NetModule Cloud Router

blueberrystoreSecurity

Dec 9, 2013 (3 years and 8 months ago)

194 views

NetModule Cloud Router
User Manual
Manual Version 1.0
NetModule AG,Switzerland
March 20,2013
Contents
1 Welcome to NetModule 5
1.1 Terminology..................................5
1.2 Why NetModule M2M Cloud?........................5
1.3 The major Steps to Get Up and Running..................6
1.4 Conventions..................................6
1.5 Use Cases...................................7
1.5.1 1:1 NATed Networks with OpenVPN................7
1.5.2 1:1 NATed Networks with Mobile IP................8
1.5.3 Routed Networkd with OpenVPN..................9
1.5.4 Routed Networks with Mobile IP..................10
2 Installation 11
2.1 Prerequisites..................................11
2.1.1 Hardware Prerequisites........................11
2.1.2 Software Prerequisites........................11
2.2 Package Installation.............................13
2.3 Initial Setup..................................13
3 Configuration 14
3.1 Status.....................................14
3.2 Remote Stations...............................14
3.2.1 Stations................................14
3.2.2 Configuration Template.......................15
3.2.3 Auto Setup Download........................16
3.2.4 Manual Setup.............................17
3.3 Control Stations................................18
3.3.1 Stations................................18
3.4 Server Settings................................22
3.4.1 OpenVPN...............................22
3.4.2 Mobile IP...............................23
3.4.3 L2TP/IPsec.............................24
3.4.4 Internet Access............................25
3.4.5 Change Passwords..........................26
2
3.4.6 Backup/Restore...........................27
3.4.7 Maintenance..............................28
4 Technical Support 29
5 Legal Notes 30
List of Figures
1.1 NetModule M2M Cloud...........................6
1.2 1:1 NATed Networks with OpenVPN....................7
1.3 1:1 NATed Networks with Mobile IP....................8
1.4 Routed Networks with OpenVPN......................9
1.5 Routed Networks with Mobile IP......................10
3.1 Status.....................................14
3.2 Remote Stations...............................15
3.3 Auto Setup Settings.............................16
3.4 Auto Setup Downloads............................17
3.5 Manual Setup.................................18
3.6 Control Stations................................19
3.7 Windows VPN Setup:General........................19
3.8 Windows VPN Setup:Security.......................20
3.9 Windows VPN Setup:IPsec Secret.....................20
3.10 iPhone VPN Setup:General.........................21
3.11 iPhone VPN Setup:Settings.........................21
3.12 OpenVPN Settings..............................22
3.13 Mobile IP Settings..............................23
3.14 L2TP/IPsec Settings.............................24
3.15 Internet Settings...............................25
3.16 Backup and Restore.............................26
3.17 Server Maintenance..............................27
3.18 Server Users..................................28
3
NetModule Cloud Router User Manual
List of Tables
4
1 Welcome to NetModule
Thank you for purchasing a NetModule M2M Cloud.This document should give you
an introduction to the software and its features.The following chapters describe any as-
pects of commissioning the server,installation procedure and provide helpful information
towards configuration and maintenance.
1.1 Terminology
Control station A managing station that communicates with the devices in the field.
Control stations can be PCs,smart phones,tablets,and so on.
Remote station A decentral station that needs to communicate with a control station.
This can be a plant,a vehicle,and so on.
Cloud router A intermediary VPN router between control stations and remote stations.
Devices The equipment in the LAN of the remote stations that needs to be communi-
cated with
1.2 Why NetModule M2M Cloud?
This cloud-based M2M solution gives control stations access to remote stations in the
field by putting all devices into a common VPN.In particular,it provides the following
features:
• Fast and easy configuration of NetModule Routers (automatic setup of remote
stations)
• Giving access to remote stations
• Attaching various control stations
• Connection status overview
• Installation of a VPN server on a scalable hardware in the cloud
For small projects with less than 25 clients,using a NB1600 Wireline can be a alternative
but does not offer all features of the cloud router,for example the automatic setup.
As shown on the picture below,control stations can easily access remote sites and address
hosts in each remote network.
5
NetModule Cloud Router User Manual
Figure 1.1:NetModule M2M Cloud
1.3 The major Steps to Get Up and Running
Basically the following steps are required:
1.Setting up the server (get a Linux server with Internet access,installation this
software,initial configuration of the server).If you are evaluating the product,
please ask for a ready to use evaluation account.
2.Attachment of remote station by downloading a configuration template,transfer-
ring it to the routers via USB stick and joining the stations into the cloud via the
control panel.
3.Attachment of control stations by defining accounts and configuring the stations
accordingly (server address,IPsec secret,user name,password)
1.4 Conventions
The NetModule M2M Cloud concept uses the following conventions:
• Remote station can be attached via OpenVPN and/or Mobile IP.Control stations
are attached using L2TP/Ipsec.
• Remote stations attached via OpenVPN have the IP network 10.8.x.0/24,where
x is the station number
• Remote stations attached via Mobile IP have the IP network 10.16.x.0/24,where
x is the station number
• Control stations attached via L2TP/IPsec have the IP address 10.250.0.x,where
6
NetModule Cloud Router User Manual
x is the station number
• There are two users admin and operator.The operator may not configure the
server.
1.5 Use Cases
There are basically two network modes that can be applied on the remote stations:
natting and routing.Natting means,that the router’s VPN network will be mapped to
a standard network that is the same at all remote sites (192.168.1.0/24).The advantage
is,that the devices on all remote sites can be configured identically.
Routing means,that no NAT is performed.The router’s VPN network will be forward
(routed) into a unique network for every single site.The advantage of this mode is,that
no IP packets are modified,hence for technicians looking into the system it might be
easier that immediately understand what’s going on.
Permuting the two network modes with the two VPNtypes OpenVPNresults in 4 generic
uses cases:
1.5.1 1:1 NATed Networks with OpenVPN
Figure 1.2:1:1 NATed Networks with OpenVPN
7
NetModule Cloud Router User Manual
1.5.2 1:1 NATed Networks with Mobile IP
Figure 1.3:1:1 NATed Networks with Mobile IP
8
NetModule Cloud Router User Manual
1.5.3 Routed Networkd with OpenVPN
Figure 1.4:Routed Networks with OpenVPN
9
NetModule Cloud Router User Manual
1.5.4 Routed Networks with Mobile IP
Figure 1.5:Routed Networks with Mobile IP
10
2 Installation
2.1 Prerequisites
This chapter documents the hardware and software prerequisites for the installation of
NetModule Cloud Router.
2.1.1 Hardware Prerequisites
A server with Intel processor and Internet access is required.This can be a physical
root server or a virtual server.
As remote stations,the Netmodule Router types NB1600,NB2700,and NB3700 are
supported.
2.1.2 Software Prerequisites
The software requires Debian GNU/Linux 6.0 or higher.Both,32 (i386) and 64 bit
(amd64) versions are supported.
The following packages are required:
• apache2
• apache2-mpm-prefork
• apache2-utils
• apache2.2-bin
• apache2.2-common
• freetds-common
• libapache2-mod-php5
• libapr1
• libaprutil1
• libaprutil1-dbd-freetds
• libaprutil1-dbd-mysql
• libaprutil1-dbd-odbc
• libaprutil1-dbd-pgsql
• libaprutil1-dbd-sqlite3
• libaprutil1-ldap
• libevent-1.4-2
11
NetModule Cloud Router User Manual
• libexpat1
• libgcrypt11
• libgnutls26
• libgpg-error0
• libldap-2.4-2
• libltdl7
• liblzo2-2
• libmagic1
• libmysqlclient16
• libonig2
• libpcre3
• libpkcs11-helper1
• libpq5
• libqdbm14
• libsasl2-2
• libsqlite0
• libsybdb5
• libsybdb5
• libtasn1-3
• mime-support
• mysql-common
• odbcinst
• odbcinst1debian2
• openssl
• openssl-blacklist
• openvpn
• openvpn-blacklist
• php5
• php5-cli
• php5-common
• php5-sqlite
• python
• python-minimal
• python2.6
• python2.6-minimal
• sqlite3
• sudo
12
NetModule Cloud Router User Manual
• unixodbc
• unzip
• zip
Use the following commannd to install all prerequisites:
apt-get update
apt-get install apache2 openssl openvpn sqlite3 zip sudo\
apache2.2-common apache2.2-bin apache2 libapache2-mod-php5\
apache2-mpm-prefork libapr1 libaprutil1 libaprutil1-ldap libldap-2.4-2\
libaprutil1-dbd-sqlite3 libaprutil1-dbd-mysql libaprutil1-dbd-odbc\
libaprutil1-dbd-pgsql libaprutil1-dbd-freetds libpcre3 mime-support\
libmagic1 apache2-utils libqdbm14 libsybdb5 libmysqlclient16 unixodbc\
libsasl2-2 libexpat1 libpq5 libgnutls26 mysql-common libsybdb5\
php5 php5-common php5-cli php5-sqlite libonig2 libgcrypt11 libtasn1-3\
freetds-common python python2.6 python-minimal libltdl7 odbcinst1debian2\
liblzo2-2 libpkcs11-helper1 openssl-blacklist openvpn-blacklist\
libgpg-error0 odbcinst libsqlite0 python2.6-minimal libevent-1.4-2 unzip
2.2 Package Installation
The Mobile IP package is optional and needs to be installed separately.Please get the
package from NetModule and install it with dpkg -i vpnportal
2.3 Initial Setup
After the package installation,the cloud router’s control panel is available on http://localhost.
You will have to define the administrator’s password,the interface for Internet access,
and some more things.Please follow the wizard.
13
3 Configuration
3.1 Status
Figure 3.1:Status
This page shows the number of configured and the number of connected stations,listed
by station type and VPN type.
3.2 Remote Stations
3.2.1 Stations
Name:Station name corresponding to the third block in its IP address,e.g.CLIENT_7
has IP address 10.8.7.1
Type:The VPN/tunnelling method that has been used to attach this client
Connected:Whether this client is currently connected or not
Description:A description to remember the station,e.g.Plant 7,Train 5
14
NetModule Cloud Router User Manual
Figure 3.2:Remote Stations
3.2.2 Configuration Template
Please define the settings to be included in the configuration file that is uploaded to
your routers.
Router password:The password that will be applied to the router.
Use Ethernet:Configure Ethernet port as DHCP client and use it for Internet connec-
tion
Use WLAN:Configure WLAN client and use it for Internet connection
Use SSID:Enter the SSID of the WLAN network that shall be used
Use Security mode:Select a security mode supported by your access point
Passphrase:The password to connect to your access point
Use WWAN:Configure mobile connection and use it for Internet connection
Provider:Configure WLAN client and use it for Internet connection
APN:Enter the SSID of the WLAN network that shall be used
Username:Select a security mode supported by your access point
Password:The password to connect to your access point
15
NetModule Cloud Router User Manual
Figure 3.3:Auto Setup Settings
3.2.3 Auto Setup Download
Configuration via USB stick
To add a router to the VPN,unpack the downloaded zip file,copy the contents to a
USB stick and connect it to your router.The router will connect tp the cloud router
and appear in the control panel as remote stations to be joint.You can now join this
router to the VPN and repeat this step for more routers.
Configuration via manual configuration file upload
Alternatively,you can also add routers to the VPN,by downloading the appropriate zip
file and directly uploading it using the router’s Web Manager.
16
NetModule Cloud Router User Manual
Figure 3.4:Auto Setup Downloads
3.2.4 Manual Setup
Please define the settings to be included in the configuration file that is uploaded to
your routers.
VPN Type:The password that will be applied to the router.
Client ID:Station ID corresponding to the third block in its IP address,e.g.Station 7
will have IP address 10.8.7.1
System Type:Select router type
System Serial Number:The serial number of the router,if available
Description:A description in order to remember the station
Use 1:1 NAT:Use 1:1 NAT on the router.The network 10.8.X.0/24 will be mapped
to 192.168.1.0/24
Redirect Gateway:Setting this option will direct all traffic through the tunnel,a.k.a
disable split tunnelling
17
NetModule Cloud Router User Manual
Figure 3.5:Manual Setup
3.3 Control Stations
3.3.1 Stations
Here you can add the control stations.Supported are any devices that can establish
L2TP/IPsec VPN tunnels including Windows,Linux,Mac OS,Android,Apple iOS and
others.
User name:Station name corresponding to the third block in its IPaddress,e.g.CLIENT_7
has IP address 10.8.7.1
VPN IP Address:The IP address of the VPN tunnel on the client side
Connected:Whether this station is currently connected or not
Description:A description to remember the station,e.g.control station 7 or a smart
phone
Windows Stations
Enter the host name or IP address of the cloud server:Select type of VPN:Layer
2 Tunneling Protocol with IPsec (L2TP/IPsec) and click Advanced settings Enter the
Preshared secret defined on the server.
iPhone/iPad Stations
Add a new VPN connection:Fill in Server,Account,Password and Shared Secret.
18
NetModule Cloud Router User Manual
Figure 3.6:Control Stations
Figure 3.7:Windows VPN Setup:General
19
NetModule Cloud Router User Manual
Figure 3.8:Windows VPN Setup:Security
Figure 3.9:Windows VPN Setup:IPsec Secret
20
NetModule Cloud Router User Manual
Figure 3.10:iPhone VPN Setup:General
Figure 3.11:iPhone VPN Setup:Settings
21
NetModule Cloud Router User Manual
3.4 Server Settings
Figure 3.12:OpenVPN Settings
3.4.1 OpenVPN
Enabled:Enable OpenVPN Server
Transport Protocol:OpenVPN transport protocol
Listening Port:OpenVPN server port
Network Address:OpenVPN network
Network Mask:OpenVPN network
Cipher Algorithm:OpenVPN cipher algorithm
Hash Algorithm:OpenVPN hash algorithm
Enable Compression:Enable OpenVPN compression
Enable Keepalive:Enable OpenVPN keep-alive
These parameters cannot be changed after initial server configuration.
Client Defaults
Use 1:1 NAT:Use 1:1 NAT on the router.The network 10.8.X.0/24 will be mapped
to 192.168.1.0/24
22
NetModule Cloud Router User Manual
Redirect Gateway:Setting this option will direct all traffic through the tunnel,a.k.a
disable split tunnelling
Figure 3.13:Mobile IP Settings
3.4.2 Mobile IP
Enabled:Enable Mobile IP Home Agent
Network Address:OpenVPN network
Network Mask:OpenVPN network
These parameters cannot be changed after initial server configuration.
Client Defaults
Use 1:1 NAT:Use 1:1 NAT on the router.The network 10.8.X.0/24 will be mapped
to 192.168.1.0/24
23
NetModule Cloud Router User Manual
Figure 3.14:L2TP/IPsec Settings
3.4.3 L2TP/IPsec
Enabled:Enable Mobile IP Home Agent
Preshared secret:The IPsec Preshard Secret
Leases Start Address:L2TP VPN network
Leases End Address:L2TP VPN network
The network parameters cannot be changed after initial server configuration.
24
NetModule Cloud Router User Manual
Figure 3.15:Internet Settings
3.4.4 Internet Access
Server interface:Enable Mobile IP Home Agent
Server address:Server address
Server netmask:Server netmask
Default gateway:Default gateway
Name server 1:First name server
Name server 2:Second name server
Fully Qualified Domain Name:This FQDN will be used when generating client con-
figurations
Allow internet access from VPN:Allow Internet access from control and remote sta-
tions
The network parameters cannot be changed after initial server configuration.
25
NetModule Cloud Router User Manual
Figure 3.16:Backup and Restore
3.4.5 Change Passwords
User:This user’s password will be changed
New Password:The new password
Confirm Password:The new password
26
NetModule Cloud Router User Manual
Figure 3.17:Server Maintenance
3.4.6 Backup/Restore
Backup configuration:Save a backup of the configuration
Restore configuration:Restore a configuration from backup
WARNING:Restoring an inappropriate configuration may cause loss of VPN connec-
tivity for all VPN clients.
27
NetModule Cloud Router User Manual
Figure 3.18:Server Users
3.4.7 Maintenance
Reboot:This reboots the Linux server,i.e.all services
Reset:This resets the configuration to defaults.
WARNING:Resetting the server deletes all configuration data including client certifi-
cates.You will have to set up all VPN clients again.
28
4 Technical Support
NetModule’s mission statement is to provide you with state of the art products,technolo-
gies and services for your embedded applications.This certainly includes a professional
and friendly team of support engineers which will be pleased to offer consultancy,pro-
vide assistance and deliver solutions in case of technical issues.With their broad-based
experience they will be able to narrow down your problem and thus prevent you from
getting too much gray hair.
In case of support requests please use our support form on the NetModule web page and
submit a detailed description of your problem together with a tech-support file which
contains all the necessary information to speed up the process of analyzing and resolving
your problem.
The latest software and documentation material can be found in the technical support
area via the NetModule website.
Feedback
Your feedback is highly appreciated;please send comments,suggestions,feature requests,
error reports or your personal user experience with this NetModule Cloud Router router
to router@support.netmodule.com.
29
5 Legal Notes
Copyright
This document contains proprietary information of NetModule.No parts of the work
described herein may be reproduced.Reverse engineering of the hardware or software is
prohibited and protected by patent law.This material or any portion of it may not be
copied in any formor by any means,stored in a retrieval system,adopted or transmitted
in any form or by any means (electronic,mechanical,photographic,graphic,optic or
otherwise),or translated in any language or computer language without the prior written
permission of NetModule.
The information in this document is subject to change without notice.We would like
to point out that NetModule makes no representation or warranties with respect to the
contents herein and shall not be responsible for any loss or damage caused to the user
by the direct or indirect use of this information and software.
This document may contain information about third party products or processes.Such
third party information is generally out of influence of NetModule and therefore Net-
Module shall not be responsible for the correctness or legitimacy of this information.If
you experience any incorrect or erroneous specifications in the documentation,please
report them in writing by email to router@support.netmodule.com.While due care has
been taken to deliver accurate documentation,NetModule does not warrant that this
document is error-free.
NetModule and NetModule Cloud Router are trademarks and the logo is a service mark
of NetModule AG,Switzerland.
All other products or company names mentioned herein are used for identification pur-
poses only and may be trademarks or registered trademarks of their respective owners.
The following description of software,hardware or process of NetModule or other third
party provider may be included with your product and will be subject to the software,
hardware or other license agreements.
30
NetModule Cloud Router User Manual
Contact
Please contact us for up-to-date product descriptions,documentation,application notes,
firmware upgrades,troubleshooting tips,press releases or any other concerns.
NetModule AG Tel +41 31 985 25 10
Meriedweg 11 Fax +41 31 985 25 11
CH -3172 Niederwangen info@netmodule.com
Switzerland http://www.netmodule.com
Copyright ©2013 NetModule AG,Switzerland All rights reserved
31