H685/H820 VPN User Manual
Industrial Classed H685 H820 Cellular Router
User Manual for VPN setting
E-Lins Technology Co., Limited
ADDRESS: 1007A, MinTai Bld., Minkang Road, Minzhi Street, Bao'an District, ShenZhen, 518000,
China
PHONE: +86 (755) 33231620
Email: sales@szelins.com
sales@e-lins.com
WEB: http://www.szelins.com
E-Lins Technology Co.,Limited
Tel: +86-(755) 33231620 E-mail: sales@e-lins.com
sales@szelins.com www.szelins.com
H685 H820 VPN User Manual
CONTENTS
1
2
··································································································· 3
PROLOGUE
PROLOGUE···································································································
1.1
VERSION···································································································· 3
1.2
REFERENCED DOCUMENTS··············································································· 3
1.3
NOTICE······································································································3
··········································································· 4
HOW TO CONFIGURE IPSEC
IPSEC···········································································
2.1
NOTES······································································································· 6
2.2
VPN SERVER (POINT B)··················································································· 7
2.2.1
Logon the WEB configuration···································································7
2.2.2
Change local IP···················································································· 8
2.2.3
Configure WAN·····················································································8
2.2.4
Configure VPN Router as VPN Server······················································· 9
2.2.4.1 Change local IP address········································································· 9
2.2.4.2 Configure VPN Server·········································································· 10
2.2.5
2.3
3
Configure CISCO router as VPN server···················································· 11
VPN CLIENT FOR VPN ROUTER (POINT C)··························································· 12
2.3.1
Configure WAN1················································································· 12
2.3.2
Change local IP address······································································· 13
2.3.3
Configre VPN Router as Client······························································· 14
··········································································· 16
HOW TO CONFIGURE PPTP
PPTP···········································································
3.1
NOTES ABOUT IP YOUR CONFIGURATION····························································· 18
3.2
PPTP SERVER (POINT B)·················································································19
3.2.1
Change local IP address······································································· 19
3.2.2
Configuration WAN·············································································· 19
3.2.3
Configure PPTP Server·········································································19
3.3
LAPTOP/H685(H820) AS CLIENT (POINT D)·························································· 21
3.3.1
Change local IP address······································································· 21
3.3.2
Configure PPTP client·········································································· 21
3.3.3
Configure PPTP client of H685/H820······················································· 26
3.4
IPSEC CLIENT FOR SOFTWARE (POINT F)····························································· 26
3.4.1
Configure IPSec Client of Software··························································26
3.4.1.1 Set-up······························································································· 26
3.4.1.2 Configure IPSec Tool············································································ 27
E-Lins Technology Co.,Limited
Tel: +86-(755) 33231620 E-mail: sales@e-lins.com
sales@szelins.com www.szelins.com
H685 H820 VPN User Manual
Chapter 1
1 Prologue
This document is suitable for the following products, it will show how to setup a VPN
Router that has IPSec VPN capabilities for secure remote access to your cellular
network from anywhere on the Internet. Detailed configuration will be shown for
multiple brands of routers
Type
Description
H685ev/H820ev
EVDO Router
H685td/H820td
TD-SCDMA Router
H685w/H820w
WCDMA HSUPA/HSDPA Router
1.1 Version
Version
Date
Description
1.1.3
2010-11-11
Nearly complete
1.4.31
2012-11-16
Modify
Author
Jason
1.2 Referenced Documents
H685_Datasheet_Eng.pdf
H820_Datasheet_Eng.pdf
H685_Usermanual_Eng.pdf
H820_Usermanual_Eng.pdf
1.3 Notice
E-Lins is a registered trademark of E-Lins Technology Co., Limited.
The copyright of the document belongs to E-Lins Technology Co., Limited. Copying of
this document and modifying it and the use or communication of the contents thereof,
is forbidden without express authority. Offenders are liable to the legal sanction.
E-Lins Technology Co.,Limited
Tel: +86-(755) 33231620 E-mail: sales@e-lins.com
sales@szelins.com www.szelins.com
H685 H820 VPN User Manual
Chapter 2
ure IPSec
2 How to Config
onfigure
IPSec provides authentication and encryption services to protect unauthorized
viewing or modification of data within your network or as it is transferred over an
unprotected network, such as the public Internet. IPSec is generally implemented in
two types of configurations:
� Site-to-site— this configuration is used between two IPSec security
gateways, such as PIX Firewall. A site-to-site VPN interconnects networks in
different geographic locations.
� Remote access— this configuration is used to allow secure remote access
for VPN clients, such as mobile users. A remote access VPN allows remote
users to securely access centralized network resources.
IPSec can be configured to work in two different modes:
�
�
Tunnel Mode—This is the normal way in which IPSec is implemented
between two security gateways that are connected over an un-trusted
network, such as the public Internet
Transport Mode—this method of implementing IPSec is typically done with
PPTP to allow authentication of remote Windows 2000 VPN clients.
The main task of IPSec is to allow the exchange of private information over an
insecure connection. IPSec uses encryption to protect information from interception or
eavesdropping. However, to use encryption efficiently, both parties should share a
secret that is used for both encryption and decrypting of the information.
IPSec operates in two phases to allow the confidential exchange of a shared secret:
� Phase 1, which handles the negotiation of security parameters required to
establish a secure channel between two IPSec peers. Phase 1 is generally
implemented through the Internet Key Exchange (IKE) protocol. If the remote
IPSec peer cannot do IKE, you can use manual configuration with pre-shared
keys to complete Phase 1.
� Phase 2, which uses the secure tunnel established in Phase 1 to exchange
the security parameters required to actually transmit user data.
The secure tunnels used in both phases of IPSec are based on security associations
(SAs) used at each IPSec end point. SAs describe the security parameters, such as
the type of authentication and encryption that both end points agree to use.
E-Lins Technology Co.,Limited
Tel: +86-(755) 33231620 E-mail: sales@e-lins.com
sales@szelins.com www.szelins.com
H685 H820 VPN User Manual
In order To enable and configure IPSec, we prepare a test environment, please
according to the diagram and perform the following steps
Note: Point A, B, C, E is must.
E-Lins Technology Co.,Limited
Tel: +86-(755) 33231620 E-mail: sales@e-lins.com
sales@szelins.com www.szelins.com
H685 H820 VPN User Manual
E-Lins Technology Co.,Limited
Tel: +86-(755) 33231620 E-mail: sales@e-lins.com
sales@szelins.com www.szelins.com
H685 H820 VPN User Manual
In this example, we will be working with a VPN server and two VPN Router.
Throughout the screen shots and the rest of the article, I will refer to the following IP
address. Please write them down or print them for reference, it will help you
understand the rest of the article
about A:
local IP: 192.168.100.5
gateway: 192.168.100.254
about B:
WAN IP:202.96.83.74(from your ISP)
Local Router IP:192.168.100.254
About C:
WAN IP:61.80.223.24(Remote computer on the Internet)
Local Router IP:192.168.2.254
LAN IP Network:192.168.2.x
About D:
WAN IP:61.80.224.30(Remote computer on the Internet)
Local Router IP: 192.168.1.254
LAN IP Network:192.168.1.x
2.1 Notes
It is wise to change the IP Schema of your cellular network from the default your router
configures. This will aid you in connecting multiple networks together - especially two
VPN routers of the same brand. Often the default IP Schema is 192.168.0.254, all you
need to do is change the second Router. In this example, I configure my first Router is
192.168.1.254 and another Router is 192.168.2.254. This step is not totally necessary
but it could save you some routing headaches later.
It is also wise to convert your computers over to STATIC IP address instead of
dynamic IP address. If your computers have dynamic IP address, you will not know
what the IP address is of the computer you want to connect to from the road. One day
it might be .2 the next day it might be .5. Again this is not necessary, but it will save
you headaches later.
Static IP Schema Example (about A LAN Computer 1)
IP Address:
Subnet:
Gateway:
DNS:
192.168.100.5
255.255.255.0
192.168.100.254 (router address)
192,168.100.254 (router address again)
E-Lins Technology Co.,Limited
Tel: +86-(755) 33231620 E-mail: sales@e-lins.com
sales@szelins.com www.szelins.com
H685 H820 VPN User Manual
Note: You need change PC IP the same with VPN Router Gateway. Otherwise you didn’t connection WEB
configuration
2.2 VPN server (point B)
You need a H685/H820 or a CISCO router as a vpn server in point B.
And this section describes how to configure H685/H820.
Logon the WEB configuration
2.2.1
2.2.1Logon
Access http://192.168.8.1 to configure the VPN router from A point PC, you can see a
login window
Default Username:
admin
Default Password:
admin
Notice: You can change the login password after you succeed logon WEB configuration, Choose “password” menu
and change the login password
E-Lins Technology Co.,Limited
Tel: +86-(755) 33231620 E-mail: sales@e-lins.com
sales@szelins.com www.szelins.com
H685 H820 VPN User Manual
Change local IP
2.2.2
2.2.2Change
2.2.3 Configure WAN
Refer to “Chapter 3.3.3.1 WAN – Cellular Network” of the manual (H820_Usermanual.Eng.pdf /
H685_Usermanual.Eng.pdf) to configure the WAN.
Configure DDNS if you want to use dynamic IP.
E-Lins Technology Co.,Limited
Tel: +86-(755) 33231620 E-mail: sales@e-lins.com
sales@szelins.com www.szelins.com
H685 H820 VPN User Manual
Refer to “Chapter 3.3.14.1.3 DDNS settings” of the manual (H820_Usermanual.Eng.pdf /
H685_Usermanual.Eng.pdf) to configure the DDNS.
NOTE: it’s not must if you choose static IP.
2.2.4 Configure VPN Router as VPN Server
The VPN Router also supports VPN Server function. So you can configure it as a VPN server.
2.2.4.1 Change local IP address
Change local IP with 192.168.100.254
Notes: Do not forget to manually change the “Default Gateway” same as IP Address
E-Lins Technology Co.,Limited
Tel: +86-(755) 33231620 E-mail: sales@e-lins.com
sales@szelins.com www.szelins.com
H685 H820 VPN User Manual
2.2.4.2 Configure VPN Server
�
�
Choose VPN>IPSec>Add/Edit
VPN Server. Configuration as below
E-Lins Technology Co.,Limited
Tel: +86-(755) 33231620 E-mail: sales@e-lins.com
sales@szelins.com www.szelins.com
H685 H820 VPN User Manual
Notes: Do not “Enable” the configured IPSec VPN.
ure CISCO router as VPN server
2.2.5 Config
Configure
You also can use CISCO Router as VPN server.
This is the sample of CISCO7200 configuration:
crypto keyring shenzhen
pre-shared-key hostname shenzhen key test
E-Lins Technology Co.,Limited
Tel: +86-(755) 33231620 E-mail: sales@e-lins.com
sales@szelins.com www.szelins.com
H685 H820 VPN User Manual
crypto isakmp profile shenzhen
description china SZ shenzhen
vrf SMEP
keyring shenzhen
match identity host shenzhen
keepalive 60 retry 10
crypto ipsec transform-set vpnset esp-des esp-md5-hmac
crypto ipsec profile shenzhen
set transform-set vpnset
set isakmp-profile shenzhen
crypto dynamic-map shenzhen 1
set security-association lifetime kilobytes 536870912
set security-association lifetime seconds 43200
set transform-set vpnset
set isakmp-profile shenzhen
reverse-route
crypto map COREVPN 26 ipsec-isakmp dynamic shenzhen
2.3 VPN Client for VPN Router (point C)
Access http://192.168.8.1 to configure VPN router from point E PC, you can see the following logon
window.
Username:
Password:
admin
admin
ure WAN1
2.3.1 Config
Configure
Refer to “Chapter 3.3.3.1 WAN – Cellular Network” of the manual (H820_Usermanual.Eng.pdf /
H685_Usermanual.Eng.pdf) to configure the WAN.
E-Lins Technology Co.,Limited
Tel: +86-(755) 33231620 E-mail: sales@e-lins.com
sales@szelins.com www.szelins.com
H685 H820 VPN User Manual
2.3.2 Change local IP address
Change local IP into 192.168.2.254
Notes: Do not forget to manually change the “Default Gateway” same as IP Address
E-Lins Technology Co.,Limited
Tel: +86-(755) 33231620 E-mail: sales@e-lins.com
sales@szelins.com www.szelins.com
H685 H820 VPN User Manual
Configre VPN Router as Client
2.3.3
2.3.3Configre
E-Lins Technology Co.,Limited
Tel: +86-(755) 33231620 E-mail: sales@e-lins.com
sales@szelins.com www.szelins.com
H685 H820 VPN User Manual
Notes: Do not “Enable” the configured IPSec VPN.
E-Lins Technology Co.,Limited
Tel: +86-(755) 33231620 E-mail: sales@e-lins.com
sales@szelins.com www.szelins.com
H685 H820 VPN User Manual
Chapter 3
3 How to configure PPTP
In order to enable and configuring PPTP for VPN, we prepare a test environment,
please according to the diagram and perform the following steps
Note: Point A, B, C, E is must.
In this example, we will be working with a VPN server and some PC .Throughout the
screen shots and the rest of the article; I will refer to the following IP address. Please
write them down or print them for reference, it will help you understand the rest of the
article
about A:
local IP:192.168.100.5
Subnet mask: 255.255.255.0
gateway:192.168.100.254
about B:
WAN IP:202.56.8.73(from your ISP)
Local Router IP:192.168.100.254
About D:
WAN IP:61.30.89.223(Remote computer on the Internet)
Local Router IP:192.168.3.8
About E:
WAN IP:61.80.224.30(Remote computer on the Internet)
Local Router IP: 192.168.1.254
LAN IP Network:192.168.1.x
about F:
local IP:192.168.100.4
Subnet mask: 255.255.255.0
gateway:192.168.100.254
E-Lins Technology Co.,Limited
Tel: +86-(755) 33231620 E-mail: sales@e-lins.com
sales@szelins.com www.szelins.com
H685 H820 VPN User Manual
E-Lins Technology Co.,Limited
Tel: +86-(755) 33231620 E-mail: sales@e-lins.com
sales@szelins.com www.szelins.com
H685 H820 VPN User Manual
3.1 Notes about IP Your Configuration
It is wise to change the IP Schema of your cellular network from the default your router
configures. This will aid you in connecting multiple networks together - especially two
VPN routers of the same brand. Often the default IP Schema is 192.168.0.254, all you
need to do is change the second Router. In this example, I made my first Router is
192.168.1.254 and another Router is 192.168.2.254. This step is not totally necessary
but it could save you some routing headaches later.
It is also wise to convert your computers over to STATIC IP address instead of
dynamic IP address. If your computers have dynamic IP address, you will not know
what the IP address is of the computer you want to connect to from the road. One day
it might be .2 the next day it might be .5. Again this is not necessary, but it will save
you headaches later.
Static IP Schema Example
About A LAN Computer 1
IP Address:
Subnet:
Gateway:
DNS:
192.168.100.5
255.255.255.0
192.168.100.254 (router address)
192,168.100.254 (router address again)
Note: You need change PC IP the same with VPN Router Gateway. Otherwise you didn’t connection WEB
configuration
E-Lins Technology Co.,Limited
Tel: +86-(755) 33231620 E-mail: sales@e-lins.com
sales@szelins.com www.szelins.com
H685 H820 VPN User Manual
3.2 PPTP server (point B)
H685/H820 cannot support PPTP Server feature. We use H685m/H700/H720 series router for PPTP
Server.
Change local IP address
3.2.1
3.2.1Change
�
Click ”LAN (edit)” to change local IP into 192.168.100.254
3.2.2 Configuration WAN
Refer to H685m/H700/H720 usermanual to configure the WAN of H685m/H700/H720.
3.2.3 Configure PPTP Server
Click “VPN”, and choose ”PPTP”, select “Enable PPTP”, type the start IP and end IP
as below.
E-Lins Technology Co.,Limited
Tel: +86-(755) 33231620 E-mail: sales@e-lins.com
sales@szelins.com www.szelins.com
H685 H820 VPN User Manual
click Enable PPTP, and fill in Beginning IP and Ending IP, which will be assigned to PPTP client. The
Beginning IP and Ending IP range must be the same range with the router. For example, the router’s IP
is 192.168.100.1, then you can put Beginning IP as 192.168.100.100 and Ending IP as
192.168.100.253
After setting, please re-power on the router.
Follow the picture below, at “VPN –PPTP User”
Click “Add” button,
Fill in User name, Password and Confirm password, click Apply button to save.
It will show the following if the user creating is successful.
E-Lins Technology Co.,Limited
Tel: +86-(755) 33231620 E-mail: sales@e-lins.com
sales@szelins.com www.szelins.com
H685 H820 VPN User Manual
H685
3.3 Laptop/
Laptop/H685
H685((H820
H820)) as Client (Point D)
Change local IP address
3.3.1
3.3.1Change
You need change the PC IP as below.
Configure PPTP client
3.3.2
3.3.2Configure
Open “Network Connections”.
E-Lins Technology Co.,Limited
Tel: +86-(755) 33231620 E-mail: sales@e-lins.com
sales@szelins.com www.szelins.com
H685 H820 VPN User Manual
Click “network Connection” ,click “Next” to continue
The Network Connection Wizard opens. Click“Next”to continue. Put a check mark on
“Connect to the Internet at my workplace” and click next
E-Lins Technology Co.,Limited
Tel: +86-(755) 33231620 E-mail: sales@e-lins.com
sales@szelins.com www.szelins.com
H685 H820 VPN User Manual
Select the option “Virtual Private Network connect” and click next
Type a name for this connection
E-Lins Technology Co.,Limited
Tel: +86-(755) 33231620 E-mail: sales@e-lins.com
sales@szelins.com www.szelins.com
H685 H820 VPN User Manual
Type the host name it was VPN server IP address of the computer
Select “my Use only “option
As showing below picture, Click “Finish” to succeed your new Connection installation
E-Lins Technology Co.,Limited
Tel: +86-(755) 33231620 E-mail: sales@e-lins.com
sales@szelins.com www.szelins.com
H685 H820 VPN User Manual
Input user name and password, Connection will be create when both of them is the same with that in
the server
E-Lins Technology Co.,Limited
Tel: +86-(755) 33231620 E-mail: sales@e-lins.com
sales@szelins.com www.szelins.com
H685 H820 VPN User Manual
ure PPTP client of H685
3.3.3 Config
Configure
H685//H820
3.4 IPSec Client for Software (Point F)
ure IPSec Client of Software
3.4.1 Config
Configure
3.4.1.1 Set-up
This software is suit for Win2000,Win2003,and Windows XP System, but Win2000
system need to add install SP3 or SP4.
It is suitable for personal user and subnet user connects to the company network,
after you have succeeded in dialup to create a VPN network. If you need to put this
computer as Gateway .at subnet network to make VPN communication. When your
install it, please choice install “VPN_NAT”, don’t used NAT from window offer (it
means our common used of “internet connection sharing”)
E-Lins Technology Co.,Limited
Tel: +86-(755) 33231620 E-mail: sales@e-lins.com
sales@szelins.com www.szelins.com
H685 H820 VPN User Manual
3.4.1.2 Configure IPSec Tool
If you have succeed create a new Connection installation, Run the IPSec configure tools,
E-Lins Technology Co.,Limited
Tel: +86-(755) 33231620 E-mail: sales@e-lins.com
sales@szelins.com www.szelins.com
H685 H820 VPN User Manual
According to configuration for your VPN Router Server, type the connection ID,
password, etc.
E-Lins Technology Co.,Limited
Tel: +86-(755) 33231620 E-mail: sales@e-lins.com
sales@szelins.com www.szelins.com