagram below Error! Reference source not found.. Idea is to create IPSec tunnel for LAN to LAN (site to site) connectivity.
User Manual Scenario #1 Router 1 and Router 2 , presented in the Figure 64, have firmware version that provides two modes of negotiation in IPSec tunnel configuration process: Aggressive Main In this scenario, aggressive mode will be used. Configurations for Router 1 and Router 2 are listed below. The GWR Router 1 configuration: Click Network Tab, to open the LAN NETWORK screen.
User Manual Subnet Mask: 255.255.255.0. Remote Group Setup Remote Security Gateway Type: IP Only, IP Address: 172.29.8.5, Remote ID Type: IP Address, Remote Security Group Type: IP, IP Address: 192.168.10.1. IPSec Setup Key Exchange Mode: IKE with Preshared key, ...
User Manual Figure 79– IPSec configuration page II for GWR Router 1 NOTE : Options NAT Traversal and Send Initial Contact are predefined Figure 80– IPSec configuration page III for GWR Router 1 Click Start button on Internet Protocol Security page to initiate IPSEC tunnel. NOTE: Firmware version used in this scenario also provides options for Connection mode of IPSec tunnel.
User Manual Figure 81– IPSec start/stop page for GWR Router 1 Click Start button and after that Connect button on Internet Protocol Security page to initiate IPSEC tunnel On the device connected on GWR router 1 setup default gateway 10.0.10.1 The GWR Router 2 configuration: ...
Page 98
User Manual Tunnel Name: IPsec tunnel Enable: true. Local Group Setup Local Security Gateway Type: SIM card Local ID Type: IP Address IP Address From: SIM 1 Local Security Group Type: IP IP Address: 192.168.10.1 ...
User Manual Figure 83– IPSEC configuration page I for GWR Router 2 Figure 84– IPSec configuration page II for GWR Router 2 NOTE : Options NAT Traversal and Send Initial Contact are predefined. GWR High Speed Cellular Router Series...
User Manual Figure 85– IPSec configuration page III for GWR Router 2 Click Start button on Internet Protocol Security page to initiate IPSEC tunnel. NOTE: Firmware version used in this scenario also provides options for Connection mode of IPSec tunnel. If connection mode Connect is selected that indicates side of IPSec tunnel which sends requests for establishing of the IPSec tunnel.
User Manual Local Security Gateway Type: SIM card, Local ID Type: IP Address IP Address From: SIM 1 (WAN connection is established over SIM 1), Local Security Group Type: Subnet, IP Address: 10.0.10.0, Subnet Mask: 255.255.255.0. ...
User Manual Figure 89– IPSEC configuration page II for GWR Router 1 Figure 90– IPSEC configuration page III for GWR Router 1 NOTE: Firmware version used in this scenario also provides options for Connection mode of IPSec tunnel. If connection mode Connect is selected that indicates side of IPSec tunnel which sends requests for establishing of the IPSec tunnel.
User Manual Figure 93– IPSEC configuration page I for GWR Router 2 Figure 94– IPSEC configuration page II for GWR Router 2 Figure 95– IPSEC configuration page III for GWR Router 2 GWR High Speed Cellular Router Series...
User Manual NOTE: Firmware version used in this scenario also provides options for Connection mode of IPSec tunnel. If connection mode Connect is selected that indicates side of IPSec tunnel which sends requests for establishing of the IPSec tunnel. If connection mode Wait is selected that indicates side of IPSec tunnel which listens and responses to IPSec establishing requests from Connect side.
User Manual IPSec Tunnel configuration between GWR Router and Cisco Router IPSec tunnel is a type of a VPN tunnels with a secure tunneling method. On the diagram below is illustrated simple network with GWR Router and Cisco Router. Idea is to create IPSec tunnel for LAN to LAN (site to site) connectivity.
User Manual Figure 98–LAN Port configuration page for GWR Router Click Mobile Settings Tab to configure parameters necessary for GSM/UMTS/LTE connection. All parameters necessary for connection configuration should be required from mobile operator. Check the status of GSM/UMTS connection (Mobile Settings Tab). If disconnected please click Connect button.
Page 110
User Manual Figure 99– IPSEC configuration page I for GWR Router Figure 100– IPSec configuration page II for GWR Router Figure 101– IPSec configuration page III for GWR Router GWR High Speed Cellular Router Series...
User Manual Click Start button on Internet Protocol Security page to initiate IPSEC tunnel. Click Start button and after that Connect button on Internet Protocol Security page to initiate IPSEC tunnel Figure 102– IPSec start/stop page for GWR Router ...
Page 112
User Manual crypto ipsec transform–set testGWR esp–3des esp–sha–hmac !––– Instances of the dynamic crypto map !––– reference previous IPsec profile. crypto dynamic–map dynGWR 5 set transform–set testGWR set isakmp–profile L2L match address 121 !––– Crypto–map only references instances of the previous dynamic crypto map. crypto map GWR 10 ipsec–isakmp dynamic dynGWR interface FastEthernet0/0 description WAN INTERFACE...
User Manual show ip interface—Displays the IP address assignment to the spoke router. show crypto isakmp sa detail—Displays the IKE SAs, which have been set–up between the IPsec initiators. show crypto ipsec sa—Displays the IPsec SAs, which have been set–up between the IPsec initiators. ...
User Manual Figure 104– Network configuration page for GWR Router Use SIM card with a static IP address, obtained from Mobile Operator. Click WAN Settings Tab to configure parameters necessary for GSM/UMTS connection. All parameters necessary for connection configuration should be required from mobile operator. ...
User Manual NAT Traversal: true, Press Save to accept the changes. Figure 105– IPSEC configuration page I for GWR Router Figure 106– IPSec configuration page II for GWR Router GWR High Speed Cellular Router Series...
Page 116
User Manual Figure 107– IPSec configuration page III for GWR Router Click Start button on Internet Protocol Security page to initiate IPSEC tunnel. Click Start button and after that Connect button on Internet Protocol Security page to initiate IPSEC tunnel Figure 108–...
Page 117
User Manual The Juniper SSG firewall configuration: Step1 – Create New Tunnel Interface Click Interfaces on Network Tab. Figure 109– Network Interfaces (list) Bind New tunnel interface to Untrust interface (outside int – with public IP addresss). Use unnumbered option for IP address configuration.
Page 118
User Manual Step 2 – Create New VPN IPSEC tunnel Click VPNs in main menu. To create new gateway click Gateway on AutoKey Advanced tab. Figure 111– AutoKey Advanced Gateway Click New button. Enter gateway parameters: Gateway name: TestGWR, Security level: Custom, Remote Gateway type: Dynamic IP address( because your GWR router are hidden behind Mobile operator router’s (firewall) NAT),...
Page 119
User Manual Click Advanced button. Security level – User Defined: custom, Phase 1 proposal: pre–g2–3des–sha, Mode: Agressive(must be aggressive because of NAT), Nat–Traversal: enabled, Click Return and OK. Figure 113– Gateway advanced parameters Step 3 – Create AutoKey IKE ...
Page 120
User Manual AutoKey IKE parameters are: VPNname: TestGWR, Security level: Custom, Remote Gateway: Predefined, Choose VPN Gateway from step 2. Figure 115– AutoKey IKE parameters Click Advanced button. Security level – User defined: custom, Phase 2 proposal: pre–g2–3des–sha, Bind to – Tunnel interface: tunnel.3(from step 1), Proxy ID: Enabled, LocalIP/netmask: 10.10.10.0/24, RemoteIP/netmask: 192.168.10.0/24,...
Page 121
User Manual Figure 116– AutoKey IKE advanced parameters Step 4 – Routing Click Destination tab on Routing menu. Click New button. Routing parameters are: IP Address: 192.168.10.0/24, Gateway: tunnel.3(tunnel interface from step 1), Click OK. Figure 117– Routing parameters GWR High Speed Cellular Router Series...
Page 122
User Manual Step 5 – Policies Click Policies in main menu. Click New button (from Untrust to trust zone), Source Address: 192.168.10.0/24, Destination Address: 10.10.10.0/24, Services: Any. Click OK. Figure 118– Policies from untrust to trust zone ...
Page 123
User Manual Figure 119– Policies from trust to untrust zone GWR High Speed Cellular Router Series...
OpenVPN configuration example Open VPN is established between one central locations and three remote locations with Geneko router configured in TCP client mode. Authentication used is pre-shared key. Figure 120– Multipoint OpenVPN topology...
Page 125
User Manual 255.255.255.252 subnet) dev-node adap1 Selection of virtual network adapter named adap1 secret key.txt Implementing file with pre-shared secret named key.txt ping 10 Keepalive comp-lzo LZO compression enabled disable-occ disable option consistency b) Save configuration file in C:\Program Files\OpenVPN\config as name.ovpn file. It is OpenVPN configuration file directory and you can reach it directly through Start menu>OpenVPN where you get options: Figure 121 -OpenVPN application settings...
Page 126
User Manual Configuration file for third remote location is: proto tcp-server dev tun ifconfig 2.2.2.9 2.2.2.10 dev-node adap3 secret key.txt ping 10 comp-lzo disable-occ All three configuration files (e.g. Server1.ovpn, Server2.ovpn, Server3.ovpn) have to be saved in same directory C:\Program Files\OpenVPN\config. Name of configuration file is name of your OpenVPN tunnel.
Page 127
User Manual Figure 122 – OpenVPN GWR settings Where pre-shared secret you paste from the key.txt file which you generate on OpenVPN server. In routing table static ip route to local OpenVPN server network (in this case it is 192.168.2.0/24) should be entered.
User Manual Port forwarding example Port forwarding feature enables access to workstations behind the router and redirecting traffic in both traffic flow directions – inbound and outbound. Direction is selected by interface – PPP0 for inbound (WAN -> ETH0) and ETH0 for outbound traffic (ETH0 ->WAN). In the following example there are three types of access to LAN network enabled, every workstation with different service allowed from the outside.
User Manual Figure 127– GWR port forwarding configuration Serial port – example For connecting serial devices from remote locations to central location serial transparent conversion can be used. Serial communication is encapsulated in TCP/IP header and on the central location is recognized by the Virtual COM port application.
Page 130
User Manual Figure 129– GWR Serial port settings Option SERIAL PORT OVER TCP/UDP SETTINGS is used for configuration of transparent serial communication. Configuration parameters are presented in picture below Figure 130– GWR settings for Serial-to-IP conversion General Settings Serial port over TCP/UDP settings Serial port settings GWR High Speed Cellular Router Series...
Page 131
User Manual Bits per second: 57600 Data bits: 8 Parity: none Stop bits: 1 Flow control: none TCP/UDP Settings Protocol: TCP Mode: client Server IP address: 96.34.56.2 (IP address of server) Connect to TCP port: 1234 ...
User Manual Figure 132– Settings for virtual COM port IP address: - (not used in server mode) Port: 1234 Server Port: 1234 Port Name: COM10 (random selected) After “Create COM” is activated if everything is alright in log will be shown message that port COM10 is created, like in picture above.
Page 133
User Manual Accepts telnet connection from the outside to router’s WAN interface, for management over CLI interface Allow HTTP on ppp_0 Accepts WEB traffic from the outside to router’s WAN interface, for management over WEB interface Allow PING on ppp_0-with DDoS filter ICMP traffic to WAN interface of the router is allowed with prevention of Distributed Denial-of-service attack Allow RIP protocol...
Page 134
User Manual Figure 133– Firewall example Firewall is enabled in SETTINGS>FIREWALL page. Page for firewall configuration is presented in the following picture: Figure 134– Initial firewall configuration on GWR Firstly firewall should be enabled, that is done by selecting: Firewall General Settings>Enable Firewall can be configured by enabling or editing existing, predefined rules or by adding new one.
Page 135
User Manual Firewall is configured in following way: Telnet traffic is denied Select predefined rule number 3. Configuration page like on picture below is shown. Figure 135– Filtering of Telnet traffic ENABLE option should be selected to have this rule active. To deny Telnet traffic POLICY should be changed from ACCEPT to REJECT (ICMP error message type can be selected when policy reject is selected).
Page 136
User Manual Configuration should be like on the picture below. Figure 136– Filtering of ICMP traffic After configuration is finished SAVE button should be selected and user is returned to main configuration page. Priority of rule is changed by selecting number in drop-down menu. In this example number 4 is selected.
Page 137
User Manual Figure 137– Allowing ICMP traffic After configuration is finished SAVE button should be selected and user is returned to main configuration page. Priority of rule is changed by selecting number in drop-down menu. In this example number 5 is selected. Establishing of IPSec tunnel is allowed Firewall has to allow IKE and ESP protocol for IPSec tunnel establishment.
Page 138
User Manual 212.62.38.210. Policy should be configured in following way: Enable: selected Source address: Single IP; 212.62.38.210 All other settings should remain the same like in the picture below Figure 139– Allowing WEB access After configuration is finished SAVE button should be selected and user is returned to main configuration page.
Page 139
User Manual This is first rule in predefined firewall settings (Allow ALL from local LAN). It is recommended to have this rule enabled to allow access to management interfaces of the router. As this rules is already configured it is enough just to enable it to have access to router from LAN: Select EDIT of the rule Enable: selected SAVE and exit...
User Manual number 9 is selected. Additionally to these 11 rules two more rules are enabled: Allow already established traffic (priority number 2) Reject all other traffic (priority number 22) After all rules are configured and saved button APPLY RULES in bottom right corner should be selected to activate traffic filtering.
User Manual Figure 142– Configuration page for SMS management Settings are following: Enable Remote Control: Enabled Use default SMSC: Enabled Phone Number 1,2…5: Allowed phone number From the mobile phone user can send 6 different commands for router management. Commands are following: 1.
Page 142
User Manual performed. If PPP should be restarted only when all packets are dropped defined value should be 100%. In following example keepalive is enabled on both SIM cards. Action defined is SWITCH SIM so router will change SIM card when link failure is detected. Settings are following: SIM1 Ping target: 8.8.8.8...
User Manual Apendix A. How to Achieve Maximum Signal Strength with GWR Router? The best throughput comes from placing the device in an area with the greatest Received Signal Strength Indicator (RSSI). RSSI is a measurement of the Radio Frequency (RF) signal strength between the base station and the mobile device, expressed in dBm.
Page 144
GENEKO Bul. Despota Stefana 59a 11000 Belgrade • Serbia Phone: +381 11 3340-591, 3340-178 Fax: +381 11 3224-437 e-mail: gwrsupport@geneko.rs www.geneko.rs UM GWR362-462 Rev. A Dec 15...
Need help?
Do you have a question about the GWR252-B and is the answer not in the manual?
Questions and answers