Add-On Manual
MoRoS / MLR
Reference Manual ASCII Configuration File
Nov-10
Copyright © November 10 INSYS MICROELECTRONICS GmbH
Any duplication of this manual is prohibited. All rights on this documentation and the
devices are with INSYS MICROELECTRONICS GmbH Regensburg.
Trademarks
The use of a trademark not shown below is not an indication that it is freely available for
use.
MNP is a registered trademark of Microcom Inc.
IBM PC, AT, XT are registered trademarks of International Business Machine Corporation.
INSYS ® is a registered trademark of INSYS MICROELECTRONICS GmbH.
Windows™ is a registered trademark of Microsoft Corporation.
Linux is a registered trademark of Linus Torvalds.
Publisher:
INSYS MICROELECTRONICS GmbH
Waffnergasse 8
D-93047 Regensburg, Germany
Phone: +49 (0)941/56 00 61
Fax: +49 (0)941/56 34 71
E-mail: insys@insys-tec.de
Internet: http://www.insys-tec.de
Date: Nov-10
Item: 31-22-03.165
Version: 1.1
Language: EN
Contents
1 General Information ........................................................................................... 5
2 Version History.................................................................................................... 6
3 ASCII Configuration File ...................................................................................... 7
3.1 Set-Up of the Configuration File ........................................................................................7
3.1.1 Comments............................................................................................................................7
3.1.2 Formatting...........................................................................................................................8
3.1.3 Strings ...................................................................................................................................8
3.1.4 Endless Lists.........................................................................................................................8
3.1.5 Missing or Double Sections / Objects...........................................................................9
3.1.6 Mutually Exclusive Settings ............................................................................................9
3.1.7 Restart at the End of the Configuration.................................................................... 10
3.1.8 Reloading the Old Configuration after Configuration Aborts............................. 10
3.1.9 Including Files ..................................................................................................................11
4 Log File .............................................................................................................. 12
5 Configuration Using ASCII Configuration File.................................................. 13
6 Reference for the ASCII Configuration File....................................................... 14
4 Nov-10
MoRoS / MLR General Information
1 General Information
This add-on manual serves as reference for the configuration file of the MoRoS / MLR in
ASCII format and may only be used together with the operator manual of the respective
router. Safety instructions, technical data, and functional descriptions must be taken
from the operator manual.
This add-on manual is valid for all routers of the models MoRoS and MLR of INSYS MICROELECTRONICS GmbH with a firmware version of 2.4.x or higher.
This reference describes all configuration options of the different variants of the router.
The individual variants do not contain all described settings. The actual scope depends
on firmware and variant.
5
Version History MoRoS / MLR
2 Version History
Version Description
1.0 Release
1.1 Update for FW 2.5.x
6
MoRoS / MLR ASCII Configuration File
3 ASCII Configuration File
The router allows to export the configuration as ASCII text file. This text file can be modified accordingly and uploaded again to the router to configure it in a convenient way.
Moreover, an "empty" configuration file (ASCII template) can be downloaded from the
router, i.e. a configuration file that contains no settings, but all setting options available
on the respective device.
A detailed description of the function for downloading and uploading configuration files
can be found in the operator manual of the router.
3.1 Set-Up of the Configuration File
The ASCII configuration file is structured in several sections. The section and object sorting is based on the web interface. Each section starts with the name of the section in
square brackets "[ section ]" followed by further lines with the individual objects of
this section. Within the objects, object name and object value are separated by an equals
sign "object name = object value". Each line is finished with a carriage return. The end
of a section is defined by the start of a new section or the file end.
The configuration file is case sensitive, i.e. capitalisation is considered.
The following excerpt of an ASCII configuration file shows the section "textconfig" with
the two objects "reboot" and "abort_on_error" as well as the section "webinterface"
with further objects:
[ textconfig ]
reboot = 0
abort_on_error = 0
[ webinterface ]
local_http = 1
remote_http = 1
remote_https = 1
http_port = 80
https_port = 8888
location = 'Location' #This value has to be enclosed in single quo tes
3.1.1 Comments
Comments can be introduced by a hash sign " # " at the beginning or also within a line.
A semicolon " ; " can only introduce a comment at the beginning of a line (also following leading blanks or tabs). All other characters in the line will be ignored.
7
ASCII Configuration File MoRoS / MLR
3.1.2 Formatting
Blank lines can be inserted between any lines.
Blanks and tabs can be inserted
at the beginning of a line
at the end of a line
between square brackets and section names
between object name and " = "
between " = " and object value
between object name and " ; " for endless list entries
between " ; " and object value for endless list entries
3.1.3 Strings
Strings that are used to enter passwords or user names for example must be placed between single quotes " ’ " (a comment indicates the use of single quotes in each such
entry). The strings may also contain single quotes because only the first and last single
quote is searched for. Basically, the characters 0x20 through 0x7E are permissible, i.e. 0
through 9, a through z, A through Z, and the special characters! " # $ % & ' ( ) * + , - . / ; < =
> ? @ [ ] \ ^ _ { } | ~, as well as the blank. The colon is not permissible. The following example shows the entry of strings:
dialnumber = '*99***1#' #This value has to be enclosed in single quotes
3.1.4 Endless Lists
Some objects can form endless lists (e.g. routes). If further objects are passed with an
object (e.g. the source address, net mask, data direction, etc. in case of a firewall rule),
these are written into the same line, but separated from each other using a semicolon
" ; ". The object "list" defines, whether the endless list contained in this section that is
already stored on the router is to be deleted "list = d" (d for delete) before the new objects are entered, or the new objects are appended to the list "list = a" (a for append). If
the object "list" is missing, the objects are appended to the list. Generally, there is no
more than one endless list per section. The following example shows such an endless list:
....list = d
new_entry = common_name = cname1 ; vpn_ip = 10.1.0.9
new_entry = common_name = cname2 ; vpn_ip = 10.1.0.13
8
MoRoS / MLR ASCII Configuration File
3.1.5 Missing or Double Sections / Objects
If sections or objects are missing in an ASCII configuration file, the missing sections or
objects will not be uploaded to the router, i.e. the configuration of these objects remains
untouched. A single section is already a valid configuration file. Moreover, it must not
even contain an object, which can be used to restart a dial-out for example. Processing a
section in a configuration file corresponds with pressing the "OK" button on the respective page of the web interface.
If an ASCII configuration file contains an object more than once, the successive object
overwrites the previous one, because the configuration file is processed sequential. In
the following example, the second object overwrites the first, i.e. the object "dns" will be
set to "2.2.2.2":
[ dns ]
dns = 1.1.1.1
dns = 2.2.2.2
Sections can also occur repeatedly and are also configured repeatedly. This can be used
for example to close a dial-up connection, configure the communication device, and setup the dial-up connection again within one configuration, as shown in the following example:
[ dialout ]
start_dialout = 0
[ isdn ]
msn = 25
[ dialout ]
start_dialout = 1
3.1.6 Mutually Exclusive Settings
If settings are made in an ASCII configuration file that are mutually exclusive, for example simultaneously activating an OpenVPN client and server, the section configured first
is valid (i.e. the one that is earlier in the configuration file). However, the associated settings are taken over. A comparable behaviour is also on the web interface: a conflicting
setting cannot be made after configuring a certain setting, because it will be faded out.
9
ASCII Configuration File MoRoS / MLR
3.1.7 Restart at the End of the Configuration
The section "textconfig" of the ASCII configuration file contains the object "reboot" to
define whether a restart of the router is to be made following the configuration (0 = no
restart; 1 = restart). A restart can be used to ensure that all services are started with the
new settings (VPN settings are only used following a new dial-out for example). A restart
will be made at the end of the configuration in the following example:
[ textconfig ]
reboot = 1
abort_on_error = 0
3.1.8 Reloading the Old Configuration after Configuration Aborts
The section "textconfig" of the ASCII configuration file contains the object
"abort_on_error" to define whether the old configuration is to be reloaded in case the
configuration aborts due to an error (0 = no reload of the old configuration; 1 = reload of
the old configuration). The configuration aborts in case of severely faulty configurations
that would result a red warning message in the web interface. This function can be used
for example to secure "critical" configurations (e.g. the dial-up connection that is currently used for remote configuration), by activating this function before the "critical" section and deactivating it again behind it, i.e. the old configuration will only be reloaded, if
the abort happens in the "critical" section. The old configuration will be reloaded after an
abort in the following example:
[ textconfig ]
reboot = 0
abort_on_error = 1
10
MoRoS / MLR ASCII Configuration File
3.1.9 Including Files
It is also possible to upload the content of other files within the ASCII configuration file.
This is required to upload certificates, keys, lists, or e-mail and SSM texts for example.
These files are entered in text form as object value with the respective object. Carriage
returns may also be contained within the object with this.
In order to upload certificates or keys for example, these will be entered as object value
following the object name. For this, the certificate or key is opened in a text editor, copied there, and completely pasted behind the " = " in the object. The following (shortened) example shows the CA certificate in the ASCII configuration file:
[ openvpn server dialin ]
...
ca_certificate = -----BEGIN CERTIFICATE----MIIC+jCCAmOgAwIBAgIBATANBgkqhkiG9w0BAQUFADCBiDELMAkGA1UEBhMCREUx
...
cNAMClSZ3yDocBkiJuL7sMqAk8uN8XI4uKSBhZ0bZUG1O5dubek/Gkl2Bkymjw==
-----END CERTIFICATE-----
The entry of lists, like the AT answer list, takes place in a similar way and is shown in the
following example:
[ serial ethernet modem ]
...
at_answer_list = -----BEGIN AT ANSWER LIST----i="Serial Ethernet Gateway Version 1.0"
-----END AT ANSWER LIST-----
The configuration of e-mail messages takes place in form of endless lists (see Endless
Lists). The object value in form of further objects is entered here behind the object name
"new_entry" that are separated by a semicolon " ; " from each other. The message text
is then entered in the sub-object "text". This may also contain carriage returns in case for
e-mails and is enclosed by the strings "-----BEGIN MESSAGE-----" and "-----END MES-
SAGE-----
". This may not contain carriage returns for SMS messages and is entered
without any further formattings. This is shown in the following example for an e-mail
message:
[ email ]
start_email = 1
list = d
new_entry = recipient = support@insys-tec.de ; cause = 0001 ; attach =
0001 ; status = 1 ; text = -----BEGIN MESSAGE----E-Mail-Text
will be sent on system start-----END MESSAG E---- new_entry = recipient = support@insys-tec.de ; cause = 0002 ; attach =
0004 ; text = -----BEGIN MESSAGE----E-mail text
Will be sent when setting up an OpenVPN tunnel-- ---END MESSAGE-----
11
Log File MoRoS / MLR
4 Log File
A log file is written during the configuration file is processed. Besides start and end of the
configuration, the following faults are recorded in the log file.
Unknown section
Section not available on this router (e.g. [ dialout ] on MoRoS LAN)
Missing value of an object
Unknown object
The log file can be displayed on the web interface of the router in the "System" menu on
the "System data" page using the link "Show text config log" and in the "System" menu
on the "Download" page using the link "Text Configuration Log".
A detailed description of the function for displaying the log file can be found in the operator manual of the router.
12
MoRoS / MLR Configuration Using ASCII Configuration File
5 Configuration Using ASCII Configuration File
This section describes how to download an ASCII configuration file from the router, edit
it accordingly, and loading it up to the router again.
Your router must be in operation and you must have access to the web interface to perform the following steps. It is prerequisite that you are familiar with the router and have
worked through the associated user manual, especially the sections "Commissioning"
and "Operating Principle".
Configuration with the web interface
In order to download the actual configuration of the router, right-click in the
"System" menu on the "Download" page in the "Configuration" section the
link "ASCII". Select "Save target as..." and save the configuration file to an appropriate location under a suitable name.
In order to download an empty configuration file of the router, right-click in
the "System" menu on the "Download" page in the "Configuration" section the
link "ASCII template". Select "Save target as..." and save the configuration file
to an appropriate location under a suitable name.
Open the configuration file with a text editor and make the respective modifications. Save the edited configuration file again.
Delete unused sections and objects to speed up the subsequent upload.
In order to upload the edited configuration to the router again, select in the
"System" menu on the "Update" page in the "Manual update" the "Browse..."
button and open the configuration file to be uploaded.
Save your settings by clicking "OK".
Confirm the upload by clicking "Yes".
Note!
Change of the time!
The time can be misadjusted by uploading a previously
downloaded configuration.
If you load a configuration from the router, the actual time is
also stored in the configuration file. If you upload this configuration file without deleting or editing the [ settime ] section
again later, the time in the router will be overwritten with the
time in the configuration file (that is wrong in the meantime).
13
Reference for the ASCII Configuration File MoRoS / MLR
6 Reference for the ASCII Configuration File
You will find a reference of all sections with the associated objects that can appear in the
ASCII configuration file in this section. Please note that the available sections, objects,
and options depend on the firmware and variant of the router. If you download an actual
ASCII configuration file from a router, this contains only the currently configured objects
in their respective sections, i.e. objects that exist in the router indeed, but are not configured, are not contained. If you download an empty ASCII configuration file as template
from a router, this contains all available objects of this router.
Sections and objects can be deleted from or added to an ASCII configuration file. It is also
possible to create an ASCII configuration file from an empty TXT file. The requirements
for the ASCII configuration file that are described in the section "ASCII Configuration File"
of this manual must be considered with this.
[ textconfig ]
reboot
0 = No restart after configuration (default)
1 = Restart after configuration
abort_on_error
0 = No reload of the old configuration after abort (default)
1 = Reload of the old configuration after abort
[ webinterface ]
username
User name for web interface access (default: insys)
The object value must be passed in single quotes!
password
Password for web interface access (default: moros)
The object value must be passed in single quotes!
local_http
0 = Local configuration via HTTP disabled
1 = Local configuration via HTTP enabled (default)
remote_http
0 = Remote configuration via HTTP disabled
1 = Remote configuration via HTTP enabled (default)
remote_https
0 = Remote configuration via HTTPS disabled
1 = Remote configuration via HTTPS enabled (default)
http_port
HTTP port of the web interface (default: 80)
https_port
HTTPS port of the web interface (default: 443)
location
Location of the router
The object value must be passed in single quotes!
[ address ]
ip
IP address of the router (default: 192.168.1.1)
netmask
Network mask of the router (default: 255.255.255.0)
[ routing local ]
list
a = New entries are appended to existing list
d = Existing list is deleted (default)
new_entry
New route entry that passes the following sub-objects:
net
Network address of the static route
netmask
Net mask of the static route
gateway
Gateway of the static route
14
MoRoS / MLR Reference for the ASCII Configuration File
[ com1 ]
for UMTS routers
pin
PIN of SIM card 1
pin2
PIN of SIM card 2
provider_mode
auto = Automatic log-in to standard provider of SIM
card 1
preferred = Log-in to preferred provider for SIM card 1, oth-
erwise to standard provider
exclusive = Exclusive log-in to exclusive provider for SIM card
1
pref_provider
Provider ID of the preferred provider for SIM card 1
excl_provider
Provider ID of the exclusive provider for SIM card 1
provider_mode2
auto = Automatic log-in to standard provider of SIM
card 2
preferred = Log-in to preferred provider for SIM card 2, oth-
erwise to standard provider
exclusive = Exclusive log-in to exclusive provider for SIM card
2
pref_provider2
Provider ID of the preferred provider for SIM card 2
excl_provider2
Provider ID of the exclusive provider for SIM card 2
auto_login
0 = Daily log-out and log-in disabled
1 = Daily log-out and log-in enabled (default)
hour_out
Daily log-out at (hour; 00-23)
min_out
Daily log-out at (minute; 00-59)
hour_in
Daily log-in at (hour; 00-23)
min_in
Daily log-in at (minute; 00-59)
[ com1 ]
for ISDN routers
msn
MSN of the connection to which the router is connected
caller1
Permitted caller number 1
caller2
Permitted caller number 2
caller3
Permitted caller number 3
caller4
Permitted caller number 4
caller5
Permitted caller number 5
[ com1 ]
for Modem routers
country
Country-specific settings of the modem (default: FD)
wait_for_dialtone
0 = Do not wait for dial tone before dialling (default)
1 = Wait for dial tone before dialling
15
Reference for the ASCII Configuration File MoRoS / MLR
[ com2 ]
for redundant UMTS communication device
pin
PIN of the SIM card of the redundant communication device
provider_mode
auto = Automatic log-in to standard provider of SIM
card 1
preferred = Log-in to preferred provider for SIM card 1, oth-
erwise to standard provider
exclusive = Exclusive log-in to exclusive provider for SIM card
1
pref_provider
Provider ID of the preferred provider for SIM card 1
excl_provider
Provider ID of the exclusive provider for SIM card 1
auto_login
0 = Daily log-out and log-in disabled
1 = Daily log-out and log-in enabled (default)
hour_out
Daily log-out at (hour; 00-23)
min_out
Daily log-out at (minute; 00-59)
hour_in
Daily log-in at (hour; 00-23)
min_in
Daily log-in at (minute; 00-59)
[ com2 ]
for redundant ISDN communication device
msn
MSN of the connection to which the redundant communication device is connected
caller1
Permitted caller number 1
caller2
Permitted caller number 2
caller3
Permitted caller number 3
caller4
Permitted caller number 4
caller5
Permitted caller number 5
[ com2 ]
for redundant Modem communication device
country
Country-specific settings of the modem (default: FD)
wait_for_dialtone
0 = Do not wait for dial tone before dialling (default)
1 = Wait for dial tone before dialling
[ terminal1 ]
not for LAN routers
command
AT command that is passed to the communication device
[ terminal2 ]
for redundant communication device
command
AT command that is passed to the redundant communication
device
16
MoRoS / MLR Reference for the ASCII Configuration File
[ dialin ]
start_dialin
0 = Dial-in disabled (default)
1 = Dial-in using internal communication device
2 = Dial-in using redundant communication device
3 = Dial-in using internal or redundant communication device
idletime
Idle time in seconds after which a dial-in connection without
data traffic is disconnected (default: 0, no disconnection)
dialin_prio
0 = Do not prioritise dial-in over LAN (ext) (default)
1 = Prioritise dial-in over LAN (ext)
rings
Number of ring tones until call acceptance
authentication
0 = Authentication for dial-in disabled
1 = Authentication for dial-in enabled (default)
username<x>
User name for authentication account <x> (<x> = 0-9)
The object value must be passed in single quotes!
password<x>
Password for authentication account <x> (<x> = 0-9)
The object value must be passed in single quotes!
auth<x>
pap = Authentication for authentication account <x> via PAP
chap = Authentication for authentication account <x> via
CHAP
callback<x>
0 = Call-back for authentication account <x> disabled (de-
fault)
1 = Call-back for authentication account <x> enabled
ip_local_intern
Own IP address
ip_remote_intern
IP address of remote terminal
ip_local_extern
Own IP address of the redundant communication device
ip_remote_extern
IP address of remote terminal of the red. communication
device
callback
0 = Automatic call-back disabled (default)
1 = Automatic call-back enabled
for ISDN or Modem routers
callback_mode
auth = Call-back after PPP authentication
clip = Call-back after call from one of the specified numbers:
clip1
Phone number 1 for which a call-back is made
clip2
Phone number 2 for which a call-back is made
clip3
Phone number 3 for which a call-back is made
clip4
Phone number 4 for which a call-back is made
clip5
Phone number 5 for which a call-back is made
17
Reference for the ASCII Configuration File MoRoS / MLR
[ routing dialin ]
default_route
0 = Set no default route
1 = Set default route (default)
nat_incoming
0 = NAT for incoming packets disabled
1 = NAT for incoming packets enabled (default)
nat_outgoing
0 = NAT for outgoing packets disabled
1 = NAT for outgoing packets enabled (default)
list
a = New entries are appended to existing list
d = Existing list is deleted (default)
new_entry
New route entry that passes the following sub-objects:
net
Network address of the route
netmask
Net mask of the route
gateway
Gateway of the route (only for LAN routers)
[ firewall dialin ]
start_firewall
0 = Firewall for dial-in connections disabled (default)
1 = Firewall for dial-in connections enabled
list
a = New entries are appended to existing list
d = Existing list is deleted (default)
new_entry
New permitted connection that passes the following subobjects:
protocol
icmp = ICMP protocol is used
udp = UDP protocol is used
tcp = TCP protocol is used
direction
in = Only incoming connections are permitted
out = Only outgoing connections are permitted
both = Incoming and outgoing connections are permitted
source_ip
Source IP address
source_netmask
Source net mask
dest_port
Destination port
dest_ip
Destination IP address
dest_netmask
Destination net mask
dialinuser
Name of the user that has dialled in
The object value must be passed in single quotes!
18
MoRoS / MLR Reference for the ASCII Configuration File
[ openvpn server dialin ]
start_openvpn_server
0 = OpenVPN server for dial-in connections disabled (default)
1 = OpenVPN server for dial-in connections enabled
lport
Local port of the tunnel (default: 1194)
rport
Remote port of the tunnel (default: 1194)
protocol
udp = UDP protocol is used
tcp = TCP protocol is used
float
0 = Float (remote terminal may change its IP address) dis-
abled
1 = Float (remote terminal may change its IP address) enabled
(default)
comp_lzo
0 = LZO compression disabled
1 = LZO compression enabled (default)
masquerade
0 = Do not mask packets before tunnelling
1 = Mask packets before tunnelling (default)
cipher
BF-CBC = Encryption algorithm Blowfish 128 Bit (de-
fault)
DES-CBC = Encryption algorithm DES 64 Bit
DES-EDE-CBC = Encryption algorithm DES EDE 128 Bit
DES-EDE3-CBC = Encryption algorithm DES EDE3 192 Bit
DESX-CBC = Encryption algorithm DESX 192 Bit
CAST5-CBC = Encryption algorithm CAST5 128 Bit
IDEA-CBC = Encryption algorithm IDEA 128 Bit
RC2-CBC = Encryption algorithm RC2 128 Bit
RC2-40-CBC = Encryption algorithm RC2 40 Bit
RC2-64-CBC = Encryption algorithm RC2 64 Bit
AES-128-CBC = Encryption algorithm AES 128 Bit
AES-192-CBC = Encryption algorithm AES 192 Bit
AES-256-CBC = Encryption algorithm AES 256 Bit
verb
Verbosity of the messages in connection log (default: 3, 0-9)
fragment
Maximum size of the tunnel packets (in bytes)
reneg
Interval for key renegotiation (in seconds, default: 3600)
ping
Interval for ping dispatch to remote terminal (in seconds,
default: 30)
restart
Interval for ping restart (in seconds, default: 60)
client_to_client
0 = Do not allow communication between clients (default)
1 = Allow communication between clients
pool_ip
IP address pool for clients
pool_netmask
Net mask of the IP address pool
list
a = New entries are appended to existing list
d = Existing list is deleted (default)
auth_type
static = No authentication or with static key
cert = Authentication with certificates
remote_peer
IP address or domain name of remote site
remote_peer2
IP address or domain name of alternative remote site
local_vpn_ip
Local IP address of VPN tunnel
remote_vpn_ip
Remote IP address of VPN tunnel
remote_net
Address of network behind the VPN tunnel
remote_netmask
Net mask of network behind the VPN tunnel
new_entry
New route entry to client network that passes the following
sub-objects:
19
Reference for the ASCII Configuration File MoRoS / MLR
common_name
"Common Name" in certificate of the client
net
Network address of the client
netmask
Net mask of the client
vpn_ip
VPN IP address of the client
dh_parameters
Diffie-Hellman parameter set
crl
Certificate Revocation List
ca_certificate
CA certificate
public_certificate
Public certificate of the server
private_key
Private key of the server
static_key
Static key
[ openvpn client dialin ]
start_openvpn_client
0 = OpenVPN client for dial-in connections disabled (default)
1 = OpenVPN client for dial-in connections enabled
lport
Local port of the tunnel (default: 1194)
rport
Remote port of the tunnel (default: 1194)
protocol
udp = UDP protocol is used
tcp = TCP protocol is used
float
0 = Float (remote terminal may change its IP address) dis-
abled
1 = Float (remote terminal may change its IP address) enabled
(default)
comp_lzo
0 = LZO compression disabled
1 = LZO compression enabled (default)
masquerade
0 = Do not mask packets before tunnelling
1 = Mask packets before tunnelling (default)
cipher
BF-CBC = Encryption algorithm Blowfish 128 Bit (de-
fault)
DES-CBC = Encryption algorithm DES 64 Bit
DES-EDE-CBC = Encryption algorithm DES EDE 128 Bit
DES-EDE3-CBC = Encryption algorithm DES EDE3 192 Bit
DESX-CBC = Encryption algorithm DESX 192 Bit
CAST5-CBC = Encryption algorithm CAST5 128 Bit
IDEA-CBC = Encryption algorithm IDEA 128 Bit
RC2-CBC = Encryption algorithm RC2 128 Bit
RC2-40-CBC = Encryption algorithm RC2 40 Bit
RC2-64-CBC = Encryption algorithm RC2 64 Bit
AES-128-CBC = Encryption algorithm AES 128 Bit
AES-192-CBC = Encryption algorithm AES 192 Bit
AES-256-CBC = Encryption algorithm AES 256 Bit
verb
Verbosity of the messages in connection log (default: 3, 0-9)
fragment
Maximum size of the tunnel packets (in bytes)
reneg
Interval for key renegotiation (in seconds, default: 3600)
ping
Interval for ping dispatch to remote terminal (in seconds,
default: 30)
restart
Interval for ping restart (in seconds, default: 60)
bind
0 = No-bind (fix local address and port) disabled
1 = No-bind (fix local address and port) enabled (default)
icmp_ping
IP address or domain name for additional ICMP ping
20
MoRoS / MLR Reference for the ASCII Configuration File
username
User name of the client for log-in at the OpenVPN server
The object value must be passed in single quotes!
password
Password of the client for log-in at the OpenVPN server
The object value must be passed in single quotes!
check_server_cert
0 = Check of certificate type of remote terminal disabled (de-
fault)
1 = Check of certificate type of remote terminal enabled
auth_type
static = No authentication or with static key
cert = Authentication with certificates
remote_peer
IP address or domain name of remote site
remote_peer2
IP address or domain name of alternative remote site
local_vpn_ip
Local IP address of VPN tunnel
remote_vpn_ip
Remote IP address of VPN tunnel
remote_net
Address of network behind the VPN tunnel
remote_netmask
Net mask of network behind the VPN tunnel
ca_certificate
CA certificate
public_certificate
Public certificate of the client
private_key
Private key of the client
static_key
Static key
21
Reference for the ASCII Configuration File MoRoS / MLR
[ ipsec dialin ]
FW 2.4.x
start_ipsec
0 = IPsec for dial-in connections disabled (default)
1 = IPsec for dial-in connections enabled
remote_peer
IP address or domain name of remote site
remote_net
Local subnet of remote terminal
remote_netmask
Net mask of local subnet of remote terminal
remote_id
Remote terminal ID
The object value must be passed in single quotes!
local_id
Own ID
The object value must be passed in single quotes!
auth_mode
main = Authentication mode Main is used (default)
aggressive = Authentication mode Aggressive is used
ike_cipher
3des = IKE encryption algorithm DES EDE3 (default)
aes128 = IKE encryption algorithm AES 128 Bit
aes192 = IKE encryption algorithm AES 192 Bit
aes256 = IKE encryption algorithm AES 256 Bit
ike_hash
sha1 = IKE hash algorithm SHA1 (default)
md5 = IKE hash algorithm MD5
ike_dh
modp768 = Diffie-Hellman group for IKE is DH 768
modp1024 = Diffie-Hellman group for IKE is DH 1024 (de-
fault)
modp1536 = Diffie-Hellman group for IKE is DH 1536
ipsec_cipher
3des = IPsec encryption algorithm DES EDE3 (default)
aes128 = IPsec encryption algorithm AES 128 Bit
aes192 = IPsec encryption algorithm AES 192 Bit
aes256 = IPsec encryption algorithm AES 256 Bit
ipsec_hash
sha1 = IPsec hash algorithm SHA1 (default)
md5 = IPsec hash algorithm MD5
key_attempts
Maximum connection attempts (0 = infinite)
nat_traversal
on = NAT traversal is enabled (default)
off = NAT traversal is disabled
forced = NAT traversal is enforced
keep_alive
Interval of keep alive packets (in seconds, default: 10)
pfs
0 = Perfect forward secrecy is disabled
1 = Perfect forward secrecy is enabled (default)
dpd_interval
Interval for dead peer detection (in seconds, default: 30)
dpd_timeout
Timeout for dead peer detection (in seconds, default: 120)
22
MoRoS / MLR Reference for the ASCII Configuration File
dpd_action
clear = Closing the connection on dead peer detection
hold = Holding the connection on dead peer detection
restart = Restarting the connection on dead peer detection
(default)
key_lifetime
Interval for key renegotiation (in seconds, default: 3600)
icmp_ping
IP address or domain name for additional ICMP ping
auth_type
cert = Authentication with certificates
psk = Authentication with pre-shared key (PSK)
psk
Pre-shared key (PSK)
The object value must be passed in single quotes!
masquerade
0 = Do not mask packets through the tunnel
1 = Mask packets through the tunnel (default)
ca_certificate
CA certificate
public_certificate
Public certificate
private_key
Private key
23
Reference for the ASCII Configuration File MoRoS / MLR
[ ipsec dialin ]
from FW 2.5.x; <x> = 1-10
start_ipsec
0 = IPsec for dial-in connections disabled (default)
1 = IPsec for dial-in connections enabled
nat_traversal
on = NAT traversal is enabled (default)
off = NAT traversal is disabled
forced = NAT traversal is enforced
keep_alive
Interval of keep alive packets (in seconds, default: 10)
start_tunnel<x>
0 = IPsec tunnel <x> disabled (default)
1 = IPsec tunnel <x> enabled
tunnel_name<x>
Name for IPsec tunnel <x>
remote_peer<x>
IP address or domain name of remote site
local_net<x>
Local subnet
local_netmask<x>
Network mask of the local subnet
remote_net<x>
Local subnet of remote terminal
remote_netmask<x>
Net mask of local subnet of remote terminal
remote_id<x>
Remote terminal ID
The object value must be passed in single quotes!
local_id<x>
Own ID
The object value must be passed in single quotes!
auth_mode<x>
main = Authentication mode Main is used (default)
aggressive = Authentication mode Aggressive is used
ike_cipher<x>
3des = IKE encryption algorithm DES EDE3 (default)
aes128 = IKE encryption algorithm AES 128 Bit
aes192 = IKE encryption algorithm AES 192 Bit
aes256 = IKE encryption algorithm AES 256 Bit
ike_hash<x>
sha1 = IKE hash algorithm SHA1 (default)
md5 = IKE hash algorithm MD5
ike_dh<x>
modp768 = Diffie-Hellman group for IKE is DH 768
modp1024 = Diffie-Hellman group for IKE is DH 1024 (de-
fault)
modp1536 = Diffie-Hellman group for IKE is DH 1536
ipsec_cipher<x>
3des = IPsec encryption algorithm DES EDE3 (default)
aes128 = IPsec encryption algorithm AES 128 Bit
aes192 = IPsec encryption algorithm AES 192 Bit
aes256 = IPsec encryption algorithm AES 256 Bit
ipsec_hash<x>
sha1 = IPsec hash algorithm SHA1 (default)
md5 = IPsec hash algorithm MD5
key_attempts<x>
Maximum connection attempts (0 = infinite)
masquerade<x>
0 = Do not mask packets through the tunnel
1 = Mask packets through the tunnel (default)
dpd_interval<x>
Interval for dead peer detection (in seconds, default: 30)
dpd_timeout<x>
Timeout for dead peer detection (in seconds, default: 120)
24
MoRoS / MLR Reference for the ASCII Configuration File
dpd_action<x>
clear = Closing the connection on dead peer detection
hold = Holding the connection on dead peer detection
restart = Restarting the connection on dead peer detection
(default)
pfs<x>
0 = Perfect forward secrecy is disabled
1 = Perfect forward secrecy is enabled (default)
key_lifetime<x>
Interval for key renegotiation (in seconds, default: 3600)
icmp_ping<x>
IP address or domain name for additional ICMP ping
auth_type<x>
cert = Authentication with certificates
psk = Authentication with pre-shared key (PSK)
psk<x>
Pre-shared key (PSK)
The object value must be passed in single quotes!
ca_certificate<x>
CA certificate
public_certificate<x>
Public certificate
private_key<x>
Private key
25
Reference for the ASCII Configuration File MoRoS / MLR
[ dialout ]
start_dialout
0 = Dial-out disabled (default)
1 = Dial-out using internal communication device
2 = Dial-out primarily using internal or secondarily using re-
dundant communication device
3 = Dial-out primarily using redundant or secondarily using
internal communication device
4 = Dial-out primarily using previously used, working com-
munication device
dialnumber
Phone number for target A
The object value must be passed in single quotes!
dialnumber_b
Phone number for target B
The object value must be passed in single quotes!
username
User name for target A
The object value must be passed in single quotes!
username_b
User name for target B
The object value must be passed in single quotes!
password
Password for target A
The object value must be passed in single quotes!
password_b
Password for target B
The object value must be passed in single quotes!
auth
both = Authentication for target A via PAP or CHAP
pap = Authentication for target A via PAP
chap = Authentication for target A via CHAP
auth_b
both = Authentication for target B via PAP or CHAP
pap = Authentication for target B via PAP
chap = Authentication for target B via CHAP
apn
Access point name for target A
(only for GPRS or UMTS routers)
apn_b
Access point name for target B
(only for GPRS or UMTS routers)
sim
1 = SIM card 1 is used for target B (default)
2 = SIM card 2 is used for target B
(only for GPRS or UMTS routers)
fetch_dns
0 = Do not request DNS server address
1 = Request DNS server address (default)
idletime
Maximum idle time (in seconds, default: 20, 0 = unlimited)
maxtime
Maximum connection time (in seconds, default: 0, 0 = unlimited)
prio
target_a = Always try target A first
last = Try last successful target first
26
MoRoS / MLR Reference for the ASCII Configuration File
flat
0 = Leased-line operation disabled (default)
1 = Leased-line operation enabled
check_interval
Interval of connection check (in minutes, default: 60)
check_type
dns = Connection check via DNS request (default)
ping = Connection check via ping
dns_target
Target of connection check via DNS request
ping_target
Target of connection check via ping
auto_daily_start
0 = Daily automatic connection set-up disabled (default)
1 = Daily automatic connection set-up enabled
auto_daily_stop
0 = Daily automatic connection clearing disabled (default)
1 = Daily automatic connection clearing enabled
auto_hour_start
Daily automatic connection set-up at (hour; 00-23)
auto_minutes_start
Daily automatic connection set-up at (minute; 00-59)
auto_hour_stop
Daily automatic connection clearing at (hour; 00-23)
auto_minutes_stop
Daily automatic connection clearing at (minute; 00-59)
[ routing dialout ]
default_route
0 = Set no default route
1 = Set default route (default)
nat_incoming
0 = NAT for incoming packets disabled
1 = NAT for incoming packets enabled (default)
nat_outgoing
0 = NAT for outgoing packets disabled
1 = NAT for outgoing packets enabled (default)
list
a = New entries are appended to existing list
d = Existing list is deleted (default)
new_entry
New route entry that passes the following sub-objects:
net
Network address of the route
netmask
Net mask of the route
gateway
Gateway of the route (only for LAN routers)
[ dialfilters dialout ]
start_dialfilter
0 = Dial filter for dial-out connections disabled (default)
1 = Dial filter for dial-out connections enabled
list
a = New entries are appended to existing list
d = Existing list is deleted (default)
new_entry
New dial filter rule that passes the following sub-objects:
protocol
icmp = ICMP protocol is used
udp = UDP protocol is used
tcp = TCP protocol is used
source_ip
Source IP address
source_netmask
Source net mask
dest_port
Destination port
dest_ip
Destination IP address
dest_netmask
Destination net mask
dns
0 = DNS requests from source IP address must not initiate a
connection (default)
1 = DNS requests from source IP address may initiate a con-
nection
27
Reference for the ASCII Configuration File MoRoS / MLR
[ firewall dialout ]
start_firewall
0 = Firewall for dial-out connections disabled (default)
1 = Firewall for dial-out connections enabled
list
a = New entries are appended to existing list
d = Existing list is deleted (default)
new_entry
New permitted connection that passes the following subobjects:
protocol
icmp = ICMP protocol is used
udp = UDP protocol is used
tcp = TCP protocol is used
direction
in = Only incoming connections are permitted
out = Only outgoing connections are permitted
both = Incoming and outgoing connections are permitted
source_ip
Source IP address
source_netmask
Source net mask
dest_port
Destination port
dest_ip
Destination IP address
dest_netmask
Destination net mask
[ portforward dialout ]
start_portforwarding
0 = Port forwarding for dial-out connections disabled
1 = Port forwarding for dial-out connections enabled (default)
exposed_host
IP address of exposed host
list
a = New entries are appended to existing list
d = Existing list is deleted (default)
new_entry
New permitted connection that passes the following subobjects:
protocol
icmp = ICMP protocol is used
udp = UDP protocol is used
tcp = TCP protocol is used
esp = ESP protocol is used
source_port_start
Start of port range for forwarding
source_port_end
End of port range for forwarding
dest_ip
IP address of forwarding destination
dest_port
Port of forwarding destination
28
MoRoS / MLR Reference for the ASCII Configuration File
[ openvpn server dialout ]
start_openvpn_server
0 = OpenVPN server for dial-out connections disabled (de-
fault)
1 = OpenVPN server for dial-out connections enabled
lport
Local port of the tunnel (default: 1194)
rport
Remote port of the tunnel (default: 1194)
protocol
udp = UDP protocol is used
tcp = TCP protocol is used
float
0 = Float (remote terminal may change its IP address) dis-
abled
1 = Float (remote terminal may change its IP address) enabled
(default)
comp_lzo
0 = LZO compression disabled
1 = LZO compression enabled (default)
masquerade
0 = Do not mask packets before tunnelling
1 = Mask packets before tunnelling (default)
cipher
BF-CBC = Encryption algorithm Blowfish 128 Bit (de-
fault)
DES-CBC = Encryption algorithm DES 64 Bit
DES-EDE-CBC = Encryption algorithm DES EDE 128 Bit
DES-EDE3-CBC = Encryption algorithm DES EDE3 192 Bit
DESX-CBC = Encryption algorithm DESX 192 Bit
CAST5-CBC = Encryption algorithm CAST5 128 Bit
IDEA-CBC = Encryption algorithm IDEA 128 Bit
RC2-CBC = Encryption algorithm RC2 128 Bit
RC2-40-CBC = Encryption algorithm RC2 40 Bit
RC2-64-CBC = Encryption algorithm RC2 64 Bit
AES-128-CBC = Encryption algorithm AES 128 Bit
AES-192-CBC = Encryption algorithm AES 192 Bit
AES-256-CBC = Encryption algorithm AES 256 Bit
verb
Verbosity of the messages in connection log (default: 3, 0-9)
fragment
Maximum size of the tunnel packets (in bytes)
reneg
Interval for key renegotiation (in seconds, default: 3600)
ping
Interval for ping dispatch to remote terminal (in seconds,
default: 30)
restart
Interval for ping restart (in seconds, default: 60)
client_to_client
0 = Do not allow communication between clients (default)
1 = Allow communication between clients
pool_ip
IP address pool for clients
pool_netmask
Net mask of the IP address pool
list
a = New entries are appended to existing list
d = Existing list is deleted (default)
auth_type
static = No authentication or with static key
cert = Authentication with certificates
remote_peer
IP address or domain name of remote site
remote_peer2
IP address or domain name of alternative remote site
local_vpn_ip
Local IP address of VPN tunnel
remote_vpn_ip
Remote IP address of VPN tunnel
remote_net
Address of network behind the VPN tunnel
remote_netmask
Net mask of network behind the VPN tunnel
new_entry
New route entry to client network that passes the following
29
Reference for the ASCII Configuration File MoRoS / MLR
sub-objects:
common_name
"Common Name" in certificate of the client
net
Network address of the client
netmask
Net mask of the client
vpn_ip
VPN IP address of the client
dh_parameters
Diffie-Hellman parameter set
crl
Certificate Revocation List
ca_certificate
CA certificate
public_certificate
Public certificate of the server
private_key
Private key of the server
static_key
Static key
[ openvpn client dialout ]
start_openvpn_client
0 = OpenVPN client for dial-out connections disabled (de-
fault)
1 = OpenVPN client for dial-out connections enabled
lport
Local port of the tunnel (default: 1194)
rport
Remote port of the tunnel (default: 1194)
protocol
udp = UDP protocol is used
tcp = TCP protocol is used
float
0 = Float (remote terminal may change its IP address) dis-
abled
1 = Float (remote terminal may change its IP address) enabled
(default)
comp_lzo
0 = LZO compression disabled
1 = LZO compression enabled (default)
masquerade
0 = Do not mask packets before tunnelling
1 = Mask packets before tunnelling (default)
cipher
BF-CBC = Encryption algorithm Blowfish 128 Bit (de-
fault)
DES-CBC = Encryption algorithm DES 64 Bit
DES-EDE-CBC = Encryption algorithm DES EDE 128 Bit
DES-EDE3-CBC = Encryption algorithm DES EDE3 192 Bit
DESX-CBC = Encryption algorithm DESX 192 Bit
CAST5-CBC = Encryption algorithm CAST5 128 Bit
IDEA-CBC = Encryption algorithm IDEA 128 Bit
RC2-CBC = Encryption algorithm RC2 128 Bit
RC2-40-CBC = Encryption algorithm RC2 40 Bit
RC2-64-CBC = Encryption algorithm RC2 64 Bit
AES-128-CBC = Encryption algorithm AES 128 Bit
AES-192-CBC = Encryption algorithm AES 192 Bit
AES-256-CBC = Encryption algorithm AES 256 Bit
verb
Verbosity of the messages in connection log (default: 3, 0-9)
fragment
Maximum size of the tunnel packets (in bytes)
reneg
Interval for key renegotiation (in seconds, default: 3600)
ping
Interval for ping dispatch to remote terminal (in seconds,
default: 30)
restart
Interval for ping restart (in seconds, default: 60)
bind
0 = No-bind (fix local address and port) disabled
1 = No-bind (fix local address and port) enabled (default)
30
MoRoS / MLR Reference for the ASCII Configuration File
icmp_ping
IP address or domain name for additional ICMP ping
username
User name of the client for log-in at the OpenVPN server
The object value must be passed in single quotes!
password
Password of the client for log-in at the OpenVPN server
The object value must be passed in single quotes!
check_server_cert
0 = Check of certificate type of remote terminal disabled (de-
fault)
1 = Check of certificate type of remote terminal enabled
auth_type
static = No authentication or with static key
cert = Authentication with certificates
remote_peer
IP address or domain name of remote site
remote_peer2
IP address or domain name of alternative remote site
local_vpn_ip
Local IP address of VPN tunnel
remote_vpn_ip
Remote IP address of VPN tunnel
remote_net
Address of network behind the VPN tunnel
remote_netmask
Net mask of network behind the VPN tunnel
ca_certificate
CA certificate
public_certificate
Public certificate of the client
private_key
Private key of the client
static_key
Static key
31
Reference for the ASCII Configuration File MoRoS / MLR
[ ipsec dialout ]
FW 2.4.x
start_ipsec
0 = IPsec for dial-out connections disabled (default)
1 = IPsec for dial-out connections enabled
remote_peer
IP address or domain name of remote site
remote_net
Local subnet of remote terminal
remote_netmask
Net mask of local subnet of remote terminal
remote_id
Remote terminal ID
The object value must be passed in single quotes!
local_id
Own ID
The object value must be passed in single quotes!
auth_mode
main = Authentication mode Main is used (default)
aggressive = Authentication mode Aggressive is used
ike_cipher
3des = IKE encryption algorithm DES EDE3 (default)
aes128 = IKE encryption algorithm AES 128 Bit
aes192 = IKE encryption algorithm AES 192 Bit
aes256 = IKE encryption algorithm AES 256 Bit
ike_hash
sha1 = IKE hash algorithm SHA1 (default)
md5 = IKE hash algorithm MD5
ike_dh
modp768 = Diffie-Hellman group for IKE is DH 768
modp1024 = Diffie-Hellman group for IKE is DH 1024 (de-
fault)
modp1536 = Diffie-Hellman group for IKE is DH 1536
ipsec_cipher
3des = IPsec encryption algorithm DES EDE3 (default)
aes128 = IPsec encryption algorithm AES 128 Bit
aes192 = IPsec encryption algorithm AES 192 Bit
aes256 = IPsec encryption algorithm AES 256 Bit
ipsec_hash
sha1 = IPsec hash algorithm SHA1 (default)
md5 = IPsec hash algorithm MD5
key_attempts
Maximum connection attempts (0 = infinite)
nat_traversal
on = NAT traversal is enabled (default)
off = NAT traversal is disabled
forced = NAT traversal is enforced
keep_alive
Interval of keep alive packets (in seconds, default: 10)
pfs
0 = Perfect forward secrecy is disabled
1 = Perfect forward secrecy is enabled (default)
dpd_interval
Interval for dead peer detection (in seconds, default: 30)
dpd_timeout
Timeout for dead peer detection (in seconds, default: 120)
32
MoRoS / MLR Reference for the ASCII Configuration File
dpd_action
clear = Closing the connection on dead peer detection
hold = Holding the connection on dead peer detection
restart = Restarting the connection on dead peer detection
(default)
key_lifetime
Interval for key renegotiation (in seconds, default: 3600)
icmp_ping
IP address or domain name for additional ICMP ping
auth_type
cert = Authentication with certificates
psk = Authentication with pre-shared key (PSK)
psk
Pre-shared key (PSK)
The object value must be passed in single quotes!
masquerade
0 = Do not mask packets through the tunnel
1 = Mask packets through the tunnel (default)
ca_certificate
CA certificate
public_certificate
Public certificate
private_key
Private key
33
Reference for the ASCII Configuration File MoRoS / MLR
[ ipsec dialout ]
from FW 2.5.x; <x> = 1-10
start_ipsec
0 = IPsec for dial-out connections disabled (default)
1 = IPsec for dial-out connections enabled
nat_traversal
on = NAT traversal is enabled (default)
off = NAT traversal is disabled
forced = NAT traversal is enforced
keep_alive
Interval of keep alive packets (in seconds, default: 10)
start_tunnel<x>
0 = IPsec tunnel <x> disabled (default)
1 = IPsec tunnel <x> enabled
tunnel_name<x>
Name for IPsec tunnel <x>
remote_peer<x>
IP address or domain name of remote site
local_net<x>
Local subnet
local_netmask<x>
Network mask of the local subnet
remote_net<x>
Local subnet of remote terminal
remote_netmask<x>
Net mask of local subnet of remote terminal
remote_id<x>
Remote terminal ID
The object value must be passed in single quotes!
local_id<x>
Own ID
The object value must be passed in single quotes!
auth_mode<x>
main = Authentication mode Main is used (default)
aggressive = Authentication mode Aggressive is used
ike_cipher<x>
3des = IKE encryption algorithm DES EDE3 (default)
aes128 = IKE encryption algorithm AES 128 Bit
aes192 = IKE encryption algorithm AES 192 Bit
aes256 = IKE encryption algorithm AES 256 Bit
ike_hash<x>
sha1 = IKE hash algorithm SHA1 (default)
md5 = IKE hash algorithm MD5
ike_dh<x>
modp768 = Diffie-Hellman group for IKE is DH 768
modp1024 = Diffie-Hellman group for IKE is DH 1024 (de-
fault)
modp1536 = Diffie-Hellman group for IKE is DH 1536
ipsec_cipher<x>
3des = IPsec encryption algorithm DES EDE3 (default)
aes128 = IPsec encryption algorithm AES 128 Bit
aes192 = IPsec encryption algorithm AES 192 Bit
aes256 = IPsec encryption algorithm AES 256 Bit
ipsec_hash<x>
sha1 = IPsec hash algorithm SHA1 (default)
md5 = IPsec hash algorithm MD5
key_attempts<x>
Maximum connection attempts (0 = infinite)
masquerade<x>
0 = Do not mask packets through the tunnel
1 = Mask packets through the tunnel (default)
dpd_interval<x>
Interval for dead peer detection (in seconds, default: 30)
dpd_timeout<x>
Timeout for dead peer detection (in seconds, default: 120)
34
MoRoS / MLR Reference for the ASCII Configuration File
dpd_action<x>
clear = Closing the connection on dead peer detection
hold = Holding the connection on dead peer detection
restart = Restarting the connection on dead peer detection
(default)
pfs<x>
0 = Perfect forward secrecy is disabled
1 = Perfect forward secrecy is enabled (default)
key_lifetime<x>
Interval for key renegotiation (in seconds, default: 3600)
icmp_ping<x>
IP address or domain name for additional ICMP ping
auth_type<x>
cert = Authentication with certificates
psk = Authentication with pre-shared key (PSK)
psk<x>
Pre-shared key (PSK)
The object value must be passed in single quotes!
ca_certificate<x>
CA certificate
public_certificate<x>
Public certificate
private_key<x>
Private key
[ lanext ]
lan_ext_mode
off = LAN (ext) interface disabled (default)
bridge = LAN (ext) behaves like another switch port
dsl = DSL connection enabled
dhcp = DHCP client enabled
static = Set static IP address:
ip
IP address of LAN (ext) interface (default: 192.168.2.1)
netmask
Net mask of LAN (ext) interface (default: 255.255.255.0)
[ redundant ]
not for LAN routers w/o redundant communication device
start_redundant
0 = Redundant WAN disabled (default)
1 = Redundant WAN enabled
check_interval
Interval of connection check (in minutes, default: 5)
check_type
dns = Connection check via DNS request (default)
ping = Connection check via ping
dns_target
Target of connection check via DNS request
ping_target
Target of connection check via ping
fallback_interval
Interval for fall-back to LAN (ext) (in minutes, default: 5)
35
Reference for the ASCII Configuration File MoRoS / MLR
[ dsl ]
username
User name for dial-in to DSL provider
The object value must be passed in single quotes!
password
Password for dial-in to DSL provider
The object value must be passed in single quotes!
idletime
Maximum idle time (in seconds, default: 20, 0 = unlimited)
maxtime
Maximum connection time (in seconds, default: 0, 0 = unlimited)
mtu
MTU (Maximum Transmission Unit)
mru
MRU (Maximum Receive Unit)
check_interval
Interval of connection check (in minutes, default: 60)
flat
0 = Leased-line operation disabled (default)
1 = Leased-line operation enabled
fetch_dns
0 = Do not request DNS server address
1 = Request DNS server address (default)
dns_target
Target of connection check via DNS request
check_type
dns = Connection check via DNS request (default)
ping = Connection check via ping
ping_target
Target of connection check via ping
auto_daily_start
0 = Daily automatic connection set-up disabled (default)
1 = Daily automatic connection set-up enabled
auto_daily_stop
0 = Daily automatic connection clearing disabled (default)
1 = Daily automatic connection clearing enabled
auto_hour_start
Daily automatic connection set-up at (hour; 00-23)
auto_minutes_start
Daily automatic connection set-up at (minute; 00-59)
auto_hour_stop
Daily automatic connection clearing at (hour; 00-23)
auto_minutes_stop
Daily automatic connection clearing at (minute; 00-59)
[ routing lan ]
default_route
0 = Set no default route
1 = Set default route (default)
default_gateway
IP address of default gateway
nat_incoming
0 = NAT for incoming packets disabled
1 = NAT for incoming packets enabled (default)
nat_outgoing
0 = NAT for outgoing packets disabled
1 = NAT for outgoing packets enabled (default)
list
a = New entries are appended to existing list
d = Existing list is deleted (default)
new_entry
New route entry that passes the following sub-objects:
net
Network address of the route
netmask
Net mask of the route
gateway
Gateway of the route
36
MoRoS / MLR Reference for the ASCII Configuration File
[ dialfilters lan ]
start_dialfilter
0 = Dial filter for LAN (ext) interface disabled (default)
1 = Dial filter for LAN (ext) interface enabled
list
a = New entries are appended to existing list
d = Existing list is deleted (default)
new_entry
New dial filter rule that passes the following sub-objects:
protocol
icmp = ICMP protocol is used
udp = UDP protocol is used
tcp = TCP protocol is used
source_ip
Source IP address
source_netmask
Source net mask
dest_port
Destination port
dest_ip
Destination IP address
dest_netmask
Destination net mask
dns
0 = DNS requests from source IP address must not initiate a
connection (default)
1 = DNS requests from source IP address may initiate a con-
nection
[ firewall lan ]
start_firewall
0 = Firewall for LAN (ext) interface disabled (default)
1 = Firewall for LAN (ext) interface enabled
list
a = New entries are appended to existing list
d = Existing list is deleted (default)
new_entry
New permitted connection that passes the following subobjects:
protocol
icmp = ICMP protocol is used
udp = UDP protocol is used
tcp = TCP protocol is used
direction
in = Only incoming connections are permitted
out = Only outgoing connections are permitted
both = Incoming and outgoing connections are permitted
source_ip
Source IP address
source_netmask
Source net mask
dest_port
Destination port
dest_ip
Destination IP address
dest_netmask
Destination net mask
37
Reference for the ASCII Configuration File MoRoS / MLR
[ portforward lan ]
start_portforwarding
0 = Port forwarding for LAN (ext) interface disabled
1 = Port forwarding for LAN (ext) interface enabled (default)
exposed_host
IP address of exposed host
list
a = New entries are appended to existing list
d = Existing list is deleted (default)
new_entry
New permitted connection that passes the following subobjects:
protocol
icmp = ICMP protocol is used
udp = UDP protocol is used
tcp = TCP protocol is used
esp = ESP protocol is used
source_port_start
Start of port range for forwarding
source_port_end
End of port range for forwarding
dest_ip
IP address of forwarding destination
dest_port
Port of forwarding destination
38
MoRoS / MLR Reference for the ASCII Configuration File
[ openvpn server lan ]
start_openvpn_server
0 = OpenVPN server for LAN (ext) interface disabled (default)
1 = OpenVPN server for LAN (ext) interface enabled
lport
Local port of the tunnel (default: 1194)
rport
Remote port of the tunnel (default: 1194)
protocol
udp = UDP protocol is used
tcp = TCP protocol is used
float
0 = Float (remote terminal may change its IP address) dis-
abled
1 = Float (remote terminal may change its IP address) enabled
(default)
comp_lzo
0 = LZO compression disabled
1 = LZO compression enabled (default)
masquerade
0 = Do not mask packets before tunnelling
1 = Mask packets before tunnelling (default)
cipher
BF-CBC = Encryption algorithm Blowfish 128 Bit (de-
fault)
DES-CBC = Encryption algorithm DES 64 Bit
DES-EDE-CBC = Encryption algorithm DES EDE 128 Bit
DES-EDE3-CBC = Encryption algorithm DES EDE3 192 Bit
DESX-CBC = Encryption algorithm DESX 192 Bit
CAST5-CBC = Encryption algorithm CAST5 128 Bit
IDEA-CBC = Encryption algorithm IDEA 128 Bit
RC2-CBC = Encryption algorithm RC2 128 Bit
RC2-40-CBC = Encryption algorithm RC2 40 Bit
RC2-64-CBC = Encryption algorithm RC2 64 Bit
AES-128-CBC = Encryption algorithm AES 128 Bit
AES-192-CBC = Encryption algorithm AES 192 Bit
AES-256-CBC = Encryption algorithm AES 256 Bit
verb
Verbosity of the messages in connection log (default: 3, 0-9)
fragment
Maximum size of the tunnel packets (in bytes)
reneg
Interval for key renegotiation (in seconds, default: 3600)
ping
Interval for ping dispatch to remote terminal (in seconds,
default: 30)
restart
Interval for ping restart (in seconds, default: 60)
client_to_client
0 = Do not allow communication between clients (default)
1 = Allow communication between clients
pool_ip
IP address pool for clients
pool_netmask
Net mask of the IP address pool
list
a = New entries are appended to existing list
d = Existing list is deleted (default)
auth_type
static = No authentication or with static key
cert = Authentication with certificates
remote_peer
IP address or domain name of remote site
remote_peer2
IP address or domain name of alternative remote site
local_vpn_ip
Local IP address of VPN tunnel
remote_vpn_ip
Remote IP address of VPN tunnel
remote_net
Address of network behind the VPN tunnel
remote_netmask
Net mask of network behind the VPN tunnel
new_entry
New route entry to client network that passes the following
sub-objects:
39
Reference for the ASCII Configuration File MoRoS / MLR
common_name
"Common Name" in certificate of the client
net
Network address of the client
netmask
Net mask of the client
vpn_ip
VPN IP address of the client
dh_parameters
Diffie-Hellman parameter set
crl
Certificate Revocation List
ca_certificate
CA certificate
public_certificate
Public certificate of the server
private_key
Private key of the server
static_key
Static key
[ openvpn client lan ]
start_openvpn_client
0 = OpenVPN client for LAN (ext) interface disabled (default)
1 = OpenVPN client for LAN (ext) interface enabled
lport
Local port of the tunnel (default: 1194)
rport
Remote port of the tunnel (default: 1194)
protocol
udp = UDP protocol is used
tcp = TCP protocol is used
float
0 = Float (remote terminal may change its IP address) dis-
abled
1 = Float (remote terminal may change its IP address) enabled
(default)
comp_lzo
0 = LZO compression disabled
1 = LZO compression enabled (default)
masquerade
0 = Do not mask packets before tunnelling
1 = Mask packets before tunnelling (default)
cipher
BF-CBC = Encryption algorithm Blowfish 128 Bit (de-
fault)
DES-CBC = Encryption algorithm DES 64 Bit
DES-EDE-CBC = Encryption algorithm DES EDE 128 Bit
DES-EDE3-CBC = Encryption algorithm DES EDE3 192 Bit
DESX-CBC = Encryption algorithm DESX 192 Bit
CAST5-CBC = Encryption algorithm CAST5 128 Bit
IDEA-CBC = Encryption algorithm IDEA 128 Bit
RC2-CBC = Encryption algorithm RC2 128 Bit
RC2-40-CBC = Encryption algorithm RC2 40 Bit
RC2-64-CBC = Encryption algorithm RC2 64 Bit
AES-128-CBC = Encryption algorithm AES 128 Bit
AES-192-CBC = Encryption algorithm AES 192 Bit
AES-256-CBC = Encryption algorithm AES 256 Bit
verb
Verbosity of the messages in connection log (default: 3, 0-9)
fragment
Maximum size of the tunnel packets (in bytes)
reneg
Interval for key renegotiation (in seconds, default: 3600)
ping
Interval for ping dispatch to remote terminal (in seconds,
default: 30)
restart
Interval for ping restart (in seconds, default: 60)
bind
0 = No-bind (fix local address and port) disabled
1 = No-bind (fix local address and port) enabled (default)
icmp_ping
IP address or domain name for additional ICMP ping
40
MoRoS / MLR Reference for the ASCII Configuration File
username
User name of the client for log-in at the OpenVPN server
The object value must be passed in single quotes!
password
Password of the client for log-in at the OpenVPN server
The object value must be passed in single quotes!
check_server_cert
0 = Check of certificate type of remote terminal disabled (de-
fault)
1 = Check of certificate type of remote terminal enabled
auth_type
static = No authentication or with static key
cert = Authentication with certificates
remote_peer
IP address or domain name of remote site
remote_peer2
IP address or domain name of alternative remote site
local_vpn_ip
Local IP address of VPN tunnel
remote_vpn_ip
Remote IP address of VPN tunnel
remote_net
Address of network behind the VPN tunnel
remote_netmask
Net mask of network behind the VPN tunnel
ca_certificate
CA certificate
public_certificate
Public certificate of the client
private_key
Private key of the client
static_key
Static key
41
Reference for the ASCII Configuration File MoRoS / MLR
[ ipsec lan ]
FW 2.4.x
start_ipsec
0 = IPsec for LAN (ext) interface disabled (default)
1 = IPsec for LAN (ext) interface enabled
remote_peer
IP address or domain name of remote site
remote_net
Local subnet of remote terminal
remote_netmask
Net mask of local subnet of remote terminal
remote_id
Remote terminal ID
The object value must be passed in single quotes!
local_id
Own ID
The object value must be passed in single quotes!
auth_mode
main = Authentication mode Main is used (default)
aggressive = Authentication mode Aggressive is used
ike_cipher
3des = IKE encryption algorithm DES EDE3 (default)
aes128 = IKE encryption algorithm AES 128 Bit
aes192 = IKE encryption algorithm AES 192 Bit
aes256 = IKE encryption algorithm AES 256 Bit
ike_hash
sha1 = IKE hash algorithm SHA1 (default)
md5 = IKE hash algorithm MD5
ike_dh
modp768 = Diffie-Hellman group for IKE is DH 768
modp1024 = Diffie-Hellman group for IKE is DH 1024 (de-
fault)
modp1536 = Diffie-Hellman group for IKE is DH 1536
ipsec_cipher
3des = IPsec encryption algorithm DES EDE3 (default)
aes128 = IPsec encryption algorithm AES 128 Bit
aes192 = IPsec encryption algorithm AES 192 Bit
aes256 = IPsec encryption algorithm AES 256 Bit
ipsec_hash
sha1 = IPsec hash algorithm SHA1 (default)
md5 = IPsec hash algorithm MD5
key_attempts
Maximum connection attempts (0 = infinite)
nat_traversal
on = NAT traversal is enabled (default)
off = NAT traversal is disabled
forced = NAT traversal is enforced
keep_alive
Interval of keep alive packets (in seconds, default: 10)
pfs
0 = Perfect forward secrecy is disabled
1 = Perfect forward secrecy is enabled (default)
dpd_interval
Interval for dead peer detection (in seconds, default: 30)
dpd_timeout
Timeout for dead peer detection (in seconds, default: 120)
42
MoRoS / MLR Reference for the ASCII Configuration File
dpd_action
clear = Closing the connection on dead peer detection
hold = Holding the connection on dead peer detection
restart = Restarting the connection on dead peer detection
(default)
key_lifetime
Interval for key renegotiation (in seconds, default: 3600)
icmp_ping
IP address or domain name for additional ICMP ping
auth_type
cert = Authentication with certificates
psk = Authentication with pre-shared key (PSK)
psk
Pre-shared key (PSK)
The object value must be passed in single quotes!
masquerade
0 = Do not mask packets through the tunnel
1 = Mask packets through the tunnel (default)
ca_certificate
CA certificate
public_certificate
Public certificate
private_key
Private key
43
Reference for the ASCII Configuration File MoRoS / MLR
[ ipsec lan ]
from FW 2.5.x; <x> = 1-10
start_ipsec
0 = IPsec for LAN (ext) interface disabled (default)
1 = IPsec for LAN (ext) interface enabled
nat_traversal
on = NAT traversal is enabled (default)
off = NAT traversal is disabled
forced = NAT traversal is enforced
keep_alive
Interval of keep alive packets (in seconds, default: 10)
start_tunnel<x>
0 = IPsec tunnel <x> disabled (default)
1 = IPsec tunnel <x> enabled
tunnel_name<x>
Name for IPsec tunnel <x>
remote_peer<x>
IP address or domain name of remote site
local_net<x>
Local subnet
local_netmask<x>
Network mask of the local subnet
remote_net<x>
Local subnet of remote terminal
remote_netmask<x>
Net mask of local subnet of remote terminal
remote_id<x>
Remote terminal ID
The object value must be passed in single quotes!
local_id<x>
Own ID
The object value must be passed in single quotes!
auth_mode<x>
main = Authentication mode Main is used (default)
aggressive = Authentication mode Aggressive is used
ike_cipher<x>
3des = IKE encryption algorithm DES EDE3 (default)
aes128 = IKE encryption algorithm AES 128 Bit
aes192 = IKE encryption algorithm AES 192 Bit
aes256 = IKE encryption algorithm AES 256 Bit
ike_hash<x>
sha1 = IKE hash algorithm SHA1 (default)
md5 = IKE hash algorithm MD5
ike_dh<x>
modp768 = Diffie-Hellman group for IKE is DH 768
modp1024 = Diffie-Hellman group for IKE is DH 1024 (de-
fault)
modp1536 = Diffie-Hellman group for IKE is DH 1536
ipsec_cipher<x>
3des = IPsec encryption algorithm DES EDE3 (default)
aes128 = IPsec encryption algorithm AES 128 Bit
aes192 = IPsec encryption algorithm AES 192 Bit
aes256 = IPsec encryption algorithm AES 256 Bit
ipsec_hash<x>
sha1 = IPsec hash algorithm SHA1 (default)
md5 = IPsec hash algorithm MD5
key_attempts<x>
Maximum connection attempts (0 = infinite)
masquerade<x>
0 = Do not mask packets through the tunnel
1 = Mask packets through the tunnel (default)
dpd_interval<x>
Interval for dead peer detection (in seconds, default: 30)
dpd_timeout<x>
Timeout for dead peer detection (in seconds, default: 120)
44
MoRoS / MLR Reference for the ASCII Configuration File
dpd_action<x>
clear = Closing the connection on dead peer detection
hold = Holding the connection on dead peer detection
restart = Restarting the connection on dead peer detection
(default)
pfs<x>
0 = Perfect forward secrecy is disabled
1 = Perfect forward secrecy is enabled (default)
key_lifetime<x>
Interval for key renegotiation (in seconds, default: 3600)
icmp_ping<x>
IP address or domain name for additional ICMP ping
auth_type<x>
cert = Authentication with certificates
psk = Authentication with pre-shared key (PSK)
psk<x>
Pre-shared key (PSK)
The object value must be passed in single quotes!
ca_certificate<x>
CA certificate
public_certificate<x>
Public certificate
private_key<x>
Private key
[ inputs ]
in2
off = Input 2 has no function (default)
dialout = Set-up dial-out connection with input 2
openvpn = Set-up OpenVPN tunnel with input 2
ipsec = Set-up IPsec tunnel with input 2
serial = Set-up serial Ethernet connection with input 2
in2_dial_exclusive
0 = Do not set-up dial-out connection exclusively (default)
1 = Set-up dial-out connection exclusively
in2_dial_stop
0 = Do not close dial-out connection if input is open again
(default)
1 = Close dial-out connection if input is open again
in2_openvpn_exclusive
0 = Do not set-up OpenVPN tunnel exclusively (default)
1 = Set-up OpenVPN tunnel exclusively via input
in2_openvpn_stop
0 = Do not close OpenVPN tunnel if input is open again (de-
fault)
1 = Close OpenVPN tunnel if input is open again
in2_ipsec_exclusive
0 = Do not set-up IPsec tunnel exclusively (default)
1 = Set-up IPsec tunnel exclusively via input
in2_ipsec_stop
0 = Do not close IPsec tunnel if input is open again (default)
1 = Close IPsec tunnel if input is open again
in2_serial_stop
0 = Do not close serial Ethernet connection if input is open
again (default)
1 = Close serial Ethernet connection if input is open again
45
Reference for the ASCII Configuration File MoRoS / MLR
[ outputs ]
out1_set
idle = Output 1 in idle condition (default)
operated = Output 1 in operated condition
out2_set
idle = Output 2 in idle condition (default)
operated = Output 2 in operated condition
out1_daily_operated
0 = Do not switch output 1 to operated condition daily (de-
fault)
1 = Switch output 1 to operated condition daily
out1_daily_operated_hour
Switch output 1 to operated condition daily at (hour, 00-23)
out1_daily_operated_min
Switch output 1 to operated condition daily at (minute, 00-
59)
out1_daily_idle
0 = Do not switch output 1 to idle condition daily (default)
1 = Switch output 1 to idle condition daily
out1_daily_idle_hour
Switch output 1 to idle condition daily at (hour, 00-23)
out1_daily_idle_min
Switch output 1 to idle condition daily at (minute, 00-59)
out2_daily_operated
0 = Do not switch output 2 to operated condition daily (de-
fault)
1 = Switch output 2 to operated condition daily
out2_daily_operated_hour
Switch output 2 to operated condition daily at (hour, 00-23)
out2_daily_operated_min
Switch output 2 to operated condition daily at (minute, 00-
59)
out2_daily_idle
0 = Do not switch output 2 to idle condition daily (default)
1 = Switch output 2 to idle condition daily
out2_daily_idle_hour
Switch output 2 to idle condition daily at (hour, 00-23)
out2_daily_idle_min
Switch output 2 to idle condition daily at (minute, 00-59)
out1
off = Output 1 has no automatic function (default)
ppp = Output 1 switches to operated condition if a PPP con-
nection exists
out2
off = Output 2 has no automatic function (default)
openvpn = Output 2 switches to operated condition if an
OpenVPN tunnel exists
ipsec = Output 2 switches to operated condition if an
IPsec tunnel exists
serial2 = Output 2 switches to operated condition if a serial
Ethernet connection exists
46
MoRoS / MLR Reference for the ASCII Configuration File
[ switch port ]
active1
0 = Switch port 1 disabled
1 = Switch port 1 enabled (default)
active2
0 = Switch port 2 disabled
1 = Switch port 2 enabled (default)
active3
0 = Switch port 3 disabled
1 = Switch port 3 enabled (default)
active4
0 = Switch port 4 disabled
1 = Switch port 4 enabled (default)
autoneg1
0 = Auto negotiation for switch port 1 disabled
1 = Auto negotiation for switch port 1 enabled (default)
autoneg2
0 = Auto negotiation for switch port 2 disabled
1 = Auto negotiation for switch port 2 enabled (default)
autoneg3
0 = Auto negotiation for switch port 3 disabled
1 = Auto negotiation for switch port 3 enabled (default)
autoneg4
0 = Auto negotiation for switch port 4 disabled
1 = Auto negotiation for switch port 4 enabled (default)
speed1
10 = Fix speed of switch port 1 is 10 MBit/s
100 = Fix speed of switch port 1 is 100 MBit/s
speed2
10 = Fix speed of switch port 2 is 10 MBit/s
100 = Fix speed of switch port 2 is 100 MBit/s
speed3
10 = Fix speed of switch port 3 is 10 MBit/s
100 = Fix speed of switch port 3 is 100 MBit/s
speed4
10 = Fix speed of switch port 4 is 10 MBit/s
100 = Fix speed of switch port 4 is 100 MBit/s
duplex1
half = Protocol of switch port 1 is half-duplex
full = Protocol of switch port 1 is full-duplex
duplex2
half = Protocol of switch port 2 is half-duplex
full = Protocol of switch port 2 is full-duplex
duplex3
half = Protocol of switch port 3 is half-duplex
full = Protocol of switch port 3 is full-duplex
duplex4
half = Protocol of switch port 4 is half-duplex
full = Protocol of switch port 4 is full-duplex
47
Reference for the ASCII Configuration File MoRoS / MLR
[ switch led ]
led_green
100 = Green LED displays speed 100 MBit/s (de-
fault)
link = Green LED displays link
full = Green LED displays full-duplex protocol
collision = Green LED displays collision
rxtx = Green LED displays RX/TX activity
duplex_collision = Green LED displays full-duplex / collision
link_activity = Green LED displays link / activity
led_red
100 = Red LED displays speed 100 MBit/s (de-
fault)
link = Red LED displays link
full = Red LED displays full-duplex protocol
collision = Red LED displays collision
rxtx = Red LED displays RX/TX activity
duplex_collision = Red LED displays full-duplex / collision
link_activity = Red LED displays link / activity
48
MoRoS / MLR Reference for the ASCII Configuration File
[ switch vlan ]
start_vlan
0 = VLAN configuration disabled (default)
1 = VLAN configuration enabled
vlana_port1
0 = Port 1 does not belong to VLAN A (default)
1 = Port 1 belongs to VLAN A
vlana_port2
0 = Port 2 does not belong to VLAN A (default)
1 = Port 2 belongs to VLAN A
vlana_port3
0 = Port 3 does not belong to VLAN A (default)
1 = Port 3 belongs to VLAN A
vlana_port4
0 = Port 4 does not belong to VLAN A (default)
1 = Port 4 belongs to VLAN A
vlana_port5
0 = Router does not belong to VLAN A (default)
1 = Router belongs to VLAN A
vlanb_port1
0 = Port 1 does not belong to VLAN B (default)
1 = Port 1 belongs to VLAN B
vlanb_port2
0 = Port 2 does not belong to VLAN B (default)
1 = Port 2 belongs to VLAN B
vlanb_port3
0 = Port 3 does not belong to VLAN B (default)
1 = Port 3 belongs to VLAN B
vlanb_port4
0 = Port 4 does not belong to VLAN B (default)
1 = Port 4 belongs to VLAN B
vlanb_port5
0 = Router does not belong to VLAN B (default)
1 = Router belongs to VLAN B
vlanc_port1
0 = Port 1 does not belong to VLAN C (default)
1 = Port 1 belongs to VLAN C
vlanc_port2
0 = Port 2 does not belong to VLAN C (default)
1 = Port 2 belongs to VLAN C
vlanc_port3
0 = Port 3 does not belong to VLAN C (default)
1 = Port 3 belongs to VLAN C
vlanc_port4
0 = Port 4 does not belong to VLAN C (default)
1 = Port 4 belongs to VLAN C
vlanc_port5
0 = Router does not belong to VLAN C (default)
1 = Router belongs to VLAN C
vland_port1
0 = Port 1 does not belong to VLAN D (default)
1 = Port 1 belongs to VLAN D
vland_port2
0 = Port 2 does not belong to VLAN D (default)
1 = Port 2 belongs to VLAN D
vland_port3
0 = Port 3 does not belong to VLAN D (default)
1 = Port 3 belongs to VLAN D
vland_port4
0 = Port 4 does not belong to VLAN D (default)
1 = Port 4 belongs to VLAN D
vland_port5
0 = Router does not belong to VLAN D (default)
1 = Router belongs to VLAN D
vlan_ida
VLAN ID of VLAN A
vlan_idb
VLAN ID of VLAN B
vlan_idc
VLAN ID of VLAN C
vlan_idd
VLAN ID of VLAN D
port1_tag
insert = Insert VLAN tag for port 1
remove = Remove VLAN tag for port 1 (default)
port2_tag
insert = Insert VLAN tag for port 2
49
Reference for the ASCII Configuration File MoRoS / MLR
remove = Remove VLAN tag for port 2 (default)
port3_tag
insert = Insert VLAN tag for port 3
remove = Remove VLAN tag for port 3 (default)
port4_tag
insert = Insert VLAN tag for port 4
remove = Remove VLAN tag for port 4 (default)
[ switch mirror ]
sniffer_port
off = Sniffer port disabled (default)
1 = Port 1 is sniffer port
2 = Port 2 is sniffer port
3 = Port 3 is sniffer port
4 = Port 4 is sniffer port
tx_port
off = TX mirroring at sniffer port disabled (default)
1 = Port 1 sends send data to sniffer port
2 = Port 2 sends send data to sniffer port
3 = Port 3 sends send data to sniffer port
4 = Port 4 sends send data to sniffer port
rx_port
off = RX mirroring at sniffer port disabled (default)
1 = Port 1 sends receive data to sniffer port
2 = Port 2 sends receive data to sniffer port
3 = Port 3 sends receive data to sniffer port
4 = Port 4 sends receive data to sniffer port
50
MoRoS / MLR Reference for the ASCII Configuration File
[ serial ethernet basic ]
start_serial
0 = Serial Ethernet gateway disabled (default)
1 = Serial Ethernet gateway enabled
connection_mode
demand = Connection enabled on request (default)
flat = Leased-line mode enabled
ipt
0 = Do not use IPT (default)
1 = Use IPT
(from FW 2.5.x)
incoming
0 = Do not accept incoming connection
1 = Accept incoming connection (default)
outgoing
off = Outgoing connection not enabled (default)
atd = Outgoing connection triggered by dialling command
ATD
char = Outgoing connection triggered by serial charcater
wan = Outgoing connection triggered by WAN connection
listen_port
Port that is monitored for incoming connections
outgoing_server
IP address or domain name of primary destination
outgoing_port
Port of primary destination
outgoing_ipt
IP dial number of primary destination
outgoing_server2
IP address or domain name of secondary destination
outgoing_port2
Port of secondary destination
outgoing_ipt2
IP dial number of secondary destination
auth_outgoing
off = No VCom authentication for outgoing connections
(default)
udp = VCom authentication via UDP for outgoing connec-
tions
tcp = VCom authentication via TCP for outgoing connections
auth_incoming
0 = VCom authentication for accepting incoming connections
not required (default)
1 = VCom authentication for accepting incoming connections
required
increase_interval
0 = Do not increase time between connection attempts (de-
fault)
1 = Increase time between connection attempts
51
Reference for the ASCII Configuration File MoRoS / MLR
[ serial ethernet interfaces ]
speed
Speed of serial interface
(110, 300, 600, 1200, 2400, 4800, 9600, 19200, 38400, 57600,
115200 Bit/s; default: 115200)
databits
Data bits on serial interface (7, 8; default: 8)
parity
Parity of serial interface (O, E, N; default: N)
stopbits
Stop bits on serial interface (1, 2; default: 1)
flowctrl
hard = Hardware data flow control enabled (default)
soft = Software data flow control enabled
none = No data flow control enabled
ctl
0 = Do not use control lines
1 = Use control lines (default)
reset_ctl
0 = Do not reset control lines after connection termination
1 = Reset control lines after connection termination (default)
blocksize
Maximum TCP block size (in bytes, default: 512)
aggregationtime
Aggregation timeout (in milliseconds, default: 100)
idletime
Maximum idle time (in seconds, default: 20, 0 = unlimited)
keepalive_interval
Interval of keep alive packets (in seconds, default: 0)
telnet
0 = Telnet protocol is not used
1 = Telnet protocol is used (default)
[ serial ethernet modem ]
modem_emulation
0 = Modem emulator disabled
1 = Modem emulator enabled (default)
ate
0 = Echo (ATE) disabled
1 = Echo (ATE) enabled (default)
atq
0 = Answers (ATQ) disabled (default)
1 = Answers (ATQ) enabled
atv
0 = Verbose answers (ATV) disabled
1 = Verbose answers (ATV) enabled (default)
ats0
Number of ring tones until call acceptance (default: 1)
default_at_answer
Default answer for unknown commands
The object value must be passed in single quotes!
at_answer_list
AT answer list
52
MoRoS / MLR Reference for the ASCII Configuration File
[ message ]
email_address
E-mail address of e-mail account
real_name
Name of e-mail account owner
The object value must be passed in single quotes!
server
SMTP server address
port
SMTP port (default: 25)
username
User name of e-mail account
The object value must be passed in single quotes!
password
Password of e-mail account
The object value must be passed in single quotes!
scn
SCN for SIM card (not for LAN routers)
scn2
SCN for SIM card 2 (only for GPRS or UMTS routers)
sms_protocol
0 = Remote terminal is modem (only for Modem routers)
1 = Remote terminal is mobile phone (PET/IXO/TAP 8N1)
(only for Modem routers)
1 = TAP protocol (only for ISDN routers)
2 = Remote terminal is mobile phone (EMI/UCP 7E1)
(only for Modem routers)
2 = UGP protocol (only for ISDN routers)
3 = Remote terminal is mobile phone (PET/IXO/TAP 7E1)
(only for Modem routers)
4 = Remote terminal is mobile phone (EMI/UCP 8N1)
(only for Modem routers)
5 = Remote terminal is fax (only for Modem routers)
6 = Remote terminal is SMS to landline (only for Modem
routers)
[ email ]
start_email
0 = Dispatch of e-mail messages disabled
1 = Dispatch of e-mail messages enabled (default)
list
a = New entries are appended to existing list
d = Existing list is deleted (default)
new_entry
New e-mail dispatch rule that passes the following subobjects:
recipient
E-mail address of recipient
cause
1 = Message dispatch on system start
2 = Message dispatch on OpenVPN tunnel set-up
3 = Message dispatch on IPsec tunnel set-up
4 = Message dispatch on simple alarm on input 1
5 = Message dispatch on one pulse on input 1
6 = Message dispatch on two pulses on input 1
7 = Message dispatch on three pulses on input 1
8 = Message dispatch on four pulses on input 1
9 = Message dispatch on five pulses on input 1
10 = Message dispatch on six pulses on input 1
11 = Message dispatch on seven pulses on input 1
12 = Message dispatch on eight pulses on input 1
13 = Message dispatch on nine pulses on input 1
14 = Message dispatch on ten pulses on input 1
15 = Message dispatch on dial-out connection set-up
16 = Message dispatch on dial-in connection set-up
53
Reference for the ASCII Configuration File MoRoS / MLR
17 = Message dispatch on switching the SIM cards
18 = Message dispatch on DSL connection set-up
19 = Message dispatch on receiving IP address via DCHP
20 = Message dispatch on switching to integrated communi-
cation device
attach
0 = No attachment attached to e-mail
1 = System messages attached to e-mail
2 = System log attached to e-mail
3 = Wireless network log attached to e-mail
4 = OpenVPN dial-in client log attached to e-mail
5 = OpenVPN dial-in server log attached to e-mail
6 = OpenVPN dial-out client log attached to e-mail
7 = OpenVPN dial-out server log attached to e-mail
8 = OpenVPN LAN (ext) client log attached to e-mail
9 = OpenVPN LAN (ext) server log attached to e-mail
10 = IPsec dial-in log attached to e-mail
11 = IPsec dial-out log attached to e-mail
12 = IPsec LAN (ext) log attached to e-mail
13 = Serial Ethernet gateway log attached to e-mail
14 = Auto update log attached to e-mail
status
0 = Do not attach status page to e-mail message (default)
1 = Attach status page to e-mail message
text
Text of e-mail message
54
MoRoS / MLR Reference for the ASCII Configuration File
[ sms ]
start_sms
0 = Dispatch of SMS messages disabled
1 = Dispatch of SMS messages enabled (default)
list
a = New entries are appended to existing list
d = Existing list is deleted (default)
new_entry
New SMS dispatch rule that passes the following sub-objects:
recipient
Phone number of recipient
cause
1 = Message dispatch on system start
2 = Message dispatch on OpenVPN tunnel set-up
3 = Message dispatch on IPsec tunnel set-up
4 = Message dispatch on simple alarm on input 1
5 = Message dispatch on one pulse on input 1
6 = Message dispatch on two pulses on input 1
7 = Message dispatch on three pulses on input 1
8 = Message dispatch on four pulses on input 1
9 = Message dispatch on five pulses on input 1
10 = Message dispatch on six pulses on input 1
11 = Message dispatch on seven pulses on input 1
12 = Message dispatch on eight pulses on input 1
13 = Message dispatch on nine pulses on input 1
14 = Message dispatch on ten pulses on input 1
15 = Message dispatch on dial-out connection set-up
16 = Message dispatch on dial-in connection set-up
17 = Message dispatch on switching the SIM cards
18 = Message dispatch on DSL connection set-up
19 = Message dispatch on receiving IP address via DCHP
20 = Message dispatch on switching to integrated communi-
cation device
text
Text of SMS message
[ dns ]
dns
IP address of first DNS server
dns2
IP address of second DNS server
55
Reference for the ASCII Configuration File MoRoS / MLR
[ dyndns ]
start_dyndns
0 = Dynamic DNS update disabled (default)
1 = Dynamic DNS update enabled
provider
dyndns = DynDNS as DynDNS provider (default)
dyndns-custom = DynDNS custom as DynDNS provider
dyndns-static = DynDNS static as DynDNS provider
dhs = DHS as DynDNS provider
ods = ODS as DynDNS provider
tzo = TZO as DynDNS provider
easydns = easyDNS as DynDNS provider
dyns = DyNS as DynDNS provider
zoneedit = zoneedit as DynDNS provider
own = User-defined DynDNS provider
domain
Domain name at DynDNS provider
username
User name at DynDNS provider
The object value must be passed in single quotes!
password
Password at DynDNS provider
The object value must be passed in single quotes!
server
User-defined DynDNS server
No server must be entered if a provider is selected from the
list!
[ dhcp ]
start_dhcpserver
0 = DHCP server disabled (default)
1 = DHCP server enabled
dhcp_ip_start
First IP address of address pool
dhcp_ip_end
Last IP address of address pool
leasetime
Validity of IP addresses (in seconds, default: 3600)
alternate_dns
IP address of alternative DNS servers for DHCP clients
list
a = New entries are appended to existing list
d = Existing list is deleted (default)
new_entry
New assignment of MAC address and IP address that passes
the following sub-objects:
mac
MAC address (without colons)
ip
IP address
[ proxy ]
start_proxy
0 = Proxy server disabled (default)
1 = Proxy server enabled
port
Port of proxy server (default: 8888)
timeout
Timeout for inactive connections (in seconds, default: 600)
max_clients
Maximum number of permitted clients (default: 10)
min_spare
Minimum number of free proxy servers (default: 1)
max_spare
Maximum number of free proxy servers (default: 5)
filter
0 = Proxy filter disabled (default)
1 = Proxy filter enabled
list
a = New entries are appended to existing list
d = Existing list is deleted (default)
new_entry
New entry in list of permitted URLs or IP addresses of proxy
filter
56
MoRoS / MLR Reference for the ASCII Configuration File
[ ipt ]
from FW 2.5.x
start_ipt
0 = IPT slave disabled (default)
1 = IPT slave enabled
master
IP address or domain name of primary IPT master
port
Port of primary IPT master
username
User name for access to primary IPT master
password
Password for access to primary IPT master
master2
IP address or domain name of secondary IPT master
port2
Port of secondary IPT master
username2
User name for access to secondary IPT master
password2
Password for access to secondary IPT master
device_identifier
IPT device identifier (default: INS_<MAC address>)
increase_interval
0 = Do not increase time between connection attempts (de-
fault)
1 = Increase time between connection attempts
response_timeout
Timeout for IPT response (in seconds, default: 30)
receive_timeout
Timeout for IPT character (in seconds, default: 15)
scrambled
0 = Do not use IPT scrambling (default)
1 = Use IPT scrambling
challenge_key
IPT challenge scramble key
fix_key
IPT fix scramble key
57
Reference for the ASCII Configuration File MoRoS / MLR
[ settime ]
day
Set system time to day (01-31)
mon
Set system time to month (01-12)
year
Set system time to year (01-31)
hour
Set system time to hour (00-23)
min
Set system time to minute (00-59)
58
MoRoS / MLR Reference for the ASCII Configuration File
timezone
UTC = Time zone UTC
GMT = Time zone GMT
GMT-1 = Time zone GMT -1
GMT+1 = Time zone GMT +1
GMT-2 = Time zone GMT -2
GMT+2 = Time zone GMT +2
GMT-3 = Time zone GMT -3
GMT+3 = Time zone GMT +3
GMT-4 = Time zone GMT -4
GMT+4 = Time zone GMT +4
GMT-5 = Time zone GMT -5
GMT+5 = Time zone GMT +5
GMT-6 = Time zone GMT -6
GMT+6 = Time zone GMT +6
GMT-7 = Time zone GMT -7
GMT+7 = Time zone GMT +7
GMT-8 = Time zone GMT -8
GMT+8 = Time zone GMT +8
GMT-9 = Time zone GMT -9
GMT+9 = Time zone GMT +9
GMT-10 = Time zone GMT -10
GMT+10 = Time zone GMT +10
GMT-11 = Time zone GMT -11
GMT+11 = Time zone GMT +11
GMT-12 = Time zone GMT -12
GMT+12 = Time zone GMT +12
GMT-13 = Time zone GMT -13
GMT-14 = Time zone GMT -14
Europe/Amsterdam = Time zone Europe/Amsterdam
Europe/Andorra = Time zone Europe/Andorra
Europe/Athens = Time zone Europe/Athens
Europe/Belfast = Time zone Europe/Belfast
Europe/Belgrade = Time zone Europe/Belgrade
Europe/Berlin = Time zone Europe/Berlin
Europe/Bratislava = Time zone Europe/Bratislava
Europe/Brussels = Time zone Europe/Brussels
Europe/Bucharest = Time zone Europe/Bucharest
Europe/Budapest = Time zone Europe/Budapest
Europe/Chisinau = Time zone Europe/Chisinau
Europe/Copenhagen = Time zone Europe/Copenhagen
Europe/Dublin = Time zone Europe/Dublin
Europe/Eire = Time zone Europe/Eire
Europe/Gibraltar = Time zone Europe/Gibraltar
Europe/Helsinki = Time zone Europe/Helsinki
Europe/Iceland = Time zone Europe/Iceland
Europe/Istanbul = Time zone Europe/Istanbul
Europe/Kaliningrad = Time zone Europe/Kaliningrad
Europe/Kiev = Time zone Europe/Kiev
Europe/Lisbon = Time zone Europe/Lisbon
Europe/Ljubljana = Time zone Europe/Ljubljana
59
Reference for the ASCII Configuration File MoRoS / MLR
Europe/London = Time zone Europe/London
Europe/Luxembourg = Time zone Europe/Luxembourg
Europe/Madrid = Time zone Europe/Madrid
Europe/Malta = Time zone Europe/Malta
Europe/Minsk = Time zone Europe/Minsk
Europe/Monaco = Time zone Europe/Monaco
Europe/Moscow = Time zone Europe/Moscow
Europe/Nicosia = Time zone Europe/Nicosia
Europe/Oslo = Time zone Europe/Oslo
Europe/Paris = Time zone Europe/Paris
Europe/Poland = Time zone Europe/Poland
Europe/Portugal = Time zone Europe/Portugal
Europe/Prague = Time zone Europe/Prague
Europe/Regensburg = Time zone Europe/Ratisbon (default)
Europe/Riga = Time zone Europe/Riga
Europe/Rome Time zone Europe/Rome
Europe/Samara = Time zone Europe/Samara
Europe/San_Marino = Time zone Europe/San Marino
Europe/Sarajevo = Time zone Europe/Sarajevo
Europe/Simferopol = Time zone Europe/Simferopol
Europe/Skopje = Time zone Europe/Skopje
Europe/Sofia = Time zone Europe/Sofia
Europe/Stockholm = Time zone Europe/Stockholm
Europe/Tallinn = Time zone Europe/Tallinn
Europe/Tirane = Time zone Europe/Tirane
Europe/Tiraspol = Time zone Europe/Tiraspol
Europe/Turkey = Time zone Europe/Turkey
Europe/Uzhgorod = Time zone Europe/Uzhgorod
Europe/Vaduz = Time zone Europe/Vaduz
Europe/Vatican = Time zone Europe/Vatican
Europe/Vienna = Time zone Europe/Vienna
Europe/Vilnius = Time zone Europe/Vilnius
Europe/Warsaw = Time zone Europe/Warsaw
Europe/Zagreb = Time zone Europe/Zagreb
Europe/Zaporozhye = Time zone Europe/Zaporozhye
Europe/Zurich = Time zone Europe/Zurich
ntp_server
Address of used NTP time server
start_ntp_client
0 = No clock synchronisation via NTP time server
1 = Clock synchronisation via NTP time server (default)
daily_sync_hour
Hour of daily time synchronisation (00-24)
daily_sync_min
Minute of daily time synchronisation (00-59)
daily_sync
0 = No daily time synchronisation (default)
1 = Daily time synchronisation at specified time
[ reset daily ]
reset_daily
0 = Daily restart disabled (default)
1 = Daily restart enabled
hour
Daily restart at (hour; 00-23)
min
Daily restart at (minute; 00-59)
60
MoRoS / MLR Reference for the ASCII Configuration File
61
[ update ]
start_update
0 = Automatic daily update disabled (default)
1 = Automatic daily update enabled
timing_type
mac = Update time depending on MAC (default)
manual = Update at user-defined time
time_hour
Update at (hour; 00-23)
time_min
Update at (minute; 00-59)
protocol
http = Download via HTTP protocol (default)
ftp = Download via FTP protocol
uri
IP address or domain name of download server
port
Port of download server (default: 80)
username
User name for download server access
The object value must be passed in single quotes!
password
Password for download server access
The object value must be passed in single quotes!
[ sandbox ]
start_sandbox
0 = Sandbox disabled (default)
1 = Sandbox enabled
serial
0 = RS232 interface not reserved for sandbox (default)
1 = RS232 interface reserved for sandbox
install
0 = Do not install stored sandbox image (default)
1 = Install stored sandbox image
password
Password for the sandbox user "user"
The object value must be passed in single quotes!
Loading...