Digicom 8E4571 3G Industrial Router VPN Pro User's Guide

Dual SIM

Industrial Cellular

VPN Router for GPRS/EDGE/UMTS/HSPA Networks

8E4571 _ 3G Industrial Router VPN Pro

User’s Guide

rev. 1.2 07/2017

3G Industrial VPN Pro User Guide

All rights reserved; no part of this publication may be reproduced, stored in a retrieval system, or trasmitted in any form or by any means, electronic, otherwise, without the prior written permission of Digicom S.p.A. The contents of this booklet may be modified without notice.

Every possible care has been taken in testing and putting together all the documentation contained in this booklet, however Digicom can not take any responsability brought by the use of this booklet.

PREFACE

In order to guarantee your safety and a correct functioning, be sure to follow these safety warnings. The whole set (with cables included) must be installed in a place lacking of or distant from:

• Dust, humidity, high temperatures and direct exposure to sunlight.

• Heat irradiating objects, which may damage your device or cause any other problem.

• Objects producing a high electromagnetic field (Hi-‐Fi speakers, etc.).

• Corrosive liquids or chemical substances.

Any sudden change in temperature and humidity must be avoided.

Use a soft dry cloth and avoid any solvents or abrasive materials.

Caution against shocks or vibrations.

SIMPLIFIED UE DECLARATION OF CONFORMITY

The manufacturer, Digicom S.p.A., declares that this radio equipment Dual SIM Industrial Cellular VPN Router is compliant with Directive 2014/53/UE.

The complete text of UE Declaration of Conformity is available at following internet address: www.digicom.it

3G Industrial VPN Pro

2 / 113


Important Notice

Due to the nature of wireless communications, transmission and reception of data can never be guaranteed. Data may be delayed, corrupted (i.e., have errors) or be totally lost. Although significant delays or losses of data are rare when wireless devices such as the router are used in a normal manner with a well-‐constructed network, the router should not be used in situations where failure to transmit or receive data could result in damage of any kind to the user or any other party, including but not limited to personal injury, death, or loss of property. Digicom accepts no responsibility for damages of any kind resulting from delays or errors in data transmitted or received using the

router, or for failure of the router to transmit or receive such data.

Safety Precautions

General

 The router generates radio frequency (RF) power. When using the router care must be taken on safety issues related to RF interference as well as regulations of RF equipment.







Do not use your router in aircraft, hospitals, petrol stations or in places where using cellular products is prohibited.

Be sure that the router will not be interfering with nearby equipment. For example: pacemakers or medical equipment. The antenna of the router should be away from computers, office equipment, home appliance, etc.

An external antenna must be connected to the router for proper operation. Only uses approved antenna with





 the router. Please contact authorized distributor on finding an approved antenna.

Always keep the antenna with minimum safety distance of 26.6 cm or more from human body. Do not put the antenna inside metallic box, containers, etc.

RF exposure statements

1.

For mobile devices without co-‐location (the transmitting antenna is installed or located more than 20cm away from the body of user and nearby person)

FCC RF Radiation Exposure Statement

1.

This Transmitter must not be co-‐located or operating in conjunction with any other antenna or transmitter.

2.

This equipment complies with FCC RF radiation exposure limits set forth for an uncontrolled environment.

This equipment should be installed and operated with a minimum distance of 20 centimeters between the radiator and your body.

Note : Some airlines may permit the use of cellular phones while the aircraft is on the ground and the door is open.

Router may be used at this time.

Using the router in vehicle







Check for any regulation or law authorizing the use of cellular in vehicle in your country before installing the router.

The driver or operator of any vehicle should not operate the route while in control of a vehicle.

Install the router by qualified personnel. Consult your vehicle distributor for any possible interference of electronic parts by the router.





The router should be connected to the vehicle’s supply system by using a fuse-‐protected terminal in the vehicle’s fuse box.

Be careful when the router is powered by the vehicle’s main battery. The battery may be drained after extended

period.


3 / 113


Protecting your router



To ensure error-‐free usage, please install and operate your router with care. Do remember the follow:

 Do not expose the router to extreme conditions such as high humidity / rain, high temperatures, direct sunlight, caustic / harsh chemicals, dust, or water.









Do not try to disassemble or modify the router. There is no user serviceable part inside and the warranty would be void.

Do not drop, hit or shake the router. Do not use the router under extreme vibrating conditions.

Do not pull the antenna or power supply cable. Attach/detach by holding the connector.

Connect the router only according to the instruction manual. Failure to do it will void the warranty.

 In case of problem, please contact authorized distributor.

SAFETY WARNINGS

Read these instructions and norms carefully before powering the device. Violation of such norms may be illegal and cause hazard situations. For any of the described situations please refer to the specific instructions and norms.

The device is a low power radio transmitter and receiver. When it is ON, it sends and receives radio frequency (RF) signals.The device produces magnetic fields. Do not place it next to magnetic supports such as floppy disks, tapes, etc. Operating your device close to other electrical and electronic equipment -‐ such as a television, phone, radio or a personal computer -‐ may cause interferences.

INTERFERENCES

The device, like all other wireless devices, is subject to interferences that may reduce its performances.

ROAD SAFETY

Do not use your device while driving. In case of use on cars, you must check that the electronic equipment is shielded against RF signals. Do not place the device in the air bag deployment area.

AIRCRAFT SAFETY

Switch off your device when on board aircrafts by disconnecting the power supply and deactivating the internal backup battery. Using GSM devices on aircrafts is illegal.

HOSPITAL SAFETY

Do not use the device near health equipment, especially pacemakers and hearing aids, in order to avoid potential interferences. Take care when utilizing the device inside hospitals and medical centres, which make use of equipment that could be sensitive to external RF signals. Switch it off when use is expressly forbidden.

EXPLOSIVE MATERIALS

Do not use the device in refuelling points, near fuel or chemicals. Do not use the device where blasting is in progress.

Observe restrictions and follow any specific regulation or instruction.

INSTRUCTIONS FOR USE

Do not use this device in direct contact with the human body and keep a minimum distance of 20 cm from it and from the antenna. Use approved accessories only. Consult the user's manual of eventual other equipment connected to this device. Do not connect incompatible products.


4 / 113


Revision History

Updates between document versions are cumulative. Therefore, the latest document version contains all updates made to previous versions.

Release Date Firmware Version

1.00

Doc Version Details v.1.1 First Release


5 / 113


Contents

Chapter 1.

Product Concept ....................................................................................................................................... 8

1.1

Overview ................................................................................................................................................... 8

1.2

1.3

1.4

Packing List ................................................................................................................................................ 8

Specifications .......................................................................................................................................... 10

Dimensions ............................................................................................................................................. 12

1.5

Selection and Ordering Data ................................................................................................................... 12

Chapter 2.

Installation .............................................................................................................................................. 13

2.1

2.2

2.3

2.4

2.5

LED Indicators ......................................................................................................................................... 13

PIN assignment ....................................................................................................................................... 14

USB interface .......................................................................................................................................... 14

Reset Button ........................................................................................................................................... 15

Ethernet port .......................................................................................................................................... 15

2.6

2.7

2.8

Mounting the Router .............................................................................................................................. 16

Install the SIM Card ................................................................................................................................. 16

Connect the External Antenna (SMA Type) ............................................................................................ 17

Chapter 3.

Configuration settings over web browser ............................................................................................... 18

3.1

Configuring PC in Windows ..................................................................................................................... 18

3.2

3.3

3.4

3.5

3.6

Factory Default Settings .......................................................................................................................... 20

Control Panel .......................................................................................................................................... 21

Status -‐> System ...................................................................................................................................... 22

Status -‐> Network ................................................................................................................................... 25

Status -‐> Route ........................................................................................................................................ 25

3.7

3.8

3.9

Status -‐> VPN .......................................................................................................................................... 26

Status -‐> Services .................................................................................................................................... 27

Status -‐> Event/Log ................................................................................................................................. 27

3.10

Configuration -‐> Cellular WAN ................................................................................................................ 28

3.11

Configuration -‐> Ethernet ....................................................................................................................... 34

3.12

Configuration -‐> Serial ............................................................................................................................ 36

3.13

Configuration -‐> USB ............................................................................................................................... 43

3.14

Configuration -‐> NAT/DMZ ..................................................................................................................... 44

3.15

Configuration -‐> Firewall ......................................................................................................................... 45

3.16

Configuration -‐> QoS ............................................................................................................................... 47

3.17

Configuration -‐> IP Routing ..................................................................................................................... 51

3.18

Configuration -‐> DynDNS ........................................................................................................................ 53

3.19

Configuration -‐> IPSec ............................................................................................................................. 54

3.20

Configuration -‐> Open VPN ..................................................................................................................... 59

3.21

Configuration -‐> GRE ............................................................................................................................... 64

3.22

Configuration -‐> L2TP .............................................................................................................................. 65

3.23

Configuration -‐> PPTP ............................................................................................................................. 69

3.24

Configuration -‐> SNMP ........................................................................................................................... 73

3.25

Configuration -‐> VRRP ............................................................................................................................. 75

3.26

Configuration -‐> IP Passthrough ............................................................................................................. 76


6 / 113


3.27

Configuration -‐> AT over IP ..................................................................................................................... 77

3.28

Configuration -‐> Phone Book .................................................................................................................. 77

3.29

Configuration -‐> SMS .............................................................................................................................. 79

3.30

Configuration -‐> Reboot ......................................................................................................................... 80

3.31

Configuration -‐> RobustLink ................................................................................................................... 81

3.32

Configuration -‐> Syslog ........................................................................................................................... 81

3.33

Configuration -‐> Event ............................................................................................................................ 82

3.34

Configuration -‐> USR LED ........................................................................................................................ 83

3.35

Administration -‐> Profile ......................................................................................................................... 83

3.36

Administration -‐> Tools ........................................................................................................................... 84

3.37

Administration -‐> Clock ........................................................................................................................... 88

3.38

Administration -‐> Web Server ................................................................................................................ 89

3.39

Administration -‐> User Management ..................................................................................................... 90

3.40

Administration -‐> Update Firmware ....................................................................................................... 91

Chapter 4.

Configuration Examples .......................................................................................................................... 93

4.1

Interface .................................................................................................................................................. 93

4.1.1

Console port .................................................................................................................................... 93

4.1.2

RS232 ............................................................................................................................................... 94

4.1.3

RS485 ............................................................................................................................................... 94

4.2

4.3

Cellular .................................................................................................................................................... 95

4.2.1

Cellular Dial-‐Up ................................................................................................................................ 95

4.2.2

SMS Remote Status Reading ........................................................................................................... 96

Network .................................................................................................................................................. 98

4.3.1

NAT .................................................................................................................................................. 98

4.3.2

L2TP ................................................................................................................................................. 99

4.3.3

PPTP ............................................................................................................................................... 100

4.3.4

IPSEC VPN ...................................................................................................................................... 102

4.3.5

OPENVPN ....................................................................................................................................... 105

Chapter 5.

Introductions for CLI ............................................................................................................................. 108

5.1

5.2

5.3

What’s CLI and hierarchy level Mode ................................................................................................... 108

How to configure the CLI ...................................................................................................................... 110

Commands reference ............................................................................................................................ 114


7 / 113


Chapter 1.

Product Concept

1.1

Overview

Digicom 3G Industrial VPN Pro is a rugged cellular router offering state-‐of-‐the-‐art mobile connectivity for machine to machine (M2M) applications.

 Dual SIM redundancy for continuous cellular connections, supports 2G/3G/.

 VPN tunnel: IPSec/OpenVPN/PPTP/L2TP/GRE.

 Supports Modbus gateway (Modbus RTU/ASCII to Modbus TCP).

 Auto reboot via SMS/Caller ID/Timing.

 Supports RobustLink (Centralized M2M management platform).

 Flexible Management methods: Web/CLI/SNMP/RobustLink.

 Firmware upgrade via Web/CLI/USB/SMS/RobustLink.

 Various interfaces: RS232/RS485 /USB/Ethernet.

 Wide range input voltages from 6 to 26 VDC and extreme operating temperature.

 The metal enclosure can be mounted on a DIN-‐rail or on the wall.

1.2

Packing List

Check your package to make sure it contains the following items:

 Digicom 3G Industrial VPN Pro router x 1




8 / 113


 3-‐pin pluggable terminal block with lock for power connector x 1

Note : Please notify your sales representative if any of the above items are missing or damaged.

Optional accessories (can be purchased separately):

 SMA antenna (Stubby antenna or Magnet antenna optional) x 1

Stubby antenna Magnet antenna



Ethernet cable x 1

 35mm Din-‐Rail mounting kit

 AC/DC Power Supply Adapter (12VDC, 1.5A) x 1 (EU, US, UK, AU plug optional)


9 / 113


1.3

Specifications

Cellular Interface

3G/2G Module

• UMTS/HSDPA/HSUPA Quad-‐Band:

Band 5 (850 MHz)

Band 8 (900 MHz)

Band 2 (1900 MHz)

Band 1 (2100 MHz)

• GSM/GPRS/EDGE Quad-‐Band:

GSM 850 MHz -‐ E-‐GSM 900 MHz -‐ DCS 1800 MHz -‐ PCS 1900 MHz

• UMTS/HSDPA/HSUPA Power Class:

Power Class 3 (24 dBm) for UMTS/HSDPA/HSUPA mode

• GSM/GPRS Power Class

Power Class 4 (33 dBm) for GSM/E-‐GSM bands

Power Class 1 (30 dBm) for DCS/PCS bands

• EDGE Power Class

Power Class E2 (27 dBm) for GSM/E-‐GSM bands

Power Class E2 (26 dBm) for DCS/PCS bands

• SIM: 2 x (3V & 1.8V)

• Antenna Interface: SMA Female

Ethernet Interface

 Number of Ports: 1 x 10/100 Mbps

 Magnet Isolation Protection: 1.5KV

Serial Interface

 Number of Ports: 1 x RS-‐232 and 1 x RS-‐485

 ESD Protection: 15KV


10 / 113


 Parameters: 8E1, 8O1, 8N1, 8N2, 7E2, 7O2, 7N2, 7E1

 Baud Rate: 300bps to 230400bps

 RS-‐232: TxD, RxD, RTS, CTS, GND

 RS-‐485: Data+ (A), Data-‐ (B), GND

 Interface: DB9 Female

System

 LED Indicators: RUN, PPP, USR, 3 x RSSI

 Built-‐in RTC, Watchdog, Timer

 Expansion: 1 x USB 2.0 host up to 480 Mbps

Software

 Network protocols: PPP, PPPoE, TCP, UDP, DHCP, ICMP, NAT, DMZ, RIP v1/v2, OSPF, DDNS, VRRP, HTTP, HTTPs,

DNS, ARP, QoS, SNTP, Telnet, etc

 VPN tunnel: IPSec/OpenVPN/PPTP/L2TP/GRE

 Firewall: SPI, anti-‐DoS, Filter, Access Control

 Management: Web, CLI, SNMP v1/v2/v3, SMS, RobustLink

 Serial Port: TCP client/server, UDP, Modbus RTU/ASCII to Modbus TCP, Virtual COM (COM port redirector)

 RobustLink: Centralized M2M management platform

Power Supply and Consumption

 Power Supply Interface: 3.5mm terminal block

 Input Voltage: 6 to 26 VDC

 Power Consumption: Idle: 100 mA @ 12 V

Data Link: 1000 mA (peak) @ 12 V

Physical Characteristics

 Housing & Weight: Metal, 300g

 Dimension: (L x W x H): 105 x 100 x 30mm

 Installation: 35mm Din-‐Rail or wall mounting or desktop

Environmental Limits

-‐10°C to 60°C

5% to 95% RH


11 / 113


1.4

Dimensions

1.5

Selection and Ordering Data

Please refer to corresponding R3G Industrial VPN Pro datasheet.


12 / 113


Chapter 2.

Installation

2.1

LED Indicators

Name

RUN

USR

PPP

Color

Green

Green

Green

Status

Blinking

On

Off

On/Blinking

Off

Blinking

On

Off

Function

Router is ready.

Router is starting.

Router is power off.

VPN tunnel/PPPoE/DynDNS/GPS is up.

VPN tunnel/PPPoE/DynDNS/GPS is down.

Null

PPP connection is up.

PPP connection is down.

RSSI LEDs

None

1 bar (Only the first LED is on)

2 bars (The first and the second LED are on)

3 bars (All the RSSI LEDs are on) Exceptional

Function

No signal or SIM card not installed properly

Signal level: 1-‐10 (Exceptional signal level).

Signal level: 11-‐20 (Average signal level).

Signal level: 21-‐31 (Perfect signal level).

Note: User can select display status of USR LED. Please check section 3.34

.


13 / 113


2.2

PIN assignment

PIN Power

10 Positive

11 Negative

12 GND

2.3

USB interface

6

7

4

5

2

3

PIN

1

8

9

DB9 Female Connector

RS232 RS485 (2-‐wire) Direction

-‐

RXD

TXD

GND

RTS

Data+ (A)

Data-‐ (B)

Router → Device

Device → Router

Device

→

Router

-‐

-‐

Device

→

R3G Industrial VPN

Pro

CTS

R3G Industrial VPN Pro →

Device

R3G Industrial VPN Pro

→

Device

USB

USB interface is used for batch firmware upgrade, cannot used to send or receive data from slave devices which with USB interface.

Users can insert an USB storage device, such as U disk or hard disk, into the router’s USB interface, if there is configuration file or firmware of R3G Industrial VPN Pro inside the USB storage devices,

R3G Industrial VPN Pro will automatically update the configuration file or firmware. Details please refer to section 3.13

.


14 / 113


2.4

Reset Button

Reset Button

Function

Reboot

Restore to factory default setting

Operation

Push the button for 5 seconds under working status.

Push the button for 60 seconds once you power on the router until all the three LEDs at the left side (RUN,

PPP, USR) blink at the same time for 5 times.

2.5

Ethernet port

Ethernet port

The Ethernet port has two LED indicators (please check the following picture). The yellow one is

Speed indicator

and the green one is

Link indicator

. There are three status of each indicator. Please refer to the

form below.

Indicator Status Description

Off 10 Mbps mode.

Speed Indicator

Link Indicator

On

Off

On

100 Mbps mode.

Connection is down.

Connection is up.

Blink Data is being transmitted


15 / 113


2.6

Mounting the Router

Use the router on a DIN rail with 3 M3 screws.

2.7

Install the SIM Card

 Inserting SIM Card

1.

Make sure power supply is disconnected.

2.

Use a screwdriver to unscrew the screw on the cover, and then remove the cover, you could find the SIM Card slots.

3.

Insert the SIM card, and you need press the card with your fingers until you hear “a cracking sound”. Then use a screwdriver to screw the cover.

 Removing SIM Card

1.

Make sure router is power off.

2.

Press the card until you hear “a cracking sound”, when the card will pop up to be pulled out.

Note :

1.

Don’t forget screw the cover for again-‐theft.

2.

Don’t touch the metal surface of the SIM card in case information in the card is lost or destroyed.

3.

Don’t bend or scratch your SIM card. Keep the card away from electricity and magnetism.

4.

Make sure router is power off before inserting or removing your SIM card.


16 / 113


2.8

Connect the External Antenna (SMA Type)

Connect router to an external antenna with SMA male connector. Make sure the antenna is for the correct frequency as your GSM/3G/ operator with impedance of 50ohm, and also connector is secured tightly.


17 / 113


Chapter 3.

Configuration settings over web browser

The router can be configured through your web browser. A web browser is included as a standard application in the following operating systems: Linux, Mac OS, Windows 98/NT/2000/XP/Me/Vista/7/8, etc. The product provides an easy and user-‐friendly interface for configuration.

There are various ways to connect the router, either through an external repeater/hub or connect directly to your PC.

However, make sure that your PC has an Ethernet interface properly installed prior to connecting the router.

You must configure your PC to obtain an IP address through a DHCP server or a fixed IP address that must be in the same subnet as the router. The best and easiest way is to configure the PC to get an IP address automatically from the router using DHCP. If you encounter any problems accessing the router web interface it is advisable to uninstall your firewall program on your PC, as these tend to cause problems accessing the IP address of the router.

3.1

Configuring PC in Windows

1.

Go to Control Panel\Network and Internet\Network Connections . In the Control Panel, double-‐click Network

Connections.

2.

Double-‐click Local Area Connection.

3.

In the Local Area Connection Status window, click Properties.


18 / 113


4.

Select Internet Protocol (TCP/IPv4) and click Properties.


19 / 113


5.

Select the Obtain an IP address automatically and Obtain DNS server address automatically radio buttons.

6.

Click OK to finish the configuration.

3.2

Factory Default Settings

Before configuring your router, you need to know the following default settings.

Item

Username

Password

Ethernet

DHCP Server

Description admin admin

192.168.0.1/255.255.255.0, LAN mode

Enabled.


20 / 113


3.3

Control Panel

This section allows users to save configuration, reboot router, logout and select language.


21 / 113


Item

Save

Control Panel

Description

Click to save the current configuration into router’s flash.

Reboot

Logout

After save the current configuration, router needs to be rebooted to make the modification taking effect.

Click to return to the login page.

Button

Language Select from Chinese, English, German, French and Spanish.

Refresh Click to refresh the status.

Apply Click to apply the modification on every configuration page.

Cancel Click to cancel the modification on every configuration page.

Note: The steps of how to modify configuration are as bellow:

1.

Modify in one page;

2.

Click under this page;

3.

Modify in another page;

4.

Click under this page;

5.

Complete all modification;

6.

Click ;

7.

Click .

3.4

Status -‐> System

This section displays the router’s system status, which shows you a number of helpful information such as the LEDs information, Router information, Current WAN Link and Cellular Information.

LEDs Information

For the detail description, please refer to 2.2 LED Indicators.


22 / 113


Item

Device Model

Serial Number

Router Information

Description

Show the model name of this device

Show the serial number of this device

Device Name

Firmware Version

Hardware Version

Kernel Version

Show the device name to distinguish different devices you have installed.

Show the current firmware version

Show the current hardware version

Show the current kernel version

Radio Module Type Show the current radio module type

Radio Firmware Version Show the current radio firmware version

Uptime

CPU Load

Show how long the router have been working since power on

Show the current CPU load

RAM Total/Free

System Time

Show the total capacity /Free capacity of RAM

Show the current system time

Item

Current WAN Link


Current WAN Link

Description

Show the current WAN link: Cellular WAN.

23 / 113


IP Address

Gateway

NetMask

DNS Server

Show the current WAN IP address

Show the current gateway

Show the current netmask

Show the current primary DNS server and Secondary server

Keeping PING IP Address

Keeping PING Interval

Show the current ICMP detection server which you can set in “Configuration-‐>Link

Management”.

Show the ICMP Detection Interval (s) which you can set in “Configuration-‐>Link

Management”.

Item

Current SIM

Phone No.

SMS Service Center

Modem Status

Network Status


Cellular Information

Description

Show the SIM card which the router work with currently: SIM1 or SIM2

Show the phone number of the current SIM.

Show the SMS Service Center.

Show the status of modem. There are 8 different status:

1.

Unknown.

2.

Ready.

3.

Checking AT.

4.

Need PIN.

5.

Need PUK.

6.

Signal level is low.

7.

No registered.

8.

Initialize APN failed.

Show the current network status. There are 6 different status:

1.

Not registered, ME is currently not searching for new operator!

24 / 113


Signal Level (RSSI)

Network Operator

Network Service Type

IMEI/ESN

IMSI

USB Status

2.

Registered to home network.

3.

Not registered, but ME is currently searching for a new operator.

4.

Registration denied.

5.

Registered, roaming.

6.

Unknown.

Show the current signal level.

Show Mobile Country Code (MCC) +Mobile Network Code (MNC), e.g. 46001.

Also it will show the Location Area Code (LAC) and Cell ID.

Show the current network service type, e.g. GPRS.

Show the IMEI/ESN number of the radio module.

Show the IMSI number of the current SIM.

Show the current status of USB host.

3.5

Status -‐> Network

This section displays the router’s Network status, which include status of Cellular WAN and LAN

3.6

Status -‐> Route

This section displays the router’s route table.


25 / 113


3.7

Status -‐> VPN

This section displays the router’s VPN status, which includes IPSec, L2TP, PPTP, OpenVPN and GRE.


26 / 113


3.8

Status -‐> Services

This section displays the router’s Services’ status, including VRRP, DynDNS and Serial.

3.9

Status -‐> Event/Log

This section displays the router’s event/log information. You need to enable router to output the log and select the log level first, then you can view the log information here. Also you can click Download System Diagnosing Data to download diagnose data.


27 / 113


Item

Download

Log Level

Download Sytem

Diagnosing Data

Manual Refresh

Event/Log

Description

Select the log messages you want to download.

Select the Log level in the drop-‐down menu: DEBUG, INFO, NOTICE, WARNING, ERR,

CRIT, ALERT, EMERG.

Click Download System Diagnosing Data to download diagnose file.

Select from “5 Seconds”, “10 Seconds”, “15 Seconds”, “30 Seconds” and “1 Minute”.

User can select these intervals to refresh the log information.

3.10

Configuration -‐> Cellular WAN

This section allows users to set the Cellular WAN and the related parameters.


28 / 113



29 / 113


Item

Network Provider Type

APN

Username

Password

Dialup No.

PIN Type

Basic @Cellular WAN

Cellular Settings

Description

Select from “Auto”, “Custom” or the ISP name you preset in

“Configuration”-‐>”Cellular WAN”-‐>”ISP Profile”.

Auto: Router will get the ISP information from SIM card, and set the APN, username and password automatically. This option only works when the

SIM card is from well-‐known ISP.

Custom: Users need to set the APN, username and password manually.

Access Point Name for cellular dial-‐up connection, provided by local ISP.

User Name for cellular dial-‐up connection, provided by local ISP.

Password for cellular dial-‐up connection, provided by local ISP.

Dialup number for cellular dial-‐up connection, provided by local ISP.

Select from “None”, “Input”, “Lock”, “Unlock”.

None: Select when SIM card does not enable PIN lock or PUK lock.

Input: Select when SIM card has enabled with PIN lock or PUK lock. Correct

PIN/PUK code need to be entered.

Lock: Select when user needs to lock the SIM card with PIN or PUK code.

Unlock: Select when user needs to unlock the SIM card with PIN or PUK code.

Note : Please ask your local GSM ISP to see whether your SIM card requiring

PIN or not.

If you want to change with a new PIN code, you need to input new PIN code in item “New PIN Code” and “Confirm New PIN Code”.

You can go to tab “Status” -‐> “Event/Log” and find out “AT+CPIN?” to check what the status of the SIM card is.

Connection Mode

Default

Auto

Null

Null

Null

*99***1#

None


30 / 113


Select from “Always Online” and “Connect On Demand”.

Always Online: Auto activates PPP and keeps the link up after power on.

Connection Mode

Connect On Demand: After selection this option, user could configure

Triggered by Serial Data, Triggered by Periodically Connect and Triggered by

Time Schedule.

Note : If you select several connect on demand polices, router only have to meet one of them to be triggered.

Redial Interval

Router will automatically re-‐dial with this interval when it fails communicating to peer via TCP or UDP.

Max Retries

ICMP Detection Primary

Server

The maximum retries times for automatically re-‐connect when router fails to dial up.

After maximum retries, router will reboot the wireless module. If router still cannot dial up successfully, it will try to switch to the other SIM card. Then router will re-‐connect with the other SIM card with maximum retries.

After successful connection, the Max Retries counter will be set to 0.

Router will ping this primary address/domain name to check that if the current connectivity is active.

ICMP Detection

Secondary Server

Router will ping this secondary address/domain name to check that if the current connectivity is active.

ICMP Detection Interval Set the ping interval time.

ICMP Detection Timeout Set the ping timeout.

ICMP Detection Retries

Reset The Interface

Serial Output Content

Triggered by Serial Data

Triggered by Tel

Triggered by SMS

SMS Connect Command

SMS

Command

Phone Group

Disconnect

SMS Connect Reply

SMS Disconnect Reply

If Router ping the preset address/domain name time out continuously for

Max Retries time, it will consider that the connection has been lost.

Enable to reset the cellular/ETH interface after the max ICMP detection retries.

The content which output to the serial device which connect to router and inform it that router is ready to receive serial data.

Tick this check box to allow router automatically connects to cellular network from idle mode when there is data comes out from serial port.

Tick this check box to allow router automatically connects to cellular network from idle mode when make a voice call to router.

Tick this check box to allow router automatically connects to cellular network from idle mode when send a specific SMS to router.

Users shall send this specific SMS to trigger router to connect to cellular network.

Users shall send this specific SMS to trigger router to disconnect to cellular network.

When router connects to cellular network, it will automatically send out this

SMS to specific users (set in the Phone Group).

When router disconnect from cellular network, it will automatically send out this SMS to specific users (set in the Phone Group).

Click to add Phone Group to Set specific users’ phone Book and which phone Group they are belonged to.

Connect

On

Demand

30

3

8.8.8.8

8.8.4.4

Null

30

3

3

Null

Enable

Disable

Disable

Null

Null

Null

Null

Null


31 / 113


Periodically Connect

Tick this check box to allow router automatically connects to cellular network with preset interval which you preset in Periodically Connect

Interval .

Periodically

Interval

Connect

Periodically Connect Interval for Periodically Connect.

Time Schedule

Time Range

Select the Time Range to allow router automatically connects to cellular network during this time range.

Adding the Time Range for Time Schedule. You can set the days of one week and at most three ranges of time of one day.

Dual SIM Policy

Set the preferred SIM card from SIM 1, SIM 2 or Auto. Main SIM Card

Switch to backup SIM card when connection fails

Switch to backup SIM card when roaming is detected

Router will switch to another SIM card if main SIM card fail to connect to network.

Router will switch to backup SIM card when preferred SIM card is roaming.

Enable

300

NULL

Null

SIM1

Disable

Disable

Preferred PLMN

The identifier for Router to check if it is in home location area or in roaming area, and decide if it needs to switch back to preferred SIM card.

Null

Switch to backup SIM card when data limit is exceeded

If the SIM card that the router worked with currently has reached the data traffic limitation you preset, it will switch to the other SIM card.

Disable

Max Data limitation(MB) Set the monthly data traffic limitation.

Date of Month to Clean Set one day of month to restore the used data to 0.

Already used

Switch back Main SIM card after timeout(min)

This tab will show how many data traffic has been used.

Enable to Switch back Main SIM card after the Initial timeout.

Set the initial timeout.

Initial Timeout(min)

100

1

0

Disable

60


32 / 113


Item

Phone No.

Network Type

Band Mode

Authentication

MTU


Advanced @Cellular WAN

Description

Set the SIM card’s phone number, and it will be showed in

“Status”-‐>”System”-‐>”System”-‐>”Cellular WAN Information”-‐“SIM Phone

Number”.

In general, you don’t need to set this number because router will read it from the SIM card automatically.

Select from “Auto”, “2G GSM” and “3G UMTS” as the SIM card supportted.

Tick the Band Mode options to fix the bands router working with.

Select from “Auto”, “PAP” and “CHAP” as the local ISP required.

Maximum Transmission Unit. It is the identifier of the maximum size of

Default

Null

Auto

Disable

Auto

1500

33 / 113

3G Industrial VPN Pro User Guide packet, which is possible to transfer in a given environment.

MRU

Maximum Receiving Unit. It is the identifier of the maximum size of packet, which is possible to receive in a given environment.

Asyncmap Value

Use Peer DNS

Primary DNS Server

Secondary DNS Server

One of the PPP initialization strings. In general, you don’t need to modify this value.

Enable to obtain the DNS server’s address from the ISP.

Set the primary DNS server’s address. This item will be unavailable if you enable “Use Peer DNS”.

Set the secondary DNS server’s address. This item will be unavailable if you enable “Use Peer DNS”.

Address/Control

Compression

Protocol

Compression

Field

Used for PPP initialization. In general, you need to enable it as default.


1500

1

Enable

Null

Null

Enable

Enable

Expert Options

You can enter some other PPP initialization strings in this field. Each string can be separated by a space. noccp nobsdcom p

ISP Profile

This section allow users to preset some ISP profiles which will be shown in the selection list of

“Configuration”-‐>”Cellular WAN”-‐>”Network Provider Type”.

Item

ISP

ISP Profile @Cellular WAN

Description

Input the ISP’s name which will be shown in the selection list of

“Configuration”-‐>”Cellular WAN”-‐>”Network Provider Type”.

APN, Username,

Password, Dialup No.

All these parameters were provided by the ISP.

Default

Null

Null

3.11

Configuration -‐> Ethernet

This section allows users to set the Ethernet LAN parameters of Eth0.


34 / 113


Item

IP Address, Netmask,

MTU @ LAN Interface

Multiple IP Address @

LAN Interface

Enable DHCP Server @

DHCP Server

IP Pool Start, IP Pool End

@ DHCP Server

Netmask @ DHCP Server

Lease Time @ DHCP

Server(min)

Primary/Secondary

Description

Eth0@Ethernet

Set the IP address, Netmask and MTU of Eth0. These parameters will be un-‐configurable if you enable Bridge.

Assign multiple IP addresses for Eth0.

Default

Null

Null

Enable to make router can lease IP address to DHCP clients which connect to Eth0.

Enable

Define the beginning (IP Pool Start) and end (IP Pool End) of the pool of

IP addresses which will lease to DHCP clients.

192.168.0.2/

192.168.0.10

0

Define the Netmask which the DHCP clients will obtain from DHCP server.

Define the time which the client can use the IP address which obtained from DHCP server.

255.255.255.

0

60

Define the primary/secondary DNS Server which the DHCP clients will 192.168.0.1/


35 / 113


DNS Server @ DHCP

Server obtain from DHCP server.

Windows Name Server @

DHCP Server

Define the WINS Server which the DHCP clients will obtain from DHCP server.

0.0.0.0

192.168.0.1

Static Lease @ DHCP

Server

Define to lease static IP Addresses, which conform to MAC Address of the connected equipment.

Null

Router can be DHCP Relay, which will provide a relay tunnel to solve problem that DHCP Client and DHCP Server is not in a same subnet. This section allow user to configure DHCP Relay settings.

Item

DHCP Server

DHCP Relay @ Ethernet

Description

Enter DHCP Server’s IP address.

Note: Please disable DHCP Server and DHCP Client first to make sure

DHCP relay can be enabled.

Default

Null

3.12

Configuration -‐> Serial

This section allows users to set the serial (RS232/RS485) parameters.

 When Select Protocol “Transparent”:


36 / 113


 When Select Protocol “Modbus”:

 When Select Protocol “Transparent Over Rlink”:

 When Select Protocol “Modbus Over Rlink”:

 When Select Protocol “AT Over COM”:


37 / 113


Item

Baud-‐rate

RS232 @ Serial

Description

Select from “300”, “600”, “1200”, “2400”, “4800”, “9600”, “19200”, “38400”,

Data bit

Parity

“57600” , “115200”and “230400”.

Select from “7” and “8”.

Select from “None”, “Odd” and “Even”.

Stop bit

Flow control

Protocol

Mode @Transparent

Default

115200

8

None


Select from “None”, “Software” and “Hardware”.

Select from “None”, “Transparent”, “Modbus”, “Transparent Over Rlink”,

“Modbus Over Rlink” “AT Over COM” and “GPS Report”.

1.

None: Router will do nothing in RS232 serial port.

2.

Transparent: Router will transmit the serial data transparently without any protocols.

3.

Modbus: Router will translate the Modbus RTU data to Modbus TCP data and vice versa.

1

None

4.

Transparent Over Rlink: Router will send all data from RS232 serial port to

Robustlink, then Robustlink will forward the data to another destination site.

5.

Modbus Over Rlink: Router will translate all data from RS232 serial port to

Modbus TCP protocol data, and then send to Robustlink, after that

Robustlink will forward the data to another destination site.

None

6.

AT Over COM: select to operate router via RS232 COM port. For example, enter AT commands to router via RS232 COM port.

7.

GPS Report: select to enable router to output GPS status data through RS232 port.

Select from “TCP Server”, “TCP Client” and “UDP”.

TCP Client: Router works as TCP client, initiate TCP connection to TCP server.

Server address supports both IP and domain name.

TCP Server: Router works as TCP server, listening for connection request from

TCP client.

UDP: Router works as UDP client.

TCP

Client

Local

@Transparent

Port

Enter the Local port for TCP or UDP. 0

Multiple

@Transparent

Server

Click “Add” button to add multiple server. You need to enter the server’s IP and port, and enable or disable “Send data to serial”. If you disable “Send data to serial”, router will not transmit the data from this server to serial port.

Note: This section will not be displayed if you select “TCP server” in “Mode”.

None show

Advanced

Transparent

Protocol

@ Tick to enable protocol advanced setting. Disable

Local

Transparent

IP @

This item will show up when you enable any VPN tunnel of 3G Industrial VPN Pro, it means serial data can be matched to this local IP address and be transmitted or received via VPN tunnel.

Null


38 / 113


Note : when you do not enable any VPN tunnel, this item will not show up.

Interval

@Transparent

Packet

@Transparent

Timeout

Length

The serial port will queue the data in the buffer and send the data to the Cellular

WAN/Ethernet WAN when it reaches the Interval Timeout in the field.

Note : Data will also be sent as specified by the packet length or delimiter settings even when data is not reaching the interval timeout in the field.

The Packet length setting refers to the maximum amount of data that is allowed to accumulate in the serial port buffer before sending. 0 for packet length, no maximum amount is specified and data in the buffer will be sent as specified by the interval timeout or delimiter settings or when the buffer is full. When a packet length between 1 and 1024 bytes is specified, data in the buffer will be sent as soon it reaches the specified length.

Note : Data will also be sent as specified by the interval timeout or delimiter settings even when data is not reaching the preset packet length.

When Delimiter 1 is enabled, the serial port will queue the data in the buffer and

Enable Delimiter1/2 send the data to the Cellular WAN/Ethernet WAN when a specific character, entered in hex format, is received. A second delimiter character may be enabled and specified in the Delimiter 2 field, so that both characters act as the delimiter to control when data should be sent.

Delimiter1/2 (Hex)

@Transparent

Enter the delimiter in Hex.

10

1360

Disable

0

Delimiter

@Transparent

Process

Local IP @ Modbus

The Delimiter process field determines how the data is handled when a delimiter is received.

None: Data in the buffer will be transmitted when the delimiter is received; the data also includes the delimiter characters.

Strip: Data in the buffer is first stripped of the delimiter before being transmitted.

Strip

This item will show up When you enable any VPN tunnel of 3G Industrial VPN

Pro, it means serial data can be matched to this local IP address and be transmitted or received via VPN tunnel.


0

Local Port @ Modbus Enter the Local port for Modbus.

Select From “Modbus RTU slave”, “Modbus ASC Ⅱ slave”, “Modbus RTU master” and “Modbus ASC Ⅱ master”.

Attached serial device type @Modbus

Modbus RTU slave: router connects to Modbus slave device which works under

Modbus RTU protocol.

Modbus ASC Ⅱ slave: router connects to Modbus slave device which works under

Modbus ASC Ⅱ protocol.

Note : When select “Modbus RTU slave” and “Modbus ASC Ⅱ slave” protocol, router is as TCP Server site, user need to enter a local port number in “Local Port

@Modbus” and wait to be connected.

Modbus RTU master: router connects to master device which works under


Modbus ASC Ⅱ master: router connects to master device which works under


0

Modbu s RTU slave


39 / 113


Note : When select “Modbus RTU master ” and “Modbus ASC Ⅱ master ” protocol, router is as TCP Client site, user need to enter slave address and slave port number in “ Slave Address @ Modbus Slave ” and “ Slave Port @ Modbus Slave ”, and connect to Server site.

Modbus

@Modbus

Slave Address

Modbus Slave

Slave

@

Add the Modbus slaves which will be polled by Modbus master (router). This section only displayed when you select “Modbus RTU master” or “Modbus ASC Ⅱ master” in “Attached serial device type”.

This connection is usually used to connect to the Modbus slave devices which as

TCP server. Enter IP address of the TCP server.

Slave Port @ Modbus

Slave

ID @ Modbus Slave

Interval Timeout @

Transparent Over

Rlink

Enter the port number of TCP server.

Enter the ID number of TCP server.

The serial port will queue the data in the buffer and send the data to the Cellular

WAN/Ethernet WAN when it reaches the Interval Timeout in the field.

Attached serial device type @ Modbus Over

Rlink

Display all com @ AT

Over COM

Select From “Modbus RTU slave”, “Modbus ASC Ⅱ slave”.

Modbus RTU slave: router connects to slave device which works under Modbus

RTU protocol.

Modbus ASC Ⅱ slave: router connects to slave device which works under Modbus

ASC Ⅱ protocol.

Enable to display all virtual com of the module inside the router. Generally, router will occupy /dev/ttyUSB0 and /dev/ttyUSB2 for dialing up to GPRS.

Note : Enable this function will disable Cellular WAN function.

Null

Null

Null

Null

10

Null

Disable

COM Name Show the virtual com name of the module inside.

/dev/tt yUSB0

 When Select Protocol “Transparent”:


40 / 113


 When Select Protocol “Modbus”:

 When Select Protocol “Transparent Over Rlink”:

 When Select Protocol “Modbus Over Rlink”:

Item

Baud-‐rate

Data bit

Parity

Stop bit

Protocol


RS485 @ Serial

Description

Select from “300”, “600”, “1200”, “2400”, “4800”, “9600”, “19200”,

“38400”, “57600” , “115200”and “230400”.


Select from “None”, “Odd” and “Even”.


Select from “None”, “Transparent” and “Modbus”.

Transparent: Router will transmit the serial data transparently without any

Default

115200

8

None

1

Transparent

41 / 113

3G Industrial VPN Pro User Guide protocols.

Modbus: Router will transmit the serial data with Modbus protocol.

Mode @Transparent Select from “TCP Server”, “TCP Client” and “UDP”.

Local

@Transparent

Port

Enter the Local port for TCP or UDP.

Multiple

@Transparent

Server

Click “Add” button to add multiple server. You need to enter the server’s IP and port, and enable or disable “Send data to serial”. If you disable “Send data to serial”, router will not transmit the data from this server to serial port.

Note: This section will not be displayed if you select “TCP server” in “Mode”.

Enable

@Transparent

Protocol

Tick to enable protocol advanced setting.

Local

Transparent

Interval

@Transparent

Packet

IP

@Transparent

Timeout

Enable Delimiter1

@

Length

This item will show up When you enable any VPN tunnel of 3G Industrial

VPN Pro, it means serial data can be matched to this local IP address and be transmitted or received via VPN tunnel.


The serial port will queue the data in the buffer and send the data to the

Cellular WAN/Ethernet WAN when it reaches the Interval Timeout in the field.

Note : Data will also be sent as specified by the packet length or delimiter settings even when data is not reaching the interval timeout in the field.

The Packet length setting refers to the maximum amount of data that is allowed to accumulate in the serial port buffer before sending. 0 for packet length, no maximum amount is specified and data in the buffer will be sent as specified by the interval timeout or delimiter settings or when the buffer is full. When a packet length between 1 and 1024 bytes is specified, data in the buffer will be sent as soon it reaches the specified length.

Note : Data will also be sent as specified by the interval timeout or delimiter settings even when data is not reaching the preset packet length.

When Delimiter 1 is enabled, the serial port will queue the data in the buffer and send the data to the Cellular WAN/Ethernet WAN when a specific character, entered in hex format, is received. A second delimiter character may be enabled and specified in the Delimiter 2 field, so that both characters act as the delimiter to control when data should be sent.

Delimiter1 (Hex) @

Transparent

Enter the delimiter in Hex.

Delimiter Process @

Transparent

Local IP @ Modbus

The Delimiter process field determines how the data is handled when a delimiter is received.

None: Data in the buffer will be transmitted when the delimiter is received; the data also includes the delimiter characters.

Strip: Data in the buffer is first stripped of the delimiter before being transmitted.

This item will show up When you enable any VPN tunnel of 3G Industrial

TCP Client

0

Null

Disable

0

10

1360

Disable

0

Strip

0


42 / 113


VPN Pro, it means serial data can be matched to this local IP address and be transmitted or received via VPN tunnel.


Local Port @ Modbus Enter the Local port for Modbus.

Select From “Modbus RTU slave”, “Modbus ASC Ⅱ slave”, “Modbus RTU master” and “Modbus ASC Ⅱ master”.

Attached serial device type @ Modbus

Modbus RTU slave: router connects to slave device which works under


Modbus ASC Ⅱ slave: router connects to slave device which works under


Modbus RTU master: router connects to master device which works under

Modbus Slave @

Modbus


Modbus ASC Ⅱ master: router connects to master device which works under


Add the Modbus slaves which will be polled by Modbus master (router). This section only displayed when you select “Modbus RTU master” or “Modbus

ASCII master” in “Attached serial device type”.

This connection is usually used to connect to the Modbus slave devices which as TCP server. Enter IP address of the TCP server.

Slave Address @

Modbus Slave

Slave Port @ Modbus

Slave

ID @ Modbus Slave

Interval Timeout @

Transparent Over

Rlink

Enter the port number of TCP server.

Enter the ID number of TCP server.

Serial port will queue the data in buffer and then send it to the Cellular

WAN/Ethernet WAN when it reaches the Interval Timeout in this field.

Attached serial device type @ Modbus Over

Rlink

Select From “Modbus RTU slave”, “Modbus ASC Ⅱ slave”.

Modbus RTU slave: router connects to slave device which works under


Modbus ASC Ⅱ slave: router connects to slave device which works under


0

Modbus

RTU slave

Null

Null

Null

Null

10

Modbus

RTU slave

3.13

Configuration -‐> USB

This section allows users to set the USB parameters.

Note : Users can insert an USB storage device, such as U disk and hard disk, into the router’s USB interface. If there is configuration file or firmware of R3G Industrial VPN Pro inside the USB storage devices, R3G Industrial VPN Pro will automatically update the configuration file or firmware. We will provide another file to show how to do USB automatic update.


43 / 113


Item

Enable automatic update of configuration

Enable automatic update of firmware

USB

Description

Click Enable to automatically update the configuration file of 3G Industrial

VPN Pro when insert the USB storage devices which has 3G Industrial VPN

Pro’s configuration file.

Click Enable to automatically update the firmware of 3G Industrial VPN Pro when insert the USB storage devices which has 3G Industrial VPN Pro’s firmware.

Default

Disable

Disable

3.14

Configuration -‐> NAT/DMZ

This section allows users to set the NAT/DMZ parameters.

Port Forwarding @ NAT/DMZ

Item Description

Defaul t

Port Forwarding

Manually defining a rule in the router to send all data received on some range of ports on the internet side to a port and IP address on the LAN side.

Remote IP

Arrives At Port

Is Forwarded to IP

Address

Set the remote IP address.

The port of the internet side which you want to forward to LAN side.

The device’s IP on the LAN side which you want to forward the data to.

Is Forwarded to Port The device’s port on the LAN side which you want to forward the data to.

Protocol Select from “TCP”, “UDP” or “TCP&UDP” which depends on the application.

Null

Null

Null

Null

Null

TCP


44 / 113


Item

DMZ

Enable DMZ

DMZ Host

Source Address

DMZ @ NAT/DMZ

Description

DMZ host is a host on the internal network that has all ports exposed, except those ports otherwise forwarded.

Default

Null

Select to enable the DMZ function.

Enter the IP address of the DMZ host which on the internal network.

Enable

0.0.0.0

Set the address which can talk to the DMZ host. Null means for any addresses. 0.0.0.0

3.15

Configuration -‐> Firewall

This section allows users to set the firewall parameters.

Basic @ Firewall

Item

Remote Access Using

HTTP

Remote Access Using

TELNET

Description Default

Enable to allow users to access the router remotely on the internet side via HTTP. Enable

Enable to allow users to access the router remotely on the internet side via

Telnet.

Remote Access Using

SNMP

Enable to allow users to access the router remotely on the internet side via

SNMP.

Remote Ping Request Enable to make router reply the Ping requests from the internet side.

Enable

Enable

Enable

Defend Dos Attack Enable to defend dos attack. Dos attack is an attempt to make a machine or Enable


45 / 113

3G Industrial VPN Pro User Guide network resource unavailable to its intended users.

Filtering @ Firewall

Item Description Default

Default Filter Policy

Add Filter List

Action

Source IP

Source Port

Select from “Accept” and “Drop”.

Accept: Router will reject all the connecting requests except the hosts which fit the filter list.

Drop: Router will only accept the connecting requests from the hosts which fit the filter list.

Click “Add” to add a filter list.

Select from “Accept” and “Drop”.

Accept: Router will reject all the connecting requests except the hosts which fit this filter rule.

Drop: Router will only accept the connecting requests from the hosts which fit this filter rule.

Defines if access is allowed from one or a range of IP addresses which are defined by Source IP Address, or every IP addresses.

Defines if access is allowed from one or a range of port which is defined by

Source Port.

Accept

Null

Accept

Null

Null

Target IP Address

Target Port

Protocol

Defines if access is allowed to one or a range of IP addresses which are defined by Target IP Address, or every IP addresses.

Defines if access is allowed tone or a range of port which is defined by Target

Port.

Select from “TCP”, “UDP”, “TCP&UDP”, “ICMP” or “ALL”.

If you don’t know what kinds of protocol of your application, we recommend you select “ALL”.

Note:

Null

Null

TCP

Note: You can use “-‐“to define a range of IP addresses or ports, e.g.1.1.1.1-‐2.2.2.2, 10000-‐12000.

Note: The filtering settings should be divided into two parts. Part 1 is the Exact Filter List and Part 2 is the Default

Filter Policy. The priority of Exact Filter List is higher than Default Filter Policy. It means that while Router receive IP packets from WAN side, it will check the Exact Filter List first, if the IP packets mismatch the Exact Filter List, then


46 / 113


Router will execute the Default Filter Policy.

Item

Mac-‐IP Bounding

Mac Address

IP Address

Mac-‐Binding @ Firewall

Description

The defined host (MAC) on the LAN side only can use the defined IP address to communicate with router, or will be rejected.

Enter the defined host’s Mac Address.

Enter the defined host’s IP Address.

Default

Null

Null

Null

3.16

Configuration -‐> QoS

This section allows users to set the QoS parameters.


47 / 113


Item

Enable QoS

Downlink

(kbps)

Speed uplink Speed (kbps)

Optimize for TCP Flags

Description

Click to enable “QoS” function.

QoS

Prescribe downlink speed of router.

Note : Default setting“0” means that there is no limitation of downlink speed.

Prescribe uplink speed of router.

Note : Default setting“0” means that there is no limitation of uplink speed.

User can choose to enable TCP flags: “SYN”, “ACK”, “FIN”, “RST”, which means data with above TCP Flags will get the highest priority to occupy bandwidth. After enabled, router will enhance respond timeout of TCP control, in case that data resend frequently.

Default

Disable

0

0

Disable


48 / 113


Enable to optimize for ICMP, which means ICMP will get the highest priority to occupy bandwidth. After enabled respond interval of PING control will be

Optimize for ICMP shorter.

Note : if user click to enable “Optimize for TCP Flags”, “Optimize for Serial Data

Forwarding”, and “Optimize for ICMP” at the same time (these three services are in the same priority level), router will automatically start Stochastic Fairness

Queueing (SFQ) strategy to make a fair bandwidth allocation, in case of one service occupy all the bandwidth.

Optimize for Serial

Data Forwarding

Enable to optimize for serial data forwarding, which means serial data forwarding will get the highest priority to occupy bandwidth.

When enable serial data forwarding it need to enable local port number for controlling. Therefore, it needs to set local port number of router even if router is as TCP Client.

Select from “Exempt”, “Premium”, “Express”, “Normal” and “Bulk”. Users

(Services) with no other pre-‐priority set will use this default priority.

Exempt: this is the highest priority which guarantees that the minimum global

Default Percent

Definition

Default Priority rate of router is 50% of “Downlink Speed”, and the maximum rate can reach to

100% of “Downlink Speed”.

Premium: guarantees that the minimum global rate of router is 25% of “Downlink

Speed”, and the maximum rate can reach to 100% of “Downlink Speed”.

Express: guarantees that the minimum global rate of router is 15% of “Downlink


Normal: guarantees that the minimum global rate of router is 10% of “Downlink


Bulk: guarantees that the minimum global rate of router is 1% of “Downlink


Select from “Exempt”, “Premium”, “Express”, “Normal” and “Bulk”.

MAC Address @ QoS

MAC Control List

Priority @ QoS MAC

Control List

Enter MAC address of the user (for example, PC) who you want to set it with QoS

Control. Router supports up to 20 users set with QoS MAC Control. Priority of

QoS MAC Control is higher than that of QoS IP control.


Select the priority of the user (for example, PC) who you want to set it with QoS

Control.

Exempt: this is the highest priority which guarantees that the minimum global rate of router is 50% of “Downlink Speed”, and the maximum rate can reach to









Disable

Disable

Normal

Normal

Null

Exempt


49 / 113



IP Address @ QoS IP

Control List

Enter IP address of the user (for example, PC) who you want to set it with QoS

Control. Router supports up to 20 users set with QoS IP Control. If want to control one network segment, user can set “IP Address” as format “x.x.x.x/24” or

“x.x.x.x/255.255.255.0”. For example, if we to control network segment “172.16. x.x”, we can set “172.16.0.0/16” or “172.16.0.0/255.255.0.0” in “IP Address”.

Priority @ QoS IP

Control List

Service Name @ QoS

Service Control List


Select the priority of the user (for example, PC) who you want to set it with QoS

Control.











Set server name of the service that you want to set it with QoS Control. Router supports up to 20 users set with QoS Service Control. Priority of QoS Service

Control is higher than that of both QoS IP control and QoS MAC control.

Null

Exempt

Null

Protocol @ QoS

Service Control List

Port @ Service

Control List

Select from “TCP”, “UDP” and “TCP&UDP”.

Enter the port number of the service that you want to set it with QoS Control.

TCP

Null


Select the priority of the service that you want to set it with QoS Control.


Priority @ QoS Service

Control List










Exempt

Note : If services are in the same priority level, router will automatically start Stochastic Fairness Queueing (SFQ) strategy to make a fair bandwidth allocation.


50 / 113


3.17

Configuration -‐> IP Routing

This section allows users to set the IP routing parameters.

Item

Static Route Table

Interface

Destination

Netmask

Gateway

Static Route @ IP Routing

Description

Allow users to add, delete or modify static route rules manually.

Select from “WAN”, “LAN_0”.

Enter the destination host’s IP address or destination network.

Enter the Netmask of the destination or destination network.

Enter the gateway’s IP address of this static route rule. Router will forward all the data which fit for the destination and Netmask to this gateway.

Default

Null

WAN

Null

Null

Null

Item

RIP


RIP @ IP Routing

Description Default

RIP (Routing Information Protocol) is a distance-‐vector routing protocol, which Null

51 / 113

3G Industrial VPN Pro User Guide employs the hop count as a routing metric. RIP prevents routing loops by implementing a limit on the number of hops allowed in a path from the source to a destination.

Enable RIP Protocol

Setting

RIP Protocol Version Select from “RIPv1” and “RIPv2”.

Neighbor IP

If you input this neighbor IP, router will only send RIP request massage to this IP instead of broadcast. This item only needs to be set in some unicast network.

Update times

Timeout

Garbage

Enable Advance

Default Metric

Distance

Tick to enable RIP function.

Defines the interval between routing updates.

Defines the route aging time. If no update for a route is received after the aging time elapses, the metric of the route is set to 16 in the routing table.

Defines the interval from when the metric of a route becomes 16 to when it is deleted from the routing table. During the Garbage-‐Collect timer length, RIP advertises the route with the routing metric set to 16. If no update is announced for that route after the Garbage-‐Collect timer expires, the route will be deleted from the routing table.

Tick to enable RIP protocol Advance Setting.

This value is used for redistributed routes.

The first criterion that a router uses to determine which routing protocol to use if

Passive two protocols provide route information for the same destination.

Select from “None”, “Eth0”, and “Default”.

This command sets the specified interface to passive mode. On passive mode interface, all receiving packets are processed as normal and Rip info does not send either multicast or unicast RIP packets except to RIP neighbors specified with neighbor command.

The default is to be passive on all interfaces.

Enable

Origination

Default

Enable Redistribute

Connect

Enable Redistribute

Static

Enable to make router send the default route to the other routers which in the same IGP AS.

Redistribute connected routes into the RIP tables.

Redistributes routing information from static route entries into the RIP tables.

Enable Redistribute

OSPF

Network List

Network Address

Netmask

Redistributes routing information from OSPF route entries into the RIP tables.

Router will only report the RIP information in this list to its neighbor.

Enter the Network address which Eth0 or Eth 1 connects directly.

Enter the Network’s Netmask which Eth0 or Eth 1 connects directly.

Disable

RIPv1

0.0.0.0

30

180

120

Disable

1

120

None

Disable

Disable

Disable

Disable

Null

Null

Null


OSPF @ IP Routing

52 / 113


Item Description

OSPF

OSPF (Open Shortest Path First) is a link-‐state routing protocol for IP networks. It uses a link state routing algorithm and falls into the group of interior routing

Enable OSPFv2 protocols, operating within a single autonomous system (AS).

Tick to enable OSPF function.

Default

Null

Disable

3.18

Configuration -‐> DynDNS

This section allows users to set the DynDNS parameters.

Item

DynDNS

Enable DynDNS

Service Type

Hostname

Username

Password

Force Update

DynDNS Status


DynDNS

Description

The Dynamic DNS function allows you to alias a dynamic IP address to a static domain name, allowing users whose ISP does not assign them a static IP address to use a domain name. This is especially useful for hosting servers via your connection, so that anyone wishing to connect to you may use your domain name, rather than having to use your dynamic IP address, which changes from time to time. This dynamic IP address is the WAN IP address of the router, which is assigned to you by your ISP.

Tick to enable DynDNS function.

Select the DDNS service from “DynDNS–Dynamic”, “QDNS (3322)”,

“NOIP” and “Custom” which you have established an account with.

Enter the Host name the DDNS server provided.

Enter the user name the DDNS server provided.

Enter the password the DDNS server provided.

Click to the update and use the DynDNS settings.

Show current status of DynDNS

Default

Null

Disable

DynDNS–Dynamic

Null

Null

Null

Null

Null

53 / 113


3.19

Configuration -‐> IPSec

This section allows users to set the IPSec parameters.

Item

Enable NAT Traversal

Keepalive Interval

IPSec Basic @ IPSec

Description

Tick to enable NAT Traversal for IPSec. This item must be enabled when router under NAT environment.

The interval that router sends keepalive packets to NAT box so that to avoid it to remove the NAT mapping.

Default

Enable

30


54 / 113


Item

Add

Enable

IPSec Gateway


IPSec Tunnel @ IPSec

Description

Click Add to add new IPSec Tunnel

Enable IPSec Tunnel, the max tunnel account is 3

Enter the address of remote side IPSec VPN server.

Default

Null

Null

Null

55 / 113


Address

IPSec Mode

Select from “Tunnel” and “Transport”.

Tunnel: Commonly used between gateways, or at an end-‐station to a gateway, the gateway acting as a proxy for the hosts behind it.

Transport: Used between end-‐stations or between an end-‐station and a gateway, if the gateway is being treated as a host—for example, an encrypted Telnet session from a workstation to a router, in which the router is the actual destination.

IPSec Protocol

Local Subnet

Select the security protocols from “ESP” and “AH”.

ESP: Uses the ESP protocol.

AH: Uses the AH protocol.

Enter IPSec Local Protected subnet’s address.

Local Subnet Mask

Local ID Type

Enter IPSec Local Protected subnet’s mask.

Select from “IP Address”, “FQDN” and “User FQDN” for IKE negotiation.

“Default” stands for “IP Address”.

IP Address: Uses an IP address as the ID in IKE negotiation.

FQDN: Uses an FQDN type as the ID in IKE negotiation. If this option is selected, type a name without any at sign (@) for the local security gateway, e.g., test.Digicom.com.

User FQDN: Uses a user FQDN type as the ID in IKE negotiation. If this option is selected, type a name string with an sign “@” for the local security gateway, e.g., [email protected].

Remote Subnet Enter IPSec Remote Protected subnet’s address.

Remote Subnet Mask Enter IPSec Remote Protected subnet’s mask.

Remote ID Type

Negotiation Mode

Encryption Algorithm

Select from “IP Address”, “FQDN” and “User FQDN” for IKE negotiation.

IP Address: Uses an IP address as the ID in IKE negotiation.

FQDN: Uses an FQDN type as the ID in IKE negotiation. If this option is selected, type a name without any at sign (@) for the local security gateway, e.g., test.Digicom.com.

User FQDN: Uses a user FQDN type as the ID in IKE negotiation. If this option is selected, type a name string with a sign “@” for the local security gateway, e.g., [email protected].

Select from “Main” and “aggressive” for the IKE negotiation mode in phase 1. If the IP address of one end of an IPSec tunnel is obtained dynamically, the IKE negotiation mode must be aggressive. In this case,

SAs can be established as long as the username and password are correct.

Select from “DES”, “3DES”, “AES128”, “AES192” and “AES256”to be used in IKE negotiation.

DES: Uses the DES algorithm in CBC mode and 56-‐bit key.

3DES: Uses the 3DES algorithm in CBC mode and 168-‐bit key.

AES128: Uses the AES algorithm in CBC mode and 128-‐bit key.


Tunnel

ESP

0.0.0.0

0.0.0.0

Default

0.0.0.0

0.0.0.0

Default

Main

3DES


56 / 113



Authentication

Algorithm

Select from “MD5” and “SHA1”to be used in IKE negotiation.

MD5: Uses HMAC-‐SHA1.

SHA1: Uses HMAC-‐MD5.

DH Group

Select from “MODP768_1”, “MODP1024_2” and “MODP1536_5”to be used in key negotiation phase 1.

MODP768_1: Uses the 768-‐bit Diffie-‐Hellman group.



Authentication

Select from “PSK”, “CA”, “XAUTH Init PSK” and “XAUTH Init CA” to be used in IKE negotiation.

PSK: Pre-‐shared Key.

CA: Certification Authority.

XAUTH: Extended Authentication to AAA server.

Secrets

Life Time @ IKE

Parameter

SA Algorithm

PFS Group

Life Time @ SA

Parameter

DPD Time Interval

Enter the Pre-‐shared Key.

Set the lifetime in IKE negotiation.

Before an SA expires, IKE negotiates a new SA. As soon as the new SA is set up, it takes effect immediately and the old one will be cleared automatically when it expires.

Select from “DES_MD5_96”, “DES_SHA1_96”, “3DES_MD5_96”, “3DES_

SHA1_96”, “AES128_MD5_96”, “AES128_ SHA1_96”,

“AES192_MD5_96”, “AES192_ SHA1_96”, “AES256_MD5_96” and

“AES256_ SHA1_96” when you select “ESP” in “Protocol”;

Select from “AH_MD5_96” and “AH_ SHA1_96” when you select “AH” in “Protocol”;

Note : Higher security means more complex implementation and lower speed. DES is enough to meet general requirements. Use 3DES when high confidentiality and security are required.

Select from “PFS_NULL”, “MODP768_1”, “MODP1024_2” and

“MODP1536_5”.

PFS_NULL: Disable PFS Group




Set the IPSec SA lifetime.

Note : When negotiating to set up IPSec SAs, IKE uses the smaller one between the lifetime set locally and the lifetime proposed by the peer.

Set the interval after which DPD is triggered if no IPSec protected packets is received from the peer.

DPD: Dead peer detection. DPD irregularly detects dead IKE peers.

When the local end sends an IPSec packet, DPD checks the time the last

IPSec packet was received from the peer. If the time exceeds the DPD interval, it sends a DPD hello to the peer. If the local end receives no

MD5

MODP1024_2

PSK

Null

86400

3DES_MD5_96

PFS_NULL

28800

180


57 / 113


DPD acknowledgment within the DPD packet retransmission interval, it retransmits the DPD hello. If the local end still receives no DPD acknowledgment after having made the maximum number of retransmission attempts, it considers the peer already dead, and clears the IKE SA and the IPSec SAs based on the IKE SA.

DPD Timeout

Enable Compress

Enable

Detection

ICMP

Set the timeout of DPD packets.

Tick to enable compressing the inner headers of IP packets.

Click to enable ICMP detection.

ICMP

Server

Detection

Enter the IP address or domain name or remote server. Router will ping this address/domain name to check that if the current connectivity is active.

ICMP Detection Local

IP

ICMP

Interval

Detection

Detection

ICMP

Timeout

ICMP

Retries

Detection

Set the local IP address.

Set the ping interval time.

Set the ping timeout.

If Router ping the preset address/domain name time out continuously for Max Retries time, it will try to re-‐establish the VPN tunnel.

60

Disable

Disable

Null

Null

30

5

3

Item

Select Cert Type

CA

Remote Public Key

Local Public Key


X.509 @ IPSec

Description

Select the IPSec tunnel which the certification used for.

Click “Browse” to select the correct CA file from your PC, and then click “Import” to import it to the router.

Click “Export” you can export the CA file from router to your PC.

Click “Browse” to select the correct Remote Public Key file from your PC, and then click “Import” to import it to the router.

Click “Export” you can export the Remote Public Key file from router to your PC.

Click “Browse” to select the correct Local Public Key file from your PC, and then click “Import” to import it to the router.

Default

Null

Null

Null

Null

58 / 113


Click “Export” you can export the Local Public Key file from router to your PC.

Local Private Key

Click “Browse” to select the correct Local Private Key file from your PC, and then click “Import” to import it to the router.

Click “Export” you can export the Local Private Key file from router to your PC.

CRL

Click “Browse” to select the correct CRL file from your PC, and then click “Import” to import it to the router.

Click “Export” you can export the CRL file from router to your PC.

Authentication Status Show current status parameters of IPSec.

Null

Null

Null

3.20

Configuration -‐> Open VPN

This section allows users to set the Open VPN parameters.


59 / 113


Client @ Open VPN

Item

Enable

Description

Enable OpenVPN Client, the max tunnel account is 3

Protocol Select from “UDP” and “TCP Client” which depends on the application.

Remote IP Address Enter the remote IP address or domain name of remote side OpenVPN server.

Port Enter the listening port of remote side OpenVPN server.

Select from “tun” and “tap” which are two different kinds of device interface for

Interface

OpenVPN.

The difference between tun and tap device is this: a tun device is a virtual IP point-‐to-‐point device and a tap device is a virtual Ethernet device.

Authentication

Local IP

Remote IP

Select from four different kinds of authentication ways: “Pre-‐shared”,

“Username/Password”, “X.509 cert” and “X.509 cert+user”.

Define the local IP address of OpenVPN tunnel.

Define the remote IP address of OpenVPN tunnel.


Default

Null

UDP

Null

1194 tun

None

10.8.0.2

10.8.0.1

60 / 113


Enable NAT

Tick to enable NAT Traversal for OpenVPN. This item must be enabled when router under NAT environment.

Ping Interval

Ping -‐Restart

Set ping interval to check if the tunnel is active.

Disable

20

Restart to establish the OpenVPN tunnel if ping always timeout during this time. 120

Compression LZO

Encryption

MTU

Max Frame Size

Select “LZO” to use the LZO compression library to compress the data stream.

Select from “BF-‐CBC”, “DES-‐CBC”, “DES-‐EDE3-‐CBC”, “AES128-‐CBC”,

“AES192-‐CBC” and “AES256-‐CBC”.

BF-‐CBC: Uses the BF algorithm in CBC mode and 128-‐bit key.

DES-‐CBC: Uses the DES algorithm in CBC mode and 64-‐bit key.

DES-‐EDE3-‐CBC: Uses the 3DES algorithm in CBC mode and 192-‐bit key.

AES128-‐CBC: Uses the AES algorithm in CBC mode and 128-‐bit key.



Maximum Transmission Unit. It is the identifier of the maximum size of packet, which is possible to transfer in a given environment.

Set the Max Frame Size for transmission.

BF-‐CBC

1500

1500

Verbose Level

Expert Options

Select the log output level which from low to high: “ERR”, “WARNING”, “NOTICE” and “DEBUG”. The higher level will output more log information.

You can enter some other PPP initialization strings in this field. Each string can be separated by a space.

ERR

Null

Subnet&Subnet

Mask@Local Route

Set the subnet and subnet Mask of local route. Null


61 / 113


Item

Enable

Server

Tunnel name

Server @ Open VPN

Description

OpenVPN

Tick to enable OpenVPN server tunnel.

Listen IP

Protocol

Port

Name the OpenVPN server tunnel.

You can enter the IP address of cellular WAN, Ethernet WAN or

Ethernet LAN. Null or 0.0.0.0 stands for using the active WAN link currently-‐cellular WAN or Ethernet WAN.

Select from “UDP” and “TCP Client” which depends on the application.

Set the local listening port


Default

Disable

Tunnel_OpenVPN_

0

0.0.0.0

UDP

1194

62 / 113


Select from “tun” and “tap” which are two different kinds of device interface for OpenVPN.

Interface The difference between a tun and tap device is this: a tun device is a virtual IP point-‐to-‐point device and a tap device is a virtual Ethernet device.

Authentication

Local IP

Remote IP

Select from four different kinds of authentication ways: “Pre-‐shared”,

“Username/Password”, “X.509 cert” and “X.509 cert+user”.

Define the local IP address of OpenVPN tunnel.

Define the remote IP address of OpenVPN tunnel.

Enable NAT

Ping Interval

Ping -‐Restart

Compression

Encryption

MTU

Max Frame Size

Verbose Level

Expert Options

Client Manage

Tick to enable NAT Traversal for OpenVPN. This item must be enabled when router under NAT environment.

Set ping interval to check if the tunnel is active.

Restart to establish the OpenVPN tunnel if ping always timeout during this time.

Select from “None”and”LZO”, Select “LZO” to use the LZO compression library to compress the data stream.

Select from “BF-‐CBC”, “DES-‐CBC”, “DES-‐EDE3-‐CBC”, “AES128-‐CBC”,

“AES192-‐CBC” and “AES256-‐CBC”.

BF-‐CBC: Uses the BF algorithm in CBC mode and 128-‐bit key.

DES-‐CBC: Uses the DES algorithm in CBC mode and 64-‐bit key.

DES-‐EDE3-‐CBC: Uses the 3DES algorithm in CBC mode and 192-‐bit key.





Set the Max Frame Size for transmission.

Select the log output level which from low to high: “ERR”,

“WARNING”, “NOTICE” and “DEBUG”. The higher level will output more log information.


Click “Add” to add a OpenVPN client info which include “Common

Name”, “Password”, “Client IP”, “Local Static Route” and “Remote

Static Route”. This field only can be configured when you select

“Username/Password” in “Authentication”. tun

None

10.8.0.1

10.8.0.2

Disable

20

120

LZO

BF-‐CBC

1500

1500

ERR

Null

Null


63 / 113


Item

Select Cert Type

CA

Public Key

Private Key

DH

TA

CRL

Pre-‐Share Static Key

X.509 @ Open VPN

Description

Select the OpenVPN client or server which the certification used for.

Click “Browse” to select the correct CA file from your PC, and then click “Import” to import it to the router.

Click “Export” you can export the CA file from router to your PC.

Click “Browse” to select the correct Public Key file from your PC, and then click

“Import” to import it to the router.

Click “Export” you can export the Public Key A file from router to your PC.

Click “Browse” to select the correct Private Key file from your PC, and then click


Click “Export” you can export the Private Key file from router to your PC.

Click “Browse” to select the correct DH A file from your PC, and then click


Click “Export” you can export the DH file from router to your PC.

Click “Browse” to select the correct TA file from your PC, and then click “Import” to import it to the router.

Click “Export” you can export the TA file from router to your PC.

Click “Browse” to select the correct CRL file from your PC, and then click “Import” to import it to the router.

Click “Export” you can export the CRL file from router to your PC.

Click “Browse” to select the correct Pre-‐Share Static Key file from your PC, and then click “Import” to import it to the router.

Click “Export” you can export the Pre-‐Share Static Key file from router to your PC.

Default

Null

Null

Null

Null

Null

Null

Null

Null

3.21

Configuration -‐> GRE

This section allows users to set the GRE parameters.


64 / 113


Item

Add

Enable

GRE

Description

Click “Add” to add a GRE tunnel.

Click to enable GRE (Generic Routing Encapsulation). GRE is a protocol that encapsulates packets in order to route other protocols over IP networks.

Remote IP Address

Local Virtual IP

Remote virtual IP

Remote Subnet

Set remote IP Address of the virtual GRE tunnel.

Set local IP Address of the virtual GRE tunnel.

Set remote IP Address of the virtual GRE tunnel.

Add a static route to the remote side’s subnet so that the remote network is known to the local network.

Remote Subnet Mask Set remote subnet net mask.

All traffic via this interface

After click to enable this feature, all data traffic will be sent via GRE tunnel.

Enable NAT

Secrets

Tick to enable NAT Traversal for GRE. This item must be enabled when router under NAT environment.

Set Tunnel Key of GRE.

3.22

Configuration -‐> L2TP

This section allows users to set the L2TP parameters.

Default

Disable

Null

Null

Null

Null

Null

Disable

Disable

Null


65 / 113


Item

Add

Remote IP Address

Username

Password

Authentication


L2TP Client @ L2TP

Description

Click “Add” to add a L2TP client. You can add at most 3 L2TP clients.

Enter your L2TP server’s public IP or domain name.

Enter the username which was provided by your L2TP server.

Enter the password which was provided by your L2TP server.

Select from “Auto”, “PAP”, “CHAP”, “MS-‐CHAP v1” and “MS-‐CHAP v2”.

You need to select the corresponding authentication method based on the server’s authentication method. When you select “Auto”, router will auto

Default

Null

Null

Null

Null

Disable

66 / 113

3G Industrial VPN Pro User Guide select the correct method based on server.

Remote Subnet Enter L2TP remote Protected subnet’s address.

Remote Subnet Mask Enter L2TPremote Protected subnet’s mask.

Enable NAT Click to enable NAT feature of L2TP.


Enable

Authentication

Tunnel

Tunnel Secret

Show Advanced

Port

Local IP

Remote IP

After click to enable this feature, all data traffic will be sent via L2TP tunnel.

Tick to enable tunnel authentication and enter the tunnel secret which provided by L2TP server.

Enter L2TP tunnel secret in this item.

Tick to enable the L2TP client advanced setting.

Set the Port number of the L2TP client.

Set the IP address of the L2TP client.

You can enter the IP which assigned by L2TP server. Null means L2TP client will obtain an IP address automatically from L2TP server’s IP pool.

Enter the remote peer’s private IP address or remote subnet’s gateways address.

Null

Null

Disable

Disable

Disable

Null

Disable

Null

Null

Null

Address/Control

Compression

Protocol

Compression

Field



Enable

Enable

Asyncmap Value

MRU

MTU

Link

Interval

Detection

One of the L2TP initialization strings. In general, you don’t need to modify this value.



Specify the interval between L2TP client and server.

To check the connectivity of a tunnel, the client and server regularly send

PPP Echo to each other. If the client or server receives no response from the peer within a specified period of time, it retransmits the PPP echo. If it receives no response from the peer after transmitting the PPP echo for max retries times, it considers that the L2TP tunnel is down and tries tore-‐establish a tunnel with the peer. ffffffff

1500

1436

30

Link Detection Max

Retries

Specify the max retries times for L2TP link detection. 5

Expert Options

You can enter some other PPP initialization strings in this field. Each string can be separated by a space. noccp nobsdcomp


67 / 113


Item

Enable L2TP Server

Username

Password

Authentication

Enable

Authentication

Tunnel

Local IP

IP Pool Start

L2TP Server @ L2TP

Description

Tick to enable L2TP server.

Set the username which will assign to L2TP client.

Set the password which will assign to L2TP client.

Select from “PAP”, “CHAP”, “MS-‐CHAP v1” and “MS-‐CHAP v2”.

L2TP client need to select the same authentication method based on this server’s authentication method.

Tick to enable tunnel authentication and enter the tunnel secret which will provide to L2TP client.

Set the IP address of L2TP server.

Set the IP pool start IP address which will assign to the L2TP clients.


Default

Disable

Null

Null

CHAP

Disable

10.0.0.1

10.0.0.2

68 / 113


IP Pool End Set the IP pool end IP address which will assign to the L2TP clients.

Show L2TP Server

Advanced

Tick to show the L2TP server advanced setting.

Address/Control

Compression

Protocol

Compression

Field



Asyncmap Value

MRU

MTU

Link

Interval

Detection

One of the L2TP initialization strings. In general, you don’t need to modify this value.



Specify the interval between L2TP client and server.

To check the connectivity of a tunnel, the client and server regularly send PPP

Echo to each other. If the client or server receives no response from the peer within a specified period of time, it retransmits the PPP echo. If it receives no response from the peer after transmitting the PPP echo for max retries times, it considers that the L2TP tunnel is down and tries tore-‐establish a tunnel with the peer.

Link Detection Max

Retries

Specify the max retries times for L2TP link detection.

10.0.0.100

Disable

Enable

Enable ffffffff

1500

1436

30

5

Expert Options

Route Table List


Click “Add” to add a route rule from L2TP server to L2TP client. noccp nobsdcom p

Null

3.23

Configuration -‐> PPTP

This section allows users to set the PPTP parameters.


69 / 113


Item

Add

Enable

Disable

Remote IP Address

Username

Password

Authentication

Enable NAT

Enable MPPE

PPTP Client @ PPTP

Description

Click “Add” to add a PPTP client

Enable PPTP Client. The max tunnel accounts are 3.

Disable PPTP Client.

Enter your PPTP server’s public IP or domain name.

Enter the username which was provided by your PPTP server.

Enter the password which was provided by your PPTP server.

Select from “Auto”, “PAP”, “CHAP”, “MS-‐CHAP v1” and “MS-‐CHAP v2”.

You need to select the corresponding authentication method based on the server’s authentication method. When you select “Auto”, router will auto select the correct method based on server’s method.

Click to enable NAT feature of PPTP.

Tick to enable MPPE (Microsoft Point-‐to-‐Point Encryption). It’s a protocol for encrypting data across PPP and VPN links.

Default

/

Null

Null

Null

Null

Null

Auto

Disable

Disable


Show Advanced

After click to enable this feature, all data traffic will be sent via PPTP tunnel. Disable

Tick to enable the PPTP client advanced setting. Disable


70 / 113


Local IP

Set the IP address of the PPTP client.

You can enter the IP which assigned by PPTP server. Null means PPTP client

Remote IP will obtain an IP address automatically from PPTP server’s IP pool.

Enter the remote peer’s private IP address or remote subnet’s gateways address.

Address/Control

Compression

Protocol

Compression

Field



Asyncmap Value

MRU

MTU

Link

Interval

Detection

One of the PPTP initialization strings. In general, you don’t need to modify this value.



Specify the interval between PPTP client and server.


Echo to each other. If the client or server receives no response from the peer within a specified period of time, it retransmits the PPP echo. If it receives no response from the peer after transmitting the PPP echo for max retries times, it considers that the PPTP tunnel is down and tries tore-‐establish a tunnel with the peer.

Link Detection Max

Retries

Specify the max retries times for PPTP link detection.

Null

Null

Enable

Enable ffffffff

1500

1436

30

5

Expert Options

You can enter some other PPP initialization strings in this field. Each string can be separated by a space. noccp nobsdcom p


71 / 113


PPTP Server @ PPTP

Item

Enable PPTP Server

Username

Password

Authentication

Local IP

IP Pool Start

Description

Tick to enable PPTP server.

Set the username which will assign to PPTP client.

Set the password which will assign to PPTP client.

Select from “PAP”, “CHAP”, “MS-‐CHAP v1” and “MS-‐CHAP v2”.

PPTP client need to select the same authentication method based on this server’s authentication method.

Set the IP address of PPTP server.

Set the IP pool start IP address which will assign to the PPTP clients.

IP Pool End

Enable MPPE

Set the IP pool end IP address which will assign to the PPTP clients.

Tick to enable MPPE (Microsoft Point-‐to-‐Point Encryption). It’s a protocol for encrypting data across PPP and VPN links.

Show PPTP Server Tick to show the PPTP server advanced setting.


Default

Disable

Null

Null

CHAP

10.0.0.1

10.0.0.2

10.0.0.100

Disable

Disable

72 / 113


Advanced

Address/Control

Compression


Protocol

Compression

Field


Asyncmap Value

One of the PPTP initialization strings. In general, you don’t need to modify this value.

MRU

MTU

Link

Interval

Detection



Specify the interval between PPTP client and server.


Echo to each other. If the client or server receives no response from the peer within a specified period of time, it retransmits the PPP echo. If it receives no response from the peer after transmitting the PPP echo for max retries times, it considers that the PPTP tunnel is down and tries tore-‐establish a tunnel with the peer.

Link Detection Max

Retries

Specify the max retries times for PPTP link detection.

Enable

Enable ffffffff

1500

1436

30

5

Expert Options

Route Table List


Click “Add” to add a route rule from PPTP server to PPTP client. noccp nobsdcom p

Null

3.24

Configuration -‐> SNMP

This section allows users to set the SNMP parameters.


Basic @ SNMP

73 / 113


Item Description

Port

Agent Mode

Version

UDP port for sending and receiving SNMP requests.

Select the correct agent mode.

Select from “SNMPv1”, “SNMPv2” and “SNMPv3”.

Location Info

Contact Info

System name

Enter the router’s location info which will send to SNMP client.

Enter the router’s contact info which will send to SNMP client.

Enter the router’s system name which will send to SNMP client.

Default

161

Master

SNMPv2

China [email protected] router

Item

View Name

View Filter

View OID

Description

Enter the View Name

View @ SNMP

Select from “Include” and “Exclude”.

Enter the Object Identifiers (OID)

Default

Null

Include

Null

Item

Readwrite

Network

Community

MIBview


VACM @ SNMP

Description

Select the access rights from “Readonly” and “ReadWrite”.

Define the network from which is allowed to access. E.g. 172.16.0.0.

Enter the community name.

Select from “none”, “system” and “all”

Default

Readonly

Null

Null none

74 / 113


Item

Enable SNMP Trap

Version

Server Address

Port

Name

Trap @ SNMP

Description

Click to enable SNMP Trap feature.

Select from “SNMPv1”, “SNMPv2” and “SNMPv3”.

Enter SNMP server’s IP address.

Enter SNMP server’s port number

Enter SNMP server’s name.

3.25

Configuration -‐> VRRP

This section allows users to set the VRRP parameters.

Default

Disable

SNMPv1

Null

0

Null

Item

Enable VRRP

Group ID

Priority

Interval

Virtual IP


VRRP

Description

Tick to enable VRRP protocol. VRRP (Virtual Router Redundancy Protocol) is an Internet protocol that provides a way to have one or more backup routers when using a statically configured router on a local area network (LAN).Using

Default

Disable

VRRP, a virtual IP address can be specified manually.

Specify which VRRP group of this router belong to.

Enter the priority value from 1 to 255. The larger value has higher priority.

The interval that master router sends keepalive packets to backup routers.

1

100

10

A virtual IP address is shared among the routers, with one designated as the 192.168.0.

75 / 113

3G Industrial VPN Pro User Guide master router and the others as backups. In case the master fails, the virtual

IP address is mapped to a backup router's IP address. (This backup becomes the master router.)

1

3.26

Configuration -‐> IP Passthrough

In IP Passthrough mode, 3G Industrial VPN Pro acts as PPPoE server, it will pass its WAN IP address to PPPoE client directly. Packets received from the WAN interface are delivered directly to the LAN interface. Similarly, packets received for the LAN interface (everything except broadcasts/multicasts) are sent to the WAN interface.

This section allows users to set the IP Pass through parameters.

IP Passthrough

Item Description

Enable IP Passthrough Tick to enable IP Passthrough feature.

Mode

Ethernet Interface

User can only select “PPPoE” mode at present.

PPPoE client dials up to 3G Industrial VPN Pro (PPPoE server) corresponding to different LAN interface. For example when you connect PPPoE client (such as PC) to LAN 0 through Ethernet cable, PC will dial up to 3G Industrial VPN Pro (PPPoE server) through LAN 0.

Username

Password

Set the username of PPPoE server.

Set the password of PPPoE server.

AC Name

Service Name

Authentication

Set the AC (Access Concentrator) name of PPPoE server.

Set the service name of PPPoE server.

Note : PPPoE client needs to set the same username, password, service name of

PPPoE server, or it cannot succeed to dial up to PPPoE server.

Set the different PPP authentication from “Auto”, “PAP”, “CHAP”.

Auto: Automatic detection.

Default

Disable

PPPoE

LAN_0

Null

Null

Null

Null

Auto


76 / 113


PAP: Password Authentication Protocol

CHAP: Challenge Response Protocol

Link

Interval(s)

Link Detection Max

Retries

Detection

When PPPoE client dial up to 3G Industrial VPN Pro (PPPoE server), 3G Industrial

VPN Pro will send “LCP Echo Request” to PPPoE client after this interval. “Link

Detection Interval” ranges from 3 to 30 times.

If 3G Industrial VPN Pro re-‐sends “LCP Echo Request” packet continuously for

Max Retries times and still do not receive correct respond packets from PPPoE client, it will send “LCP Terminal Request” packet to disconnect the connection between PPPoE server and PPPoE client. “Max Retries” ranges from 3 to 5 times.

30

5

3.27

Configuration -‐> AT over IP

This section allows users to set the AT over IP parameters.

Item

Enable AT Settings

Protocol

Local IP

Local Port

AT over IP

Description Default

Tick to enable AT over IP to control cellular module via AT command remotely. Disable

Select from “TCP server” or “UDP”

You can enter the IP address of cellular WAN, Ethernet WAN or Ethernet LAN.

UDP

0.0.0.0

Null stands for all these three IP addresses.

Enter the local TCP or UDP listening port. 8091

3.28

Configuration -‐> Phone Book

This section allows users to set the Phone Book parameters.


77 / 113


Item

Description

Phone No.

Phone Book

Description

Set the name to your relevant phone No.

Enter your phone No.

Note:

In some countries, the Phone NO. is required to be written in international format, starting with “ + ” followed by the country code.

Default

Null

Null


78 / 113


Group Name

Phone List

Phone Group

Set the Group Name.

Show the phone list in the Group.

Add or remove the phone no.to/from group

Click right arrow to add the phone no.to this group; Click left arrow to remove the phone No. from group.

3.29

Configuration -‐> SMS

This section allows users to set the SMS Notification and SMS Control parameters.

Null

Null

Null

SMS

Item

Send SMS on power up

Description

Enable to send SMS to specific user after router was powered up.

Send SMS on PPP connect

Send SMS on PPP disconnect

Enable to send SMS to specific user when router PPP up.

Enable to send SMS to specific user when router PPP down.

Phone Group Select the Phone Group you set in 3.2.27 Configuration -‐> Phone Book

Enable @ SMS Control Click to enable SMS remote control.

Password Content

Set the password content characters.

Note : Only support text format. For example 123 or ABC123.

Phone Group Select the Phone Group you set in 3.2.27 Configuration -‐> Phone Book

Default

Disable

Disable

Disable

Null

Disable

Null

Null


79 / 113


3.30

Configuration -‐> Reboot

This section allows users to set the Reboot policies.

Item

Enable(ahh:mm,24h)

Reboot Time1

Reboot Time2

Reboot Time3

Enable Call Reboot

Phone Group

SMS Reply Content

Enable SMS Reboot

Phone Group

Password


Time @ Reboot

Description

Enable daily reboot, you should follow ahh:mm,24h time frame, or the data will be invalid.

Specify time1 when you need router reboot.



Call @ Reboot

Click to enable call reboot function

Set the Phone Group which was allowed to reboot the router by call.

Send reply short message after auto Call reboot from specified Caller ID (e.g.

Reboot ok!).

Note : Only support text format SMS.

SMS @ Reboot

Click to enable SMS reboot function

Set the Phone Group which was allowed to reboot the router by SMS.

Users could send this specific Password to trigger router to reboot.

Default

Disable

Null

Null

Null

Disable

Null

Null

Disable

Null

Null

80 / 113


SMS Reply Content

Send reply short message after auto SMS reboot from specified Caller ID (e.g.

Reboot ok!).

Note : Only support text format SMS.

Null

3.31

Configuration -‐> RobustLink

This section allows users to configure parameters about RobustLink, which is an industrial-‐grade centralized management and administration system for the R3G Industrial VPN Pro. It allows you to monitor, configure and manage large numbers of remote devices on a private network over the web.

Item

Enable RobustLink

Server address

Port

Password

RobustLink

Description

Click to enable RobustLink feature.

Enter IP address of RobustLink.

Enter port number of RobustLink.

Enter the password preset in RobustLink.

Note: The passwords set in R3G Industrial VPN Pro and RobustLink need to be the same.

Default

Disable

Null

1883

Null

3.32

Configuration -‐> Syslog

This section allows users to set the syslog parameters.


81 / 113


Item

Save Position

Log Level

Syslog

Description

Select the save position from “None”, “Flash” and “SD”. “None” means syslog is only saved in RAM, and will be cleared after reboot.

Select form “DEBUG”, “INFO”, “NOTICE”, “WARNING”, “ERR”, “CRIT”, “ALERT” and “EMERG” which from low to high. The lower level will output more syslog in

Keep Days

Log to Remote System detail.

Specify the syslog keep days for router to clear the old syslog.

Enable to allow router sending syslog to the remote syslog server. You need to enter the IP and Port of the syslog server.

Default

NONE

DEBUG

14

Disable

3.33

Configuration -‐> Event

This section allows users to set the Event parameters.

Item

Enable Event


Event

Description

Click to enable Event feature.

This feature is used to report R3G Industrial VPN Pro’s main running event to

SNMP-‐TRAP or RobustLink. There are numbers of Event code you can select, such as “BOOT-‐UP”, “3G-‐UP”, “3G-‐DOWN”, etc. For example if you click “3G-‐UP” and select “RobustLink” as the server, when R3G Industrial VPN Pro dial up to

Default

Disable

82 / 113

3G Industrial VPN Pro User Guide connect to 3G network, it will send event code “3G-‐UP” as well as relevant information to RobustLink.

3.34

Configuration -‐> USR LED

This section allows users to change the display status of USR LED.

Note : Please refer to “Status” -‐> “System” -‐> “LEDs Information” -‐> “USR”.

Item

USR LED Type

Indication

USR LED

Description

Select from “VPN”, “PPPoE”, “DynDNS” and “GPS”.

Select from “ON”, “Blink”.

For example, if “USR LED Type” is set as “VPN” and “Indication” is set as “Blink”, when any VPN tunnel is up USR LED will blink.

Default

VPN

ON

3.35

Administration -‐> Profile

This section allows users to import or export the configuration file, and restore the router to factory default setting.


83 / 113


Item

Profile

XML Configuration

Restore to Factory

Default Settings

Profile

Description

This item allow users store different configuration profiles into different positions; or save one configuration profile into different positions just for configuration data backup.

Selected from “Standard”, “Alternative 1”, “Alternative 2”, “Alternative 3”.

Import: Click “Browse” to select the XML file in your computer, then click

“Import” to import this file into your router.

Export: Click “Export” and the configuration will be showed in the new popup browser window, then you can save it as a XML file.

Click the button of “Restore to Factory Default Settings” to restore the router to factory default setting.

Default

Standard

Null

Null

3.36

Administration -‐> Tools

This section provides users four tools: Ping, AT Debug, Traceroute and Test.


84 / 113


Item

Ping IP address

Number of requests

Timeout

Local IP

Start

Ping @ Tools

Description

Enter the ping destination IP address or domain name.

Specify the number of ping requests.

Specify timeout of ping request.

Specify the local IP from cellular WAN, Ethernet WAN or Ethernet LAN. Null stands for selecting local IP address from these three automatically.

Click this button to start ping request, and the log will be displayed in the follow box.

5

1

Default

Null

Null

Null

Item

Send AT Commands


AT Debug @ Tools

Description Default

Enter the AT commands which you need to send to cellular module in this box. Null

85 / 113


Send Click this button to send the AT commands.

Receive AT Commands

Router will display the AT commands which respond from the cellular module in this box.

Null

Null

Item

Trace Address

Trace Hops

Timeout

Send

Traceroute @ Tools

Description

Enter the trace destination IP address or domain name.

Specify the max trace hops. Router will stop tracing if the trace hops has met max value no matter the destination has been reached or not.

Specify timeout of Traceroute request.

Click this button to start Traceroute request, and the log will be displayed in the follow box.

Default

Null

30

1

Null


86 / 113


Item

Interface

Host

Protocol

Start

Sniffer @ Tools

Description

Select form “all”, “lo”, “imq0”, “imq1”, “eth0”, “gre0”, and “ppp0”: all: contain all the interface; lo: Local Loopback interface; imq0/1: virtual interface for QoS, which used to limit the download and upload speed; eth0: Ethernet interface; gre0: GRE tunnel interface; ppp0: Cellular PPP interface;

Filter the packet that contain the specify IP address.

Select from “all”, “ip”, “arp”, “tcp” and “udp”.

Click this button to start the sniffer, and the log will be displayed in the follow box.

Default

All

Null

All

Null


87 / 113


Item

Enable

Description

Result

Test @ Tools

Description

Click “Enable” to select the hardware component whose status you want to check.

Select from “USB Test”, “Flash Test”, “Memory Test”, “Ethernet Test”, “SIM1

Test”, “SIM2 Test” and “Module Test”.

Show the current status of the selected hardware component. There are 3 status

“Testing”, “Success” and “Failure”.

Testing: Router is testing the selected hardware component.

Success: Correspond hardware component is properly inserted and detected.

Failure: Correspond hardware component is not inserted into the router or the router fails to detect.

Show Detail Show the current test details of the hardware component.

Note : click “Apply” to start testing.

Default

Enable

/

Null

Null

3.37

Administration -‐> Clock

This section allows users to set clock of router and NTP server.


88 / 113


Description

Select your local time zone.

Clock

Item

Timezone

Primary NTP Server Enter primary NTP Server’s IP address or domain name.

Secondary NTP Server Enter secondary NTP Server’s IP address or domain name.

Update interval (h) Enter the interval which NTP client synchronize the time from NTP server.

Enable NTP Server Click to enable the NTP server function of router.

3.38

Administration -‐> Web Server

This section allows users to modify the parameters of Web Server.

Default

UTC

+08:00 pool.nt

p.org

Null

1

Disable

Item

HTTP Port


Basic @ Web Server

Description

Enter the HTTP port number you want to change in 3G Industrial VPN Pro’s Web

Server.

Default

80

89 / 113


On a Web server, port 80 is the port that the server "listens to" or expects to receive from a Web client. If you configure the router with other HTTP Port number except 80, only adding that port number then you can login 3G

Industrial VPN Pro’s Web Server.

Enter the HTTPS port number you want to change in 3G Industrial VPN Pro’s

HTTPS Port

HTTPS Certificate

Web Server.

On a Web server, port 443 is the port that the server "listens to" or expects to receive from a Web client. If you configure the router with other HTTPS Port number except 443, only adding that port number then you can login 3G

Industrial VPN Pro’s Web Server.

Note : HTTPS is more secure than HTTP. In many cases, clients may be exchanging confidential information with a server, which needs to be secured in order to prevent unauthorized access. For this reason, HTTP was developed by Netscape corporation to allow authorization and secured transactions.

X.509 @ Web Server

In this tab, user can import or export “Public Key” and “Private Key” for HTTPS certification.

443

Null

3.39

Administration -‐> User Management

This section allows users to modify or add management user accounts.


90 / 113


Item

Super

Super @ User Management

Description

One router has only one super user account. Under this account, user has the highest authority include modify and add management user accounts.

User Management

Login Timeout

Set Username and Password.

Specify the login timeout value. You need to re-‐login after this timeout of user inactively.

Default

Admin

Null

1800

Common @ User Management

Item

Common

Description

One router has at most 9 common user accounts. There are two access level of common user account: “ReadWrite” and “ReadOnly”.

Select from “ReadWrite” and “ReadOnly”.

Access Level ReadWrite: Users can view and set the configuration of router under this level;

ReadOnly: Users only can view the configuration of router under this level

Username/ Password Set Username and Password.

Add Click this button to add a new account.

Default

Null

Null

Null

Null

3.40

Administration -‐> Update Firmware

This section allows users to update the firmware of router.


91 / 113


Item

Firmware Version

Update

Description

Show the current firmware version.

Update firmware

Click “Select File” button to select the correct firmware in your PC, and then click

“Update” button” to update. After updating successfully, you need to reboot router to take effect.

Default

Null

Null


92 / 113


Chapter 4.

Configuration Examples

4.1

Interface

PIN

7

8

5

6

9

3

4

1

2

DB9 Female Connector

Debug RS232 RS485 (2-‐wire) Direction

RXD

DRXS

TXD

GND GND

DTXD

RTS

CTS

Data+ (A)

Data-‐ (B)

-‐


→

Device

Device

→


Device

→


-‐

-‐

Device → R3G Industrial VPN Pro

R3G Industrial VPN Pro → Device


→

Device

4.1.1

Console port

User can use the console port to manage the router via CLI commands.

Please check section Introductions for CLI.


93 / 113


4.1.2

RS232

R3G Industrial VPN Pro supports one RS232 for serial data communication.

Please refer to the connection diagram at the right site.

4.1.3

RS485

R3G Industrial VPN Pro supports one RS485 for serial data communication.

Please refer to the connection diagram at the right site.


94 / 113


4.2

Cellular

4.2.1

Cellular Dial-‐Up

This section shows users how to configure the parameters of Cellular Dial-‐up which are with two different policies

“Always Online” and “Connect on Demand”.

1.

Always Online

Configuration-‐-‐>Cellular WAN -‐-‐>Basic

The modifications will take effect after click “Apply” button.

If a customized SIM card is using, please select “Custom” instead of “Auto” in “Network Provider Type”, and some relative settings should be filled in manually.


95 / 113


2.

Connect on Demand

Configuration-‐-‐>Cellular WAN -‐-‐>Basic

Select the trigger policy you need.

Note : If you select multiple trigger policies, the router will be triggered under anyone of them.

4.2.2

SMS Remote Status Reading

R3G Industrial VPN Pro supports remote control via SMS. User can use following commands to get the status of R3G


96 / 113


Industrial VPN Pro, cannot set new parameters of R3G Industrial VPN Pro at present.

An SMS command has following structure:

Password:cmd1,a,b,c;cmd2,d,e,f;cmd3,g,h,i;...;cmdn,j,k,n

SMS command Explanation:

1.

Password: SMS control password is configured at Basic-‐>SMS Control-‐>Password , which is an optional parameter. a) When there is no password, SMS command has following structure: cmd1;cmd2;cmd3;…;cmdn b) When there is a password, SMS command has following structure: Password:cmd1;cmd2;cmd3;…;cmdn

2.

cmd1, cmd2, cmd3 to Cmdn, which are command identification number 0001 – 0010.

3.

a, b, c to n, which are command parameters.

4.

The semicolon character (‘;’) is used to separate more than one commands packed in a single SMS.

5.

E.g., 1234:0001

In this command, password is 1234, 0001 is the command to reset R3G Industrial VPN Pro.

Cmd Description Syntax Comments

Control Commands

0001 Reset Device cmd if no password, please use command "cmd", or use command" password: cmd"

0002 Save Parameters cmd cmd1 + cmd2: cmd1;cmd2

* -‐ means can be null

0003

Save Parameters and Reset Device

0004 Start PPP Dialup

0005 Stop PPP

0006 Switch Sim Card

0007

Clear SIM Card's Data

Limitation cmd cmd cmd cmd cmd,simNumber

simNumber:

1 -‐ SIM_1

2 -‐ SIM_2

0011

Check Cellular status and IP Address. cmd


97 / 113


4.3

Network

4.3.1

NAT

This section shows users how to set the NAT configuration of router.

Parameter Remote IP defines if access is allowed to route to the Forwarded IP and Port via WAN IP and “Arrives At

Port”.

Configuration-‐-‐-‐>NAT/DMZ-‐-‐-‐>Port Forwarding

Explanations for above diagram:

If there are two IP addresses 58.1.1.1 and 59.1.1.1 for the External Devices, that the result will be different from the

test when the NAT is working at 3G Industrial VPN Pro.

58.1.1.1-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐access to-‐-‐-‐-‐-‐-‐-‐-‐-‐>58.1.1.2:9990-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐be forwarded to-‐-‐-‐-‐-‐-‐-‐>10.1.1.1:8000 TCP

58.1.1.1-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐access to-‐-‐-‐-‐-‐-‐-‐-‐-‐>58.1.1.2:9991-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐be forwarded to-‐-‐-‐-‐-‐-‐-‐>10.1.1.2:8001 UDP

58.1.1.1-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐access to-‐-‐-‐-‐-‐-‐-‐-‐-‐>58.1.1.2:9992-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐be forwarded to-‐-‐-‐-‐-‐-‐-‐>10.1.1.3:8002 TCP&UDP


98 / 113


4.3.2

L2TP

L2TP_SERVER:

Configuration-‐-‐-‐>L2TP-‐-‐-‐>L2TP Server

Tick “Enable L2TP Server”, and fill in the blank textbox


99 / 113


The modification will take effect after “Apply-‐-‐>Save-‐-‐>Reboot”.

Note : The following diagrams with red color numbers mean these are the matches between server and client, and

with the blue color number means it must be set locally for the tunnel.

L2TP_CLIENT:

Configuration-‐-‐-‐>L2TP-‐-‐-‐>L2TP Client

Click “Add” button, and fill in the blank textbox


4.3.3

PPTP


100 / 113


Note : The following diagrams with red color numbers mean these are the matches between server and client, and with the blue color number means it must be set locally for the tunnel .

PPTP_SERVER:

Configuration-‐-‐-‐>PPTP-‐-‐-‐>PPTP Server

Tick “Enable PPTP Server”, and fill in the blank textbox


PPTP_CLIENT:

Configuration-‐-‐-‐>PPTP-‐-‐-‐>PPTP Client

Click “Add” button, and fill in the blank textbox


101 / 113



4.3.4

IPSEC VPN

Note : The following diagrams with red color numbers mean these are the matches between server and client, and with the blue color number means it must be set locally for the tunnel.

IPsecVPN_SERVER:

Cisco 2811:


102 / 113


Note : Polices 1,4,6,7 are default for Cisco router and do not display at the CMD .

IPsecVPN_CLIENT:

Configuration-‐-‐-‐>IPSec-‐-‐-‐>IPSec Basic

Then click “Apply”.

Configuration-‐-‐-‐>IPSec-‐-‐-‐>IPSec Tunnel

Tick “Enable IPSec Tunnel1”


103 / 113




104 / 113


4.3.5

OPENVPN

Note: The following diagrams with red color numbers mean these are the matches between server and client, and

with the blue color number means it must be set locally for the tunnel.

OPENVPN_SERVER:

Configuration-‐-‐-‐>OpenVPN-‐-‐-‐>Server

Tick “Enable OpenVPN Server”.


105 / 113


The modifications will take effect after click “Apply-‐-‐>Save-‐-‐>Reboot”.

OPENVPN_CLIENT:

Configuration-‐-‐-‐>OpenVPN-‐-‐-‐>Client

Tick “Enable OpenVPN Client1”, and fill in the blank textbox


106 / 113




107 / 113


Chapter 5.

Introductions for CLI

5.1

What’s CLI and hierarchy level Mode

The R3G Industrial VPN Pro command-‐line interface (CLI) is a software interface providing another way to set the parameters of equipment from the console or through a telnet network connection. Before using them better a few of details will be introduced on four different CLI hierarchy level modes which have different access rights:

 User exec mode—The command prompt “>” shows you are in the user mode , in this mode user can only use some simple commands to see the current configuration and the status of the device, or enter the “ping” command to troubleshoot the network connectivity.

 Privileged exec mode—When you enter Privileged mode ,the prompt will change to “#” which user can do not only what is allowed in the user exec mode but also the new additions like importing and exporting for files , system log , debug and so on .

 Global configuration mode—The global configuration mode with prompt “<config>#” allows user to add, set,modify and delete current configuration .

 Interface mode—Prompt “<config-‐xx>” means in this mode we can set both IP address and mtu for this interface.

Following is a relationship diagram about how to access or quit among the different modes:

USER EXEC MODE:

3G Industrial VPN Pro Configure Environment

Username: admin

Password: *****

3G Industrial VPN Pro> ? //check what commands can be used in

user exec mode

enable Turn on privileged commands

exit Exit from current mode

ping Ping test

reload Halt and perform a cold restart telnet Startup a telnet client shell

tracert Tracert test

show Show running system information


108 / 113


PRIVILEDGED EXEC MODE:

3G Industrial VPN Pro> enable

Password: ***** //type “admin”

3G Industrial VPN Pro# ? //check what commands can be used in

Privileged exec mode

debug Debug configure information

enable Turn on privileged commands


export Export file using tftp

syslog Export system log

import Import file using tftp

load Load configure information

ping Ping test

reload Halt and perform a cold restart telnet Startup a telnet client shell

module-‐at module at test

sniffer catch network traffic


write Write running configuration

wpadebug set wpa_supplicant debug level


write Write running configuration

tftp Copy from tftp: file system

show Show running system information

configure Enter configuration mode

end Exit to Normal mode

GLOBAL CONFIGURATION MODE:

3G Industrial VPN Pro# configure

3G Industrial VPN Pro(config)# ? //check what commands can be used in

global configuration mode



interface Configure an interface

set Set system parameters

add Add system parameters list

modify Modify system parameters list


109 / 113


delete Delete system parameters list

INTERFACE MODE:

3G Industrial VPN Pro(config)# interface Ethernet 0

3G Industrial VPN Pro(config-‐e0)# ? //check what commands can be used in

interface mode



ip Set the IP address of an interface

mtu Set the IP address of an interface

5.2

How to configure the CLI

Following is a list about the description of help and the error should be encountered in the configuring program.

Commands /tips Description

?

Typing a question mark “?” will show you the help information.

Ctrl+c

Press these two keys at the same time, except its “copy” function but also can be used for “break” out of the setting program.

Parameters “xxx” are not supported by the system, in this case, enter a mark

“?” instead of “xxx” will help to find out the correct parameters about this Invalid command “xxx”

Incomplete command issue.

Command is not incomplete.

% Invalid input detected at '^' marker '^' marker indicates the location where the error is.

Note : Most of the parameters setting are in the Global configuration mode . Commands set , add are very important

for this mode. If some parameters can’t be found in the Global configuration mode, please move back to Privileged exec mode or move up to Interface mode .

Note: Knowing the

CLI hierarchy level modes is necessary before configuring the CLI. If not, please go back and read it quickly in chapter 5.

5.2.1 Quick Start with configuration examples

The best and quickest way to master CLI is firstly to view all features from the webpage and then reading all CLI commands at a time, finally learn to configure it with some reference examples .

Example 1: Show current version

3G Industrial VPN Pro> show version

software version : 1.01.01-‐sub-‐131211 Dec 11 2013 18:58:20

kernel version : v2.6.39-‐5 PREEMPT Mon Dec 9 09:49:58 HKT 2013

hardware version : 1.00.03


110 / 113


Example 2: Update firmware via tftp


Password: *****

3G Industrial VPN Pro#

3G Industrial VPN Pro# tftp 172.16.3.3 get rootfs R3k.1.01.01-‐sub-‐131211.01.fs

Tftp transfering tftp succeeded!downloaded

3G Industrial VPN Pro# write //save current configuration

Building configuration...

OK

3G Industrial VPN Pro#reload

!Reboot the system?'yes'or 'no':yes //reload to take effect

Example 3: Set IP address for Eth0


Password: *****

3G Industrial VPN Pro # configure

3G Industrial VPN Pro (config) # set eth0 ethernet interface type: LAN

-‐>IP address [192.168.0.1]:172.16.1.231 //set IP address for eth0

-‐>Netmask [255.255.255.0]:255.255.0.0

-‐>mtu value (1024-‐1500)[1500]: this parameter will be take effect when reboot! really want to modify[yes]:

3G Industrial VPN Pro (config) # end



OK

3G Industrial VPN Pro # reload

! Reboot the system? 'yes' or 'no': yes //reload to take effect

Example 4: CLI for Cellular dialup


Password: *****

3G Industrial VPN Pro# configure

3G Industrial VPN Pro (config) # set cellular

1. set SIM_1 parameters

2. set SIM_2 parameters


111 / 113


-‐>please select mode (1-‐2)[1]:

SIM 1 parameters: network provider

1. Auto

2. Custom

3. china-‐mobile

-‐>please select mode(1-‐3)[1]:

-‐>dial out using numbers[]:

PIN mode:

1. input only

2. PIN locked

3. PIN unlocked


-‐>pin code[]:

-‐>PUK[]: connection Mode:

1. Always online

2. Connect on demand


-‐>redial interval(1-‐120)[30]:

-‐>max connect try(1-‐60)[3]:

-‐>ICMP detection primary server[8.8.8.8]:

-‐>ICMP detection second server[8.8.4.4]:

-‐>ICMP detection interval(1-‐1800)[30]:

-‐>ICMP detection timeout(1-‐10)[3]:

-‐>ICMP detection retries(1-‐20)[3]:

-‐>reset the interface?'yes'or'no'[yes]: main SIM select:

1. Auto

2. SIM_1

3. SIM_2


-‐>when connect fail?'yes'or'no'[yes]:

-‐>when ICMP Detection fails fails?'yes'or'no'[no]:

-‐>when roaming is detected?'yes'or'no'[no]:

-‐>month date limitation?'yes'or'no'[no]:

-‐>Call back Main SIM card after timeout?'yes'or'no'[no]:

-‐>show advanced options?'yes'or'no'[no]: this parameter will be take effect when reboot! really want to modify[yes]:3G Industrial VPN Pro(config)# end




112 / 113


OK

3G Industrial VPN Pro# show cellular

******************************************************************************

Cellular enable : yes

1. show SIM_1 parameters

2. show SIM_2 parameters


SIM 1 parameters:

network provider : Auto

dial numbers :

pin code : NULL

connection Mode : Always online

redial interval : 30 seconds

max connect try : 3

ICMP primary server : 8.8.8.8

ICMP second server : 8.8.4.4

ICMP detection interval : 30 seconds

ICMP detection timeout : 3 seconds

ICMP detection retries : 3

reset the interface : yes

main SIM select : SIM_1

when connect fail : yes

when roaming is detected : no

month date limitation : no

SIM phone number :

network select Type : Auto

authentication type : AUTO

mtu value : 1500

mru value : 1500

asyncmap value : 0xffffffff

use peer DNS : yes

primary DNS : 0.0.0.0

secondary DNS : 0.0.0.0

address/control compressio: yes

protocol field compression: yes

expert options : noccp nobsdcomp

******************************************************************************

3G Industrial VPN Pro# reload

!Reboot the system ?'yes'or 'no':yes //reload to take effect


113 / 113

Show

Set

Add commands

Debug

Export

Import

Syslog

Load

Write tftp


5.3

Commands reference

syntax

Debug parameters

Export parameters

Import parameters syslog

Load default

Write

Tftp IP-‐address get {cfg|rootfs} file-‐name description

Turn on or turn off debug function

Export vpn ca certificates

Import vpn ca cerfiticates

Export log information to tftp server

Restores default values

Save current configuration parameters

Import configuration file or update firmware via tftp

Show parameters

Set parameters

Add parameters

Show current configuration of each function , if we need to see all please using “show running ”

All the function parameters are set by commands set and add, the difference is that set is for the single parameter and add is for the list parameter


114 / 113


CERTIFICATE OF WARRANTY

Dear Customer,

We are pleased to inform you that a EU directive concerning the sale and the warranty of consumer goods has been implemented in the

Italian constitution through the Law Decree n. 24 of 2nd February 2002.

This directive distinguishes between consumption goods for exclusive use in private environment and the ones used in professional environment.

In particular the new regulation is applied only to the consumption goods for private use so that consumption goods used in the own professional or business activity will be guaranteed according to the legal regulation on the sale considered by the civic code.

In both cases Digicom, considering the quality of its own products, applies a period of warranty of 24 months.

In order to distinguish the type of use, the till receipt will be used as evidence of exclusive private use, while in case of purchase with invoice the warranty will be executed according to regulations considered by professional or business use.

A) Management of warranty with till receipt (Consumer)

Given that the Directive 1999/44/CE represents the achievement of a high protection level of the consumer, the decree regulates some aspects concerning the sale contract between Consumer and Seller as well as the warranties concerning the consumption goods object of the sale.

For the Law Decree:

-‐ the Consumer is any physical person that buys consumption goods to be used exclusively in private environment and then outside the own professional or business activity;

-‐ the Seller is any physical or legal, public or private person that uses one of the above mentioned contracts in its own business or professional activity

-‐ the consumption good is any movable asset with the express exclusion of forced sale assets; water and gas when not packaged for sale in a limited volume or set quantity.

The Consumer has legal rights according to applicable national legislation governing the sale of consumption goods. The guarantee does not

affect those rights.

The warranty is valid in all the Member States of the European Union.

Under the new law, any claim under warranty from the Consumer must be advanced to the dealer and/or to the point of sale where the product has been purchased.

B) Management of warranty with invoice (Professional use)

The warranty of Digicom products purchased with invoice (professional use) must be asked directly to the Reseller/Company or to the

Distributor where the products has been purchased.


115 / 113


For any request of technical assistance and in order to integrate the information contained in the User’s Manual of the product you purchased and to offer you a better service, we recommend you to visit the "SUPPORT" area of our website at http://www.digicom.it

where

you will find many information and suggestions useful for the configuration, the upgrade, eventual new configurations (always evolving) of the products and the resolution the most common problems.

Furthermore manuals, drivers and firmware upgrades are available on Digicom website.

WARRANTY CLAUSES

• The product is under warranty for a period of 24 (twenty-‐four) months from the date of purchase.

Digicom undertakes to remedy any defects, lack of quality or non-‐conformity of the product as stated in the sale contract (and generally in the information on the products) with the repair or the replacement of the product without charging any expense for the labor and for the material.

• The warranty is effective only in case the request for repair under warranty comes with the valid proof of the purchase (receipt or invoice).

The broken product must be delivered in the original package with all the accessories.

• The serial number on the product must not be cancelled or erased in any way; failing this condition the purchaser’s right to claim for the warranty will be forfeited.

• The warranty is not applicable in case of damages caused by negligence, improper installation/use/care, tampering, modifications of the product or of the serial number, damages due to accidental causes or to the negligence of the customer, particularly referred to the external parts.

Furthermore the warranty is not applicable in case of fault due to wrong connections (i.e. a voltage different from the one indicated on the product) or due to a sudden change in the network voltage to which the product is connected, as well as in case of fault caused by infiltration of liquids, fire, inductive/electrostatic discharges or discharges caused by lightnings, overvoltage or other phenomenon not depending on the device.

• The parts of the product subject to wear and tear are not covered by the warranty, like the battery when supplied, the connection cables, the connectors, the external parts and the plastic support, unless they present a factory defect.

• Periodical controls, software updates, settings and maintenance are not under warranty.

• When the warranty period expires, the replaced parts, the expenses for labor and transportation will be invoiced according to the current rates.

• The warranty of Digicom products must be required directly to the Reseller/Company or to the Distributor where the product has been purchase d.


116 / 113

Digicom S.p.A.

Italy - Via Alessandro Volta 39

21010 Cardano al Campo -VA

Tel +39/0331/702611 Fax +39/0331/263733

http://www.digicom.it

Digicom 8E4571 3G Industrial Router VPN Pro User's Guide

Dual SIM

Industrial Cellular

VPN Router for GPRS/EDGE/UMTS/HSPA Networks

8E4571 _ 3G Industrial Router VPN Pro

User’s Guide

Contents

Chapter 1.

Product Concept

1.1

Overview

1.2

Packing List

1.3

Specifications

1.4

Dimensions

1.5

Selection and Ordering Data

Chapter 2.

Installation

2.1

LED Indicators

2.2

PIN assignment

2.3

USB interface

2.4

Reset Button

2.5

Ethernet port

Speed indicator

Link indicator

2.6

Mounting the Router

2.7

Install the SIM Card

2.8

Connect the External Antenna (SMA Type)

Chapter 3.

Configuration settings over web browser

3.1

Configuring PC in Windows

3.2

Factory Default Settings

3.3

Control Panel

3.4

Status -­‐> System

3.5

Status -­‐> Network

3.6

Status -­‐> Route

3.7

Status -­‐> VPN

3.8

Status -­‐> Services

3.9

Status -­‐> Event/Log

3.10

Configuration -­‐> Cellular WAN

3.11

Configuration -­‐> Ethernet

3.12

Configuration -­‐> Serial

3.13

Configuration -­‐> USB

3.14

Configuration -­‐> NAT/DMZ

3.15

Configuration -­‐> Firewall

3.16

Configuration -­‐> QoS

3.17

Configuration -­‐> IP Routing

3.18

Configuration -­‐> DynDNS

3.19

Configuration -­‐> IPSec

3.20

Status -‐> System

Status -‐> Network

Status -‐> Route

Status -‐> VPN

Status -‐> Services

Status -‐> Event/Log

Configuration -‐> Cellular WAN

Configuration -‐> Ethernet

Configuration -‐> Serial

Configuration -‐> USB

Configuration -‐> NAT/DMZ

Configuration -‐> Firewall

Configuration -‐> QoS

Configuration -‐> IP Routing

Configuration -‐> DynDNS

Configuration -‐> IPSec

Configuration -‐> Open VPN

Configuration -‐> GRE

Configuration -‐> L2TP

Configuration -‐> PPTP

Configuration -‐> SNMP

Configuration -‐> VRRP

Configuration -‐> IP Passthrough

Configuration -‐> AT over IP

Configuration -‐> Phone Book

Configuration -‐> SMS

Configuration -‐> Reboot

Configuration -‐> RobustLink

Configuration -‐> Syslog

Configuration -‐> Event

Configuration -‐> USR LED

Administration -‐> Profile

Administration -‐> Tools

Administration -‐> Clock

Administration -‐> Web Server

Administration -‐> User Management

Administration -‐> Update Firmware

Cellular Dial-‐Up

Configuration-‐-‐-‐>NAT/DMZ-‐-‐-‐>Port Forwarding

Configuration-‐-‐-‐>L2TP-‐-‐-‐>L2TP Server