LIST OF FIGURES .................................................................................................................................................... 5
LIST OF TABLES ...................................................................................................................................................... 8
DESCRIPTION OF THE GPRS/EDGE/HSPA ROUTER SERIES ...................................................................... 9
Front panel ....................................................................................................................................................... 17
Back panel ........................................................................................................................................................ 17
Top Panel ......................................................................................................................................................... 18
PUTTING INTO OPERATION ........................................................................................................................ 19
TURN LOGGING ON .................................................................................................................................... 21
DEVICE CONFIGURATION USING WEB APPLICATION ............................................................................. 22
ADD/REMOVE/UPDATE MANIPULATION IN TABLES ....................................................................................... 22
STATUS INFORMATION .............................................................................................................................. 23
Status – General .............................................................................................................................................. 23
Status – LAN Port Information ..................................................................................................................... 23
Status – DHCP ................................................................................................................................................. 24
Status- WAN Information* ............................................................................................................................ 24
Status- ADSL Information ............................................................................................................................. 25
Status – Mobile Information .......................................................................................................................... 26
Status – Wireless Information ....................................................................................................................... 27
Status – Firewall .............................................................................................................................................. 27
Status –Router Monitoring ............................................................................................................................ 27
Port forwarding ............................................................................................................................................... 39
Settings – Demilitarized Zone (DMZ) .......................................................................................................... 40
Routing Information Protocol (RIP) ............................................................................................................. 40
RIP routing engine for the GWR Router........................................................................................................................ 41
GRE Keep alive ............................................................................................................................................................... 45
Internet Protocol Security (IPSec) ................................................................................................................. 46
Figure 6 – User authentication ..................................................................................................................................... 22
Figure 7 – General router information ........................................................................................................................ 23
Figure 8 – LAN Port Information ................................................................................................................................ 24
Figure 9 – DHCP Information ...................................................................................................................................... 24
Figure 10– WAN Port Information ............................................................................................................................. 25
Figure 11– ADSL Port Information ............................................................................................................................. 26
Figure 12– Mobile Information .................................................................................................................................... 26
Figure 13– Wireless Information ................................................................................................................................. 27
Figure 14– Firewall Information .................................................................................................................................. 27
Figure 17– WAN Ports .................................................................................................................................................. 29
Figure 18– LAN Port configuration page ................................................................................................................... 30
Figure 19– DHCP Server configuration page ............................................................................................................ 32
Figure 20– Mobile Settings configuration page ......................................................................................................... 33
Figure 21– ADSL Port Settings .................................................................................................................................... 36
Figure 41– Serial Port Settings initial menu ............................................................................................................... 63
Figure 42– Serial Port configuration page .................................................................................................................. 65
Figure 65– GWR Router as Internet router ................................................................................................................ 85
Figure 66– GRE tunnel between two GWR Routers ................................................................................................. 86
Figure 73– GRE tunnel between Cisco router and GWR Router ............................................................................ 90
Figure 74– LAN Port configuration page ................................................................................................................... 91
Figure 75– GRE configuration page ............................................................................................................................ 92
Figure 119– Policies from untrust to trust zone ...................................................................................................... 122
Figure 120– Policies from trust to untrust zone ...................................................................................................... 123
Figure 125 – OpenVPN status on PC ........................................................................................................................ 127
Figure 126– OpenVPN status on GWR ..................................................................................................................... 127
Figure 127– Portforwarding example ....................................................................................................................... 128
Figure 128– GWR port forwarding configuration .................................................................................................. 129
Figure 129– Transparent serial connection .............................................................................................................. 129
Figure 130– GWR Serial port settings ....................................................................................................................... 130
Figure 131– GWR settings for Serial-to-IP conversion ........................................................................................... 130
Figure 132- Virtual COM port application ............................................................................................................... 131
Figure 133– Settings for virtual COM port .............................................................................................................. 132
Figure 134– Firewall example .................................................................................................................................... 134
Figure 135– Initial firewall configuration on GWR ................................................................................................ 134
Figure 136– Filtering of Telnet traffic ....................................................................................................................... 135
Figure 137– Filtering of ICMP traffic ........................................................................................................................ 136
Figure 140– Allowing WEB access ............................................................................................................................ 138
Figure 141– Outbound rule for WEB access ............................................................................................................ 139
GWR routers represent a robust solution designed to provide remote connectivity across cellular
networks. Low transmission delay and very high data rates offered by existing cellular networks completely
eliminate the need for expensive wired infrastructure. GWR series brings scalability of even most
demanding corporate networks on highest possible level. Installing a reliable, high performance backup
solution for existing land lines or satellite networks is now a simple task thanks to modern cellular
networks. Therefore, no matter if the goal is to provide primary internet access or backup solution for
already existing network GWR router series represents a top rated solution.
Figure 1 – GWR High Speed Cellular Router Series
There are practically no limits when it comes to possible application of GWR routers. Wired
infrastructure is no longer necessary for building scalable and high performance systems. GWR routers will
reduce the costs and speed up the ROI process for each one of possible applications. The list of most
common GWR router applications is presented bellow.
GWR High Speed Cellular Router Series
User Manual
10
Typical application
Data collection and system supervision
• Extra–high voltage equipment monitoring
• Running water, gas pipe line supervision
• Centralized heating system supervision
• Environment protection data collection
• Flood control data collection
• Alert system supervision
• Weather station data collection
• Power Grid
• Oilfield
• Light Supervision
• Solar PV Power Solutions
Financial and department store
• Connection of ATM machines to central site
• Vehicle based bank service
• POS
• Vending machine
• Bank office supervision
Security
• Traffic control
• Video Surveillance Solutions
Other
• Remote Office Solution
• Remote Access Solution
There are numerous variations of each and every one of above listed applications. Therefore
GENEKO formed highly dedicated, top rated support team that can help you analyze your requirements
and existing system, chose the right topology for your new system, perform initial configuration and tests
and monitor the complete system after installation. Enhance your system performance and speed up the
ROI with high quality cellular routers and all relevant knowledge of GWR support team behind you.
GWR High Speed Cellular Router Series
User Manual
11
Wireless Interfaces – WWAN Sierra Wireless
MC7710 or MC7304 (available on 4G models)
LTE
DD800/900/1800/2100/2600 MHz
Transfer rate (max): 100 Mbps down, 50 Mbps up
UMTS/HSPA+/DCHSPA+
900/2100MHz
Transfer rate (max): 21.1 Mbps down, 5.76 Mbps up
GSM/GPRS/EDGE
900/1800/1900 MHz
Transfer rate (max): 236.8 Kbps down, 236.8 Kbps up
Connector
2 x 50 Ω SMA (Center pin: female)
SIM Slots
2 x Push-Push
Wireless Interfaces – WWAN Huawei ME909u-521
(available on 4G models)
LTE
800/850/900/1800/1900/2100/2600 MHz
Transfer rate (max): 100 Mbps down, 50 Mbps up
UMTS/HSPA+/DC-HSPA+
850/900/1900/2100 MHz
Transfer rate (max): 42 Mbps down, 5.76 Mbps up
GSM/GPRS/EDGE
850/900/1800/1900 MHz
Transfer rate (max): 236.8 Kbps down, 236.8 Kbps up
Connector
2 x 50 Ω SMA (Center pin: female)
SIM Slots
2 x Push-Push
Wireless Interfaces – WWAN Huawei MU609
(available on 3G models)
UMTS/HSPA+
850/900/1900/2100 MHz
Transfer rate (max): 14.4 Mbps down, 5.76 Mbps up
GSM/GPRS/EDGE
850/900/1800/1900 MHz
Transfer rate (max): 236.8 Kbps down, 236.8 Kbps up
Connector
2 x 50 Ω SMA (Center pin: female)
SIM Slots
2 x Push-Push
Wireless Interfaces – Wi-Fi (available on Wi-Fi
models)
Standard
802.11b/g/n
Technical Parameters
GWR High Speed Cellular Router Series
User Manual
12
Modes
Access point, Client
Transmit Power
18.1 dBm max
Receive Sensitivity
54 Mbps / -75.7 dBm and 11 Mbps / -88.7 dBm
Security
64/128/256-bit WEP, TKIP or AES keys; WPA and WPA2
Connector
1 x 50 Ω RP-SMA (Center pin: male)
Wired Interfaces – DSL (available on ADSL models)
Technology
ADSL2+ Annex A (ADSL over POTS) or Annex B (ADSL
over ISDN)
Present SIM’s, active SIM, GSM provider, SMS available,
roaming, signal strength, GSM technology, interfaces,
uptime, IP addresses, firmware version
LCD navigation
One button used to select interface for which IP is
displayed
Device reset
One reset button, also used for reset-to-factory-settings
LED’s
Link/Activity LED’s on Ethernet connectors
Power
Input
12 VDC, 2A
Consumption
tbd
Connector
Barrel connector
DC Power Cord
Barrel connector to bare wire
AC Power Supply
100-240 VAC 50/60 Hz; Option of standard temperature
or extended temperature
Physical
Dimensions (L x W x H)
160 mm x 100 mm x 31.5 mm (L x W x H)
Weight
up to 0.6 kg depending on a model
Material
Plastic coated 0.8 mm steel sheet
Mounting
Desktop, DIN rail sold separately
Environmental
Operating Temperature
-20° C to +70° C
Storage Temperature
-40° C to +85° C
Relative Humidity
5% to 95% (non-condensing)
IP rating
IP30
Ethernet Isolation
1.5 kV RMS
Serial Port Protection (ESD)
15 kV
GWR High Speed Cellular Router Series
User Manual
14
Approvals
Safety
EN 60950-1:2006 + A1:2010 + A2:2013 + A11:2009 +
A12:2011
EMC
EN 301 489-1 V1.9.2, EN 301 489-7 V1.3.1, EN 301 489-17
V2.1.1, EN 301 489-24 V1.5.1
Radio Spectrum
EN 301 511 v9.0.2, EN 301 908-2 v5.2.1, EN 301 908-13
v5.2.1, EN 300 328 v1.8.1
Features
Short description
Network
Routing
Static
DHCP Server:
Static lease reservation
Address exclusions
DHCP Server support.
RIP
The Routing Information Protocol is a dynamic routing protocol
used in local and wide area networks.
VRRP
VRRP is a protocol which elects a master server on a LAN and
the master answers to a 'virtual ip address'. If it fails, a backup
server takes over the ip address.
Port forwarding, NAT
IP, TCP, UDP packets from WAN to LAN.
DMZ support
DMZ (Demilitarized zone) host is a host on the internal network
that has all ports exposed, except those ports otherwise
forwarded.
SNMP v1,2c
Simple Network Management Protocol is used in network
management systems to monitor network–attached devices for
conditions that warrant administrative attention.
NTP(RFC1305)
The Network Time Protocol is a protocol for synchronizing the
clocks of router.
DynDNS
Client for various dynamic DNS services. This is a small utility
for updating your host name for the any of the dynamic DNS
service offered at: http://www.ez–ip.net,
http://www.justlinux.com, http://www.dhs.org,
http://www.dyndns.org, http://www.ods.org,
http://www.dyn.ca, http://www.tzo.com,
http://www.easydns.com, http://www.dyns.cx,
http://www.zoneedit.com, http://www.no–ip.com.
Firewall:
IP filtering
MAC filtering
IP address / Network filtering
Serial over TCP/UDP
Serial to Ethernet converter
Modbus serial/IP gateway
The serial server will perform conversion from Modbus/TCP to
Modbus/RTU, allowing polling by a Modbus/TCP master. The
Modbus IP–Serial Gateway carries out translation between
Modbus/TCP and Modbus/RTU. This means that Modbus
serial slaves can be directly attached to the unit's serial ports
without any external protocol converters.
Protocols and features
Table 1 – Technical parameters
GWR High Speed Cellular Router Series
User Manual
15
VPN
GRE
GRE (Generic Routing Encapsulation) is a tunneling protocol that
can encapsulate a wide variety of network layer protocol packet
types inside IP tunnels.
GRE keepalive
Keepalive for GRE tunnels,
Cisco compliant.
GRE – max. number of tunnels
15
IPSec pass–through
ESP tunnels.
IPsec
IPsec (Internet Protocol Security) is a suite of protocols for
securing IP communications by authenticating and encrypting
each IP packet of a data stream.
Data integrity
HMAC–MD5, SHA–1,
Authentication and key management.
Encryption
3DES, AES (128/192/256), SERPENT(128/192/256),
TWOFISH(128/256), BLOWFISH(128/192/256)
IPSec keepalive
Keepalive messages for IPSec tunnel state detecting.
IPSec IKE failover
Defines number of failed IKE negotiation attempts before
failover.
IPSec tunnel failover
Switches to another provider when tunnel performance is bad or
one provider is unavailable.
IPSec – max. number of tunnels
15
OpenVPN
OpenVPN site to site graphical user interface (GUI)
implementation allows connecting two remote networks via
point–to–point encrypted tunnel. OpenVPN implementation
offers a cost–effective simply configurable alternative to other
VPN technologies.
OpenVPN – max. number of tunnels
15
PPTP
The Geneko Router can be used as a PTPP (Point-to-Point
Tunneling Protocol) client. PPTP uses a control channel over
TCP and a GRE tunnel operating to encapsulate PPP packets.
PPTP – max. number of tunnels
5
L2TP
The Geneko Router can be used as a L2TP peer. L2TP is suitable
for Layer-2 tunneling. Static tunnels are useful to establish
network links across IP networks when the tunnels are fixed.
L2TP tunnels can carry data of more than one session. Each
session is identified by a session id and its parent tunnel's tunnel
id. A tunnel must be created before a session can be created in
the tunnel.
L2TP – max. number of tunnels
5
GSM/UMTS features
Dual SIM support
For operator backup.
SIM card detection
Status of active SIM card.
SIM PIN locking
Enable locking of SIM card with PIN code.
SIM Failover
Automatic change of SIM card after defined number of failed
attempts.
Roaming protection
By enabling this option router will be able to connect to roaming
network.
Reset Location information
By enabling this option router will erase LOCI Elementary File
in SIM card. This will cause SIM card to scan all available
networks when registering.
Advanced CHAT script settings
Advanced chat settings for ppp connection.
Auto–reconnect or manual
Selection between automatic and manual re–connection.
GWR High Speed Cellular Router Series
User Manual
16
GSM/UMTS keepalive
This menu provides a choice between two possible keepalive
actions in case maximum number of failed packets is exceeded.
If Switch SIM option is selected router will try to establish the
connection using the other SIM card after the maximum number
of failed packets is exceeded. If Current SIM option is selected
router will only restart the PPP connection
Management
User–friendly WEB GUI
HTTP based.
CLI:
SSH
telnet
serial
Remote management over SSH.
Remote management over Telnet.
Traffic and event log
Log tracing.
Maintenance
Diagnostics
Ping utility.
Authentication
Used for activating and deactivating device access system
through Username and Password mechanism.
Date/Time Settings
Current Date and Time
Date and Time Setup:
Manually
Automatically
Device Identity Settings
There is an option to define name, location of device and
description of device function. These data are kept in device
permanent memory.
Settings backup
Export of configuration.
Factory default settings
External taster and configuration application.
Table 2 – GWR Router software features
GWR High Speed Cellular Router Series
User Manual
17
Product Overview
Front panel
On the front panel (Error! Reference source not found.) the following connectors are located:
One or four RJ45 connector(s) – Ethernet port for connection into local computer network
One RJ45 connector for RS232 serial communication (ADSL or WAN)
Power supply connector
Ethernet connector LED:
ACT (yellow) on – Network traffic detected (off when no traffic detected),
Network Link (green LED) on – Ethernet activity or access point engaged.
Figure 2 – GWR Router front panel
Back panel
On the back panel of device (Error! Reference source not found.and Figure 4) the following connectors are
located:
Slot for SIM cards (SIM1 and SIM2)
SMA connector for connection of the GSM/UMTS/LTE antennas ( main, WI-FI, AUX)
Reset button,
One USB connector,
one RJ45 connector for RS232 serial communication
Display button
Figure 3– GWR Router back panel
GWR High Speed Cellular Router Series
User Manual
18
The Display button can be used to see current firmware version or current ip address on the screen.
The Reset button can be used for a warm reset or a reset to factory defaults.
Warm reset: If the GWR Router is having problem connecting to the Internet, press and hold the
reset button for a second using the tip of a pen.
Reset to Factory Defaults: To restore the default settings of the GWR Router, hold the RESET button
pressed for a few seconds. Restoration of the default configuration will be signaled by writing messages on
the display and changing network status. This will restore the factory defaults and clear all custom settings
of the GWR Router. You can also reset the GWR Router to factory defaults using the Maintenance > Default
Settings screen.
Top Panel
Figure 4 – GWR Router top panel
On the GWR Router top panel is display, where we can read off Present SIM’s, active SIM, GSM
provider, SMS available, roaming, signal strength, GSM technology, interfaces, uptime, IP
addresses, firmware version.
GWR High Speed Cellular Router Series
User Manual
19
Putting Into Operation
Before putting the GWR Router in operation it is necessary to connect all components needed for the
operation:
GSM/UMTS/LTE antenna,
Ethernet cable and
SIM card must be inserted.
And finally, device should have powered up using power supply adapter.
Power consumption of GWR router is 2W in standby and 3W in burst mode.
SIM card must not be changed, installed or taken out while device operates. This procedure is
performed when power supply is not connected.
Device Configuration
There are two methods which can be used to configure the GWR Router. Administrator can use
following methods to access router:
Web browser,
Command line interface.
Default access method is by web interface. This method provides administrator full set of privileges
for configuring and monitoring the router. Configuration, administration and monitoring of the GWR
Router can be performed through the web interface. The default IP address of the router is 192.168.1.1.
Another method is by command line interface. This method has limited options for configuring the GWR
Router but still represents a very powerful tool when it comes to router setup and monitoring. Another
document deals with CLI commands and instructions.
Quick start
INSERTING SIM CARDS
Warning: do not insert or eject SIM cards while router is powered on. Make sure to disconnect router from
AC/DC adapter before inserting or ejecting SIM cards.
* Put the SIM CARD 1 in SIM CARD 1 HOLDER .
*When you want to remove SIM CARD from the SIM CARD HOLDER, press SIM CARD first to get out
from the HOLDER, then you can get it.
* Repeat these steps for second SIM, if needed.
GWR High Speed Cellular Router Series
User Manual
20
Figure 5 – Inserting SIM card
CONNECTING ROUTER
Warning: Use only the router’s box power supply.
* Connect antennas to router. Make sure to tighten antennas so that they are not loose.
* Plug AC/DC adapter cable into POWER CONNECTOR on your router.
* Plug AC/DC adapter into wall power socket.
* Display will turn on.
* Wait approximately 43-45 seconds for router to become fully operational.
* Plug one side of ETHERNET CABLE to ETHERNET CONNECTOR on a router.
* Plug other side of ETHERNET CABLE to Ethernet port on your computer.
*You will see on the screen if SIM card is present, cellular network types, signal level, current firmware
version (or IP address), uptime, number of LAN ports.
ADMINISTRATION WEB PAGE
* Add network 192.168.1.0/24 to the interface on your PC
* Optional: Ping 192.168.1.1 to check is the GWR router reachable
* Open your Web browser (e.g. Firefox, Chrome, Safari, Opera, or Internet Explorer) and open following
address: http://192.168.1.1
* When prompted for your login credentials, use "admin" (without quotes) for both username and
password.
* After logging in you should be able to see administration web page, which allows you to easily setup the
router.
GWR High Speed Cellular Router Series
User Manual
21
QUICK SETUP
* Once logged in to administration web page, click on SETTINGS ->MOBILE SETTINGS link from the menu
on the left side of the screen.
*If SIM card is present, ENABLED check box will be checked. Otherwise, you need to insert SIM card as
explained in "Inserting SIM cards" chapter.
* Your GSM operator should provide you with PROVIDER, USERNAME (optional), PASSWORD (optional),
APN and PIN (optional) information. Make sure you enter this into corresponding fields, and then click on
SAVE button.
* After a few minutes when your GWR router is connected, connection status will be accomplished.
* Click on SETTINGS -> ETHERNET SETTINGS ->LAN PORTS link from the menu on the left side of the
screen
* Set IP Address and Subnet Mask and click on SAVE button
* Add a new network to the interface on your PC
* Ping new IP address
* When the GWR router is accessible, insert new IP address in a Web browser
* Click on MAINTENANCE » DATE/TIME SETTINGS link from the menu on the left side of the screen.
* Click on SYNC CLOCK button. GWR Router will sync DATE and TIME fields with your computer's
current date and time. Now click on SAVE button.
TURN LOGGING ON
When troubleshooting router make sure logs are turned on.
You should send logs to Geneko when submitting support request.
* Click on MANAGEMENT -> LOGS link from the menu on the left side of the screen.
* Click on LOCAL SYSLOG radio button, and then click on SAVE button.
* Set appropriate log size and click on SAVE button.
* Log is now available for download from router to your computer when you click on EXPORT LOG button.
GWR High Speed Cellular Router Series
User Manual
22
Device configuration using web application
The GWR Router’s web–based utility allows you to set up the Router and perform advanced
configuration and troubleshooting. This chapter will explain all of the functions in this utility.
For local access to the GWR Router’s web–based utility, launch your web browser, and enter the
Router’s default IP address, 192.168.1.1, in the address field. A login screen prompts you for your Username
and Password. Default administration credentials are admin/admin.
If you want to use web interface for router administration please enter IP address of router into web
browser. Please disable Proxy server in web browser before proceed.
Figure 6 – User authentication
After successfully finished process of authentication of Username/Password you can access Main Configuration Menu.
You can set all parameters of the GWR Router using web application. All functionalities and
parameters are organized within few main tabs (windows).
Add/Remove/Update manipulation in tables
To Add a new row (new rule or new parameter) in the table please do following:
Enter data in fields at the bottom row of the table (separated with a line).
After entering data in all fields click Add link.
To Update the row in the table:
Change data directly in fields you want to change.
To Remove the row from the table:
Click Remove link to remove selected row from the table.
Save/Reload changes
To save all the changes in the form press Save button. By clicking Save data are checked for validity. If they
are not valid, error message will be displayed. To discard changes press the Reload button. By clicking
Reload, previous settings will be loaded in the form.
GWR High Speed Cellular Router Series
User Manual
23
Status Information
The GWR Router’s Status menu provides general information about router as well as real–time
network information. Status information is divided into following categories:
General Information
Lan Port Information
DHCP
WAN Information* or ADSL Information
Mobile
Wireless
Firewall
Routes
Router Monitoring
General Information Tab provides general information about device type, device firmware version,
kernel version, CPU vendor, Uptime since last reboot, hardware resources utilization and MAC address of
LAN port. Screenshot of General Router information is shown at Figure 7. Data in Status menu are read only
and cannot be changed by user. If you want to refresh screen data press Refresh button.
SIM Card detection is performed only at time booting the system, and you can see the status of SIM
slot by checking the Enable SIM Card Detection option.
Figure 7 – General router information
Status – LAN Port Information
Lan Port Information Tab provides information about Ethernet port and Ethernet traffic statistics .
Screenshot of Lan Port Information is shown in Figure 8.
GWR High Speed Cellular Router Series
User Manual
24
Figure 8 – LAN Port Information
Status – DHCP
DHCP Information Tab provides information about DHCP clients with IP addresses gained from
DHCP server, MAC addresses, expiration period, and lease status.
Figure 9 – DHCP Information
Status- WAN Information*
WAN Port Information Tab provides information about WAN port and WAN traffic statistics ( IP address,
netmask, Broadcast address, Gateway, WAN traffic statistics (in bytes) etc.) Screenshot of WAN Port
Information is shown in Figure 8
GWR High Speed Cellular Router Series
User Manual
25
Figure 10– WAN Port Information
Status- ADSL Information
ADSL Port Information Tab provides IP status information about interface, WAN address, primary DNS
address, DSL information about upstream speed and downstream speed and Line information. Line
information display ADSL line status, ADSL mode, upstream speed, downstream speed.
GWR High Speed Cellular Router Series
User Manual
26
Figure 11– ADSL Port Information
Status – Mobile Information
Mobile Information Tab provides information about GPRS/EDGE/HSPA/HSPA+/LTE connection
and traffic statistics. Mobile information menu has three submenus which provide information about:
GPRS/EDGE/HSPA/HSPA+/LTE mobile module(manufacturer and model),
Mobile operator and signal quality,
Mobile traffic statistics (in bytes)
Screenshot of Mobile information from the router is shown in Error! Reference source not found..
Figure 12– Mobile Information
As a primary and secondary DNS are always displayed DNS servers assigned by provider. They are
not necessarily used by the router. If Local DNS is configured it has priority to those DNS servers.
GWR High Speed Cellular Router Series
User Manual
27
Status – Wireless Information
Wireless Information Tab provides information about Interface Statistics, traffic statistics (in bytes), MAC
address, Access Point Status, DHCP/DNS Server status and NAT status. Screenshot of Wireless Information
from the router is shown in Error! Reference source not found..
Figure 13– Wireless Information
Status – Firewall
Firewall Information Tab provides information about active firewall rules divided in three groups:
INPUT, FORWARD and OUTPUT chain. Each of these groups has packet counter which can be cleared with
one of three displayed button: Reset INPUT, Reset FORWARD and Reset OUTPUT.
Figure 14– Firewall Information
Status –Router Monitoring
Router Monitoring tab provides Base information, LAN and Mobile real-time information LAN,
Mobile, Wireless statistics and information about Mobile Connection. You can activate Automatic refresh
after 5, 10, 15, 30 or 60 seconds.
GWR High Speed Cellular Router Series
User Manual
28
Figure 15– Router monitoring #1
Figure 16– Router monitoring #2
GWR High Speed Cellular Router Series
User Manual
29
WAN Port Parameters
Label
Description
Method
Choose Method Static, DHCP, PPoE
Metric
Choose metrics to make routing decisions.
IP Address
Type the IP address of your GWR Router in dotted decimal notation.
192.168.1.1 is the factory default IP address.
Subnet Mask
The subnet mask specifies the network number portion of an IP address. The
GWR Router support sub–netting. You must specified subnet mask for your
LAN TCP/IP settings.
Gateway
All incoming packets are forwarded to IP address defined in this field
Alias IP Address
Secondary IP address of the interface. It, also can be used for communication
on the WAN network.
Alias Subnet Mask
Secondary subnet mask of the interface.
Settings –WAN Port*
Click WAN Ports Tab, to open the WAN network screen. Use this screen to configure LAN TCP/IP
settings.
Figure 17– WAN Ports
Table 3 – WAN parameters
Settings – LAN Ports
Click LAN Ports Tab, to open the LAN network screen. Use this screen to configure LAN TCP/IP
settings.
GWR High Speed Cellular Router Series
User Manual
30
LAN Ports Parameters
Label
Description
Metric
Choose metrics to make routing decisions.
IP Address
Type the IP address of your GWR Router in dotted decimal notation.
192.168.1.1 is the factory default IP address.
Subnet Mask
The subnet mask specifies the network number portion of an IP address. The
GWR Router support sub–netting. You must specified subnet mask for your
LAN TCP/IP settings.
Gateway
All incoming packets are forwarded to IP address defined in this field
Alias IP Address
Secondary IP address of the interface. It, also can be used for communication
on the LAN network.
Alias Subnet Mask
Secondary subnet mask of the interface.
Primary DNS
IP address of your primary DNS server
Secondary DNS
IP address of your secondary DNS server
Reload
Click Reload to discard any changes and reload previous settings.
Save
Click Save button to save your changes back to the GWR Router. Whether you
make changes or not, router will reboot every time you click Save.
Table 4 – LAN parameters
In the Error! Reference source not found. you can see screenshot of LAN Ports configuration menu.
Figure 18– LAN Port configuration page
Settings – DHCP Server
The GWR Router can be used as a DHCP (Dynamic Host Configuration Protocol) server on your
network. A DHCP server automatically assigns available IP addresses to computers on your network. If you
choose to enable the DHCP server option, all of the computers on your LAN must be set to obtain an IP
address automatically from a DHCP server. (By default, Windows computers are set to obtain an IP
automatically.)
GWR High Speed Cellular Router Series
User Manual
31
DHCP Server Parameters
Label
Description
Enable DHCP Server
DHCP (Dynamic Host Configuration Protocol) allows individual clients
(workstations) to obtain TCP/IP configuration at startup from a server.
When configured as a server, the GWR Router provides TCP/IP configuration for
the clients. To activate DHCP server, click check box Enable DHCP Server. To
setup DHCP server fill in the IP Starting Address and IP Ending Address fields.
Uncheck Enable DHCP Server check box to stop the GWR Router from acting as a
DHCP server. When Unchecked, you must have another DHCP server on your
LAN, or else the computers must be manually configured.
IP Address range
(From)
This field specifies the first of the contiguous addresses in the IP address pool.
IP Address range (To)
This field specifies last of the contiguous addresses in the IP address pool.
Lease Duration
This field specifies DHCP session duration time.
Primary DNS,
Secondary DNS
This field specifies IP addresses of DNS (Domain Name System) server that will be
assigned to systems that support DHCP client capability.
Select None to stop the DHCP Server from assigning DNS server IP address.
When you select None, computers must be manually configured with proper DNS
IP address.
Select Used by ISP to have the GWR Router assign DNS IP address to DHCP
clients. DNS address is provided by ISP (automatically obtained from WAN side).
This option is available only if GSM connection is active. Please establish GSM
connection first and then choose this option.
Select Used Defined to have the GWR Router assign DNS IP address to DHCP
clients. DNS address is manually configured by user.
Static Lease
Reservation
This field specifies IP addresses that will be dedicated to specific DHCP Client
based on MAC address. DHCP server will always assign same IP address to
appropriate client.
Address Exclusions
This field specifies IP addresses that will be excluded from the pool of DHCP IP
address. DHCP server will not assign this IP to DHCP clients.
Add
Click Add to insert (add) new item in table to the GWR Router.
Remove
Click Remove to delete selected item from table.
Save
Click Save to save your changes back to the GWR Router.
Reload
Click Reload to discard any changes and reload previous settings.
To use the GWR Router as your network’s DHCP server, click DHCP Server Tab for DHCP Server
setup. The GWR Router has built–in DHCP server capability that assigns IP addresses and DNS servers to
systems that support DHCP client capability.
Table 5 – DHCP Server parameters
GWR High Speed Cellular Router Series
User Manual
32
Figure 19– DHCP Server configuration page
GWR High Speed Cellular Router Series
User Manual
33
Mobile Settings
Label
Description
Provider
This field specifies name of GSM/UMTS/LTE ISP. You can setup any name for
provider.
Authentication
This field specifies password authentication protocol. Select the appropriate
protocol from drop down list. (PAP, CHAP, PAP – CHAP).
Username
This field specifies Username for client authentication at GSM/UMTS/LTE
network. Mobile provider will assign you specific username for each SIM card.
Password
This field specifies Password for client authentication at GSM/UMTS/LTE
network. Mobile provider will assign you specific password for each SIM card.
APN
This field specifies APN (Access Point Name). The APN on your router allows you
to connect to the Internet via a GSM/UMTS/LTE cellular service provider.
Connection Type
Settings – Mobile Settings
Click Mobile Settings Tab, to open the Mobile Settings screen. Use this screen to configure the GWR
Router GPRS/EDGE/HSPA/HSPA+/LTE parameters (Error! Reference source not found.).
Figure 20– Mobile Settings configuration page
GWR High Speed Cellular Router Series
User Manual
34
Dial String
This field specifies Dial String for GSM/UMTS/LTE modem connection
initialization. In most cases you have to change only APN field based on
parameters obtained from Mobile Provider. This field cannot be altered.
SIM PIN locking
(PIN enabled)
Enable locking of SIM card with PIN code.
Enable operator
locking
This option forces your SIM card to register to predefined PLMN only.
Roaming protection
By enabling this option router will be able to connect to roaming network.
Reset Location
information
By enabling this option router will erase LOCI Elementary File in SIM card. This will
cause SIM card to scan all available networks when registering.
Enable Failover
Check this field in order to enable failover feature. This feature is used when
both SIM are enabled. You specify the amount of time after which Failover
feature brings down current WAN connection (SIM2) and brings up previous
WAN connection (SIM1).
Enable network
locking
Option that allows a user to lock a SIM card for a desired operator by specifying
PLMN ID of the operator. This option is very useful in border areas since you can
avoid roaming expenses.
Persistent connection
Keep connection alive, after Do not exit after a connection is terminated. Instead
try to reopen the connection.
Reboot after failed
connections
Reboot after n consecutive failed connection attempts.
Enable SIM1/SIM2
keepalive
Make some traffic periodically in order to maintain connection active. You can
set keepalive interval value in minutes.
Ping target
This field specifies the target IP address for periodical traffic generated using
ping in order to maintain the connection active.
Ping interval
This field specifies ping interval for keepalive option.
Advanced ping
interval
This field specifies the time interval of advanced ping proofing.
Advanced ping wait
for a response
This field specifies the timeout for advanced ping proofing.
Maximum number of
failed packets
This field specifies maximum number of failed packets in percent before
keepalive action is performed.
Keepalive action
This menu provides a choice between two possible keepalive actions in case
maximum number of failed packets is exceeded. If Switch SIM option is selected
router will try to establish the connection using the other SIM card after the
maximum number of failed packets is exceeded. If Current SIM option is selected
router will only restart the PPP connection.
Enable SIM1/SIM2
data limit
Enable traffic data limit per SIM.
Traffic limit
Defines maximum data amount transferred over SIM card. When traffic limit is
reached SIM card cannot be longer used for network connection. Traffic limit can
be defined in units of KB (from 1 to 1024), MB (from 1 to 1024) or GB (from 1 to
1024).
SIM1/SIM2 data limit
action
In case of reaching defined data traffic limit one of two possible actions will be
performed:
GWR High Speed Cellular Router Series
User Manual
35
1) Switch SIM – switches network connection from the SIM card on which data
traffic limit has been reached to another SIM card,
2) Disconnect – disconnects network connection over the SIM card on which data
traffic limit has been reached.
Current traffic
Displays amount of traffic that has been transferred over SIM card from the
moment of enabling "SIM data limit" option.
In order to refresh the displayed value in the "Current traffic" field please click on
Refresh.
Reset current traffic
value
Click on Reset resets a value of the current traffic to zero.
Reset current traffic
value on specified day
of the month
Every month, on the specified day, a value of the current traffic will be reset to
zero. The day of reset is specified by ordinal number.
Connection type
Specifies the type of connection router will try to establish. There are three
available options: only GSM, only UMTS and AUTO. For example, if you select
Only GSM option, router will not try to connect to UMTS, instead router will
automatically try to connect to GSM. By selecting AUTO option, router will first
try to establish UMTS connection and if it fails, router will go for GSM
connection.
Mobile status
Displays data related to mobile connection. (current WAN address, uptime,
connection status…)
Reload
Click Reload to discard any changes and reload previous settings.
Save
Click Save to save your changes back to the GWR Router.
Switch SIM
Click Switch SIM try to establish the connection using the other SIM card.
Refresh
Click Refresh to see updated mobile network status.
Connect/
Disconnect
Click Connect/Disconnect to connect or disconnect from mobile network.
Table 6 – Mobile settings parameters
Error! Reference source not found. shows screenshot of GSM/UMTS/LTE tab configuration menu.
GSM/UMTS/LTE menu is divided into two parts.
Upper part provides all parameters for configuration GSM/UMTS/LTE connection. These
parameters can be obtained from Mobile Operator. Please use exact parameters given from Mobile
Operator.
Bottom part is used for monitoring status of GSM/UMTS/LTE connection
(create/maintain/destroy GSM/UMTS/LTE connection). Status line show real–time status:
connected/disconnected.
If your SIM Card credit is too low, the GWR Router will performed periodically connect/disconnect actions.
GWR High Speed Cellular Router Series
User Manual
36
Settings-ADSL Port
Click ADSL Port Tab, to open the ADSL Settings screen. Use this screen to configure the username
and password parameters (Error! Reference source not found.). Enable radio button Default route.
Figure 21– ADSL Port Settings
Settings – Wireless Settings
Wireless settings for GWR router will give you good performance, reliability and security when using Wi-Fi.
GWR High Speed Cellular Router Series
User Manual
37
Wireless Settings
Label
Description
Mode
Enable wireless Access Point or Station.
SSID
SSID is a case sensitive, up to 32 alphanumeric characters length name that
identifies a wireless network.
Authentication Type
Choose Wi-Fi Protected Access II Pre-shared key mode (recommended), or Open
access.
Passphrase
Password for WPA2-PSK. Input from 8 to 63 printable characters.
Channel
Select one from list of legally allowed Wireless LAN channels using IEEE 802.11,
or Auto for automatic channel selection.
802.11 Protocol
802.11b has a maximum raw data rate of 11 Mbit/s. 802.11bg mixed mode
operates at a maximum physical layer bit rate of 54 Mbit/s, or about 22 Mbit/s
average throughput. 802.11bgn mixed mode has a maximum raw data rate of
72.2 Mbit/s.
Reload
Click Reload to discard any changes and reload previous settings.
Save
Click Save button to save your changes back to the Geneko Router. Whether you
make changes or not, router will reboot every time you click Save.
Figure 22– Wireless Settings configuration page
Table 7 – Wireless parameters
GWR High Speed Cellular Router Series
User Manual
38
Routing Settings
Label
Description
Routing Table
Dest Network
This parameter specifies the IP network address of the final destination.
Routing is always based on network number. If you need to specify a route to a
single host, use a subnet mask of 255.255.255.255 in the subnet mask field to
force the network number to be identical to the host ID.
Netmask
This parameter specifies the IP netmask address of the final destination.
Gateway
This is the IP address of the gateway. The gateway is a router or switch (next
hope) on the same network segment as the device’s LAN or WAN port. The
gateway helps forward packets to their final destinations.
For every routing rule enter the IP address of the gateway. Please notice that
ppp0 interface has only one default gateway (provided by Mobile operator) and
because of that there is no option for gateway when you choose ppp0 interface.
Metric
Metric represents the “cost” of transmission for routing purposes. IP routing
uses hop count as the measurement of cost, with a minimum of 1 for directly
connected networks. Enter a number that approximates the cost for this link.
The number need not be precise, but it must be between 1 and 15. In practice, 2
or 3 is usually a good number.
Settings – Routing
The static routing function determines the path that data follows over your network before and after
it passes through the GWR Router. You can use static routing to allow different IP domain users to access
the Internet through the GWR Router. Static routing is a powerful feature that should be used by advanced
users only. In many cases, it is better to use dynamic routing because it enables the GWR Router to
automatically adjust to physical changes in the network’s layout.
The GWR Router is a fully functional router with static routing capability. Error! Reference source not found. shows screenshot of Routing page.
Figure 23– Routing configuration page
Use this menu to setup all routing parameters. Administrator can perform following operations:
Create/Edit/Remove routes (including default route),
Port translation – Reroute TCP and UDP packets to desired destination inside the network.
GWR High Speed Cellular Router Series
User Manual
39
Interface
Interface represents the “exit” of transmission for routing purposes. In this case
Eth0 represents LAN interface and ppp0 represents GSM/UMTS mobile
interface of the GWR Router.
TCP/UDP Port forwarding
Enable
This check box allows you to activate/deactivate this static port translation.
This field specifies IP address of the VPN server on local area network. VPN
tunnel ends at this VPN server. You must use VPN tunnel option when
configuring VPN connection, because of NAT.
Protocol
Choose between TCP and UDP protocol.
Interface
Choose between ppp_0 and br0 interface. Select interface where port
forwarding is done. Port forwarding from outside (WAN) interface to inside
(LAN) interface is done on PPP, and in reverse direction on Ethernet interface.
Source IP
This field specifies address from which portforwarding is allowed, all other
traffic is denied.
Source Netmask
This field specifies netmask for allowed IP subnet.
Destination IP
This field specifies IP address of the incoming traffic.
Destination Netmask
This field specifies netmask for the incoming address.
Destination Start Port
This is the TCP/UDP port of application.
Destination End Port
Target IP address
This filed specifies IP address where packets should be forwarded.
Target Start Port
Target End Port
Forward to port
Specify TCP/UDP port on which the traffic is going to be forwarded.
Add
Click Add to insert (add) new item in table to the GWR Router.
Remove
Click Remove to delete selected item from table.
Reload
Click Reload to discard any changes and reload previous settings.
Save
Click Save to save your changes back to the GWR Router. After pressing Save
button it make take more than 10 seconds for router to save parameters and
become operational again.
Table 8 – Routing parameters
Port forwarding
Port forwarding is an application of NAT ( Network Address Translation) that redirects a
communication request from one address and port number combination to another while the packets are
traversing a network gateway.
For incoming data, the GWR Router forwards IP traffic destined for a specific port, port range or
GRE/IPsec protocol from the cellular interface to a private IP address on the Ethernet “side” of the GWR
Router.
Table 9 – Port forwarding settings
GWR High Speed Cellular Router Series
User Manual
40
Routing Settings
Label
Description
DMZ Settings
Enable
This field specifies if DMZ settings is enabled at the Geneko Router.
IP address from LAN
IP address to secure an internal network from external access.
Reload
Click Reload to discard any changes and reload previous settings.
Save
Click Save to save your changes back to the Geneko Router.
Settings – Demilitarized Zone (DMZ)
DMZ (Demilitarized Zone) allows one IP Address to be exposed to the Internet. Because some
applications require multiple TCP/IP ports to be open, DMZ provides this function by forwarding all the
ports to one computer at the same time. In the other words, this setting allows one local user to be exposed
to the Internet to use a special–purpose services such as Internet gaming, Video–conferencing and etc. It is
recommended that you set your computer with a static IP if you want to use this function.
Figure 24– DMZ configuration page
Table 10 – Demilitarized Zone
Routing Information Protocol (RIP)
The Routing Information Protocol (RIP) is a dynamic routing protocol used in local and wide area
networks. As such it is classified as an interior gateway protocol (IGP) using the distance–vector routing
algorithm. The Routing Information Protocol provides great network stability, guaranteeing that if one
network connection goes down the network can quickly adapt to send packets through another connection.
Click RIP Tab, to open the Routing Information Protocol screen. Use this screen to configure the
GWR Router RIP parameters (Error! Reference source not found.).
GWR High Speed Cellular Router Series
User Manual
41
RIP Settings
Label
Description
Routing Manager
Hostname
Prompt name that will be displayed on telnet console.
Password
Login password.
Enable log
Enable log file.
Port to bind at
Local port the service will listen to.
RIPD
Hostname
Prompt name that will be displayed on telnet console of the Routing
Information Protocol Manager.
Password
Login password.
Port to bind at
Local port the service will listen to.
Routing Information Protocol Status
Start
Start RIP.
Stop
Stop RIP.
Restart
Restart RIP.
Save
Click Save to save your changes back to the GWR Router.
Reload
Click Reload to discard any changes and reload previous settings.
Figure 25– RIP configuration page
Table 11 – RIP parameters
RIP routing engine for the GWR Router
Use telnet to enter in global configuration mode.
telnet 192.168.1.1 2602 // telnet to eth0 at TCP port 2602///
GWR High Speed Cellular Router Series
User Manual
42
To enable RIP, use the following commands beginning in global configuration mode:
To associates a network with a RIP routing process, use following commands:
ripd(config-router)# network A.B.C.D/Mask
By default, the GWR Router receives RIP version 1 and version 2 packets. You can configure the
GWR Router to receive and send only version 1. Alternatively, you can configure the GWR Router to receive
and send only version 2 packets. To configure GWR Router to send and receive packets from only one
version, use the following command:
ripd(config-router)# version [1|2] // Same as other router //
Enable route redistribution:
ripd(configure-router)# redistribute kernel // Redistribute routes defined on WEB
interface //
ripd(configure-router)# redistribute static // Redistribute routes defined locally in RIP
configuration //
ripd(configure-router)# redistribute connected // Redistribute directly connected routes //
Disable RIP update (optional):
ripd(configure-router)# passive–interface ppp_0
ripd(configure-router)# no passive–interfaceppp_0
RIP is commonly used over Ethernet interface and PPP interface should be set up as passive.
Routing protocols use several timer that determine such variables as the frequency of routing
updates, the length of time before a route becomes invalid, an other parameters. You can adjust these timer
to tune routing protocol performance to better suit your internetwork needs. Use following command to
setup RIP timer:
Enter Virtual Router IDentifier (VRID) [1-255], which is the same for all
physical routers for virtual router with this ID in the network.
priority will become the master.
Password
Reload
Click Reload to discard any changes and reload previous settings
Save
Click Save to save changes.
Settings – VRRP Settings
VRRP (Virtual Router Redundancy Protocol) is a protocol which elects a master server on a LAN and the
master answers to a 'virtual ip address'. If it fails, a backup server takes over the ip address.
VRRP specifies an election protocol to provide the virtual router function described earlier. All protocol
messaging is performed using IP multicast datagrams, thus the protocol can operate over a variety of multiaccess LAN technologies supporting IP multicast. Each
address allocated to it.
Figure 26 – Virtual Router Redundancy Protocol
VRRP virtual router has a single well-known MAC
Virtual Router ID
Priority
Routers have a priority of between 1-255 and the router with the highest
Enter authentification password as hexkey [0-9a-fA-F]+.
Table 12 – VRRP Parameters
Settings – VPN Settings
VPN (Virtual private network) is a communications network tunneled through another network and
dedicated to a specific network. One common application of VPN is secure communication through the
public Internet, but a VPN need not have explicit security features, such as authentication or content
encryption. VPNs, for example, can be used to separate the traffic of different user communities over an
underlying network with strong security features.
A VPN ma
between the VPN customer and the VPN service provider. Generally, a VPN has a topology more complex
than point–to–point. The distinguishing characteristics of VPNs are not security or performance, but that
they overlay other network(s) to provide a certain functionality that is meaningful to a user community.
y have best–effort performance, or may have a defined Service Level Agreement (SLA)
GWR High Speed Cellular Router Series
User Manual
44
VPN Settings / GRE Tunneling Parameters
Label
Description
Enable
This check box allows you to activate/deactivate VPN/GRE traffic.
Local Tunnel Address
This field specifies IP address of virtual tunnel interface.
Local Tunnel Netmask
This field specifies the IP netmask address of virtual tunnel. This field is
unchangeable, always 255.255.255.252
Tunnel Source
This field specifies IP address or hostname of tunnel source.
Tunnel Destination
This field specifies IP address or hostname of tunnel destination.
Interface
This field specifies GRE interface. This field gets from the GWR Router.
Keep Alive Enable
Check for keepalive enable.
Period
Defines the time interval (in seconds) between transmitted keep alive packets.
Enter a number from 3 to 60 seconds.
Retries
Defines the number of times retry after failed keep alives before determining that
the tunnel endpoint is down. Enter a number from 1 to 10 times.
Add
Click Add to insert (add) new item in table to the GWR Router.
Remove
Click Remove to delete selected item from table.
Reload
Click Reload to discard any changes and reload previous settings.
Save
Click Save to save your changes back to the GWR Router.
Generic Routing Encapsulation (GRE)
Originally developed by Cisco, generic routing encapsulation (GRE) is now a standard, defined in
RFC 1701, RFC 1702, and RFC 2784. GRE is a tunneling protocol used to transport packets from one network
through another network.
If this sounds like a virtual private network (VPN) to you, that’s because it theoretically is:
Technically, a GRE tunnel is a type of a VPN — but it isn’t a secure tunneling method. However, you can
encrypt GRE with an encryption protocol such as IPSec to form a secure VPN. In fact, the point–to–point
tunneling protocol (PPTP) actually uses GRE to create VPN tunnels. For example, if you configure Microsoft
VPN tunnels, by default, you use PPTP, which uses GRE.
Solution where you can use GRE protocol:
You need to encrypt multicast traffic. GRE tunnels can carry multicast packets — just like real
network interfaces — as opposed to using IPSec by itself, which can’t encrypt multicast traffic. Some
examples of multicast traffic are OSPF, EIGRP. Also, a number of video, VoIP, and streaming music
applications use multicast.
You have a protocol that isn’t routable, such as NetBIOS or non–IP traffic over an IP network. You
could use GRE to tunnel IPX/AppleTalk through an IP network.
You need to connect two similar networks connected by a different network with different IP
addressing.
Click VPN Settings Tab, to open the VPN configuration screen. In the Error! Reference source not found. you can see screenshot of GRE Tab configuration menu.
Table 13 – GRE parameters
GWR High Speed Cellular Router Series
User Manual
45
Figure 27– GRE tunnel parameters configuration page
GRE Keep alive
GRE tunnels can use periodic status messages, known as keepalives, to verify the integrity of the
tunnel from end to end. By default, GRE tunnel keepalives are disabled. Use the keepalive check box to
enable this feature. Keepalives do not have to be configured on both ends of the tunnel in order to work; a
tunnel is not aware of incoming keepalive packets. You should define the time interval (in seconds) between
transmitted keepalive packets. Enter a number from 1 to 60 seconds, and the number of times to retry after
failed keepalives before determining that the tunnel endpoint is down. Enter a number from 1 to 10 times.
GWR High Speed Cellular Router Series
User Manual
46
VPN Settings / IPSec Summary
Label
Description
Tunnels Used
This is the number of IPSec tunnels being defined.
Maximum number of
tunnels
This is the maximum number of tunnels which can be defined. Maximum number
of tunnels is 15.
No
This filed indicates the number of the IPSec tunnel.
Name
Field shows the Tunnel Name that you gave to the IPSec tunnel.
Enabled
This field shows if tunnel is enabled or disabled. After clicking on Start button,
only enabled tunnels will be started.
Status
Field indicates status of the IPSec tunnel. Click on Refresh button to see current
status of defined IPSec tunnels.
Enc/Auth/Grp
This field shows both Phase 1 and Phase 2 details, Encryption method 3DES, AES
Authentication method (MD5/SHA1), and DH Group number (1/2/5) that you
have defined in the IPSec Setup section.
Advanced
Field shows the chosen mode of IPSec and options from IPSec Advanced section
by displaying the first letters of enabled options.
Local Group
Field shows the IP address and subnet mask of the Local Group.
Internet Protocol Security (IPSec)
IPSec (Internet Protocol Security) is a protocol suite for securing Internet Protocol communication by
authenticating and encrypting each IP packet of a data stream.
Click VPN Settings - IPSec, to open the VPN configuration screen. At the Figure 28– IPSec Summary
screen you can see IPSec Summary. This screen gathers information about settings of all defined IPSec
tunnels. Up to 3 IPSec tunnels can be defined on GWR router.
If you cannot use IP address as a peer identifier at one side of the tunnel (private IP subnet)
aggressive mode has to be utilized.
IPSec Summary and IPSec Settings are briefly displayed in following figures and tables.
Figure 28– IPSec Summary screen
GWR High Speed Cellular Router Series
User Manual
47
Remote Group
Field displays the IP address and subnet mask of the Remote Group.
Remote Gateway
Field shows the IP address of the Remote Device.
Action - Edit
This link opens screen where you can change the tunnel’s settings.
Action - Delete
Click on this link to delete the tunnel and all settings for that particular tunnel
Connection mode
Field displays connection mode of the current tunnel.
Connect – IPSec tunnel initiating side in negotiation process.
Wait – IPSec tunnel responding side in negotiation process.
Log level
Set IPSec log level.
Add New Tunnel
Click on this button to add a new Device–to–Device IPSec tunnel. After you have
added the tunnel, you will see it listed in the Summary table.
Start
This button starts the IPSec negotiations between all defined and enabled tunnels.
If the IPSec is already started, Start button is replaced with Restart button.
Stop
This button will stop all IPSec started negotiations.
Refresh
Click on this button to refresh the Status field in the Summary table.
Table 14 – IPSec Summary
To create a tunnel click Add New Tunnel button. Depending on your selection, the Local Group
Setup and Remote Group Setup settings will differ. Proceed to the appropriate instructions for your
selection.
GWR High Speed Cellular Router Series
User Manual
48
VPN Settings / IPSec Settings
Label
Description
Tunnel Number
This number will be generated automatically and it represents the tunnel number.
Tunnel Name
Enter a name for the IPSec tunnel. This allows you to identify multiple tunnels
and does not have to match the name used at the other end of the tunnel.
Enable
Check this box to enable the IPSec tunnel.
Local Security gateway
type
When SIM Card is selected the WAN (or Internet) IP address of the Router
automatically appears. If the Router is not yet connected to the GSM/UMTS
network this field is without IP address.
Local ID Type
Authentication identity for one of the participant. Can be an IP address or fully–
qualified domain name preceded by @.
IP Address From
Select SIM card over which the tunnel is established.
Local Security Group
Type
Select the local LAN user(s) behind the Router that can use this IPSec tunnel.
Select the type you want to use: IP or Subnet.
Figure 29– IPSec Settings
GWR High Speed Cellular Router Series
User Manual
49
NOTE: The Local Security Group Type you select should match the Remote Security
Group Type selected on the IPSec device at the other end of the tunnel.
IP Address
Only the computer with a specific IP address will be able to access the tunnel.
Subnet Mask
Enter the subnet mask.
Remote Security
Gateway Type
Select the remote IP address behind the Router at the other end that can use this
IPSec tunnel. Select the type you want to use: IP or Subnet.
NOTE: The Remote Security Group Type you select should match the Local Security
Group Type selected on the IPSec device at the other end of the tunnel.
IP Address
Only the computer with a specific IP address will be able to access the tunnel.
Remote ID Type
Authentication identity for one of the participant. Can be an IP address or fully–
qualified domain name preceded by @.
Remote Security Group
Type
Select the remote IP address/hostname behind the Router at the other end that
can use this IPSec tunnel. Select the type you want to use: IP Only or subnet.
NOTE: The Remote Security Group Type you select should match the Local Security
Group Type selected on the IPSec device at the other end of the tunnel.
IP Address
Only the computer with a specific IP address will be able to access the tunnel.
Subnet Mask
Enter the subnet mask.
IPSec Setup
In order to establish an encrypted tunnel, the two ends of an IPSec tunnel must
agree on the methods of encryption, decryption and authentication. This is done
by sharing a key to the encryption code. For key management, the Router uses
only IKE with Preshared Key mode.
Key Exchange mode
IKE with Preshared Key
IKE is an Internet Key Exchange protocol used to negotiate key material for
Security Association (SA). IKE uses the Preshared Key to authenticate the remote
IKE peer. Both ends of IPSec tunnel must use the same mode of key management.
Mode
One of following IPSec modes can be choosed: MAIN or AGGRESSIVE
Phase 1 DH Group
Phase 1 is used to create the SA. DH (Diffie–Hellman) is a key exchange protocol
used during Phase 1 of the authentication process to establish pre–shared keys.
There are three groups of different prime key lengths. Group 1 is 768 bits, Group
2 is 1024 bits and Group 5 is 1536 bits long and Group 14 is 2048 bits long. If
network speed is preferred, select Group 1. If network security is preferred, select
Group 5.
Phase 1 Encryption
Select a method of encryption: 3DES, AES (128/192/256), SERPENT(128/192/256),
TWOFISH(128/256), BLOWFISH(128/192/256). The method determines the length of
the key used to encrypt or decrypt ESP packets. AES–128 is recommended
because it is the most secure. Make sure both ends of the IPSec tunnel use the
same encryption method.
Phase 1 Authentication
Select a method of authentication: MD5 or SHA1. The authentication method
determines how the ESP packets are validated. MD5 is a one–way hashing
algorithm that produces a 128–bit digest. SHA1 is a one–way hashing algorithm
that produces a 160–bit digest. SHA1 is recommended because it is more secure.
Make sure both ends of the IPSec tunnel use the same authentication method.
Phase 1 SA Life Time
Configure the length of time IPSec tunnel is active in Phase 1. The default value is
28800 seconds. Both ends of the IPSec tunnel must use the same Phase 1 SA Life
Time setting.
Perfect Forward
Secrecy
If the Perfect Forward Secrecy (PFS) feature is enabled, IKE Phase 2 negotiation
will generate new key material for IP traffic encryption and authentication, so
GWR High Speed Cellular Router Series
User Manual
50
hackers using brute force to break encryption keys will not be able to obtain
future IPSec keys. Both ends of the IPSec tunnel must enable this option in order
to use the function.
Phase 2 DH Group
If the Perfect Forward Secrecy feature is disabled, then no new keys will be
generated, so you do not need to set the Phase 2 DH Group. There are three
groups of different prime key lengths. Group 1 is 768 bits, Group 2 is 1024 bits,
and Group 5 is 1536 bits long. If network speed is preferred, select Group 1. If
network security is preferred, select Group 5. You do not have to use the same
DH Group that you used for Phase 1, but both ends of the IPSec tunnel must use
the same Phase 2 DH Group.
Phase 2 Encryption
Phase 2 is used to create one or more IPSec SAs, which are then used to key IPSec
sessions. Select a method of encryption: 3DES, AES (128/192/256),
SERPENT(128/192/256), TWOFISH(128/256), BLOWFISH(128/192/256). It determines
the length of the key used to encrypt or decrypt ESP packets. AES–128 is
recommended because it is the most secure. Both ends of the IPSec tunnel must
use the same Phase 2 Encryption setting.
NOTE: If you select a NULL method of encryption, the next Phase 2 Authentication
method cannot be NULL and vice versa.
Phase 2 Authentication
Select a method of authentication: NULL, MD5 or SHA1. The authentication
method determines how the ESP packets are validated. MD5 is a one–way
hashing algorithm that produces a 128–bit digest. SHA1 is a one–way hashing
algorithm that produces a 160–bit digest. SHA1 is recommended because it is
more secure. Both ends of the IPSec tunnel must use the same Phase 2
Authentication setting.
NOTE: If you select a NULL method of authentication, the previous Phase 2 Encryption
method cannot be NULL.
Phase 2 SA Life Time
Configure the length of time an IPSec tunnel is active in Phase 2. The default is
3600 seconds. Both ends of the IPSec tunnel must use the same Phase 2 SA Life
Time setting.
Preshared Key
This specifies the pre–shared key used to authenticate the remote IKE peer. Enter
a key of keyboard and hexadecimal characters, e.g., Ay_%4222 or 345fa929b8c3e.
This field allows a maximum of 1023 characters and/or hexadecimal values. Both
ends of the IPSec tunnel must use the same Preshared Key.
NOTE: It is strongly recommended that you periodically change the Preshared Key to
maximize security of the IPSec tunnels.
Enable IKE failover
Enable IKE failover option which tries periodically to establish security
association.
IKE SA retry
Number of IKE retries, before failover.
Restart PPP After IKE
SA Retry Exceeds
Specified Limit
With this option enabled PPP connection is restarted when IKE SA retry reaches
defined number of failed attempts. After restart SIM1 is used for connection.
Enable tunnel failover
Enable tunnel failover. If there is more than one tunnel defined, this option will
failover to other tunnel in case that selected one fails to established connection.
Ping IP or Hostname
IP address/Hostname at remote side of tunnel which will be pinged in order to
determine current state.
Ping interval
Specify time period in seconds between two ping.
Packet size
Specify packet size for ping message.
GWR High Speed Cellular Router Series
User Manual
51
Advanced Ping Interval
Time interval between advanced ping packets.
Advanced Ping Wait
For A Response
Advanced ping proofing timeout.
Maximum number of
failed packets
Set percentage of failed packets until failover action is performed.
IP Payload Compression is a protocol that reduces the size of IP datagram. Select
this option if you want the Geneko Router to propose compression when it
initiates a connection.
Dead Peer Detection
(DPD)
When DPD is enabled, the Geneko Router will send periodic HELLO/ACK
messages to check the status of the IPSec tunnel (this feature can be used only
when both peers or IPSec devices of the IPSec tunnel use the DPD mechanism).
Once a dead peer has been detected, the Router will disconnect the tunnel so the
connection can be re–established. Specify the interval between HELLO/ACK
messages (how often you want the messages to be sent). The default interval is 20
seconds.
NAT Traversal
Both the IPSec initiator and responder must support the mechanism for detecting
the NAT router in the path and changing to a new port, as defined in RFC 3947.
NOTE: If you select this mode the Aggressive mode will be automatically selected because
it is obligatory option for NAT-T to work properly.
NOTE: Keep-alive for NAT-T function is enabled by default and cannot be disabled. The
default interval for keep-alive packets is 20 seconds.
Send initial contact
The initial–contact status message may be used when one side wishes to inform
the other that this is the first SA being established with the remote system. The
receiver of this Notification Message might then elect to delete any existing SA's.
It has for the sending system under the assumption that the sending system has
rebooted and no longer has access to the original SA's and their associated keying
material.
NOTE: Send initial contact function is enabled by default and cannot be disabled.
Back
Click Back to return on IPSec Summary screen.
Reload
Click Reload to discard any changes and reload previous settings.
Save
Click Save to save your changes back to the GWR Router. After that router
automatically goes back and begin negotiations of the tunnels by clicking on the
Start.
Table 15 – IPSec Parameters
GWR High Speed Cellular Router Series
User Manual
52
OpenVPN
OpenVPN site to site allows connecting two remote networks via point–to–point encrypted tunnel.
OpenVPN implementation offers a cost–effective simply configurable alternative to other VPN technologies.
OpenVPN allows peers to authenticate each other using a pre–shared secret key, certificates, or
username/password. When used in a multiclient–server configuration, it allows the server to release an
authentication certificate for every client, using signature and Certificate authority. It uses the OpenSSL
encryption library extensively, as well as the SSLv3/TLSv1 protocol, and contains many security and control
features. The server and client have almost the same configuration. The difference in the client configuration
is the remote endpoint IP or hostname field. Also the client can set up the keepalive settings. For successful
tunnel creation a static key must be generated on one side and the same key must be uploaded on the
opposite side.
Figure 30-OpenVPN
GWR High Speed Cellular Router Series
User Manual
53
OpenVPN
Label
Description
IP Filtering
Tunnel Number
Automatically assigned number of the tunnel.
Tunnel Name
Enter a name for the OpenVPN tunnel. This allows you to identify multiple
tunnels and does not have to match the name used at the other end of the
tunnel.
Enable
Check this setting in order to enable OpenVPN tunnel.
OpenVPN Settings
Interface Type
There are two modes of OpenVPN tunnel, routed and bridged mode.
For routed mode select option TUN, and for bridged TAP
Authenticate Mode
The authentication method determines how the peers are authenticated to each
other and later to exchange cipher and HMAC keys to protect the data channel.
Choose one of the following options:
none (Select this option if you do not want to use any kind of
authentication),
Figure 31– OpenVPN example 1
Click VPN Settings -OpenVPN, to open the VPN configuration screen. At the Figure 28– IPSec Summary screen you can see OpenVPN Summary. This screen gathers information about settings of all
defined OpenVPN tunnels. Up to 3 OpenVPN tunnels can be defined on GWR router.
OpenVPN Summary and OpenVPN Settings are briefly displayed in following figures and tables.
Figure 32– OpenVPN Summary screen
GWR High Speed Cellular Router Series
User Manual
54
pre–shared secret (Select this option if you want to use PSK as a
authentication method),
username/password (Select this option if you want to use
username/password along with CA Certificate as a authentication
method),
X.509 cert. (client) (Select this option if you want to use X.509
certificates as a authentication method in client mode),
X.509 cert. (server) (Select this option if you want to use X.509
certificates as a authentication method in server mode).
Encryption Cipher
Encrypt packets with cipher algorithm. The default is BF-CBC, an abbreviation
for Blowfish in Cipher Block Chaining mode. Blowfish has the advantages of
being fast, very secure, and allowing key sizes of up to 448 bits. Blowfish is
designed to be used in situations where keys are changed infrequently.
OpenVPN supports the CBC cipher mode.
Hash Algorithm
Authenticate packets with HMAC using message digest algorithm. The default
is SHA1. HMAC is a commonly used message authentication algorithm (MAC)
that uses a data string, a secure hash algorithm, and a key, to produce a digital
signature. OpenVPN's usage of HMAC is to first encrypt a packet, then HMAC
the resulting ciphertext. In TLS mode, the HMAC key is dynamically generated
and shared between peers via the TLS control channel. If OpenVPN receives a
packet with a bad HMAC it will drop the packet. HMAC usually adds 16 or 20
bytes per packet. Set none to disable authentication.
NOTE: Depending on the options selected in the previous steps, some of the following options will be
available for configuration.
Protocol
Select a protocol you want to use for tunnel connection. UDP connect and TCP
client will need the "Remote Host or IP Adress" field in order to successfully
establish a tunnel.
TCP/UDP port
Depending on the selected protocol, port number should be specified.
LZO Compression
Check the box to enable fast adaptive LZO compression. This may add up to 1
byte per packet for incompressible data.
NAT Rules
Enables NAT through the tunnel.
Keep Alive
Check the box if you want to use keepalive.
Max Fragment Size
If you select UDP protocol whether in connect or wait mode you must specify
Max Fragment Size (default is 1300 bytes). If you prefer to keep fragmentation
disabled enter 0
Local / Remote Group Settings
Remote Host or IP
Address
Specify server IP address or hostname. This filed is available only in UDP
connect and TCP client mode.
Redirect Gateway
Check this option in order to use tunnel interface for default route.
Tunnel Interface
Configuration
Options are: "Pull from server" and "Manual configuration". "Pull from server"
mode is used where remote peer is an OpenVPN server and where
configuration will be pulled. In "Manual configuration" mode, you can enter
tunnel interface IP addresses.
Manual configuration
Local Interface IP
Address
Specify the IP address of the local VPN tunnel endpoint.
GWR High Speed Cellular Router Series
User Manual
55
Remote Interface IP
Address
Specify the IP address of the remote VPN tunnel endpoint.
Pull from server
Back
Click Back to return on IPSec Summary screen.
Reload
Click Reload to discard any changes and reload previous settings.
Save
Click Save to save your changes back to the GWR Router. After that router
automatically goes back and begin negotiations of the tunnels by clicking on
the Start button.
Table 16 – OpenVPN parameters
Figure 33– OpenVPN configuration page
GWR High Speed Cellular Router Series
User Manual
56
PPTP
Label
Description
Number
Selected tunnel number. Nubmer of PPTP tunnels is limited to 5.
Enabled
Select this option to enable tunnel.
Tunnel name
Unique tunnel identifier.
PPTP server IP address
or hostname
IPv4 address of remote PPTP server.
Remote network
After the tunnel is established, route to this network will be added.
Remote netmask
Netmask of remote subnet to route.
Domain
Some PPTP servers require domain name for authentication.
Username
Username to authenticate ourselves to remote server.
Password
Password to authenticate ourselves to remote server.
Encryption
Leave this option enabled to use default MPPE (Microsoft encryption) and
MPPC (Microsoft compression) protocols
Persist
If this option is enabled, tunnel will try to reconnect.
Maxfail
Max number of retries to reconnect. 0 for infinite retries.
Debug
Enable extra information in system log.
Edit
Click Edit to edit selected tunnel from the table.
Delete
Click Delete to delete selected tunnel from table.
Reload
Click Reload to discard any changes and reload previous settings.
Save
Click Save to create new, or save changes to existing tunnel.
Settings – PPTP
The GWR Router can be used as a PTPP (Point-to-Point Tunneling Protocol) client. PPTP uses a
control channel over TCP and a GRE tunnel operating to encapsulate PPP packets.
Figure 34– PPTP configuration page
Table 17 –PPTP parameters
GWR High Speed Cellular Router Series
User Manual
57
L2TP
Label
Description
Enable
Select this option to enable L2TP tunnel.
Tunnel name
Unique tunnel identifier.
Local IP address
Set the IP address of the local interface to be used for the tunnel. This address
must be the address of a local interface.
Tunnel ID
Set the tunnel id, which is a 32-bit integer value. Uniquely identifies the tunnel.
The value used must match the peer tunnel id value being used at the peer.
UDP Source Port
Set the UDP source port to be used for the tunnel. Must be present when udp
encapsulation is selected. Ignored when ip encapsulation is selected.
Figure 35– PPTP Summary screen
Settings – L2TP
L2TP is suitable for Layer-2 tunneling. Static tunnels are useful to establish network links across IP
networks when the tunnels are fixed. L2TP tunnels can carry data of more than one session. Each session is
identified by a session id and its parent tunnel's tunnel id. A tunnel must be created before a session can be
created in the tunnel.
Figure 36 – L2TP configuration page
GWR High Speed Cellular Router Series
User Manual
58
Session ID
Set the session id, which is a 32-bit integer value. Uniquely identifies the
session being created. The value used must match the peer_session id value
being used at the peer.
Cookie
Sets an optional cookie value to be assigned to the session. This is a 4 or 8 byte
value, specified as 8 or 16 hex digits, e.g. 014d3636deadbeef. The value must
match the peer cookie value set at the peer. The cookie value is carried in L2TP
data packets and is checked for expected value at the peer. Default is to use no
cookie.
Peer IP address
Set the IP address of the remote peer.
Peer Tunnel ID
Set the peer tunnel id, which is a 32-bit integer value assigned to the tunnel by
the peer. The value used must match the tunnel id value being used at the peer.
UDP Destination Port
Set the UDP destination port to be used for the tunnel. Must be present when
udp encapsulation is selected. Ignored when ip encapsulation is selected.
Peer Session ID
Set the peer session id, which is a 32-bit integer value assigned to the session by
the peer. The value used must match the session id value being used at the
peer.
Peer Cookie
Sets an optional peer cookie value to be assigned to the session. This is a 4 or 8
byte value, specified as 8 or 16 hex digits, e.g. 014d3636deadbeef. The value
must match the cookie value set at the peer. It tells the local system what cookie
value to expect to find in received L2TP packets. Default is to use no cookie
Encapsulation
Set the encapsulation type of the tunnel. Valid values for encapsulation are:
UDP, IP.
Bridged
The two interfaces can be configured with IP addresses if only IP data is to be
carried. To carry non-IP data, the L2TP network interface is added to a bridge
instead of being assigned its own IP address. Since raw ethernet frames are
then carried inside the tunnel, the MTU of the L2TP interfaces must be set to
allow space for those headers.
Interface IP Address
Local private P-t-P IP address.
Peer Interface IP
Address
Remote private P-t-P IP address.
MTU
MTU of the L2TP interface. Default 1446 for bridged or 1488 for Layer 3 tunnel.
Edit
Click Edit to edit selected tunnel from the table.
Delete
Click Delete to delete selected tunnel from table.
Reload
Click Reload to discard any changes and reload previous settings.
Save
Click Save to create new, or save changes to existing tunnel.
Table 18 –L2TP parameters
Figure 37– L2TP Summary screen
GWR High Speed Cellular Router Series
User Manual
59
Firewall
Label
Description
Firewall Rule Basic
Enable
This field specifies if Firewall is enabled at the router.
Rule Name
Enter a name for the firewall rule.
Firewall Rule Settings
Chain
There are three options available in this section: INPUT (for traffic going to the
interface), OUTGOING (for traffic originated at the router going out of the
interface) and FORWARD (for traffic routed from one interface to another,
originated outside the router)
Service
This field specifies a service which is based on a predefined service protocol
and service port. Also it can secifies a custom defined values.
Protocol
The protocol of the rule or of the packet to check. The specified protocol can be
one of All, TCP, UDP, UDPLITE, ICMP, ESP, AH, SCTP or Custom.
Port
This field specifies a service port with predefined or custom defined values.
Input Interface
Select the name of an interface via which a packet was received (only for
packets entering the INPUT and FORWARD chains).
Output Interface
Select the name of an interface via which a packet is going to be sent (for
packets entering the FORWARD and OUTPUT chains).
Source address
Source IP address of the packet. It can be single IP address, or range of IP
addresses.
Inverted source address
rule logic
Check this box to invert the the sense of the source address
Destination address
Destination IP address for the packet. It can be single IP address, or range of IP
addresses.
Inverted destination
address rule logic
Check this box to invert the sense of the destination address.
Packet state
This option, when combined with connection tracking, allows access to the
connection tracking state for this packet. Possible states are INVALID meaning
that the packet could not be identified for some reason which includes running
out of memory and ICMP errors which don't correspond to any known
connection, ESTABLISHED meaning that the packet is associated with a
connection which has seen packets in both directions, NEW meaning that the
packet has started a new connection, or otherwise associated with a connection
which has not seen packets in both directions, and RELATED meaning that the
packet is starting a new connection, but is associated with an existing
connection, such as an FTP data transfer, or an ICMP error.
Policy
This field specifies what action is taken on packets matching the above criteria.
If the packet does not match, the next rule in the chain is the examined; if it
Settings – Firewall – IP Filtering
TCP/IP traffic flow is controlled over IP address and port number through router’s interfaces in
both directions. With firewall options it is possible to create rule which exactly matches traffic of interest.
Traffic can be blocked or forward depending of action selected. It is important when working with firewall
rules to have in mind that traffic for router management should always be allowed to avoid problem with
unreachable router. Firewall rules are checked by priority from the first to the last. Rules which are after
matching rule are skipped.
GWR High Speed Cellular Router Series
User Manual
60
does match, then the next rule is specified by the value of the policy, which can
be one of the values ACCEPT, DROP, REJECT. ACCEPT means to let the
packet through. DROP means to drop the packet on the floor.The REJECT
policy works basically the same as the DROP policy, but it also sends back an
error message to the host sending the packet that was blocked.
Distributed DoS
Enable
This box enables Distributed DOS
Maximum average
matching rate
Maximum average matching rate: specified as a number, with an optional time
unit: second, minute, hour, or day; the default is 3/hour.
Maximum initial
number of packets to
match
Maximum initial number of packets to match: this number gets incremented by
one every time the limit specified above is not reached, up to this number.
Action
Back
Click Back to return on firewall home page
Reload
Click Reload to discard any changes and reload previous settings
Save
Click Save to save your changes back to the GWR Router
Table 19 – Firewall parameters
Figure 38– Firewall configuration page
GWR High Speed Cellular Router Series
User Manual
61
MAC Filtering Settings
Label
Description
Enable MAC Filtering
This field specifies if MAC Filtering is enabled at the router
Enable
Enable MAC filtering for a specific MAC address
Name
Field shows the Rule Name that is given to the MAC filtering rule
MAC address
The Ethernet MAC source address to allow
Reload
Click Reload to discard any changes and reload previous settings
Save
Click Save to save changes back to the GWR router
Settings – Firewall – MAC Filtering
MAC filtering can be used to restrict which Ethernet devices can send packets to the router.
If MAC filtering is enabled, only Ethernet packets with a source MAC address that is configured in
the MAC Filter table will be allowed. If the source MAC address is not in the MAC Filter table, the
packet will dropped.
Table 20 - MAC filtering parameters
Figure 39– MAC filtering configuration page
GWR High Speed Cellular Router Series
User Manual
62
DynDNS
Label
Description
Enable DynDNS Cilent
Enable DynDNS Client.
Service
The type of service that you are using, try one of: no–ip, dhs, pgpow, dyndns,
dyndns–static, dyndns–custom, ods, easydns, dyns, justlinux and zoneedit.
Custom Server IP or
Hostname
The server IP or Hostname to connect to.
Custom Server port
The server port to connect to.
Hostname
String to send as host parameter.
Username
User ID
Password
User password.
Update cycle
Defines interval between updates of the DynDNS client. Default and minimum
value for all DynDNS services, except No–IP service, is 86400 seconds. Update
cycle value for No–IP service is represented in minutes and minimum is 1
minute.
Settings – Dynamic DNS
Dynamic DNS is a domain name service allowing to link dynamic IP addresses to static hostname.
To start using this feature firstly you should register to DDNS service provider. Section of the web interface
where you can setup DynDNS parameters is shown in Error! Reference source not found..
Figure 40– DynDNS settings
GWR High Speed Cellular Router Series
User Manual
63
Number of tries
Number of tries (default: 1) if network problem.
Timeout
The amount of time to wait on I/O (network problem).
Period
Time between update retry attempts, default value is 1800.
Reload
Click Reload to discard any changes and reload previous settings.
Save
Click Save to save your changes back to the GWR Router.
Serial Port over TCP/UDP Settings
Label
Description
Bits per second
The unit and attached serial device, such as a modem, must agree on a speed or
baud rate to use for the serial connection. Valid baud rates are 300, 1200, 2400,
4800, 9600, 19200, 38400, 57600 or 115200.
Table 21 – DynDNS parameters
Settings – Serial Port
Using the router’s serial port it is possible to perform serial–to–ethernet conversion (Serial port over
TCP/UDP) and ModbusRTU–to–TCP conversion (Modbus gateway). Initial Serial Port Settings page is
shown in figure bellow. By default above described features are disabled. Selecting one of two possible
applications of Serial port opens up additional options available for configuration.
Figure 41– Serial Port Settings initial menu
Serial port over TCP/UDP settings
The GWR Router provides a way for a user to connect from a network connection to a serial port. It
provides all the serial port setup, a configuration file to configure the ports, a control login for modifying
port parameters, monitoring ports, and controlling ports. The GWR Router supports RFC 2217 (remote
control of serial port parameters).
GWR High Speed Cellular Router Series
User Manual
64
Data bits
Indicates the number of bits in a transmitted data package.
Parity
Checks for the parity bit. None is the default.
Stop bits
The stop bit follows the data and parity bits in serial communication. It
indicates the end of transmission. The default is 1.
Flow control
Flow control manages data flow between devices in a network to ensure it is
processed efficiently. Too much data arriving before a device is prepared to
manage it causes lost or retransmitted data. None is the default.
Protocol
Choose which protocol to use [TCP/UDP].
Mode
Select server mode in order to listen for incoming connection, or client mode to
establish one.
Bind to TCP/UDP port
Number of the TCP/UDP port to accept connections for this device. (Only on
server side)
Server IP address
Specify server IP address. (Only on client side).
Connect to TCP/UDP
port
Number of the TCP/UDP port to accept connections from this device. (Only on
client side).
Type of socket
Either raw or telnet. Raw enables the port and transfers all data like between the
port and the log. Telnet enables the port and runs the telnet protocol on the
port to set up telnet parameters.
Enable local echo
Enable the local echo feature.
Enable timeout
After defined period of inactivity port is closed, default is 1 hour
Check TCP connection
Enable connection checking.
Kepalive idle time
Set keepalive idle time in seconds.
Kepalive interval
Set time period between checking.
Log level
Set importance level of log messages.
Reload
Click Reload to discard any changes and reload previous settings.
Save
Click Save button to save your changes back to the GWR Router and
activate/deactivate serial to Ethernet converter.
Table 22 – Serial Port over TCP/UDP parameters
GWR High Speed Cellular Router Series
User Manual
65
Modbus Gateway Parameters
Label
Description
Bits per second
The unit and attached serial device, such as a modem, must agree on a speed or
baud rate to use for the serial connection. Valid baud rates are 300, 1200, 2400,
4800, 9600, 19200, 38400, 57600 or 115200.
Data bits
Indicates the number of bits in a transmitted data package. Valid data bits are:
8 and 7.
Click Serial Port Tab to open the Serial Port Configuration screen. Use this screen to configure the
GWR Router serial port parameters .
Figure 42– Serial Port configuration page
Modbus Gateway settings
The serial server will perform conversion from Modbus/TCP to Modbus/RTU, allowing polling by
a Modbus/TCP master. The Modbus IPSerial Gateway carries out translation between Modbus/TCP and
Modbus/RTU. This means that Modbus serial slaves can be directly attached to the unit's serial ports
without any external protocol converters.
Click Serial Port Tab to open the Modbus Gateway configuration screen. Choose Modbus Gateway
settings to configure Modbus. At the
Figure 43– Modbus gateway configuration page you can see screenshot of Modbus Gateway
configuration menu.
GWR High Speed Cellular Router Series
User Manual
66
Parity
Checks for the parity bit. Valid parity is: none, even and odd. None is the
default.
Stop bits
The stop bit follows the data and parity bits in serial communication. It
indicates the end of transmission. Valid stop bits are: 1 and 2. The default is 1.
Flow control
Flow control manages data flow between devices in a network to ensure it is
processed efficiently. Too much data arriving before a device is prepared to
manage it causes lost or retransmitted data. None is the default.
TCP accept port
This field determines the TCP port number that the serial server will listen for
connections on. The value entered should be a valid TCP port number. The
default Modbus/TCP port number is 502.
Connection timeout
When this field is set to a value greater than 0, the serial server will close
connections that have had no network receive activity for longer than the
specified period.
Transmission mode
Select RTU, based on the Modbus slave equipment attached to the port.
Response timeout
This is the timeout (in milliseconds) to wait for a response from a serial slave
device before retrying the request or returning an error to the Modbus master.
Maximum number of
retries
Should no valid response be received from a Modbus slave, the value in this
field determines the number of times the serial server will retransmit request
before giving up.
Log level
Set importance level of log messages.
Reload
Click Reload to discard any changes and reload previous settings.
Save
Click Save button to save your changes back to the GWR Router and
activate/deactivate serial to Ethernet converter.
Table 23 – Modbus gateway parameters
GWR High Speed Cellular Router Series
User Manual
67
Figure 43– Modbus gateway configuration page
GWR High Speed Cellular Router Series
User Manual
68
SMS – SMS Remote Control
SMS remote control feature allows users to execute a short list of predefined commands by sending SMS
messages to the router. GWR router series implement following predefined commands:
1. In order to establish PPP connection, user should send SMS containing following string:
:PPP–CONNECT
After the command is executed, router sends a confirmation SMS with “OK” if the command is
executed without errors or “ERROR” if something went wrong during the execution of the
command.
2. In order to disconnect the router from PPP, user should send SMS containing following string:
:PPP–DISCONNECT
After the command is executed, router sends a confirmation SMS with “OK” if the command is
executed without errors or “ERROR” if something went wrong during the execution of the
command.
3. In order to reestablish (reconnect the router) the PPP connection, user should send SMS containing
following string:
:PPP–RECONNECT
After the command is executed, router sends a confirmation SMS with “OK” if the command is
executed without errors or “ERROR” if something went wrong during the execution of the
command.
4. In order to obtain the current router status, user should send SMS containing following string:
:PPP–STATUS
After the command is executed, router sends one of the following status reports to the user:
– CONNECTING
– CONNECTED, WAN_IP: {WAN IP address or the router}
– DISCONNECTING
– DISCONNECTED
5. In order to establish PPP connection over the other SIM card, user should send SMS containing
following string:
:SWITCH-SIM
After the command is executed, router sends a confirmation SMS with “OK” if the command is
executed without errors or “ERROR” if something went wrong during the execution of the
command.
6. In order to restart whole router user should send SMS containing following string:
:REBOOT
After the command is executed, router sends a confirmation SMS with “OK” if the command is
executed without errors or “ERROR” if something went wrong during the execution of the
command.
Remote control configuration page is presented on the following figure. In order to use this feature,
user must enable the SMS remote control and specify the list of SIM card numbers that will be used for SMS
remote control. The SIM card number should be entered in the following format: {Country Code}{Mobile
Operator Prefix}{Phone Number} (for example +38164111222). SMS service centre number can be obtained
automatically (option “Use default SMSC is enabled”) or manually by entering number under field “Custom
SMSC”.
As presented in the figure configuration should be performed separately for both SIM cards. After
the configuration is entered, user must click on Save button in order to save the configuration.
GWR High Speed Cellular Router Series
User Manual
69
Figure 44– SMS remote control configuration
SMS – Send SMS
SMS send feature allows users to send SMS message from WEB interface. In following picture is page
from where SMS can be sent. There are two required fields on this page: Phone number and Message.
Sending SMS messages is possible with this application. The SMS message will be sent after entering Phone
number and Message and by pushing button Send
Figure 45– Send SMS
SMS Gateway is used for sending SMS with GET query. Command format is following:
Field marked with red are changeable . First field is phone number where is sent SMS to. Second field is
message itself. Third field is authorization (username:password) encrypted in BASE64. Link for online
BASE64 encryption is following http://www.base64encode.org. Username and password has to be written in
format username:password.
GWR High Speed Cellular Router Series
User Manual
70
Device Identity Settings
Label
Description
Name
This field specifies name of the GWR Router.
Description
This field specifies description of the GWR Router. Only for information purpose.
Location
This field specifies location of the GWR Router. Only for information purpose.
Save
Click Save button to save your changes back to the GWR Router.
Reload
Click Reload to discard any changes and reload previous settings.
Maintenance
The GWR Router provides administration utilities via web interface. Administrator can setup basic
router’s parameters, perform network diagnostic, update software or restore factory default settings.
Maintenance – Device Identity Settings
Within Device Identity Settings Tab there is an option to define name, location of device and
description of device function. These data are kept in device permanent memory. Device Identity Settings
window is shown on Error! Reference source not found..
By Administrator Password Tab it is possible to activate and deactivate device access system
through Username and Password mechanism. Within this menu change of authorization data
Username/Password is also done. Administer Password Tab window is shown on Error! Reference source
not found..
NOTE: The password cannot be recovered if it is lost or forgotten. If the password is lost or
forgotten, you have to reset the Router to its factory default settings; this will remove all of your
configuration changes.
GWR High Speed Cellular Router Series
User Manual
71
Administrator Password
Label
Description
Enable Password
Authentication
By this check box you can activate or deactivate function for local (passwd)
authentication when you access to web/console application.
Username
This field specifies Username for user (administrator) login purpose.
New Password
Enter a new password for GWR Router. Your password must have 20 or fewer
characters and cannot contain any space.
Confirm Password
Re–enter the new password to confirm it.
Enable Radius
Authentication
By this check box you can activate or deactivate function for authentication via
remote radius server.
Enable
Enable or disable usage of this radius server.
Server
Enter remote radius server IP address or hostname.
Port
Enter remote radius server port
Shared secret
Enter remote radius server shared secret.
Timeout
Enter remote radius server timeout in seconds [1-60].
HTTP
Bind HTTP to specified port
HTTPS
Bind HTTPS to specified port
HTTP/HTTPS
Bind HTTP and HTTPS to specified port
WEB GUI idle timeout
WEB session timeout
Save
Click Save button to save your changes back to the GWR Router.
Reload
Click Reload to discard any changes and reload previous settings.
Figure 47– Router Management configuration page
Table 25 – Administrator Management
GWR High Speed Cellular Router Series
User Manual
72
Date/Time Settings
Label
Description
Manually
Sets date and time manually as you specify it.
From time server
Sets the local time using the Network Time Protocol (NTP) automatically.
Time/Date
This field species Date and Time information. You can change date and time by
changing parameters.
Time Protocol
Specify time protocol. Currently only NTP is supported.
Time Server Address
Enter the Hostname or IP address of the NTP server.
Automatically
synchronize NTP
Setup automatic synchronization with time server.
Update time every
Time interval for automatic synchronization.
Time Zone
Select your time zone.
Save
Click Save button to save your changes back to the GWR Router.
Reload
Click Reload to discard any changes and reload previous settings.
Maintenance – Date/Time Settings
To set the local time, select Date/Time Settings using the Network Time Protocol (NTP)
automatically or Set the local time manually. Date and time settings on the GWR Router are done through
window Date/Time Settings.
Figure 48– Date/Time Settings configuration page
Table 26 – Date/time parameters
Maintenance – Diagnostics
The GWR Router provide built–it tool, which is used for troubleshooting network problems. The
ping test bounces a packet of machine on the Internet back to the sender. This test shows if the GWR Router
is able to connect the remote host. If users on the LAN are having problems accessing service on the
Internet, try to ping the DNS server or other machine on network.
Click Diagnostic tab to provide basic diagnostic tool for testing network connectivity. Insert valid IP
address in Hostname box and click Ping. Every time you click Ping router sends four ICMP packets to
GWR High Speed Cellular Router Series
User Manual
73
destination address.
Before using this tool make sure you know the device or host’s IP address.
Figure 49– Diagnostic page
Maintenance – Update Firmware
You can use this feature to upgrade the GWR Router firmware to the latest version. If you need to
download the latest version of the GWR Router firmware, please visit Geneko support site. Follow the on–
screen instructions to access the download page for the GWR Router.
If you have already downloaded the firmware onto your computer, click Browse button, on Update firmware Tab, to look for the firmware file. After selection of new firmware version through Browse button,
mechanism the process of data transfer from firmware to device itself should be started. This is done by
Upload button. The process of firmware transfer to the GWR device takes a few minutes and when it is
finished the user is informed about transfer process success.
NOTE: The Router will take a few minutes to upgrade its firmware. During this process, do not
power off the Router or press the Reset button.
Figure 50– Update Firmware page
In order to activate new firmware version it is necessary that the user performs system reset. In the
process of firmware version change all configuration parameters are not changed and after that the system
continues to operate with previous values.
GWR High Speed Cellular Router Series
User Manual
74
Maintenance – Settings Backup
This feature allows you to make a backup file of complete configuration or some part of the
configuration on the GWR Router. In order to backup the configuration, you should select the part of
configuration you would like to backup. The list of available options is presented on the Error! Reference source not found.. To use the backup file, you need to import the configuration file that you previously
exported.
Figure 51– Export/Import the configuration on the router
Import Configuration File
To import a configuration file, first specify where your backup configuration file is located. Click Browse,
and then select the appropriate configuration file.
After you select the file, click Import. This process may take up to a minute. Restart the Router in order to
changes will take effect.
Export Configuration File
To export the Router’s current configuration file select the part of the configuration you would like to
backup and click Export.
By default, this file will be called confFile.bkg, but you may rename it if you wish. This process may take up
to a minute.
Maintenance – Default Settings
Use this feature to clear all of your configuration information and restore the GWR Router to its
factory default settings. Only use this feature if you wish to discard all the settings and preferences that you
have configured.
Click Default Setting to have the GWR Router with default parameters. Keep network settings
check–box allows user to keep all network settings after factory default reset. System will be reset after
pressing Restore button.
GWR High Speed Cellular Router Series
User Manual
75
Display Settings
Label
Description
Enable Screen Saver
This field specifies if screen saver is enabled at the Geneko Router.
Timeout
Number between 30-60
IP Address Timeout
Number between 5-10
Save
Click Save button to save your changes back to the GWR Router.
Reload
Click Reload to discard any changes and reload previous settings.
Figure 52– Default Settings page
Maintenance – System Reboot
If you need to restart the Router, Geneko recommends that you use the Reboot tool on this screen.
Click Reboot to have the GWR Router reboot. This does not affect the router’s configuration.
Figure 53 – System Reboot page
Management – Display settings
Display settings on the GWR Router are done through window Display Settings.
Figure 54– Display Settings
Table 27 – Date/time parameters
GWR High Speed Cellular Router Series
User Manual
76
Command Line Interface
Label
Description
CLI Settings
Enable telnet service
Enable or disable CLI via telnet service.
Enable ssh service
Enable or disable CLI via ssh service.
View Mode Username
Login name for View mode
View Mode Password
Password for View mode
Confirm Password
Confirm password for View mode
View Mode Timeout
Inactivity timeout for CLI View mode in minutes. After timeout, session will
auto logout.
Admin Mode Timeout
Inactivity timeout for CLI Edit mode in seconds. Note that Username and
Password for Edit mode are the same as Web interface login parameters. After
timeout, session will auto logout .
Save
Click Save to save your changes back to the GWR Router.
Reload
Click Reload to discard any changes and reload previous settings.
Management – Command Line Interface
CLI (command line interface) is a user text–only interface to a computer's operating system or an
application in which the user responds to a visual prompt by typing in a command on a specified line and
then receives a response back from the system.
In other words, it is a method of instructing a computer to perform a given task by "entering" a command.
The system waits for the user to conclude the submitting of the text command by pressing the Enter or
Return key. A command–line interpreter then receives, parses, and executes the requested user command.
On router's Web interface, in Management menu, click on Command Line Interface tab to open the Command Line
Interface settings screen. Use this screen to configure CLI parameters
Figure 55– Command Line Interface.
Table 28 – Command Line Interface parameters
Figure 55– Command Line Interface
Detailed instructions related to CLI are located in other document (Command_Line_Interface.pdf file on CD
that goes with the router). You will find detailed specifications of all commands you can use to configure the
router and monitor routers performance.
GWR High Speed Cellular Router Series
User Manual
77
Remote Management
Label
Description
Enable Remote
Management
Enable or disable Remote Management.
Protocol
Choose between Geneko and Sarian protocol.
Bind to
Specify the interface.
TCP port
Specify the TCP port.
Save
Click Save to save your changes back to the GWR Router.
Reload
Click Reload to discard any changes and reload previous settings.
Management – Remote Management
Remote Management Utility is a standalone Windows application with many useful options for
configuration and monitoring of GWR routers. In order to use this utility user has to enable Remote
Management on the router Error! Reference source not found..
Figure 56– Remote Management
Table 29 – Remote Management parameters
Management – Connection Manager
Enabling Connection Manager will allow Connection Wizard (located on setup CD that goes with
the router) to guide you step–by–step through the process of device detection on the network and setup of
the PC–to–device communication. Thanks to this utility user can simply connect the router to the local
network without previous setup of the router. Connection Wizard will detect the device and allow you to
configure some basic functions of the router. Connection Manager is enabled by default on the router and if
you do not want to use it you can simply disable it Error! Reference source not found..
Figure 57– Connection Manager
GWR High Speed Cellular Router Series
User Manual
78
Getting started with the Connection Wizard
Connection Wizard is installed through few very simple steps and it is available immediately upon
the installation. It is only for Windows OS. After starting the wizard you can choose between two available
options for configuration:
GWR Router’s Ethernet port – With this option you can define LAN interface IP address and
subnet mask.
GWR router’s Ethernet port and GPRS/EDGE/HSPA/HSPA+/LTE network connection – Selecting
this option you can configure parameters for LAN and WAN interface
Figure 58– Connection Wizard – Initial Step
Select one of the options and click Next. On the next screen after Connection Wizard inspects the network
(whole broadcast domain) you’ll see a list of routers present in the network, with following information:
- Serial number
- Model
- Ethernet IP
- Firmware version
- Pingable (if Ethernet IP address of the router is in the same IP subnet as PC interface then this field
will be marked, i.e. you can access router over web interface).
GWR High Speed Cellular Router Series
User Manual
79
Figure 59– Connection Wizard – Router Detection
When you select one of the routers from the list and click Next you will get to the following screen.
Figure 60– Connection Wizard – LAN Settings
GWR High Speed Cellular Router Series
User Manual
80
If you selected to configure LAN and WAN interface click, upon entering LAN information click Next and
you will be able to setup WAN interface.
Figure 61– Connection Wizard – WAN Settings
After entering the configuration parameters if you mark option Establish connection router will start with
connection establishment immediately when you press Finish button. If not you have to start connection
establishment manually on the router’s web interface.
GWR High Speed Cellular Router Series
User Manual
81
SNMP Settings
Label
Description
Enable SNMP
SNMP is enabled by default. To disable the SNMP agent, click this option to
unmark.
Get Community
Create the name for a group or community of administrators who can view
SNMP data. The default is public. It supports up to 64 alphanumeric characters.
Service Port
Sets the port on which SNMP data has been sent. The default is 161. You can
specify port by marking on user defined and specify port you want SNMP data
to be sent.
Service Access
Sets the interface enabled for SNMP traps. The default is Both.
Reload
Click Reload to discard any changes and reload previous settings.
Save
Click Save button to save your changes back to the GWR Router and
enable/disable SNMP.
Management – Simple Management Protocol (SNMP)
SNMP (Simple Network Management Protocol), is a network protocol that provides network
administrators with the ability to monitor the status of the Router and receive notification of any critical
events as they occur on the network. The Router supports SNMP v1/v2c and all relevant Management
Information Base II (MIBII) groups. The appliance replies to SNMP Get commands for MIBII via any
interface and supports a custom MIB for generating trap messages.
Figure 62– SNMP configuration page
Table 30 – SNMP parameters
GWR High Speed Cellular Router Series
User Manual
82
Syslog Settings
Label
Description
Disable
Mark this option in order to disable Syslog feature.
Local syslog
Start logging facility locally.
Remote + local syslog
Mark this option in order to enable remote and local syslog feature
Log to
Local – Syslog file is stored locally on the router
USB Flash – Syslog file is stored on flash memory attached to USB interface
Syslog file size
Set log size on one of the six predefined values. [10 / 20 / 50 / 128 / 256 / 512
/ 1024]KB
Event log
Choose which events to be stored. You can store System, IPsec events or both of
them
Enable syslog saver
Save logs periodically on filesystem.
Save log every
Set time duration between two saves.
Management – Logs
Syslog is a standard for forwarding log messages in an IP network. The term "syslog" is often used
for both the actual syslog protocol, as well as the application or library sending syslog messages.
Syslog is a client/server protocol: the syslog sender sends a small (less than 1KB) textual message to
the syslog receiver. Syslog is typically used for computer system management and security auditing. While
it has a number of shortcomings, syslog is supported by a wide variety of devices and receivers across
multiple platforms. Because of this, syslog can be used to integrate log data from many different types of
systems into a central repository.
Figure 63– Syslog configuration page
The GWR Router supports this protocol and can send its activity logs to an external server.
GWR High Speed Cellular Router Series
User Manual
83
Service server IP
The Geneko Router can send a detailed log to an external syslog server. The
Router’s syslog captures all log activities and includes this information about
all data transmissions: every connection source and destination IP address, IP
service, and number of bytes transferred. Enter the syslog server name or IP
address
Service protocol
Sets the protocol type.
Service port
Sets the port on which syslog data has been sent. The default is 514. You can
specify port by marking on user defined and specify port you want syslog data
to be sent.
Reload
Click Reload to discard any changes and reload previous settings.
Save
Click Save button to save your changes back to the GWR Router and
enable/disable Syslog.
Table 31 – Syslog parameters
Logout
The Logout tab is located on the down left–hand corner of the screen. Click this tab to exit the web–
based utility. (If you exit the web–based utility, you will need to re–enter your Username and Password to
log in and then manage the Router.)
CHROOT
A chroot environment is an operating system call that will change the root location temporarily to a new
folder. Chroot runs a command or an interactive shell from another directory, and treats that directory as
root. Only a privileged process and root user can use chroot command.
Use Putty, Secure CRT and etc. on Windows, or Putty, GTK on Linux for connection over serial RS-232 port
or SSH over LAN port.
For example: Use SSH to enter in global configuration mode.
SSH 192.168.1.1 // SSH to br0 at TCP port 22 //
Press TAB twice quickly to see all commands which are available.
The list of possibilities is:
! dirs interfaces-up ping6 tee
./ disown ip popd telnet
: dmesg ipcalc pppstats test
JSON.sh do ipsec printf tftp
[ done ipsec-mode ps tftpd
[[ du ipsec-routes pushd then
]] ebtables ipsec-sa-status pwd time
GWR High Speed Cellular Router Series
User Manual
84
alias echo ipsec-status read times
ar egrep iptables-view readarray top
arping elif jobs readlink touch
awk else json2lua readonly tr
basename enable kill realpath traceroute
bash env killall reboot trap
bg esac ldd return true
bind eval less rip-ripd-conf tty
break exec let rip-zebra-conf type
builtin exit ln rm typeset
bunzip2 export local route udpsvd
busybox expr local_dns run-parts ulimit
bzcat factory_default logger scp umask
cal false logname sed unalias
caller fc logout select uname
case fg ls send_at_command uniq
cat fgrep lsof seq unset
cd fi lua service until
chattr find luac set unzip
chmod flock mapfile sh upfirmware
clear for md5sum shift uptime
cmp free microcom shopt users
command ftpd mkdir show usleep
compgen function mkfifo sleep vi
complete fuser mobile-activity sms_send wait
compopt getopts modem_info snmp-view wc
configuration_export grep modem_state sort wget
configuration_import gunzip more source which
configuration_show gzip mv ssh while
continue hash nc strace who
coproc head ncftp strings whoami
cp help netstat stty xargs
cpu hexdump nohup su xtables-multi
cut history nslookup suspend yes
date hostname ntpdate syslog_export zcat
dc hwclock od syslog_start {
dd id openvt syslog_start+view }
declare if passwd syslog_stop
df ifconfig perl tail
diff in pidof tar
dirname interfaces-all ping tcpsvd
GWR High Speed Cellular Router Series
User Manual
85
Configuration Examples
GWR Router as Internet Router
The GWR Routers can be used as Internet router for a single user or for a group of users (entire
LAN). NAT function is enabled by default on the GWR Router. The GWR Router uses Network Address
Translation (NAT) where only the mobile IP address is visible to the outside world. All outgoing traffic uses
the GWR Router mobile IP address.
Figure 64– GWR Router as Internet router
Click LAN Port Tab, to open the LAN Port Settings screen. Use this screen to configure LAN
TCP/IP settings. Configure IP address and Netmask.
IP address: 10.1.1.1,
Netmask: 255.255.255.0.
Press Save to accept the changes.
Use SIM card with a dynamic/static IP address, obtained from Mobile Operator. (Note the default
gateway may show, or change to, an address such as 10.0.0.1; this is normal as it is the GSM/UMTS
provider’s network default gateway).
Click Mobile Settings Tab to configure parameters necessary for GSM/UMTS connection. All
parameters necessary for connection configuration should be provided by your mobile operator.
Check the status of GSM/UMTS connection (Mobile Settings Tab). If disconnected please click
Connect button.
Check Routing Tab to see if there is default route (should be there by default).
Router will automatically add default route via ppp0 interface.
Optionally configure IP Filtering to block any unwanted incoming traffic.
Configure the GWR Router LAN address (10.1.1.1) as a default gateway address on your PCs.
Configure valid DNS address on your PCs.
GWR High Speed Cellular Router Series
User Manual
86
GRE Tunnel configuration between two GWR Routers
GRE tunnel is a type of a VPN tunnel, but it is not a secure tunneling method. Simple network with
two GWR Routers is illustrated on the diagram below (Error! Reference source not found.). Idea is to create
GRE tunnel for LAN to LAN (site to site) connectivity.
Figure 65– GRE tunnel between two GWR Routers
The GWR Routers requirements:
Static IP WAN address for tunnel source and tunnel destination address;
Source tunnel address should have static WAN IP address;
Destination tunnel address should have static WAN IP address;
GSM/UMTS APN Type: For GSM/UMTS networks GWR Router connections may require a Custom
APN. A Custom APN allows for various IP addressing options, particularly static IP addresses, which are
needed for most VPN connections. A custom APN should also support mobile terminated data that may be
required in most site–to–site VPNs.
The GWR Router 1 configuration:
Click LAN Ports, to open the LAN Port Settings screen. Use this screen to configure LAN TCP/IP
settings. Configure IP address and Netmask.
IP Address: 192.168.4.1,
Subnet Mask: 255.255.255.0,
Press Save to accept the changes.
GWR High Speed Cellular Router Series
User Manual
87
Figure 66– Network configuration page for GWR Router 1
Use SIM card with a static IP address, obtained from Mobile Operator. (Note the default gateway
may show, or change to, an address such as 10.0.0.1; this is normal as it is the GSM/UMTS
provider’s network default gateway).
Click Mobile Settings Tab to configure parameters necessary for GSM/UMTS connection. All
parameters necessary for connection configuration should be required from mobile operator.
Check the status of GSM/UMTS connection (Mobile Settings Tab). If disconnected please click
Connect button.
Click VPN Settings > GRE to configure GRE tunnel parameters:
Enable: yes
Local Tunnel Address: 10.10.10.1
Local Tunnel Netmask: 255.255.255.252 (Unchangeable, always 255.255.255.252)
Tunnel Source: 1. 10.251.49.2 ( obtained by the network provider )
2. Select HOST from drop down menu if you want to use host name as peer
identifier
Tunnel Destination: 1. 10.251.49.3 (obtained by the network provider )
2. Select HOST from drop down menu if you want to use host name as
peer identifier
KeepAlive enable: no,
Period:(none),
Retries:(none),
Press ADD to put GRE tunnel rule into GRE table.
Press Save to accept the changes.
Figure 67– GRE configuration page for GWR Router 1
GWR High Speed Cellular Router Series
User Manual
88
Click Static Routes on Routing Tab to configure GRE Route. Parameters for this example are:
Destination Network: 192.168.2.0,
Netmask: 255.255.255.0,
Interface: gre_x.
Figure 68– Routing configuration page for GWR Router 1
Optionally configure IP Filtering to block any unwanted incoming traffic.
On the device connected on GWR router 1 setup default gateway 192.168.4.1
The GWR Router 2 configuration:
Click LAN Ports Tab, to open the LAN Ports Settings screen. Use this screen to configure LAN
TCP/IP settings. Configure IP address and Netmask.
IP Address: 192.168.2.1,
Subnet Mask: 255.255.255.0,
Press Save to accept the changes.
Figure 69– Network configuration page for GWR Router 2
Use SIM card with a static IP address, obtained from Mobile Operator. (Note the default gateway
may show, or change to, an address such as 10.0.0.1; this is normal as it is the GSM/UMTS/LTE
provider’s network default gateway).
Click Mobile Settings Tab to configure parameters necessary for GSM/UMTS connection. All
GWR High Speed Cellular Router Series
User Manual
89
parameters necessary for connection configuration should be required from mobile operator.
Check the status of GSM/UMTS connection (Mobile Settings Tab). If disconnected please click
Connect button.
Click VPN Settings > GRE to configure GRE tunnel parameters:
Enable: yes,
Local Tunnel Address: 10.10.10.2
Local Tunnel Netmask: 255.255.255.252 (Unchangeable, always 255.255.255.252)
Tunnel Source: 1. 10.251.49.3 (obtained by the network provider )
2. Select HOST from drop down menu if you want to use host name as peer
identifier
Tunnel Destination: 1. 10.251.49.2 (obtained by the network provider )
2. Select HOST from drop down menu if you want to use host name
as peer identifier
KeepAlive enable: no,
Period:(none),
Retries:(none),
Press ADD to put GRE tunnel rule into GRE table,
Press Save to accept the changes.
Figure 70– GRE configuration page for GWR Router 2
Configure GRE Route. Click Static Routes on Routing Tab. Parameters for this example are:
Destination Network: 192.168.4.0,
Netmask: 255.255.255.0.
• Interface: gre_x.
Figure 71– Routing configuration page for GWR Router 2
Optionally configure IP Filtering to block any unwanted incoming traffic.
On the device connected on GWR router 2 setup default gateway 192.168.2.1.
GWR High Speed Cellular Router Series
User Manual
90
GRE Tunnel configuration between GWR Router and third party router
GRE tunnel is a type of a VPN tunnels, but it isn't a secure tunneling method. However, you can
encrypt GRE packets with an encryption protocol such as IPSec to form a secure VPN.
On the diagram below (Error! Reference source not found.) is illustrated simple network with two
sites. Idea is to create GRE tunnel for LAN to LAN (site to site) connectivity.
Figure 72– GRE tunnel between Cisco router and GWR Router
GRE tunnel is created between Cisco router with GRE functionality on the HQ Site and the GWR
Router on the Remote Network. In this example, it is necessary for both routers to create tunnel interface
(virtual interface). This new tunnel interface is its own network. To each of the routers, it appears that it has
two paths to the remote physical interface and the tunnel interface (running through the tunnel). This tunnel
could then transmit unroutable traffic such as NetBIOS or AppleTalk.
The GWR Router uses Network Address Translation (NAT) where only the mobile IP address is
visible to the outside. All outgoing traffic uses the GWR Router WAN/VPN mobile IP address. HQ Cisco
router acts like gateway to remote network for user in corporate LAN. It also performs function of GRE
server for termination of GRE tunnel. The GWR Router act like default gateway for Remote Network and
GRE server for tunnel.
1. HQ router requirements:
HQ router require static IP WAN address,
Router or VPN appliance has to support GRE protocol,
Tunnel peer address will be the GWR Router WAN's mobile IP address. For this reason, a static
mobile IP address is preferred on the GWR Router WAN (GPRS) side,
Remote Subnet is remote LAN network address and Remote Subnet Mask is subnet of remote
LAN.
GWR High Speed Cellular Router Series
User Manual
91
2.The GWR Router requirements:
Static IP WAN address,
Peer Tunnel Address will be the HQ router WAN IP address (static IP address),
Remote Subnet is HQ LAN IP address and Remote Subnet Mask is subnet mask of HQ LAN.
GSM/UMTS APN Type: For GSM/UMTS networks GWR Router connections may require a Custom
APN. A Custom APN allows for various IP addressing options, particularly static IP addresses, which are
needed for most VPN connections. A custom APN should also support mobile terminated data that may be
required in most site–to–site VPNs.
Cisco router sample Configuration:
Interface FastEthernet 0/1
ip address 10.2.2.1 255.255.255.0
description LAN interface
interface FastEthernet 0/0
ip address 172.29.8.4 255.255.255.0
description WAN interface
Command for tunnel status: show ip interface brief
The GWR Router Sample Configuration:
Click LAN Ports Tab, to open the LAN Port Settings screen. Use this screen to configure LAN
TCP/IP settings. Configure IP address and Netmask.
IP Address: 10.1.1.1,
Subnet Mask: 255.255.255.0,
Press Save to accept the changes.
Figure 73– LAN Port configuration page
Use SIM card with a dynamic/static IP address, obtained from Mobile Operator. (Note the default
gateway may show, or change to, an address such as 10.0.0.1; this is normal as it is the GSM/UMTS
provider’s network default gateway).
Click Mobile Settings Tab to configure parameters necessary for GSM/UMTS connection. All
parameters necessary for connection configuration should be required from mobile operator.
Check the status of GSM/UMTS connection (Mobile Settings Tab). If disconnected please click
Connect button.
GWR High Speed Cellular Router Series
User Manual
92
Click VPN Settings > GRE Tunneling to configure new VPN tunnel parameters:
Enable: yes,
Local Tunnel Address: 10.10.10.1,
Local Tunnel Netmask: 255.255.255.252 (Unchangeable, always 255.255.255.252),
Tunnel Source: 172.29.8.5,
Tunnel Destination: 172.29.8.4,
KeepAlive enable: no,
Period:(none),
Retries:(none),
Press ADD to put GRE tunnel rule into VPN table,
Press Save to accept the changes.
Figure 74– GRE configuration page
Configure GRE Route. Click Static Routes on Routing Tab. Parameters for this example are:
Optionally configure IP Filtering and TCP service port settings to block any unwanted incoming
traffic.
User from remote LAN should be able to communicate with HQ LAN.
GWR High Speed Cellular Router Series
User Manual
93
IPSec Tunnel configuration between two GWR Routers
IPSec tunnel is a type of a VPN tunnels with a secure tunneling method. Simple network with two GWR
Routers is illustrated on the diagram below Error! Reference source not found.. Idea is to create IPSec
tunnel for LAN to LAN (site to site) connectivity.
Figure 76 – IPSec tunnel between two GWR Routers
The GWR Routers requirements:
Static IP WAN address for tunnel source and tunnel destination address,
Dynamic IP WAN address must be mapped to hostname with DynDNS service (for
synchronization with DynDNS server SIM card must have internet access),
GSM/UMTS APN Type: For GSM/UMTS networks GWR Router connections may require a
Custom APN. A Custom APN allows for various IP addressing options, particularly static IP addresses,
which are needed for most VPN connections. A custom APN should also support mobile terminated data
that may be required in most site–to–site VPNs.
For the purpose of detailed explanation of IPSec tunnel configuration , two scenarios will be examined and
network illustrated in the Figure 62 will be used for both scenarios.
GWR High Speed Cellular Router Series
User Manual
94
Scenario #1
Router 1 and Router 2 , presented in the Figure 64, have firmware version that provides two modes of
negotiation in IPSec tunnel configuration process:
Aggressive
Main
In this scenario, aggressive mode will be used. Configurations for Router 1 and Router 2 are listed below.
The GWR Router 1 configuration:
Click Network Tab, to open the LAN NETWORK screen. Use this screen to configure LAN TCP/IP
settings. Configure IP address and Netmask:
IP Address: 10.0.10.1
Subnet Mask: 255.255.255.0
Press Save to accept the changes.
Figure 77– LAN Port configuration page for GWR Router 1
Use SIM card with a static IP address, obtained from Mobile Operator.
Click Mobile Settings Tab to configure parameters necessary for GSM/UMTS connection. All
parameters necessary for connection configuration should be required from mobile operator.
Check the status of GSM/UMTS/LTE connection (Mobile Settings Tab). If disconnected please click
Connect button.
Click VPN Settings > IPSEC to configure IPSEC tunnel parameters. Click Add New Tunnel button to
create new IPSec tunnel. Tunnel parameters are:
Add New Tunnel
Tunnel Name: IPsec tunnel,
Enable: true,
Local Group Setup
Local Security Gateway Type: SIM card
Local ID Type: IP Address
IP Address From: SIM 1
Local Security Group Type: Subnet,
IP Address: 10.0.10.0,
GWR High Speed Cellular Router Series
User Manual
95
Subnet Mask: 255.255.255.0.
Remote Group Setup
Remote Security Gateway Type: IP Only,
IP Address: 172.29.8.5,
Remote ID Type: IP Address,
Remote Security Group Type: IP,
IP Address: 192.168.10.1.
IPSec Setup
Key Exchange Mode: IKE with Preshared key,
Mode: aggressive,
Phase 1 DH group: Group 2,
Phase 1 Encryption: 3DES,
Phase 1 Authentication: MD5,
Phase 1 SA Life Time: 28800,
Perfect Forward Secrecy: true,
Phase 2 DH group: Group 2,
Phase 2 Encryption: 3DES,
Phase 2 Authentication: MD5,
Phase 2 SA Life Time: 3600,
Preshared Key: 1234567890.
Figure 78– IPSEC configuration page I for GWR Router 1
GWR High Speed Cellular Router Series
User Manual
96
Figure 79– IPSec configuration page II for GWR Router 1
NOTE : Options NAT Traversal and Send Initial Contact are predefined
Figure 80– IPSec configuration page III for GWR Router 1
Click Start button on Internet Protocol Security page to initiate IPSEC tunnel.
NOTE: Firmware version used in this scenario also provides options for Connection mode of IPSec tunnel.
If connection mode Connect is selected that indicates side of IPSec tunnel which sends requests for
establishing of the IPSec tunnel.
If connection mode Wait is selected that indicates side of IPSec tunnel which listens and responses to IPSec
establishing requests from Connect side.
GWR High Speed Cellular Router Series
User Manual
97
Figure 81– IPSec start/stop page for GWR Router 1
Click Start button and after that Connect button on Internet Protocol Security page to initiate IPSEC tunnel
On the device connected on GWR router 1 setup default gateway 10.0.10.1
The GWR Router 2 configuration:
Click LAN Ports Tab, to open the LAN Ports Settings screen. Use this screen to configure LAN
TCP/IP settings. Configure IP address and Netmask.
IP Address: 192.168.10.1
Subnet Mask: 255.255.255.0
Press Save to accept the changes.
Figure 82– Network configuration page for GWR Router 2
Use SIM card with a static IP address, obtained from Mobile Operator.
Click Mobile Settings Tab to configure parameters necessary for GSM/UMTS/LTE connection. All
parameters necessary for connection configuration should be required from mobile operator.
Check the status of GSM/UMTS/LTE connection (Mobile Settings Tab). If disconnected please click
Connect button.
Click VPN Settings > IPSEC to configure IPSEC tunnel parameters. Click Add New Tunnel button to
create new IPSec tunnel. Tunnel parameters are:
Add New Tunnel
GWR High Speed Cellular Router Series
User Manual
98
Tunnel Name: IPsec tunnel
Enable: true.
Local Group Setup
Local Security Gateway Type: SIM card
Local ID Type: IP Address
IP Address From: SIM 1
Local Security Group Type: IP
IP Address: 192.168.10.1
Remote Group Setup
Remote Security Gateway Type: IP Only
IP Address: 172.29.8.4
Remote ID Type: IP Address
Remote Security Group Type: Subnet
IP Address: 10.0.10.0
Subnet: 255.255.255.0
IPSec Setup
Keying Mode: IKE with Preshared key
Mode: aggressive
Phase 1 DH group: Group 2
Phase 1 Encryption: 3DES
Phase 1 Authentication: MD5
Phase 1 SA Life Time: 28800
Perfect Forward Secrecy: true
Phase 2 DH group: Group 2
Phase 2 Encryption: 3DES
Phase 2 Authentication: MD5
Phase 2 SA Life Time: 3600
Preshared Key: 1234567890
Figure 83– IPSEC configuration page I for GWR Router 2
Figure 84– IPSec configuration page II for GWR Router 2
NOTE : Options NAT Traversal and Send Initial Contact are predefined.
GWR High Speed Cellular Router Series
User Manual
100
Figure 85– IPSec configuration page III for GWR Router 2
Click Start button on Internet Protocol Security page to initiate IPSEC tunnel.
NOTE: Firmware version used in this scenario also provides options for Connection mode of IPSec tunnel.
If connection mode Connect is selected that indicates side of IPSec tunnel which sends requests for
establishing of the IPSec tunnel.
If connection mode Wait is selected that indicates side of IPSec tunnel which listens and responses to IPSec
establishing requests from Connect side.
Figure 86– IPSec start/stop page for GWR Router 2
Click Start button and after that Wait button on Internet Protocol Security page to initiate IPSEC tunnel.
On the device connected on GWR router 2 setup default gateway 192.168.10.1.
GWR High Speed Cellular Router Series
Loading...
+ hidden pages
You need points to download manuals.
1 point = 1 manual.
You can buy points or you can get point for every manual you upload.