Related Manuals for Eurogard ServiceRouterV3
Summary of Contents for Eurogard ServiceRouterV3
- Page 1 ServiceRouterV3 Manual Maike Symior <maike.symior@eurogard.de> Mario Cappello <mario.cappello@eurogard.de> Oliver Kosmann <oliver.kosmann@eurogard.de>...
- Page 2 ServiceRouterV3: Manual von Maike Symior, Mario Cappello und Oliver Kosmann Copyright © 2019 eurogard GmbH...
-
Page 3: Table Of Contents
3. Information about the ServiceRouterV3 ..................15 1. Contact ........................... 15 2. System ........................... 15 3. Test ..........................16 4. Configuration options of the ServiceRouterV3 ................15 1. Administration area ......................17 2. Basic Settings/LAN ......................17 2.1. Host name ......................17 2.2. - Page 4 ServiceRouterV3 3.1.8. MTU ......................21 3.2. Router control via SMS commands ................21 4. WAN-Fallback Configuration ..................... 21 4.1. Disabled ....................... 21 4.2. Switching ......................21 4.3. Multi-WAN ......................22 5. Time ..........................22 5.1. Time source ......................22 5.2.
- Page 5 ServiceRouterV3 13. Routing ........................40 14. Ports ..........................40 5. Devices ..........................42 1. Host Configuration ......................42 2. Data logger ........................42 2.1. Set up connection to a device .................. 42 2.2. Changing a connection ................... 43 2.3. Configuration of measured data ................44 2.3.1.
- Page 6 Liste der Beispiele 4.1. Host and Domain name ......................18 4.2. URL with HTTPS on changed port ..................19...
-
Page 7: System Description
PLC networks and at the same time extending the functionality range. The ServiceRouterV3 is a complete solution for remote maintenance of automation and other networks via a fast Internet connection. Wired communication with DSL or wireless communication via WiFi or LTE are optional. -
Page 8: Legacy Version, Router As Vpn Server
System description Since mobile communication networks are normally blocked from the Internet through firewalls, the individual plant routers have to be interconnected as clients on a server outside of the mobile communication network. Together with the server they constitute a combined and closed network in which they can communicate and can be reached by a chosen application in the service network (data base, programming device). -
Page 9: Functional Overview And Concept
• The ServiceRouter is integrated into the plant network via port forwarding or has its own DSL modem. • It makes little sense to operate the ServiceRouterV3 as a server via LTE, since the mobile phone providers block external access to the mobile phone networks via firewalls. -
Page 10: Access Routes
6. Data logging and alarm management The ServiceRouterV3 includes an integrated SQL database where up to 16 million values may be saved in a ring buffer. A data link to connected devices such as S7 controls or Modbus TCP devices may be set up by means of various communication drivers. -
Page 11: Preconditions In The Target Network (End Customer Lan)
If the ServiceRouterV3 is operated as client in the target network, port forwarding does not apply – along with many a discussion with local IP administrators. The ServiceRouterV3 only requires an IP in the network, the IP of a DNS server and access to the Internet, just as with any other PC in this network. -
Page 12: Commissioning And Operation
Kapitel 2. Commissioning and operation 1. Hardware installation, technical specification The Router is designed for installation, eg in a switching cabinet, for DIN-rail mounting. It requires a slot with the following dimensions: Height = 178 mm, Width = 50 mm, Depth = 168 mm Technical data •... -
Page 13: Supply Voltage
Commissioning and operation 1.1.1. Supply voltage Supply voltage is 12-30VDC/6-10W. The two input terminals for +-potential are separated by diodes, allowing for redundant power supply of the Router, as long as the ground potential of the sources has the same level. The Power LED indicates sufficient supply. -
Page 14: Error Led
LTE L-LED lights permanently. 1.1.7. WiFi-LED If WiFi is activated on the ServiceRouterV3, the WiFi LED lights up permanently. 1.1.8. VPN switch As the last instance, the VPN switch activates or deactivates the function of the configured VPN. This gives the end customer full control over the remote access to his system at all times. -
Page 15: Usb Connectors
All administrative interactions with the ServiceRouterV3 are carried out via the web interface. In order to access this interface, the LAN-IP of the ServiceRouterV3 has to be accessible for your PC. As a standard, connect the LAN interface of the ServiceRouterV3 directly to your PC via switch or patch cable. If not configured beforehand, set your PC to obtain an IP address automatically via DHCP. -
Page 16: Installation - Quick Set Up Guide
This chapter guides you through the configuration. Only the basic operational parameters are set here. For a more detailed and exhaustive explanation of all menu items, please see chapter Abschnitt 2, „Establishing first contact“. Call up the web interface of the ServiceRouterV3. -
Page 17: Servicerouterv3 Preparation
After successful login the Login link changes to the Logout link, stating the name of the current user, in this case "eurogard". You are now logged in as administrator on the eurogard ServiceRouterV3. Go through the various subsections in sequence. -
Page 18: Connection To The Internet
Try restarting if the device is unable to access the Internet in spite of correct settings. Please refer to Backup Maintenance → Service. 4.3. Time For safe and stable VPN operation between eurogard ServiceRouterV3 and Client-PCs or ServiceServers, all subscribers require a synchronized time base. As default, the Router synchronizes the correct time via Internet via NT... -
Page 19: Router As Vpn Client
Commissioning and operation The correct time of the server can be viewed in the upper right-hand corner, below the Adminlogin link. The time displayed is the time of the website access, not the current time. If the clock has not been set, the time indicated flashes in red. 4.4. - Page 20 Set up a reminder in due time in order to create and use new certificates. Initiate the generation of the certificates for the ServiceRouterV3 by pressing generate new certificates. Since this utilizes random values, the duration of this process may vary from time to time. Please be patient as this may take several minutes.
-
Page 21: Information About The Servicerouterv3
Kapitel 3. Information about the ServiceRouterV3 1. Contact Under Contact you can find the contact details of eurogard. If you have any questions or suggestions, please feel free to contact us. 2. System The menu item System describes the most important configurations and settings of the ServiceRouterV3, such as the LAN-IP, or the WAN-IP, or whether service access is enabled or not. -
Page 22: Test
Information about the ServiceRouterV3 3. Test Under Test you can carry out various tests after the Router has been configured. These tests are used to check the configuration of the Router. Among other things, the system checks if the Router has an Internet connection or if the VPN server can be reached and the VPN channel can be established. -
Page 23: Configuration Options Of The Servicerouterv3
The following chapter describes all configuration options for all sub menus. 1. Administration area In order to change the configuration or the operating parameters of the ServiceRouterV3, it is necessary to login to your admin account on the server. For the initial start-up or reconfiguration after a reset, please use username/password eurogard After successful login, the Login link changes to Logout link. -
Page 24: Domain Name
IP addresses are a clear identification of computers and networks. Please make sure not to double assign them. IP addresses consist of a network and a host part. Any network the ServiceRouterV3 may have to access also has to be explicitly specified. -
Page 25: Web Access/Wan
Default: 443 3. Web Access/WAN This section describes the allocation of the Internet connection for the ServiceRouterV3. 3.1. WAN media Please select the type of connection at this point. Depending on the type of device, you can choose between Ethernet, WiFi, LTE or DSL per PPPoE. -
Page 26: Dsl/Pppoe
ServiceRouterV3 3.1.2. DSL/PPPoE Enter username and password as determined by your ISP. Press the save button and the ServiceRouterV3 sets up the connection and keeps it permanently. If the connection is terminated, the device tries to restore it. No manual interaction or intervention is required. -
Page 27: Enable Log File
Configuration options of the ServiceRouterV3 3.1.7. Enable log file If this menu item is activated, a log file with information regarding the connection is created. This file may be viewed under Status-Logs. 3.1.8. MTU see Abschnitt 3.1.3.5, „MTU“ 3.2. Router control via SMS commands... -
Page 28: Multi-Wan
For configuration seeAbschnitt 3, „Web Access/WAN“. 5. Time For safe and stable VPN operation between eurogard ServiceRouterV3 and Client PCs or ServiceRouters all sub- scribers require a synchronized time base. As a standard, the server synchronizes the correct time via Internet per NTP. -
Page 29: Ntp Server Chart
6. dDNS In order for the ServiceRouterV3 to be traceable by its VPN clients in the case of an Internet connection with changing IP addresses, a provider is required who changes the reference of host-/domain names to your IP as soon as your Internet IP changes. -
Page 30: Certificates
For further information see Abschnitt 3, „dDNS“. 7. Certificates Certificates play a major role in the security concept of the eurogard ServiceRouterV3. Tipp A server certificate only has to be generated if the Router is to be operated as VPN server. -
Page 31: Field Contents
If, for example, a browser does not know the signatory of the certificate of a SSL-encrypted website, it will issue a warning message. Since a self-created root certificate is used in the ServiceRouterV3, which is therefore unknown to the browser, a warning message is issued when the web configuration site is called up per HTTPS. Abschnitt 7.4, „Import root certificates“... -
Page 32: Generate Server Certificates
Configuration options of the ServiceRouterV3 Default: 9125 This corresponds to 25 years. 7.3. Generate server certificates Achtung Before generating certificates, ensure that the device has the correct current time and that the host and the domain names correspond with the ones for future operation. - Page 33 Configuration options of the ServiceRouterV3 The certificate wizard is started. Click Next. The next dialog specifies the storage location. Click Browse in order to select a location manually. From the list displayed select Trusted root certification authorities.
- Page 34 Configuration options of the ServiceRouterV3 Confirm the two following safety warnings and the certificate is installed. 7.4.1.2. Remove root certificate Click the menu item Extras in the top right hand corner of the browser and select Internet options. Click the tab Content and Certificates.
-
Page 35: Show Server Certificates
Configuration options of the ServiceRouterV3 The tab Trusted root certification authorities displays a list. Select your certificate authority and click Remove. Confirm the safety instructions and the certificate is removed from the computer. 7.5. Show server certificates This menu item shows the list of server certificates. The most important safety feature is the fingerprint displayed. -
Page 36: Openvpn
Configuration options of the ServiceRouterV3 Any number of certificates with identical field contents can be generated, the fingerprints, however, will always be different making this an important security feature. 8. OpenVPN In this menu parameters for VPN operation can be defined. Some settings can be adjusted separately for individual processes. -
Page 37: Checklist Router As Openvpn Client
IP address. In our example the target port UDP 1300 at the firewall has to be opened and the server name "eurogard.eu" has to be resolved via a DNS server. Furthermore it has to be ensured that response packets from server to router are not blocked by the firewall. -
Page 38: Http Proxy Server
Precondition for the use of proxy functionality is the use of TCP as transport protocol for OpenVPN! If the eurogard ServiceServer to be used is configured as an HTTP proxy, the required parameters are set by the Router via the access file, so that the user does not have to pay any further attention to these options. If this is not the case, and the Router is to explicitly use the services of a web proxy, enter at least IP and port, if necessary also authentication data. -
Page 39: Activate Mobile Access
Configuration options of the ServiceRouterV3 Since the eurogard ServiceRouterV3 und ServiceServer mask all data via NAT prior to the forwarding to the WAN interface via NAT and since the devices, in some cases, are operated behind NAT Gateways, packets will exceed the maximum size. -
Page 40: Restart Vpn-Connection After Loss Of How Many Keep-Alive Pakets
A warning message is displayed if the default administrator account is still active. You should create a new account at this stage and delete the eurogard account. The existing accounts are organized in an overview chart. Again you have the possibility to filter, browse and set the maximum number of lines displayed. -
Page 41: Add New Account
A pop-up window opens. Select download of the access file as standard tar file for PC/ Router or as OVPN file for mobile devices such as tablets or smart phones. The eurogard-Connect-Software as well as the eurogard-ServiceRouter require the tar format for setting up the VPN. -
Page 42: Change Password
Configuration options of the ServiceRouterV3 9.5. Change password A new password can be created here for user access with password, see also ???. After pressing this button, a field for entering the new password is displayed below the overview table. Press save on the right-hand side in order to confirm settings. -
Page 43: Essid
ServiceRouterV3. As a general rule, all eurogard remote service products mask the data traffic of the LAN clients via NAT before entering the WAN via NAT. This minimizes administration requirements and enhances the acceptance of the devices. -
Page 44: Port 22 - Ssh
Configuration options of the ServiceRouterV3 12.1. Port 22 - ssh If Abschnitt 2.1, „Maintenance access“ is activated, it can be reached via the LAN and the WAN interface. With this button, reachability of the service port via the WAN port can be prevented. - Page 45 Configuration options of the ServiceRouterV3 Please note that the source IP is the IP of the device issuing the request (eg a PC), while the destination IP stands for a device from the plant network or the Router itself. 'Action' specifies what happens to data packets that match this rule.
-
Page 46: Routing
Configuration options of the ServiceRouterV3 Achtung Please note that the first-match principle is used. This means that the rules are processed from top to bottom and according to the rule that applies first. Therefore it is inevitable to place the special rules in the upper part of the list and the general rules in the lower part. - Page 47 Configuration options of the ServiceRouterV3 by devices from the WAN network, without VPN tunnel. If, for example, the webserver of the device with the IP 192.168.155.1 is to be reached, choose configuration according to Rule2. The webserver is now accessible via the WAN-IP or the hostname via port 8080.
-
Page 48: Devices
Kapitel 5. Devices This menu item contains information and configuration details of devices connected to the Router. 1. Host Configuration Two functions are available: 1. Enter IP address and corresponding host name, as in the host file on a PC. 2. -
Page 49: Changing A Connection
Devices The chart 'Device configuration' displays all of the logger’s parameterized connections to devices. A maximum of 5 connections can be set up and activated at the same time. For new entries, press Add device. Enter all required data into the input screen. The following communication drivers are available: •... -
Page 50: Configuration Of Measured Data
Devices Press save in order to save changes to the configuration. 2.3. Configuration of measured data All configured connections between Router and terminal devices with data to be logged are displayed in a chart. Press configure in order to add or edit configuration details; additional charts for administration of logged data appear in the lower section of the screen. -
Page 51: Analog Values In Modbus Devices
Devices It is therefore the user’s responsibility to verify that the log cycle is adhered to. If this is not the case, malfunctions at the Router may occur. In order to create a new measured value, the corresponding input fields are filled with values under add datapoint. The read values can be scaled using minimum and maximum values. -
Page 52: Digital Values With S7 Compatible Controls
Devices Enter data into the corresponding input fields under add datapoint in order to create a new measured value. The driver supports the following types of data: • Unsigned Short Integer (2Byte) • Short Integer (2Byte) • Long Integer AB CD (4Byte) •... -
Page 53: Digital Digital Values With Modbus Devices
Devices fault messages. Operating messages are given no. 1 - 9999, fault messages no. 10000 - 19999. All messages are queried at second intervals for status changes. Enter the number of the data block and the offset for the byte to be addressed in order to create a message area under add datapoint. -
Page 54: Fault Messenger
Devices Enter the number of the address and FuncCode to be addressed in order to create a message area under add data- point. Pressing the test button displays the current status of the byte in decimal form. The button add completes the process;... -
Page 55: Data Synchronization
Devices Email and Web-SMS are available as message channels. In order to send messages via both channels, please create two separate messages, one for each channel. The recipient is entered in the field 'Mail address' or 'Telephone number'. The message text can have up to 100 characters. The button test will only check if the parameterized device is accessible, test messages are not sent out. -
Page 56: Node-Red
As a standard, Node-RED has two accesses. There is the admin access (user name: admin, password: eurogard), and a user access (user name: eurogard, password: eurogard), which only has read permission. - Page 57 Devices After reloading the router website, Node-RED is operational. Now you can assign a new, secure password to the admin account via Change password.
- Page 58 Devices The service must then be restarted via Restart service. You can now log in with the user name "admin" and the password you entered previously. After successful registration the Node-RED service is available and your Router is IIoT-ready.
-
Page 59: Usb-Tunnel
Router only provides a limited supply of voltage per USB port. For this reason, external hard disks withouth independent power supply should not be connected via USB. The USB-Redirector software may be ordered directly from eurogard GmbH. -
Page 60: Messaging
Kapitel 6. Messaging All messaging to and from the Router is parameterized at this point. 1. Email Settings regarding sending and receiving of emails are made here. Direct email traffic through the device is not provided for in order to avoid problems of spam. For direct emailing, an email server account must be used. 1.1. -
Page 61: Allow Certificates Of Unknown Origin
During the test, a window opens which displays the messages of the mail software and the mail server. 2. SMS-Gateway The ServiceRouterV3 can send texts to different recipients. A web SMS service is used so that this function may also be used with devices without LTE modem. The device supports the CM Telecom service. - Page 62 Messaging After signing up with CM Telecom and paying in your starting balance you can start the configuration of the Router. For authentication of the Router with the provider a key is required. This key is generated on the CM Telecom website under 'Interfaces'.
-
Page 63: Reports
Messaging Please remember to press the save button before proceeding. Test your configuration by pressing test. A separate window is opened showing the results. For the configuration of the SMS service with the fault messenger please see menu item Devices → Fault mes- senger, as described in chapter Devices. -
Page 64: Network
Kapitel 7. Status-Logs The system status is displayed under this main menu item. No entries are made here. 1. Network This screen displays all network-specific information. 1.1. IP-Addresses All IP-addresses used by the device are listed here: • WAN-IP address •... -
Page 65: Status-Logs
This site provides information about dynamic DNS updates. Three items are displayed. The first line indicates the last IP which was submitted to the dDNS provider. The second line shows the IP of the ServiceRouterV3's Internet connection. If required this is communicated to the dDNS provider. -
Page 66: Diagnosis
If a ping to google.com, for example, is not successful you can identify the google.com IP by means of a PC with Internet connection and ping this IP. If this works, it means that the ServiceRouterV3 has been allocated an incorrect or no DNS server. - Page 67 Status-Logs • H: Host, route to individual host • G: Gateway...
-
Page 68: Backup Maintenance
Kapitel 8. Backup Maintenance The structure of this chapter follows the sub menus of the main menu item Backup Maintenance. Functions such as backup or restore settings, as well as shut down and reboot are handled here. 1. Backup 1.1. Restore point A restore point saves the configuration of the device at the time of its generation. -
Page 69: Configuration
Backup Maintenance The device restarts and the configuration is initiated. After a subsequent restart the device can be reached via IP . The WAN side is configured for 192.168.155.1 address allocation via DHCP. 1.3. Configuration The generation of human-readable configuration files is possible. The 'routerconfig.cfg' file can then be downloa- ded and customized. -
Page 70: Maintenance Access
Backup Maintenance 2.1. Maintenance access Activating the maintenance access allows a eurogard service technician to connect to the device for diagnosis and trouble-shooting purposes. There are two ways of doing this. • An admin account for logging on to the web interface is created •... -
Page 71: Declaration Of Conformity
Kapitel 9. Declaration of Conformity eurogard GmbH hereby declares that the devices ServiceRouterV3 ER1501, ER 1501-WLAN, ER 1501-LTE and ER 1501-W/LTE are in compliance with the essential requirements and other relevant provisions of the Direc- tives 1999/5/EC and 2011/65/EC. The declarations of conformity can be found and downloaded at the following address: http://www.eurogard.de/CE... -
Page 72: Disclaimer
While every precaution has been taken in the preparation of this manual, eurogard cannot guarantee total accuracy of all information contained herein and accepts no liability whatsoever, be it for errors in this manual or for any potential damage occurring as a result of its utilization. - Page 73 Anhang A. Glossary This section explains the key terms for successful use of the eurogard ServiceRouterV3. All explanations are deliberately kept short, focus on the essentials and are by no means exhaustive. Wikipedia is recommended for those who want to delve deeper into the material. The articles on the relevant topics are all well-founded and very comprehensive.
-
Page 74: Glossary
NTP is the default setting in the ServiceServer. Port forwarding If a device such as the ServiceRouterV3 is not directly connected to the Inter- net but via a gateway using NAT, this device cannot be accessed directly from the Internet.
Need help?
Do you have a question about the ServiceRouterV3 and is the answer not in the manual?
Questions and answers