EWON 2101, 4101, 2005, 4005 VPN router, eCatcher, eSync Connect User guide

EWON 2101, 4101, 2005, 4005 VPN router, eCatcher, eSync Connect User guide

Below you will find brief information for VPN router eWON 2101, VPN router eWON 4101, VPN router eWON 2005, VPN router eWON 4005. These eWON routers offer a secure way to connect remote devices to your network using a virtual private network (VPN). You can establish a VPN connection and access devices on the network, such as PLCs, remotely using eCatcher software and a VPN server. The VPN server is managed through the eSync Connect application, allowing you to create a secure VPN environment for your devices.

advertisement

Assistant Bot

Need help? Our chatbot has already read the manual and is ready to assist you. Feel free to ask any questions about the device, but providing details will make the conversation more productive.

VPN router eWON 2005, eWON 4101, eWON 2005, eWON 4005 User Guide | Manualzz

eWON-VPN - User Guide

Virtual Private Network by eWONs

eWON-VPN - User Guide Virtual Private Network by eWONs

VPN : what is it ?

A virtual private network (VPN) is a private communications network usually used within a company, or by several different companies or organizations, to communicate over a public network with secured communications.

A good compromise is to use Internet as communication link with a tunnelling protocol (encapsulating the crypted data).

This network is called virtual because it links two physical networks (LAN) with a untrusted link (Internet).

This network is called private because only the computers (or devices) connected on this VPN can understand the crypted data.

In brief, a VPN provide you a global secured link at low cost.

unsecured link

INTERNET

VPN server

VPN secured

VPN client

LAN (private)

Figure 1: VPN draft

Main advantages of VPN are :

• low cost by opposition of a real Wide Area Network based on expensive leased lines.

the scalability

It is easy to add/remove a computer from the VPN.

Main disadvantages of VPN are :

VPNs require an in-depth understanding of public network security issues and taking proper precautions in VPN deployment.

The availability and performance of an organization's wide-area VPN (over the Internet in particular) depends on factors largely outside of their control.

VPN technologies from different vendors may not work well together due to immature standards.

VPN need to accommodate protocols other than IP and existing ("legacy") internal network technology.

The purpose of this document is to show you how to setup your VPN (Virtual Private Network) with eWONs.

© ACT'L 2006 Page 2/21

eWON-VPN - User Guide Virtual Private Network by eWONs

eWONs as VPN routers

To build your VPN, you need that all participants speak the same crypted language. If they are computers, it is feasible to install some VPN software to handle a VPN layer. In the case of old computers or Ethernet devices like PLCs, it is impossible to put the VPN inside the devices.

You need to build your Network in a way completely transparent for the participants.

That job is done by VPN Routers.

Not all eWONs are able to be VPN Routers, only the eWON2101, eWON4101, eWON2005 and eWON4005.

eWON2101 eWON4101 eWON2005 eWON4005

Industrial VPN Routers

These eWONs allow you to put Ethernet devices on your VPN by a Dial-up connection (PSTN, ISDN, GSM or GPRS).

Remote Maintenance

Alarms

Remote Maintenance

Alarms datalogging viewON

Industrial Broadband VPN Routers

These eWONs allow you to put Ethernet devices on your VPN from a broadband connection (like ADSL) or by a Dial-up connection (PSTN, ISDN, GSM or

GPRS).

Remote Maintenance

Alarms

Remote Maintenance

Alarms

• datalogging

• viewON

On the computer side, you have two software companions :

eCatcher : the eWON connection tool

eSync Connect : the VPN Server application

Technologies

Today, they are many VPN technologies available, ACT'L choose to build VPN on

OpenVPN standard (see http://openvpn.net

).

In eSync Connect, we need WebServer, DataBase and ServerSide technologies, ACT'L choose to use

Apache (see http://www.apache.org

)

MySQL (see http://www.mysql.com

)

PHP (see http://www.php.net

).

© ACT'L 2006 Page 3/21

eWON-VPN - User Guide

VPN : general topology

B

G

A

VPN

Virtual Private Network by eWONs

H

C

D

E

Figure 2: VPN general topology

With a VPN, you want generally to build a network like the one in Figure 2.

All the devices on the yellow zone are on the same Virtual Private Network.

Every devices on the VPN can connect to every other.

The devices on G and H can access to Internet but have no access to VPN.

F

© ACT'L 2006 Page 4/21

eWON-VPN - User Guide Virtual Private Network by eWONs

A) VPN server

To build a VPN, you need a server playing the role of master of VPN communications.

Every device must contact the Server to enter on the VPN.

ACT'L has developed the eSync application to make easier the installation, configuration and daily use of the VPN.

The installation of your eSync is very simple (follow the installer) and eSync will install on your computer :

An Apache WebServer listenning port 80

Even if you have already a Webserver running on your computer, but eSync will use the port 81.

A MySQL Database listenning the port 3306

Even if you have already another one running on your computer, but MySQL will use the port 3307.

An OpenVPN layer compose of few Services listenning the port UDP 1194

Even if you have already another OpenVPN running on your computer, but eSync will use the port

1195.

And you are ready to play secured.

You can view your VPN interface on your Network Connections window (renamed here in VPN connection).

Figure 3: Network connections

With the eSync application, you manage your VPN by opening a secure tunnel of communication between every VPN actors and the Server.

The standard setup of eSync will build a VPN where all actors receive an IP address on the range 10.8.x.x.

Figure 4: eSync VPN settings

These addresses could be assigned statically or dynamically.

© ACT'L 2006 Page 5/21

eWON-VPN - User Guide Virtual Private Network by eWONs

By default, the IP address range is divide in two, an half for the Static IP's and the other for DHCP IP's.

You can define also the Base Address of all devices placed on the LAN side of eWON-VPN.

Then, in our default configuration (see Figure 4), all devices placed behind an eWON-VPN must have an

address beginning by 10.9.x.x. to be accessible on the VPN.

After the installation, you configure eSync with your Browser, just connect you to the LAN IP address of the server (and use the right port if necessary).

The Admin account of eSync is by default :

login:

adm

password:

adm

If your Server is accessible on your LAN, you can access to eSync from every computer.

Server requirements:

Server must be accessible from Internet, generally by a fixed IP address.

Port TCP 80 must be open for the HTTP traffic (or 81 if eSync was installed on 81)

Port UDP 1194 must be open on the Server.

© ACT'L 2006 Page 6/21

eWON-VPN - User Guide Virtual Private Network by eWONs

B) Local User connection and Remote (F)

If you want to go on the VPN from a computer, you need to use the VPN Client eCatcher. You can download it freely from the www.ewon.biz

website. The installation requires no parameters.

Now, you need a VPN account.

Go on eSync Configuration, select Users Setup and click on Create New User link.

Fill all informations

Figure 5: Create new user

Figure 6: User Setup

and Create the User Certificate with the Create link.

You must have the following display when Certificate is generated.

Figure 7: User Certificate generated

© ACT'L 2006 Page 7/21

eWON-VPN - User Guide

Now, you need to export this Certificate to your local computer.

Virtual Private Network by eWONs

Figure 8: Export User Certificate

For that, select the User you want to export and click to the Export Selected User link.

You will be prompted to give the location and name for this XML file.

This file is a Key to enter in your VPN !

Store it to a secured place or destroy it after usage.

you can re-export it if you need it again.

In eCatcher, click on the Add an eSync Server link and use your User Certificate file to create your VPN link.

If you double-click on the new eSync Server connection, you will enter in the VPN.

Now, your computer have access to all the devices connected to the VPN.

For example, you can connect to eSync through the VPN connection if you go to http://10.8.0.1:81 (my installation is on port 81).

Point (F) : On a Laptop from a Remote location, the communications will pass through your Modem to reach the Server. The address of the Server need to be public.

© ACT'L 2006 Page 8/21

eWON-VPN - User Guide Virtual Private Network by eWONs

C) eWON dial-up on VPN

To connect your eWON on the VPN, you need to create an account for it.

Go on eSync Configuration, select eWONs Setup and click on the Add an eWON link.

Fill all informations

Figure 9: Create eWON VPN

Figure 10: eWON setup

Use the Suggest link to choose a free Fixed IP Address.

Don't forget to create the Certificate !

© ACT'L 2006 Page 9/21

eWON-VPN - User Guide

Now, you need to export this Certificate to your local computer.

Virtual Private Network by eWONs

Figure 11: Export eWON Certificate

For that, select the eWON you want to export and click to the

Export Selected eWON link.

You will be prompted to give the location of the file.

This file is a Key to enter in your VPN !

Store it to a secured place or destroy it after usage.

you can re-export it if you need it again.

Notice that filename proposed is “eWON_001_comcfg.txt”, the

VPN parameters are formatted in the file to be uploaded by FTP to configure the eWON.

Just rename the file in “comcfg.txt” and send it to the eWON by FTP.

Now, your eWON has the VPN configuration in place.

VPNCnxType:2

VPNKeyType:1

VPNSecretKey:-----BEGIN RSA PRIVATE KEY-----

MIICXA.......

-----END RSA PRIVATE KEY-----

VPNSecretCert:-----BEGIN CERTIFICATE-----

MIIDKj.......

-----END CERTIFICATE-----

VPNCACert:-----BEGIN CERTIFICATE-----

MIIDGT.......

-----END CERTIFICATE-----

VPNPortOut:1194

VPNAlive:40

VPNSrv1:support.ewon.be

VPNSrv2:

VPNP2PIpMode:0

At every connection of this eWON on Internet, it will setup the VPN tunnel with the server.

By example, you can configure your eWON-pstn to use the Callback sequence to connect to Internet and

VPN.

Once the eWON is on the VPN, the eSync main page shows you the eWON connected by displaying the IP address of it.

© ACT'L 2006

Figure 12: eSync shows eWON connected

Page 10/21

eWON-VPN - User Guide Virtual Private Network by eWONs

If you open another Internet Browser and use this address ( http://10.8.128.29

), you will be connected on your eWON through the VPN.

Figure 13: on eWON by VPN

If the WAN Protection (Security) is set to maximum (see Figure 14), the eWON website is accessible only

through the VPN (the WAN address provide by the ISP will not answer).

Figure 14: WAN Protection

If you have a PLC connect to this eWON and you want to access it with the corresponding software, simply use this VPN IP address.

© ACT'L 2006 Page 11/21

eWON-VPN - User Guide Virtual Private Network by eWONs

D) eWON GPRS as VPN Gateway

The configuration of an eWON acting as VPN Gateway is the same as in the point “eWON dial-up on VPN“

The only things that change in this configuration are :

• eWON is used as Gateway to other ethernet devices eWON use the built in GPRS modem to be connected (permanently) to Internet

Once you create the eWON in eSync, configure the LAN settings parameters (use the Suggest link).

Figure 15: create eWON with a LAN

Then, all devices (and eWON) must have an IP address in this 10.9.9.x range to be part of the VPN.

If eWON has the 10.9.9.1 address, don't forget to set this address as Gateway in other devices.

If your eWON is an GPRS one, you can check the GPRS connection Type. This option will send the

KeepAlive frame slowly (in GPRS, you pay for the traffic not for the time connected).

© ACT'L 2006 Page 12/21

eWON-VPN - User Guide Virtual Private Network by eWONs

Once the Certificate is in the eWON, you may configure the eWON to play the Gateway behavior you want.

The Gateway function is always activated in eWON-VPN, you don't have the “Enable IP Gateway” checkbox like in eWON with firmware 4.x.

Go on the eWON Routing page, and set the option you need.

Figure 16: eWON Routing page

Usually, you need to set the NAT and TF (Transparent Forwarding) on WAN. This configuration allows your ethernet devices to use the both interfaces (WAN and VPN) to go outside.

The WAN will be used if your device send an eMail to the ISP.

The VPN connection will be use when the device needs to access another VPN participant or when it replies to a request coming from the VPN.

As you are in GPRS, you can stay connected permanently to Internet, check the Maintain Connection checkbox.

Figure 17: Maintain Connection parameter

Be aware that eWON and eSync will send small packets (ping) to maintain the connection open

(KeepAlive). Then this permanent connection will cost some money (even if there is no usefull traffic).

Once connected on GPRS, the eWON will establish its VPN connection and be accessible by other VPN participants.

Figure 18: eWON-Gateway connected

The eWON is accessible at the address 10.8.128.33 (address on the VPN) or at the address 10.9.9.1

(address on the eWON LAN).

The devices placed on the LAN of the eWON are accessible by their address 10.9.9.x directly from your computer.

© ACT'L 2006 Page 13/21

eWON-VPN - User Guide Virtual Private Network by eWONs

If you display the IP Routes of your computer (command ROUTE PRINT in a DOS box), you will see that VPN has automatically add a Route to the 10.9.0.0 (Base Address of eWONs LAN pools in the eSync Setup).

Figure 19: IP Routes

© ACT'L 2006 Page 14/21

eWON-VPN - User Guide Virtual Private Network by eWONs

E) eWON2005 as Broadband VPN router

In this configuration, you want to pass through an ADSL router because you need to transmit a lot of data.

With an ADSL router, you must use an eWON2005 or eWON4005. These devices have two Ethernet interfaces, one for the WAN (connect to the ADSL router) and one for the LAN (connect to your devices)

The setup of this eWON is always very close than those from point C and D.

The only thing that differs from point D is :

• eWON use its WAN interface to connect on Internet.

Once you create the eWON in eSync, configure the LAN parameters like following.

Figure 20: setup eWON2005 in eSync

Then, all devices must have an IP address in the 10.9.6.x range to be part of the VPN.

© ACT'L 2006 Page 15/21

eWON-VPN - User Guide Virtual Private Network by eWONs

On the eWON2005, you have two Ethernet interfaces to configure, the LAN and the WAN.

Figure 21: eWON2005 LAN setup

Then, if your eWON2005 has the 10.9.6.1 LAN IP address, don't forget to set this address as Gateway in the devices you want to access.

And the WAN Ethernet interface must be configure with parameters compatible with your ADSL device.

Figure 22: eWON2005 WAN setup

Here, you can see that we have an ADSL router on the 10.1.0.1 (eWON default gateway).

The IP addresses of your Remote Site will be as shown on the rigth.

© ACT'L 2006

Figure 23: eWON2005 remote site IP addresses

Page 16/21

eWON-VPN - User Guide Virtual Private Network by eWONs

There is no MODEM configuration to set. You can disable the Modem Outgoing Connection.

Figure 24: eWON2005 Outgoing connection disable

The VPN configuration is always the same. Put the certificate generate by eSync in the eWON.

Figure 25: eWON2005 VPN certificate setup

In the Networking Config branch, the Internet Connection must be set on the WAN interface.

Figure 26: eWON2005 Internet Connection

If you need a permanent access to Internet, use the Maintain Connection checkbox (as shown).

© ACT'L 2006 Page 17/21

eWON-VPN - User Guide

VPN Connection must be enable.

Virtual Private Network by eWONs

Figure 27: eWON2005 VPN connection

Set the Routing configuration if you need to allow devices on LAN to go outside.

Set the Security you need.

Figure 28: eWON2005 Routing

Figure 29: eWON2005 Security

With a WAN Protection Level set to “Allow All”, your eWON accept also traffic coming from the

“unsecured” world (not VPN).

© ACT'L 2006 Page 18/21

eWON-VPN - User Guide Virtual Private Network by eWONs

With this configuration, you can access your eWON2005-VPN through the ADSL.

Figure 30: eWON2005 connected in eSync

The eWON2005 is accessible at this VPN address 10.8.128.17 and at this LAN address 10.9.6.1 (eSync knows that all address belonging to 10.9.6.x must be routed to this eWON2005).

You can PING your eWON at 10.9.6.1 and your LAN device at 10.9.6.8.

Figure 31: ping through VPN

© ACT'L 2006 Page 19/21

eWON-VPN - User Guide

Appendix eWON at C configuration

Virtual Private Network by eWONs

© ACT'L 2006 Page 20/21

eWON-VPN - User Guide Virtual Private Network by eWONs

© ACT'L 2006 Page 21/21

advertisement

Key Features

  • Secure VPN connection
  • Remote access for devices
  • eCatcher software for remote connection
  • eSync Connect application for VPN server management
  • Supports various dial-up & broadband connections

Frequently Answers and Questions

What is a VPN and how does it work with eWON routers?
A VPN creates a secure tunnel over the internet, making it possible to access devices on a private network as if they were on the same local network. eWON routers act as gateways to your private network, allowing you to establish a VPN connection and access devices through the eCatcher software.
What are the eWON models that support VPN functionality?
The eWON 2101, eWON 4101, eWON 2005, and eWON 4005 are models with VPN capabilities. They offer different connectivity options for establishing a VPN connection.
How do I configure and manage the VPN server with eWON?
The eSync Connect application is used to configure and manage the VPN server. You can create user accounts, manage connections, and monitor VPN activity through its interface.

Related manuals

Download PDF

advertisement