1. Manuals
  2. Brands
  3. Eurogard Manuals
  4. Network Hardware
  5. ServiceServer
  6. Manual

Eurogard ServiceServer Manual

Hide thumbs
Table of Contents

Advertisement

Quick Links

Download this manual
Eurogard Service-Server
Manual
Falk Schönfeld <schoenfeld@eurogard.de>

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the ServiceServer and is the answer not in the manual?

Questions and answers

Related Manuals for Eurogard ServiceServer

Summary of Contents for Eurogard ServiceServer

  • Page 1 Eurogard Service-Server Manual Falk Schönfeld <schoenfeld@eurogard.de>...
  • Page 2 Eurogard Service-Server: Manual by Falk Schönfeld Copyright © 2011-2014 Eurogard GmbH...

  • Page 3: Table Of Contents

    Connection to the Internet ................8 Time ......................8 Certificates ....................9 Next steps ....................9 OpenVPN ....................9 3. Configuration options of the ServiceServer ..............10 Administration area ..................... 11 Basic settings/LAN ....................12 Host name ....................12 Domain name ..................... 12 IP-Address of the Server in the LAN network ..........
  • Page 4 Eurogard Service-Server Allow access to the admin network to VPN-Clients ........... 29 Time interval for keep-alive-packets in seconds ..........29 VPN restart after how many unsuccessful Pings ..........30 Cryptoalgorithm ..................30 Service networks ....................30 General overview ..................31 Update network status ..................
  • Page 5 Eurogard Service-Server A. Wichtige Begriffe ....................46...
  • Page 6 List of Figures 1.1. Eurogard ServiceServer .................... 1 1.2. VPN-concept of the Remoteserviceproducts ..............2...
  • Page 7 List of Examples 3.1. Host- and Domain name ..................12 3.2. URL for HTTPS in case of different port ..............13 7.1. Syntax URL VPN-Log ................... 43 7.2. Example of valid query ..................44...

  • Page 8: System Description

    Abbildung 1.1. Eurogard ServiceServer The ServiceServer system connects the user PC and the machine, plant or computer network via a secure connection, a so-called “virtual private network”, VPN in short. During this process, the communication between the participants is secured through the encryption protocol SSL.
  • Page 9 Server into the Router. This Router is parameterised and integrated into the plant network. It acts as intermediary between the various devices of the plant and the service network of the ServiceServer. All IP terminals of the plant can now be accessed via the LAN network at the Server.

  • Page 10: Preconditions

    ‘find’ and access the Server. It may often make sense to attribute a static IP to the ServiceServer in order to guarantee 24-hour accessibility to the service network. Dynamic IPs may result in “Blackouts” of up to 15 minutes.

  • Page 11: Installation And Operation

    Chapter 2. Installation and operation Hardware installation The device is designed for installation in a 19“-Rack and requires 1 HE; a mounting depth of 60 cm will be adequate. Connection and control elements on the rear side of the device On the rear side of the device, the mains power supply, the reset button and an LED signalling errors and specific operating conditions can be found.

  • Page 12: Initial Contact Set-Up

    • Admin account/-password: Eurogard/Eurogard All interactions with the ServiceServer are carried out via a web interface. In order to access the web interface, the LAN-IP of the Server has to be accessible via your PC. In the simplest case, just connect the LAN interface of the Server and your PC by means of a switch or directly via cross-over patch cable.

  • Page 13: Installation - Quick Set Up Guide

    For a more detailed and exhaustive explanation of all menu items, please see Chapter 3 Chapter 3, Configuration options of the ServiceServer. Call up the web interface of the ServiceServer. Proceed according to the instructions in paragraph the section called “Initial contact set-up ”.

  • Page 14: Preparation Of The Serviceserver

    After successful login the Login-Link changes to the Logout-Link, stating the name of the current user, in this case "Eurogard". You are now logged in as administrator on the Eurogard ServiceServer. Go through the various subsections in sequence. Preparation of the ServiceServer Open the main menu item "Server configuration"...

  • Page 15: Connection To The Internet

    Server hardware in use. Set up port-forwarding, if required, Portweiterleitung and/or configure your firewall correspondingly. Time For safe and stable VPN operation between Eurogard ServiceServer and Client-PCs or ServiceRouters, all subscribers require a synchronised time base. As standard, the Server synchronises the correct time via Internet per NTP NTP.

  • Page 16: Certificates

    Set up a reminder in due time in order to create and use new certificates. Initiate the generation of the certificates for the ServiceServer by clicking "generate new server certificates". Since this utilises random values, the duration of this process may vary from time to time.

  • Page 17: Configuration Options Of The Serviceserver

    Chapter 3. Configuration options of the ServiceServer This chapter describes in detail the configuration of the Server. In order to quickly put the Server into operational state, as sufficient for most applications, please refer to the chapter „Installation – Quick guide“...

  • Page 18: Administration Area

    The following chapter describes all configuration options for all sub menus. Administration area In order to change the configuration or the operating parameters of the ServiceServer it is necessary to login to your admin account on the Server. Click the Adminlogin in the upper right-hand corner.

  • Page 19: Basic Settings/Lan

    IP addresses are a clear identification of computers and networks. Please make sure not to double assign them. IP addresses consist of a network and a host part. Any network the ServiceServer may have to access also has to be explicitly specified.

  • Page 20: Netmask

    In this field, the port can be entered where the integrated webserver software receives SSL-encrypted connections. The ServiceServer issues its configuration websites via this Software. Since these pages, depending on the configuration, are also available via the Internet, this is carried out with SSL- encryption.

  • Page 21: Configuration Of Connection

    IP. DSL - DHCP Enter username and password as determined by your ISP. Press "save" and the ServiceServer sets up the connection and will keep it permanently. If the connection is terminated, the device tries to restore it.

  • Page 22: Time Source

    In order for the ServiceServer to be traceable by its VPN clients in the case of an Internet connection with changing IP addresses, a provider is required who changes the reference of host-/domain names to your IP as soon as your Internet IP changes.

  • Page 23: Certificates

    You can check the exact point in time of the last update and the current IP address under Status-Logs dDNS. For further information please refer to the section called “dDNS”. Certificates Certificates play a major role in the security concept of the Eurogard ServiceServer.

  • Page 24: Field Contents

    If, for example, a browser does not know the signatory of the certificate of a SSL-encrypted website, it will issue a warning message. Since a self-created root certificate is used in the ServiceServer which is therefore unknown to the browser, a warning message is issued when the web configuration site is called up per HTTPS “Import root certificate to browser”...

  • Page 25: Validity In Days

    Configuration options of the ServiceServer Validity in days Enter the validity period of the Server certificates in days. Choose a sufficiently long period. If the validity expires, clients will be unable to connect to your device, even with valid certificates.

  • Page 26: Issue Certificates For Lan Ip As Well

    Configuration options of the ServiceServer Issue certificates for LAN IP as well As in the section called “Issue certificates for WAN IP as well ” ”, the certificate can also be tied to the LAN IP. Default: enabled Generate Server certificates...
  • Page 27 Configuration options of the ServiceServer Click Open and Import in the next dialog. The certificate window is displayed and the certificate can be installed on the PC by clicking the button Install certificate.
  • Page 28 Configuration options of the ServiceServer The certificate import wizard is started. Click Next. The next dialog specifies the storage location. Click Browse in order to select a location manually. From the list displayed select Trusted Root Certification Authorities.
  • Page 29 Configuration options of the ServiceServer Confirm the two following safety warnings and the certificate is installed. Remove the root certificate Click the menu item Extras in the upper right-hand corner of the browser and select Internet options.
  • Page 30 Configuration options of the ServiceServer Click the tab Contents and then Certifikates.
  • Page 31 Configuration options of the ServiceServer The tab Trusted Root Certification Authorities displays the relevant list. Select your certificate authority and click delete. Confirm the safety instructions and the certificate is removed from the computer. Mozilla Firefox 5.0 Import of the root certificate After clicking the button import a selection screen is displayed.
  • Page 32 Configuration options of the ServiceServer Use of the certificate is configured for Firefox. Remove the root certificate Select the menu item Settings from Extras.
  • Page 33 Configuration options of the ServiceServer Go to the tab Advances and Encryption then click the button Show certificates.

  • Page 34: Show Server Certificate

    Configuration options of the ServiceServer The relevant menu item will display the certification bodies; select your certificate. Please note that Firefox displays the list sorted by the field "Company/Organisation". Remove the certificate by pressing delete Confirm the safety warning and the certificate is deleted.

  • Page 35: Openvpn-Mode

    Configuration options of the ServiceServer Caution If settings are changed and saved here during VPN operation, this will result in a reset of all VPN networks. All connected clients will consequently be disconnected and cannot be accessed for approximately 2 minutes.

  • Page 36: Keeping A Log File

    Configuration options of the ServiceServer Since the Eurogard ServiceServer and router mask all data per NAT NAT prior to the forwarding to the WAN interface and since the devices, in some cases, are operated behind NAT NAT Gateways, packets will exceed the maximum size. It therefore has to be limited.

  • Page 37: Vpn Restart After How Many Unsuccessful Pings

    Configuration options of the ServiceServer These intervals can be defined here. If n replies (to be configured in the next section) fail to appear, the connection is reset. During the dial-in of the clients, these settings are also transferred to the clients and implemented. This is of particular importance if the Server is connected to the Internet via a dynamic IP.

  • Page 38: General Overview

    Configuration options of the ServiceServer In the upper right corner you can find a search field which searches all fields after entering a minimum of 2 characters, filtering for the characters entered. The search results are automatically updated with every new entry in the search field.

  • Page 39: Delete Service Networks

    A warning message is displayed if the default administrator account is still active. You should create a new account at this stage and delete the "Eurogard" account. The existing accounts are organised in an overview chart as in the section called “Add network ”.

  • Page 40: New User Certificate

    Press "download" in order to download an archive file with all certificates, keys and an OpenVPN configuration file for the relevant user. The Eurogard Connect-Software as well as the eurogard-ServiceRouter require this for setting up the VPN. Depending on the validity range, this file is essential for access to the service network(s).

  • Page 41: Change Password

    ServiceServer. As a general rule all Eurogard remote service products mask the data traffic of the LAN clients via NAT NAT before entering the WAN. This minimises administration requirements and enhances the acceptance of the devices.

  • Page 42: Allow Lan Devices Access Via External Interface

    Configuration options of the ServiceServer If reachability of the HTTPS protocol has been directed to a different port from port 443, the chosen port is opened or closed at this point. Default: enabled Allow LAN devices access via external interface You can set a lock at this point if you do not wish LAN devices to access the Internet.

  • Page 43: Messaging

    Chapter 4. Messaging Under this menu item, the entire messaging to and from the Router is parameterised. Please note that some of the options only apply to specific hardware configurations. Email Settings regarding sending and receiving of emails are made here. Direct email traffic through the device is provided for in order to avoid problems of spam.

  • Page 44: Reports

    Messaging During the test, a window opens which displays the messages of the mail software and the mail server. Reports The device can send status reports at pre-determined intervals. This function and the intervals can be set here. The report includes the network parameters in use, connected VPN clients and sensor data of the hardware such as, for example, the CPU temperature.

  • Page 45: Status And Diagnosis

    • Virtual Address: the VPN-IP of the client • received: Bytes received by the client • sent: Bytes sent by the client • connected: time of setting up the VPN tunnel with the ServiceServer. Logs Here, log files of some services can be viewed or downloaded.

  • Page 46: Firewall

    If a ping to google.com, for example, is not successful you can identify the google.com IP by means of a PC with Internet connection and ping this IP. If this works, it means that the ServiceServer has been allocated an incorrect or no DNS server.
  • Page 47 Status and diagnosis Server: UnKnown Address: 192.168.155.1 Nicht autorisierende Antwort: Name: google.com Addresses: 74.125.79.147 74.125.79.99 74.125.79.104 C:\Users\klaus> Choose one of the google.com IPs which are displayed. The IPs listed in the above example may have changed in the meantime and should be verified . The tool “nslookup”...

  • Page 48: Backup-Maintenance

    Maintenance access Activating the maintenance access allows a Eurogard service technician to connect to the device for diagnosis and trouble-shooting purposes. There are two ways of doing this. • An admin account for logging on to the web interface is created.
  • Page 49 Backup-Maintenance If this option is to be used, the operator of the device has to ensure that the Server is accessible via Internet through Port 22/TCP. Firewall or port forwarding options have to be adjusted accordingly. When activating the service access, this port is opened in the firewall for the LAN and for the WAN side.

  • Page 50: Logging Of Connection Data

    Chapter 7. Logging of connection data General With this option, the following information is logged in a server-based MySQL database for each VPN connection: • Time of connection set-up and termination • Account name • Service network name • Allocated VPN IP •...
  • Page 51 Logging of connection data In addition to this, the period of time can be specified via the GET-parameters "tStart" and "tEnd" with the following syntax "JJJJ-MM-DD". The following is an example of a valid request string: Example 7.2. Example of valid query http://192.168.155.1/cgi-bin/api/logs.sh? service=vpn&format=xml&tStart=1970-10-01&tEnd=2015-01-01...

  • Page 52: Disclaimer

    While every precaution has been taken in the preparation of this manual, eurogard cannot guarantee total accuracy of all information contained herein and accepts no liability whatsoever, be it for errors in this manual or for any potential damage occurring as a result of its utilization.
  • Page 53 DHCP ist ein Netzwerkprotokoll, mit dem anfragenden Rechnern von einem DHCP-Server Netzwerkeinstellungen übermittelt werden. Das können IP, DNS-Server usw. sein. Unser ServiceServer ist zum einen DHCP-Client, wenn er sich seine Netzeinstellungen für die WAN-Seite holt, und auch DHCP-Server, wenn er anfragenden Clients auf der LAN-Seite Netzparameter überträgt.
  • Page 54 Betrieb ist, ist die Synchronisierung per NTP die Voreinstellung im Service-Server. Portweiterleitung Ist ein Gerät wie z.B. der ServiceServer nicht direkt, sondern über ein Gateway welches NAT verwendet, mit dem Internet verbunden, kann dieses Gerät nicht direkt aus dem Internet erreicht werden.
  • Page 55 Wichtige Begriffe LAN und WAN müssen mit verschiedenen IP-Netzen parametriert sein. Zertifikat Ein Zertifikat ist eine Art digitaler Ausweis, mit dem man sich seinem Gegenüber authentifiziert. Darin sind gemäß x509- Standart z. B. Name des Inhaber, Name des Aussteller, Gültigkeit und Prüfsumme der Schlüssel usw.

Table of Contents