Page 1: User Manual
USER MANUAL GWR Cellular Router Series Device firmware version: 3.0 Document version: 3.3 Date: April 2014...
Page 2: Table Of Contents
USER MANUAL GWR Router Series Content LIST OF FIGURES ..............................4 LIST OF TABLES ..............................7 DESCRIPTION OF THE GPRS/EDGE/HSPA ROUTER SERIES ..............8 ..........................9 YPICAL APPLICATION ......................... 10 ECHNICAL ARAMETERS ........................11 ROTOCOLS AND FEATURES ..........................13 RODUCT VERVIEW Front panel...............................13 Back panel................................13 Top Panel .................................14 ........................
Page 3 USER MANUAL GWR Router Series Maintenance – Default Settings ........................62 Maintenance – System Reboot ........................62 – C ....................63 ANAGEMENT OMMAND NTERFACE – R ....................64 ANAGEMENT EMOTE ANAGEMENT – C ....................65 ANAGEMENT ONNECTION ANAGER Getting started with the Connection Wizard....................65 –...
Page 4: List Of Figures
USER MANUAL GWR Router Series List of Figures Figure 1 – GWR Router..............................8 Figure 2 – GWR Router front panel ..........................13 Figure 3 – GWR Router back panel (GPRS and EDGE) ...................13 Figure 4 – GWR Router back panel (HSPA) ......................14 Figure 5 –...
Page 5 USER MANUAL GWR Router Series Figure 53 – GRE tunnel between two GWR Routers ....................73 Figure 54 – Network configuration page for GWR Router 1...................73 Figure 55 – GRE configuration page for GWR Router 1 ..................74 Figure 56 – Routing configuration page for GWR Router 1 ..................74 Figure 57 –...
Page 6 USER MANUAL GWR Router Series Figure 108 – Multipoint OpenVPN topology ......................108 Figure 109 – OpenVPN application settings......................109 Figure 110 – OpenVPN GWR settings........................111 Figure 111 – Static routes on GWR..........................111 Figure 112 – Starting OpenVPN application ......................111 Figure 113 – OpenVPN status on PC ........................112 Figure 114 –...
Page 7: List Of Tables
USER MANUAL GWR Router Series List of Tables Table 1 – Technical parameters............................10 Table 2 – GWR Router features ...........................12 Table 3 – Network parameters.............................22 Table 4 – DHCP Server parameters ..........................23 Table 5 – WAN parameters ............................27 Table 6 – Advanced WAN Settings..........................29 Table 7 –...
Page 8: Description Of The Gprs/Edge/Hspa Router Series
Low transmission delay and very high data rates offered by existing cellular networks completely eliminate the need for expensive wired infrastructure. GWR series brings scalability of even most demanding corporate networks on highest possible level. Installing a reliable, high performance backup solution for existing land lines or satellite networks is now a simple task thanks to modern cellular networks.
Page 9: Typical Application
There are numerous variations of each and every one of above listed applications. Therefore GENEKO formed highly dedicated, top rated support team that can help you analyze your requirements and existing system, chose the right topology for your new system, perform initial configuration and tests and monitor the complete system after installation.
Page 10: Technical Parameters
USER MANUAL GWR Router Series Technical Parameters Directive 2004/108/EC EN 301 489–1 V1.6.1(2005–09) EN 301 489–7 V1.3.1(2005–11) EN 60950–1:2001(1st Ed.) and/or EN 60950–1:2001 Complies with Directive 1999/05/EC standards R&TTE ETSI EN 301 511 V9.0.2 EN 301 908–1 & EN 301 908–2(v2.2.1) Directive 2002/95/EC RoHS EU Commission 2005/618/EC, 2005/717/EC, 2005/747/EC,...
Page 11: Protocols And Features
USER MANUAL GWR Router Series Protocols and features Features Short description Network Routing Static DHCP Server: • Static lease reservation DHCP Server support. • Address exclusions The Routing Information Protocol is a dynamic routing protocol used in local and wide area networks. IP forwarding IP, TCP, UDP packets from WAN to LAN.
Page 12: Table 2 - Gwr Router Features
USER MANUAL GWR Router Series • IP Payload Compression Protocol. IPSec keepalive Keepalive messages for IPSec tunnel state detecting. Defines number of failed IKE negotiation attempts before IPSec IKE failover failover. Switches to another provider because of poor tunnel IPSec tunnel failover performance.
Page 13: Product Overview
USER MANUAL GWR Router Series Product Overview Front panel On the front panel (Figure 2) the following connectors are located: • one RJ45 connector – Ethernet port for connection into local computer network, • one RJ45 connector for RS232 serial communication, •...
Page 14: Top Panel
USER MANUAL GWR Router Series Figure 4 – GWR Router back panel (HSPA) Top Panel There is a sequence of 8 LED indicators on the top of this device by which the indication of the system current state, device power supply and presence of GSM/UMTS network as well as signal level is performed.
Page 15: Putting Into Operation
USER MANUAL GWR Router Series LED Indicator Description: Reset (red LED) on – the GWR Router reset state. Power status (green LED) on – Power supply. Power status LED will blink when the GWR Router is in initializing state. Link (red LED) will blink when connection is active. Signal strength LED indicator: •...
Page 16: Declaration Of Conformity
USER MANUAL GWR Router Series Declaration of conformity Figure 6 – Declaration of conformity...
Page 17: Device Configuration
USER MANUAL GWR Router Series Device Configuration There are two methods which can be used to configure the GWR Router. Administrator can use following methods to access router: • Web browser, • Command line interface. Default access method is by web interface. This method provides administrator full set of privileges for configuring and monitoring the router.
Page 18: Add/Remove/Update Manipulation In Tables
USER MANUAL GWR Router Series Add/Remove/Update manipulation in tables To Add a new row (new rule or new parameter) in the table please do following: • Enter data in fields at the bottom row of the table (separated with a line). •...
Page 19: Status Information
USER MANUAL GWR Router Series Status Information The GWR Router’s Status menu provides general information about router as well as real–time network information. Status information is divided into following categories: General Information, Network Information (LAN), DHCP, WAN Information, Firewall Status – General General Information Tab provides general information about device type, device firmware version, kernel version, CPU vendor, Up Time since last reboot, hardware resources utilization and MAC address of LAN port.
Page 20: Status - Dhcp
USER MANUAL GWR Router Series Figure 9 – Network Information Status – DHCP DHCP Information Tab provides information about DHCP clients with IP addresses gained from DHCP server, MAC addresses, expiration period, and lease status. Figure 10 – DHCP Information Status –...
Page 21: Status - Firewall
USER MANUAL GWR Router Series Figure 11 – WAN Information As a primary and secondary DNS are always displayed DNS servers assigned by provider. They are not necessarily used by the router. If Local DNS is configured it has priority to those DNS servers. Status –...
Page 22: Settings - Network
USER MANUAL GWR Router Series Settings – Network Click Network Tab, to open the LAN network screen. Use this screen to configure LAN TCP/IP settings. Network Tab Parameters Label Description Use the following IP Choose this option if you want to manually configure TCP/IP parameters of address Ethernet port.
Page 23: Settings - Dhcp Server
USER MANUAL GWR Router Series Settings – DHCP Server The GWR Router can be used as a DHCP (Dynamic Host Configuration Protocol) server on your network. A DHCP server automatically assigns available IP addresses to computers on your network. If you choose to enable the DHCP server option, all of the computers on your LAN must be set to obtain an IP address automatically from a DHCP server.
Page 24: Figure 14 - Dhcp Server Configuration Page
USER MANUAL GWR Router Series Figure 14 – DHCP Server configuration page...
Page 25: Settings - Wan Setting
USER MANUAL GWR Router Series Settings – WAN Setting Click WAN Settings Tab, to open the Wireless screen. Use this screen to configure the GWR Router GPRS/EDGE/HSPA/HSPA+/LTE parameters (Figure 15). Figure 15 – WAN Settings configuration page WAN Settings Label Description This field specifies name of GSM/UMTS ISP.
Page 26 USER MANUAL GWR Router Series This field specifies Dial String for GSM/UMTS modem connection initialization. Dial String In most cases you have to change only APN field based on parameters obtained from Mobile Provider. This field cannot be altered. Number of unsuccessful connection attempts after which router switches to Number of retry second SIM PIN enabled...
Page 27: Table 5 - Wan Parameters
USER MANUAL GWR Router Series In order to refresh the displayed value in the "Current traffic" field please click on Refresh. Reset current traffic Click on Reset resets a value of the current traffic to zero. value Reset current traffic Every month, on the specified day, a value of the current traffic will be reset to value on specified day zero.
Page 28 USER MANUAL GWR Router Series Require the peer to authenticate using PAP (Password Authentication Protocol) Require PAP authentication. With this option, pppd will not agree to authenticate itself to the peer using Refuse CHAP CHAP. Require the peer to authenticate using CHAP (Challenge Handshake Require CHAP Authentication Protocol) authentication.
Page 29: Table 6 - Advanced Wan Settings
USER MANUAL GWR Router Series with ancient versions of pppd). Append domain name Append the domain name d to the local host name for authentication purposes. Show PAP password When logging the contents of PAP packets, this option causes pppd to show the in log password string in the log message.
Page 30: Settings - Routing
USER MANUAL GWR Router Series Settings – Routing The static routing function determines the path that data follows over your network before and after it passes through the GWR Router. You can use static routing to allow different IP domain users to access the Internet through the GWR Router.
Page 31: Port Translation
USER MANUAL GWR Router Series This is the IP address of the gateway. The gateway is a router or switch (next hope) on the same network segment as the device’s LAN or WAN port. The gateway helps forward packets to their final destinations. Gateway For every routing rule enter the IP address of the gateway.
Page 32: Settings - Dynamic Routing Protocol
USER MANUAL GWR Router Series Settings – Dynamic Routing Protocol Dynamic routing performs the same function as static routing except it is more robust. Static routing allows routing tables in specific routers to be set up in a static manner so network routes for packets are set. If a router on the route goes down the destination may become unreachable.
Page 33: Rip Routing Engine For The Gwr Router
USER MANUAL GWR Router Series RIP Settings Label Description Routing Manager Hostname Prompt name that will be displayed on telnet console. Password Login password. Enable log Enable log file. Port to bind at Local port the service will listen to. RIPD Prompt name that will be displayed on telnet console of the Routing Hostname...
Page 34 USER MANUAL GWR Router Series Disable RIP update (optional): router# passive–interface ppp_0 router# no passive–interface ppp_0 RIP is commonly used over Ethernet interface and PPP interface should be set up as passive. Routing protocols use several timer that determine such variables as the frequency of routing updates, the length of time before a route becomes invalid, an other parameters.
Page 35: Settings - Vpn Settings
USER MANUAL GWR Router Series Settings – VPN Settings Virtual private network (VPN) is a communications network tunneled through another network and dedicated to a specific network. One common application of VPN is secure communication through the public Internet, but a VPN need not have explicit security features, such as authentication or content encryption.
Page 36: Gre Keepalive
USER MANUAL GWR Router Series Defines the number of retries when failed keepalives are detected before Retries determining that the tunnel endpoint is down. Enter a number from 1 to 10 times. Click Add insert new item in table. Remove Click Remove to delete selected item from table.
Page 37: Internet Protocol Security (Ipsec)
USER MANUAL GWR Router Series Internet Protocol Security (IPSec) Internet Protocol Security (IPSec) is a protocol suite for securing Internet Protocol communication by authenticating and encrypting each IP packet of a data stream. Click VPN Settings - IPSec, to open the VPN configuration screen. At the Figure 19 – IPSec Summary screen you can see IPSec Summary.
Page 38: Figure 20 - Ipsec Settings
USER MANUAL GWR Router Series Click on this button to add a new Device–to–Device IPSec tunnel. After you have Add New Tunnel added the tunnel, you will see it listed in the Summary table. This button starts the IPSec negotiations between all defined and enabled tunnels. Start If the IPSec is already started, Start button is replaced with Restart button.
Page 39 USER MANUAL GWR Router Series VPN Settings / IPSec Settings Label Description Tunnel Number This number will be generated automatically and it represents the tunnel number. Enter a name for the IPSec tunnel. This allows you to identify multiple tunnels Tunnel Name and does not have to match the name used at the other end of the tunnel.
Page 40 USER MANUAL GWR Router Series The method determines the length of the key used to encrypt or decrypt ESP packets. AES–128 is recommended because it is the most secure. Make sure both ends of the IPSec tunnel use the same encryption method. Select a method of authentication: MD5 or SHA1.
Page 41: Table 11 - Ipsec Parameters
USER MANUAL GWR Router Series IKE SA retry Number of IKE retries, before failover. Restart PPP After IKE With this option enabled PPP connection is restarted when IKE SA retry reaches SA Retry Exceeds defined number of failed attempts. After restart SIM1 is used for connection. Specified Limit Enable tunnel failover.
Page 42: Openvpn
USER MANUAL GWR Router Series OpenVPN OpenVPN site to site allows connecting two remote networks via point–to–point encrypted tunnel. OpenVPN implementation offers a cost–effective simply configurable alternative to other VPN technologies. OpenVPN allows peers to authenticate each other using a pre–shared secret key, certificates, or username/password.
Page 43 USER MANUAL GWR Router Series OpenVPN Label Description IP Filtering Tunnel Number Automatically assigned number of the tunnel. Tunnel Name This field specifies tunnel name. Enable Check this setting in order to enable OpenVPN tunnel. Allow access from the following devices There are two modes of OpenVPN tunnel, routed and bridged mode.
Page 44: Table 12 - Openvpn Parameters
USER MANUAL GWR Router Series Keep Alive Check the box if you want to use keepalive. This field specifies the target IP address for periodical traffic generated using Ping Interval ping in order to maintain the connection active. Ping Timeout This field specifies ping interval for keepalive option.
Page 45: Figure 23 - Openvpn Configuration Page
USER MANUAL GWR Router Series Figure 23 – OpenVPN configuration page Figure 24 – OpenVPN network topology...
Page 46: Settings - Firewall - Ip Filtering
USER MANUAL GWR Router Series Settings – Firewall – IP Filtering TCP/IP traffic flow is controlled over IP address and port number through router’s interfaces in both directions. With firewall options it is possible to create rule which exactly matches traffic of interest. Traffic can be blocked or forward depending of action selected. It is important when working with firewall rules to have in mind that traffic for router management should always be allowed to avoid problem with unreachable router.
Page 47: Figure 25 - Firewall Configuration Page
USER MANUAL GWR Router Series address rule logic filter. Instead of applying firewall rule on defined IP addresses all IP addresses EXCEPT defined are covered by firewall rule. Selection of traffic by packet state. INVALID is for unrecognized packet state Packet state traffic Options for firewall rule action: ACCEPT (forward traffic), REJECT (deny...
Page 48: Settings - Firewall - Mac Filtering
USER MANUAL GWR Router Series Settings – Firewall – MAC Filtering MAC filtering can be used to restrict which Ethernet devices can send packets to the router. If MAC filtering is enabled, only Ethernet packets with a source MAC address that is configured in the MAC Filter table will be allowed.
Page 49: Settings - Dyndns
USER MANUAL GWR Router Series Figure 27 – DMZ Host configuration page Settings – DynDNS Dynamic DNS is a domain name service allowing to link dynamic IP addresses to static hostname. To start using this feature firstly you should register to DDNS service provider. Section of the web interface where you can setup DynDNS parameters is shown in Figure 28.
Page 50: Table 15 - Dyndns Parameters
USER MANUAL GWR Router Series Password User password. Defines interval between updates of the DynDNS client. Default and minimum value for all DynDNS services, except No–IP service, is 86400 seconds. Update Update cycle cycle value for No–IP service is represented in minutes and minimum is 1 minute.
Page 51: Settings - Serial Port
USER MANUAL GWR Router Series Settings – Serial Port Using the router’s serial port it is possible to perform serial–to–ethernet conversion (Serial port over TCP/UDP) and ModbusRTU–to–TCP conversion (Modbus gateway). Initial Serial Port Settings page is shown in figure bellow. By default above described features are disabled. Selecting one of two possible applications of Serial port opens up additional options available for configuration.
Page 52: Figure 30 - Serial Port Configuration Page
USER MANUAL GWR Router Series Server IP address Specify server IP address. (Only on client side). Connect to TCP/UDP Number of the TCP/UDP port to accept connections from this device. (Only on port client side). Either raw or telnet. Raw enables the port and transfers all data like between the Type of socket port and the log.
Page 53: Modbus Gateway Settings
USER MANUAL GWR Router Series Modbus Gateway settings The serial server will perform conversion from Modbus/TCP to Modbus/RTU, allowing polling by a Modbus/TCP master. The Modbus Gateway carries out translation between Modbus/TCP and Modbus/RTU. This means that Modbus serial slaves can be directly attached to the unit's serial ports without any external protocol converters.
Page 54: Figure 31 - Modbus Gateway Configuration Page
USER MANUAL GWR Router Series Figure 31 – Modbus gateway configuration page...
Page 55: Sms - Sms Remote Control
USER MANUAL GWR Router Series SMS – SMS Remote Control SMS remote control feature allows users to execute a short list of predefined commands by sending SMS messages to the router. GWR router series implement following predefined commands: In order to establish PPP connection, user should send SMS containing following string: :PPP–CONNECT After the command is executed, router sends a confirmation SMS with “OK”...
Page 56: Sms - Send Sms
USER MANUAL GWR Router Series Figure 32 – SMS remote control configuration SMS – Send SMS SMS send feature allows users to send SMS message from WEB interface. In following picture is page from where SMS can be sent. There are two required fields on this page: Phone number and Message. Figure 33 –...
Page 57: Maintenance
USER MANUAL GWR Router Series Maintenance The GWR Router provides administration utilities via web interface. Administrator can setup basic router’s parameters, perform network diagnostic, update software or restore factory default settings. Maintenance – Device Identity Settings Within Device Identity Settings Tab there is an option to define name, location of device and description of device function.
Page 58: Maintenance - Date/Time Settings
USER MANUAL GWR Router Series Figure 35 – Router Management configuration page Administrator Password Label Description Enable Password By this check box you can activate or deactivate function for authentication when Authentication you access to web/console application. Username This field specifies Username for user (administrator) login purpose. Enter the old password.
Page 59: Figure 36 - Date/Time Settings Configuration Page
USER MANUAL GWR Router Series Figure 36 – Date/Time Settings configuration page Date/Time Settings Label Description Manually Sets date and time manually as you specify it. From time server Sets the local time using the Network Time Protocol (NTP) automatically. This field species Date and Time information.
Page 60: Maintenance - Diagnostics
You can use this feature to upgrade the GWR Router firmware to the latest version. If you need to download the latest version of the GWR Router firmware, please visit Geneko support site. Follow the on– screen instructions to access the download page for the GWR Router.
Page 61: Maintenance - Settings Backup
USER MANUAL GWR Router Series Maintenance – Settings Backup This feature allows you to make a backup file of complete configuration or some part of the configuration on the GWR Router. In order to backup the configuration, you should select the part of configuration you would like to backup.
Page 62: Maintenance - Default Settings
Figure 41 – Default Settings page Maintenance – System Reboot If you need to restart the Router, Geneko recommends that you use the Reboot tool on this screen. Click Reboot to have the GWR Router reboot. This does not affect the router’s configuration.
Page 63: Management - Command Line Interface
USER MANUAL GWR Router Series Management – Command Line Interface CLI (command line interface) is a user text–only interface to a computer's operating system or an application in which the user responds to a visual prompt by typing in a command on a specified line and then receives a response back from the system.
Page 64: Management - Remote Management
Figure 44 – Remote Management Command Line Interface Label Description Enable Remote Enable or disable Remote Management. Management Protocol Choose between Geneko and Sarian protocol. Bind to Specify the interface. TCP port Specify the TCP port. Username Specify the username. Password Specify the password.
Page 65: Management - Connection Manager
USER MANUAL GWR Router Series Management – Connection Manager Enabling Connection Manager will allow Connection Wizard (located on setup CD that goes with the router) to guide you step–by–step through the process of device detection on the network and setup of the PC–to–device communication.
Page 66: Figure 46 - Connection Wizard - Initial Step
USER MANUAL GWR Router Series Figure 46 – Connection Wizard – Initial Step Select one of the options and click Next. On the next screen after Connection Wizard inspects the network (whole broadcast domain) you’ll see a list of routers present in the network, with following information: Serial number, Model, Ethernet IP,...
Page 67: Figure 47 - Connection Wizard - Router Detection
USER MANUAL GWR Router Series Figure 47 – Connection Wizard – Router Detection When you select one of the routers from the list and click Next you will get to the following screen. Figure 48 – Connection Wizard – LAN Settings If you selected to configure LAN and WAN interface click, upon entering LAN information click Next and you will be able to setup WAN interface.
Page 68: Figure 49 - Connection Wizard - Wan Settings
USER MANUAL GWR Router Series Figure 49 – Connection Wizard – WAN Settings After entering the configuration parameters if you mark option Establish connection router will start with connection establishment immediately when you press Finish button. If not you have to start connection establishment manually on the router’s web interface.
Page 69: Management - Simple Management Protocol (Snmp)
USER MANUAL GWR Router Series Management – Simple Management Protocol (SNMP) SNMP, or Simple Network Management Protocol, is a network protocol that provides network administrators with the ability to monitor the status of the Router and receive notification of any critical events as they occur on the network.
Page 70: Management - Logs
USER MANUAL GWR Router Series Management – Logs Syslog is a standard for forwarding log messages in an IP network. The term "syslog" is often used for both the actual syslog protocol, as well as the application or library sending syslog messages. Syslog is a client/server protocol: the syslog sender sends a small (less than 1KB) textual message to the syslog receiver.
Page 71: Logout
USER MANUAL GWR Router Series You can specify port by marking on user defined and specify port you want Syslog data to be sent. User defined Set manually port number. Default Use standard port number for this service. [514] Local syslog Local –...
Page 72: Configuration Examples
USER MANUAL GWR Router Series Configuration Examples GWR Router as Internet Router The GWR Routers can be used as Internet router for a single user or for a group of users (entire LAN). NAT function is enabled by default on the GWR Router. The GWR Router uses Network Address Translation (NAT) where only the mobile IP address is visible to the outside world.
Page 73: Gre Tunnel Configuration Between Two Gwr Routers
USER MANUAL GWR Router Series GRE Tunnel configuration between two GWR Routers GRE tunnel is a type of a VPN tunnel, but it is not a secure tunneling method. Simple network with two GWR Routers is illustrated on the diagram below (Figure 53). Idea is to create GRE tunnel for LAN to LAN (site to site) connectivity.
Page 74: Figure 55 - Gre Configuration Page For Gwr Router 1
USER MANUAL GWR Router Series provider’s network default gateway). • Click WAN Settings Tab to configure parameters necessary for GSM/UMTS connection. All parameters necessary for connection configuration should be required from mobile operator. • Check the status of GSM/UMTS connection (WAN Settings Tab). If disconnected please click Connect button.
Page 75: Figure 57 - Network Configuration Page For Gwr Router 2
USER MANUAL GWR Router Series settings. Configure IP address and Netmask. • IP Address: 192.168.2.1, • Subnet Mask: 255.255.255.0, • Press Save to accept the changes. Figure 57 – Network configuration page for GWR Router 2 • Use SIM card with a static IP address, obtained from Mobile Operator. (Note the default gateway may show, or change to, an address such as 10.0.0.1;...
Page 76: Figure 59 - Routing Configuration Page For Gwr Router 2
USER MANUAL GWR Router Series Figure 59 – Routing configuration page for GWR Router 2 • Optionally configure IP Filtering and TCP service port settings to block any unwanted incoming traffic. • On the device connected on GWR router 2 setup default gateway 192.168.2.1.
Page 77: Gre Tunnel Configuration Between Gwr Router And Third Party Router
USER MANUAL GWR Router Series GRE Tunnel configuration between GWR Router and third party router GRE tunnel is a type of a VPN tunnels, but it isn't a secure tunneling method. However, you can encrypt GRE packets with an encryption protocol such as IPSec to form a secure VPN. On the diagram below (Figure 60) is illustrated simple network with two sites.
Page 78: Figure 61 - Network Configuration Page
USER MANUAL GWR Router Series • Peer Tunnel Address will be the HQ router WAN IP address (static IP address), • Remote Subnet is HQ LAN IP address and Remote Subnet Mask is subnet mask of HQ LAN. GSM/UMTS APN Type: For GSM/UMTS networks GWR Router connections may require a Custom APN.
Page 79: Figure 62 - Gre Configuration Page
USER MANUAL GWR Router Series • Tunnel Source: 172.29.8.5, • Tunnel Destination: 172.29.8.4, • KeepAlive enable: no, • Period:(none), • Retries:(none), • Press ADD to put GRE tunnel rule into VPN table, • Press Save to accept the changes. Figure 62 – GRE configuration page •...
Page 80: Ipsec Tunnel Configuration Between Two Gwr Routers
USER MANUAL GWR Router Series IPSec Tunnel configuration between two GWR Routers IPSec tunnel is a type of a VPN tunnels with a secure tunneling method. Simple network with two GWR Routers is illustrated on the diagram below Figure 64. Idea is to create IPSec tunnel for LAN to LAN (site to site) connectivity.
Page 81: Scenario #1
USER MANUAL GWR Router Series Scenario #1 Router 1 and Router 2 , presented in the Figure 64, have firmware version that provides two modes of negotiation in IPSec tunnel configuration process: • Aggressive, • Main, In this scenario, aggressive mode will be used. Configurations for Router 1 and Router 2 are listed below. The GWR Router 1 configuration: Click Network Tab, to open the LAN NETWORK screen.
Page 82: Figure 66 - Ipsec Configuration Page I For Gwr Router 1
USER MANUAL GWR Router Series • IPSec Setup • Key Exchange Mode: IKE with Preshared key, • Mode: aggressive, • Phase 1 DH group: Group 2, • Phase 1 Encryption: 3DES, • Phase 1 Authentication: MD5, • Phase 1 SA Life Time: 28800, •...
Page 83: Figure 67 - Ipsec Configuration Page Ii For Gwr Router 1
USER MANUAL GWR Router Series Figure 67 – IPSec configuration page II for GWR Router 1 NOTE : Options NAT Traversal and Send Initial Contact are predefined Figure 68 – IPSec configuration page III for GWR Router 1 Click Start button on Internet Protocol Security page to initiate IPSEC tunnel. NOTE: Firmware version used in this scenario also provides options for Connection mode of IPSec tunnel.
Page 84: Figure 69 - Ipsec Start/Stop Page For Gwr Router 1
USER MANUAL GWR Router Series Figure 69 – IPSec start/stop page for GWR Router 1 Click Start button and after that Connect button on Internet Protocol Security page to initiate IPSEC tunnel • On the device connected on GWR router 1 setup default gateway 10.0.10.1 The GWR Router 2 configuration: •...
Page 85: Figure 71 - Ipsec Configuration Page I For Gwr Router 2
USER MANUAL GWR Router Series • Perfect Forward Secrecy: true, • Phase 2 DH group: Group 2, • Phase 2 Encryption: 3DES, • Phase 2 Authentication: MD5, • Phase 2 SA Life Time: 3600, • Preshared Key: 1234567890. • Failover Enable Tunnel Failover: false.
Page 86: Figure 73 - Ipsec Configuration Page Iii For Gwr Router 2
USER MANUAL GWR Router Series Figure 73 – IPSec configuration page III for GWR Router 2 Click Start button on Internet Protocol Security page to initiate IPSEC tunnel. NOTE: Firmware version used in this scenario also provides options for Connection mode of IPSec tunnel. If connection mode Connect is selected that indicates side of IPSec tunnel which sends requests for establishing of the IPSec tunnel.
Page 87: Scenario #2
USER MANUAL GWR Router Series Scenario #2 Router 1 and Router 2, presented in the Figure 64, are configured with IPSec tunnel in Main mode. Configurations for Router 1 and Router 2 are listed below. The GWR Router 1 configuration: Click Network Tab, to open the LAN NETWORK screen.
Page 88: Figure 76 - Ipsec Configuration Page I For Gwr Router 1
USER MANUAL GWR Router Series • Local Security Group Type: Subnet, • IP Address: 10.0.10.0, • Subnet Mask: 255.255.255.0. • Remote Group Setup • Remote Security Gateway Type: IP Only, • IP Address: 172.29.8.5, • Remote ID Type: IP Address •...
Page 89: Figure 77 - Ipsec Configuration Page Ii For Gwr Router 1
USER MANUAL GWR Router Series Figure 77 – IPSEC configuration page II for GWR Router 1 Figure 78 – IPSEC configuration page III for GWR Router 1 NOTE: Firmware version used in this scenario also provides options for Connection mode of IPSec tunnel. If connection mode Connect is selected that indicates side of IPSec tunnel which sends requests for establishing of the IPSec tunnel.
Page 90: Figure 80 - Network Configuration Page For Gwr Router 2
USER MANUAL GWR Router Series Click Start button and after that Connect button on Internet Protocol Security page to initiate IPSEC tunnel • On the device connected on GWR router 1 setup default gateway 10.0.10.1. The GWR Router 2 configuration: •...
Page 91: Figure 81 - Ipsec Configuration Page I For Gwr Router 2
USER MANUAL GWR Router Series • Remote ID Type: IP Address, • Remote Security Group Type: Subnet, • IP Address: 10.0.10.0, • Subnet: 255.255.255.0. • Failover Enable IKE failover: false, Enable Tunnel Failover: false. • Advanced • Compress(Support IP Payload Compression Protocol(IPComp)): false, •...
Page 92: Figure 83 - Ipsec Configuration Page Iii For Gwr Router 2
USER MANUAL GWR Router Series Figure 83 – IPSEC configuration page III for GWR Router 2 NOTE: Firmware version used in this scenario also provides options for Connection mode of IPSec tunnel. If connection mode Connect is selected that indicates side of IPSec tunnel which sends requests for establishing of the IPSec tunnel.
Page 93: Ipsec Tunnel Configuration Between Gwr Router And Cisco Router
USER MANUAL GWR Router Series IPSec Tunnel configuration between GWR Router and Cisco Router IPSec tunnel is a type of a VPN tunnels with a secure tunneling method. On the diagram below Error! Reference source not found. is illustrated simple network with GWR Router and Cisco Router. Idea is to create IPSec tunnel for LAN to LAN (site to site) connectivity.
Page 94 USER MANUAL GWR Router Series • Click WAN Settings Tab to configure parameters necessary for GSM/UMTS connection. All parameters necessary for connection configuration should be required from mobile operator. • Check the status of GSM/UMTS connection (WAN Settings Tab). If disconnected please click Connect button.
Page 95: Figure 87 - Ipsec Configuration Page I For Gwr Router
USER MANUAL GWR Router Series Figure 87 – IPSEC configuration page I for GWR Router Figure 88 – IPSec configuration page II for GWR Router...
Page 96: Figure 89 - Ipsec Configuration Page Iii For Gwr Router
USER MANUAL GWR Router Series Figure 89 – IPSec configuration page III for GWR Router • Click Start button on Internet Protocol Security page to initiate IPSEC tunnel. Click Start button and after that Connect button on Internet Protocol Security page to initiate IPSEC tunnel Figure 90 –...
Page 97 USER MANUAL GWR Router Series !––– ISAKMP policy crypto isakmp policy 10 encr 3des authentication pre–share group 2 lifetime 28800 !––– Profile for LAN–to–LAN connection, that references !––– the wildcard pre–shared key and a wildcard identity crypto isakmp profile L2L description LAN to LAN vpn connection keyring remote...
Page 98: Ipsec Tunnel Configuration Between Gwr Router And Juniper Ssg Firewall
USER MANUAL GWR Router Series transport input telnet ssh Use this section to confirm that your configuration works properly. Debug commands that run on the Cisco router can confirm that the correct parameters are matched for the remote connections. • show ip interface—Displays the IP address assignment to the spoke router.
Page 99: Figure 92 - Network Configuration Page For Gwr Router
USER MANUAL GWR Router Series • IP Address: 192.168.10.1, • Subnet Mask: 255.255.255.0, • Press Save to accept the changes. Figure 92 – Network configuration page for GWR Router • Use SIM card with a static IP address, obtained from Mobile Operator. •...
Page 100: Figure 93 - Ipsec Configuration Page I For Gwr Router
USER MANUAL GWR Router Series • Compress(Support IP Payload Compression Protocol(IPComp)): false, • Dead Peer Detection(DPD): false, • NAT Traversal: true, • Press Save to accept the changes. Figure 93 – IPSEC configuration page I for GWR Router Figure 94 – IPSec configuration page II for GWR Router...
Page 101: Figure 95 - Ipsec Configuration Page Iii For Gwr Router
USER MANUAL GWR Router Series Figure 95 – IPSec configuration page III for GWR Router • Click Start button on Internet Protocol Security page to initiate IPSEC tunnel. Click Start button and after that Connect button on Internet Protocol Security page to initiate IPSEC tunnel Figure 96 –...
Page 102: Figure 97 - Network Interfaces (List)
USER MANUAL GWR Router Series The Juniper SSG firewall configuration: Step1 – Create New Tunnel Interface • Click Interfaces on Network Tab. Figure 97 – Network Interfaces (list) • Bind New tunnel interface to Untrust interface (outside int – with public IP addresss). •...
Page 103: Figure 99 - Autokey Advanced Gateway
USER MANUAL GWR Router Series Step 2 – Create New VPN IPSEC tunnel • Click VPNs in main menu. To create new gateway click Gateway on AutoKey Advanced tab. Figure 99 – AutoKey Advanced Gateway • Click New button. Enter gateway parameters: Gateway name: TestGWR, Security level: Custom, Remote Gateway type: Dynamic IP address( because your GWR router are hidden behind...
Page 104: Figure 101 - Gateway Advanced Parameters
USER MANUAL GWR Router Series Phase 1 proposal: pre–g2–3des–sha, Mode: Agressive(must be aggressive because of NAT), Nat–Traversal: enabled, Click Return and OK. Figure 101 – Gateway advanced parameters Step 3 – Create AutoKey IKE • Click VPNs in main menu. Click AutoKey IKE. •...
Page 105: Figure 103 - Autokey Ike Parameters
USER MANUAL GWR Router Series Remote Gateway: Predefined, Choose VPN Gateway from step 2. Figure 103 – AutoKey IKE parameters • Click Advanced button. Security level – User defined: custom, Phase 2 proposal: pre–g2–3des–sha, Bind to – Tunnel interface: tunnel.3(from step 1), Proxy ID: Enabled, LocalIP/netmask: 10.10.10.0/24, RemoteIP/netmask: 192.168.10.0/24,...
Page 106: Figure 105 - Routing Parameters
USER MANUAL GWR Router Series Step 4 – Routing • Click Destination tab on Routing menu. • Click New button. Routing parameters are: IP Address: 192.168.10.0/24, Gateway: tunnel.3(tunnel interface from step 1), Click OK. Figure 105 – Routing parameters Step 5 – Policies •...
Page 107: Figure 106 - Policies From Untrust To Trust Zone
USER MANUAL GWR Router Series Figure 106 – Policies from untrust to trust zone • Click Policies in main menu. • Click New button (from trust to untrust zone), Source Address: 10.10.10.0/24, Destination Address: 192.168.10.0/24, Services: Any. • Click OK. Figure 107 –...
Page 108: Openvpn Tunnel Between Gwr Router And Openvnp Server
OpenVPN configuration Open VPN is established between one central locations and three remote locations with Geneko router configured in TCP client mode. Authentication used is pre-shared key. Figure 108 – Multipoint OpenVPN topology...
Page 109: Figure 109 - Openvpn Application Settings
USER MANUAL GWR Router Series proto tcp-server TCP server protocol mode dev tun dev tun mod of Open VPN server ifconfig 2.2.2.1 2.2.2.2 Local and remote IP address of the Open VPN tunnel (both addresses must be within 255.255.255.252 subnet) Selection of virtual network adapter named adap1 dev-node adap1 secret key.txt...
Page 110 USER MANUAL GWR Router Series Only difference to previous configuration is 2.2.2.5, 2.2.2.6 (IP address of local and remote interface) and dev-node adap2. Configuration file for third remote location is: proto tcp-server dev tun ifconfig 2.2.2.9 2.2.2.10 dev-node adap3 secret key.txt ping 10 comp-lzo disable-occ...
Page 111: Figure 110 - Openvpn Gwr Settings
USER MANUAL GWR Router Series Figure 110 – OpenVPN GWR settings Where pre-shared secret you paste from the key.txt file which you generate on OpenVPN server. In routing table static ip route to local OpenVPN server network (in this case it is 192.168.2.0/24) should be entered.
Page 112: Portforwarding - Example
USER MANUAL GWR Router Series When OpenVPN tunnel is up on the Open VPN server you should get following notification: Figure 113 – OpenVPN status on PC On the GWR side status of the OpenVPN tunnel should be established. Figure 114 – OpenVPN status on GWR Portforwarding –...
Page 113: Serial Port - Example
USER MANUAL GWR Router Series – Portforwarding example Figure 115 Portforwarding is configured on the ROUTING page selected from the main menu. Configuration of the examples described above is presented in the following picture: Figure 116– GWR portforwarding configuration Serial port – example For connecting serial devices from remote locations to central location serial transparent conversion can be used.
Page 114: Figure 117- Transparent Serial Connection
USER MANUAL GWR Router Series Figure 117– Transparent serial connection Settings on GWR router From the main menu on the left side of web interface option SERIAL PORT should be selected and following page is displayed. Figure 118– GWR Serial port settings Option SERIAL PORT OVER TCP/UDP SETTINGS is used for configuration of transparent serial communication.
Page 115: Figure 120- Virtual Com Port Application
USER MANUAL GWR Router Series General Settings • Serial port over TCP/UDP settings Serial port settings • Bits per second: 57600 • Data bits: 8 • Parity: none • Stop bits: 1 • Flow control: none TCP/UDP Settings • Protocol: TCP •...
Page 116: Firewall - Example
USER MANUAL GWR Router Series In Virtual Serial Port tab settings should be following: Figure 121– Settings for virtual COM port • IP address: - (not used in server mode) • Port: 1234 • Server Port: 1234 • Port Name: COM10 (random selected) After “Create COM”...
Page 117 USER MANUAL GWR Router Series keep this rule enabled to prevent losing local management interface. Allow already established traffic For inbound TCP only. Allows TCP traffic to pass if the packet is a response to an outbound-initiated session. Allow TELNET on ppp_0 Accepts telnet connection from the outside to router’s WAN interface, for management over CLI interface Allow HTTP on ppp_0...
Page 118: Figure 122 - Firewall Example
USER MANUAL GWR Router Series Figure 122 – Firewall example Firewall is enabled in SETTINGS>FIREWALL page. Page for firewall configuration is presented in the following picture: Figure 123 – Initial firewall configuration on GWR Firstly firewall should be enabled, that is done by selecting: Firewall General Settings>Enable Firewall can be configured by enabling or editing existing, predefined rules or by adding new one.
Page 119: Figure 124 - Filtering Of Telnet Traffic
USER MANUAL GWR Router Series Telnet traffic is denied Select predefined rule number 3. Configuration page like on picture below is shown. Figure 124 – Filtering of Telnet traffic ENABLE option should be selected to have this rule active. To deny Telnet traffic POLICY should be changed from ACCEPT to REJECT (ICMP error message type can be selected when policy reject is selected).
Page 120: Figure 125 - Filtering Of Icmp Traffic
USER MANUAL GWR Router Series Figure 125 – Filtering of ICMP traffic After configuration is finished SAVE button should be selected and user is returned to main configuration page. Priority of rule is changed by selecting number in drop-down menu. In this example number 4 is selected.
Page 121: Figure 127 - Ipsec Firewall Rules
USER MANUAL GWR Router Series After configuration is finished SAVE button should be selected and user is returned to main configuration page. Priority of rule is changed by selecting number in drop-down menu. In this example number 5 is selected. Establishing of IPSec tunnel is allowed Firewall has to allow IKE and ESP protocol for IPSec tunnel establishment.
Page 122: Figure 128 - Allowing Web Access
USER MANUAL GWR Router Series 212.62.38.210. Policy should be configured in following way: Enable: selected Source address: Single IP; 212.62.38.210 All other settings should remain the same like in the picture below Figure 128 – Allowing WEB access After configuration is finished SAVE button should be selected and user is returned to main configuration page.
Page 123: Figure 129 - Outbound Rule For Web Access
USER MANUAL GWR Router Series SAVE and exit WEB traffic is permitted only to 212.62.38.210 from LAN This rule is example of traffic filtering in direction from inside to outside. New rule should be added by selecting ADD NEW RULE button. Policy should be configured in following way: Rule name: Allow HTTP from LAN Enable: selected Chain: FORWARD...
Page 124: Figure 130 - Complete Firewall Configuration
USER MANUAL GWR Router Series to activate traffic filtering. When all 13 rules from this example is configured firewall should look like this: Figure 130 – Complete firewall configuration...
Page 125: Sms Management - Example
USER MANUAL GWR Router Series SMS management – example GWR routers can be managed over the SMS messages. Commands from the SMS are executed on the router with status report sent back to the sender. On the picture below are settings for SMS management where three mobile phone numbers are allowed to send commands to the router over first SIM card.
Page 126: Defining Keepalive Functionality
USER MANUAL GWR Router Series Defining keepalive functionality Keep-alive mechanism works through two simple steps. First step is STANDARD ping proofing. This ping periodically checks if link is alive. Standard ping has 4 packets which are sent over the link and if all 4 are returned keep-alive remains in standard ping proofing mode.
Page 127: Apendix
USER MANUAL GWR Router Series Apendix A. How to Achieve Maximum Signal Strength with GWR Router? The best throughput comes from placing the device in an area with the greatest Received Signal Strength Indicator (RSSI). RSSI is a measurement of the Radio Frequency (RF) signal strength between the base station and the mobile device, expressed in dBm.
Page 128 GENEKO Bul. Despota Stefana 59a 11000 Belgrade • Serbia Phone: +381 11 3340-591, 3340-178 Fax: +381 11 3224-437 e-mail: gwrsupport@geneko.rs www.geneko.rs UM GWR Rev. A Apr 14...

Geneko GWR Series User Manual

List of Figures

List of Tables

Description of the Gprs/Edge/Hspa Router Series

Device Configuration

Device Configuration Using Web Application

USER MANUAL GWR Router Series

Configuration Examples

Apendix

Quick Links

USER MANUAL

Need help?

Questions and answers

Related Manuals for Geneko GWR Series

Summary of Contents for Geneko GWR Series

Table of Contents