Page 1
MoRoS ADSL 2.1 PRO
Manual
Page 2
Page 3
Copyright © July 13 INSYS MICROELECTRONICS GmbH
Any duplication of this manual is prohibited. All rights on this documentation and
the devices are with INSYS MICROELECTRONICS GmbH Regensburg.
Trademarks
The use of a trademark not shown below is not an indication that it is freely avail-
able for use.
MNP is a registered trademark of Microcom Inc.
IBM PC, AT, XT are registered trademarks of International Business Machine Corporation.
INSYS®, e-Mobility LSG® and e-Mobility PLC® are registered trademarks of INSYS
MICROELECTRONICS GmbH.
Windows™ is a registered trademark of Microsoft Corporation.
Linux is a registered trademark of Linus Torvalds.
Publisher:
INSYS MICROELECTRONICS GmbH
Hermann-Köhl-Str. 22
D-93049 Regensburg, Germany
Phone: +49 941 58692 0
Fax: +49 941 58692 45
E-mail: info@insys-icom.com
Internet: http://www.insys-icom.com
Date: Jul-13
Item: 31-22-03.179
Version: 1.2
Language: EN
Page 4
Content
1 Preface.....................................................................................................7
1.1 Defects Liability Terms ..........................................................................................7
1.2 Feedback ...............................................................................................................7
1.3 Marking of Warnings and Notes............................................................................8
1.3.1 Symbols and Key Words.......................................................................... 8
1.4 Symbols and the Formatting in this Manual ..........................................................9
2 Safety.....................................................................................................10
2.1 Usage According to the Regulations ...................................................................10
2.2 Permissible Technical Limits................................................................................11
2.3 Responsibilities of the Operator...........................................................................11
2.4 Qualification of the Personnel..............................................................................11
2.5 Instructions for Transport and Storage ................................................................11
2.6 Markings on the Product .....................................................................................12
2.7 Environmental Protection ....................................................................................12
2.8 Safety Instructions for Electrical Installation........................................................ 13
2.9 General Safety Instructions..................................................................................13
3 Using Open Source Software.................................................................15
3.1 General Information............................................................................................. 15
3.2 Special Liability Regulations ................................................................................16
3.3 Used Open-Source Software ...............................................................................16
4 Device variants.......................................................................................17
5 Scope of Delivery...................................................................................18
6 Technical Data .......................................................................................19
6.1 Physical Features.................................................................................................19
6.2 Technological Features........................................................................................20
7 Display and Control Elements ................................................................21
7.1 Meaning of the display elements.........................................................................22
7.2 Function of the Control Elements ........................................................................ 23
8 Connections...........................................................................................24
8.1 Front Panel Connections......................................................................................24
8.2 Terminal Connections on the Top........................................................................25
8.3 Terminal Connections on the Bottom ..................................................................26
8.4 Pin Assignment of the Serial Interface.................................................................27
8.5 LAN Connection ..................................................................................................27
8.6 ADSL line connection RJ45 .................................................................................28
9 Function Overview.................................................................................29
4 Jul-13
Page 5
Contents
10 Assembly ...............................................................................................34
11 Commissioning ......................................................................................38
12 Operating Principle ................................................................................40
12.1 Operating the Web Interface ...............................................................................40
12.2 Access via HTTPS Protocol..................................................................................42
13 Functions ...............................................................................................43
13.1 Basic Settings......................................................................................................43
13.1.1 Web Interface (User Name, Password, Remote Configuration) ............ 43
13.1.2 Setting IP Addresses .............................................................................. 44
13.1.3 Enter Static Route .................................................................................. 45
13.1.4 Entering Host Names ............................................................................. 45
13.1.5 Configuring MAC Filter .......................................................................... 46
13.2 LAN (ext)..............................................................................................................47
13.2.1 Configuring the Interface to the ADSL Modem (WAN) ......................... 47
13.2.2 Configuring ADSL .................................................................................. 48
13.2.3 Configuring Leased Line Operation........................................................ 49
13.2.4 Configuring a Periodical DSL Connection Establishment ...................... 50
13.2.5 Routing................................................................................................... 51
13.2.6 Setting up a Dialling Filter...................................................................... 52
13.2.7 Creating or Deleting a Firewall Rule....................................................... 53
13.2.8 Creating or Deleting an IP Forwarding Rule........................................... 54
13.2.9 Creating or Deleting a Port Forwarding Rule ......................................... 55
13.2.10 Defining the Exposed Host..................................................................... 56
13.3 VPN .....................................................................................................................57
13.3.1 VPN General........................................................................................... 57
13.3.2 OpenVPN General .................................................................................. 57
13.3.3 Setting Up an OpenVPN-Server ............................................................. 59
13.3.4 Setting Up an OpenVPN-Client .............................................................. 62
13.3.5 PPTP General.......................................................................................... 66
13.3.6 Setting Up a PPTP Server....................................................................... 66
13.3.7 Setting Up a PPTP Client........................................................................ 67
13.3.8 Setting Up IPsec..................................................................................... 68
13.3.9 Configring GRE Tunnel........................................................................... 72
13.4 Inputs and Outputs..............................................................................................73
13.4.1 Querying the State of the Inputs............................................................ 73
13.4.2 Configuring the Function of the Inputs.................................................. 74
13.4.3 Switch Outputs....................................................................................... 75
13.5 Configurable Switch ............................................................................................ 76
13.5.1 Querying Configuration and Status of the Switch Ports........................ 76
13.5.2 Configuring Switch Ports ....................................................................... 77
13.5.3 Configuring the LED Display of the Switch Ports .................................. 77
13.5.4 Configuring VLAN .................................................................................. 78
13.5.5 Configuring Port Mirroring..................................................................... 79
13.6 Serial Ethernet gateway....................................................................................... 80
13.6.1 Setting up the Serial Ethernet Gateway ................................................. 80
13.6.2 Configuring Serial Ethernet Gateway Interface...................................... 82
13.6.3 Modem Emulator ................................................................................... 84
Jul-13 5
Page 6
Content
13.7 Messages ............................................................................................................86
13.7.1 Configuring the Message Dispatch........................................................ 86
13.7.2 Configuring E-Mail Dispatch .................................................................. 87
13.7.3 Configuring SNMP Trap Triggering........................................................ 88
13.8 Server Services....................................................................................................89
13.8.1 Setting up DNS Forwarding ................................................................... 89
13.8.2 Dynamic DNS Update ............................................................................ 90
13.8.3 Setting up the DHCP Server................................................................... 91
13.8.4 Configuring the Router Advertiser ......................................................... 92
13.8.5 Configuring a Proxy Server .................................................................... 93
13.8.6 Configuring an URL Filter....................................................................... 94
13.8.7 Configuring IPT....................................................................................... 94
13.8.8 Configuring the SNMP Agent ................................................................ 96
13.8.9 Configuring MCIP................................................................................... 97
13.9 System Configuration ..........................................................................................98
13.9.1 Displaying the System Log .................................................................... 98
13.9.2 Displaying the Last System Messages................................................... 98
13.9.3 Setting Time and Time Zone .................................................................. 99
13.9.4 Reset .................................................................................................... 100
13.9.5 Update.................................................................................................. 101
13.9.6 Updating the Firmware ........................................................................ 102
13.9.7 Uploading the Configuration File ......................................................... 104
13.9.8 Download............................................................................................. 105
13.9.9 Sandbox ............................................................................................... 106
13.9.10 Debugging............................................................................................ 108
14 Maintenance, Repair and Troubleshooting...........................................109
14.1 Maintenance......................................................................................................109
14.2 Troubleshooting.................................................................................................109
14.3 Repair ................................................................................................................109
15 Waste Disposal ....................................................................................110
15.1 Repurchasing of Legacy Systems......................................................................110
16 Declaration of Conformity ....................................................................111
17 Export Regulation ................................................................................112
18 Licenses...............................................................................................113
18.1 GNU GENERAL PUBLIC LICENSE .....................................................................113
18.2 GNU LIBRARY GENERAL PUBLIC LICENSE ......................................................116
18.3 Other Licenses...................................................................................................121
19 Glossary ...............................................................................................124
20 Tables and Diagrams............................................................................128
20.1 List of Tables .....................................................................................................128
20.2 List of Diagrams ................................................................................................128
21 Index....................................................................................................129
6 Jul-13
Page 7
MoRoS ADSL 2.1 PRO Preface
1 Preface
This manual allows for the safe and efficient use of the product. The manual is part
of the product and must always be stored accessible for installation, commissioning and operating personnel.
1.1 Defects Liability Terms
A usage not according to the intended purpose, an ignorance of this documentation, the use of insufficiently qualified personnel as well as unauthorised modifications exclude the liability of the manufacturer for damages resulting from this. The
liability of the manufacturer ceases to exist.
The regulations of our Delivery and Purchasing Conditions are effective. These can
be found on our website (www.insys-icom.de/imprint/) under “General Terms and
Conditions“.
1.2 Feedback
We are permanently improving our products and the associated technical documentation. Your feedback is very helpful for this. Please tell us what you like in particular on our products and publications and what can be improved from your point
of view. We highly appreciate your suggestions and will include them in our work
to support you and all our customers. We are looking forward to any of your feedback.
Please send an e-mail to support@insys-icom.de.
We'd like to know your applications. Please send us a few headwords that we
know the applications you solve using products of INSYS icom.
7
Page 8
Preface MoRoS ADSL 2.1 PRO
1.3 Marking of Warnings and Notes
1.3.1 Symbols and Key Words
Danger!
Risk of severe or fatal injury
One of these symbols in conjunction with the key word
Danger indicates an imminent danger. It will cause death or
severe injuries if not avoided.
Warning!
Personal injury
This symbol in conjunction with the key word Warning
indicates a possibly hazardous situation. It might cause
death or severe injuries if not avoided.
Caution!
Slight injury and / or material damage
This symbol in conjunction with the key word Caution
indicates a possibly hazardous or harmful situation. It might
cause slight or minor injuries or a damage of the product or
something in its vicinity if not avoided.
Note
Improvement of the application
This symbol in conjunction with the key word Note
indicates hints for the user or very useful information. This
information helps with installation, set-up and operation of
the product to ensure a fault-free operation.
8
Page 9
MoRoS ADSL 2.1 PRO Preface
1.4 Symbols and the Formatting in this Manual
This section describes the definition, formatting and symbols used in this manual.
The various symbols are meant to help you read and find the information relevant
to you. The following text is structured like a typical operating instruction of this
manual.
Bold print: This will tell you what the following steps will result in
After that, there will be a detailed explanation why you could perform the
following steps to be able to reach the objective indicated first. You can
decide whether the section is relevant for you or not.
An arrow will indicate prerequisites which must be fulfilled to be able to
process the subsequent steps in a meaningful way. You will also learn
which software or which equipment you will need.
1. One individual action step: This tells you what you need to do at this
point. The steps are numbered for better orientation.
A result which you will receive after performing a step will be marked
with a check mark. At this point, you can check if the previous steps
were successful.
Additional information which you should consider are marked with a
circled "i". At this point, we will indicate possible error sources and tell
you how to avoid them.
Alternative results and steps are marked with an arrow. This will tell
you how to reach the same results performing different steps, or what
you could do if you didn't reach the expected results at this point.
9
Page 10
Safety MoRoS ADSL 2.1 PRO
2 Safety
The Safety section provides an overview about the safety instructions, which must
be observed for the operation of the product.
The product is constructed according to the currently valid state-of-the-art technology and reliable in operation. It has been checked and left the factory in flawless
condition concerning safety. In order to maintain this condition during the service
life, the instructions of the valid publications and certificates must be observed and
followed.
It is necessary to adhere to the general safety instructions must when operating the
product. The descriptions of processes and operation procedures are provided with
precise safety instructions in the respective sections in addition to the general
safety instructions.
Moreover, the local accident prevention regulations and general safety regulations
for the operating conditions of the device are effective.
An optimum protection of the personnel and the environment from hazards as well
as a safe and fault-free operation of the product is only possible if all safety instructions are observed.
2.1 Usage According to the Regulations
The product may only be used for the purposes specified in the function overview.
In addition, it may be used for the following purposes:
Usage and mounting in an industrial cabinet.
Switching and data transmission functions in machines according to
the machine directive 2006/42/EC.
Usage as data transmission device for a PLC.
The product may not be used for the following purposes and used or operated under the following conditions:
Controlling or switching of machines and systems, which do not
comply with the directive 2006/42/EC.
Usage, controlling, switching and data transmission of machines and
systems, which are operated in explosive atmospheres.
Controlling, switching and data transmission of machines, which may
involve risks to life and limb due to their functions or when a
breakdown occurs.
10
Page 11
MoRoS ADSL 2.1 PRO Safety
2.2 Permissible Technical Limits
The product is only intended for the use within the permissible technical limits
specified in the data sheets.
The following permissible limits must be observed:
The ambient temperature limits must not be fallen below or
exceeded.
The supply voltage range must not be fallen below or exceeded.
The maximum humidity must not be exceeded and condensate
formation must be prevented.
The maximum switching voltage and the maximum switching current
load must not be exceeded.
The maximum input voltage and the maximum input current must not
be exceeded.
2.3 Responsibilities of the Operator
As a matter of principle, the operator must observe the legal regulations, which are
valid in his country, concerning operation, functional test, repair and maintenance
of electrical devices.
2.4 Qualification of the Personnel
The installation, commissioning and maintenance of the product must only be performed by trained expert personnel, which has been authorised by the plant operator. The expert personnel must have read and understood this documentation and
observe the instructions.
Electrical connection and commissioning must only be performed by a person, who
is able to work on electrical installations and identify and avoid possible hazards
independently, based on professional training, knowledge and experience as well
as knowledge of the relevant standards and regulations.
2.5 Instructions for Transport and Storage
The following instructions must be observed:
Do not expose the product to moisture and other potential hazardous
environmental conditions (radiation, gases, etc.) during transport and
storage. Pack product accordingly.
Pack product sufficiently to protect it against shocks during transport
and storage, e.g. using air-cushioned packing material.
Check product for possible damages, which might have been caused by improper
transport, before installation. Transport damages must be noted down to the shipping documents. All claims or damages must be filed immediately and before installation against the carrier or party responsible for the storage.
11
Page 12
Safety MoRoS ADSL 2.1 PRO
2.6 Markings on the Product
The identification plate of the product is either a print or a label on a face of the
product. Amongst other things, it can contain the following markings, which are
explained in detail here.
Observe manual
This symbol indicates that the manual of the product
contains essential safety instructions that must be followed
implicitly.
Dispose waste electronic equipment
environmentally compatible
This symbol indicates that waste electronic equipment
must be disposed separately from residual waste via
appropriate collecting points. See also Section Disposal in
this manual.
CE marking
By applying a CE marking, the manufacturer confirms that
the product complies with the European directives that
apply product-specific.
Appliance Class II - double insulated
This symbol indicates that the product complies with
Appliance Class II
2.7 Environmental Protection
Dispose the product and the packaging according to the relevant environmental
protection regulations. The Waste Disposal section in this manual contains notes
about disposing the product. Separate the packaging components of cardboard
and paper as well as plastic and deliver them to the respective collection systems
for recycling.
12
Page 13
MoRoS ADSL 2.1 PRO Safety
2.8 Safety Instructions for Electrical Installation
The electrical connection must only be made by authorised expert personnel according to the wiring diagrams.
The notes to the electrical connection in the manual must be observed. Otherwise,
the protection category might be affected.
The safe disconnection of circuits, which are hazardous when touched, is only ensured if the connected devices meet the requirements of VDE T.101 (Basic requirements for safe disconnection).
The supply lines are to be routed apart from circuits, which are hazardous when
touched, or isolated additionally for a safe disconnection.
2.9 General Safety Instructions
Caution!
Moisture and liquids from the environment may seep into
the interior of the product!
Fire hazard and damage of the product.
The product must not be used in wet or damp
environments, or in the direct vicinity of water. Install the
product at a dry location, protected from water spray.
Disconnect the power supply before you perform any work
on a device which may have been in contact with moisture.
Caution!
Short circuits and damage due to improper repairs and
modifications as well as opening of maintenance areas.
Fire hazard and damage of the product.
It is not permitted to open the product for repair or
modification.
Caution!
Overcurrent of the device supply!
Fire hazard and damage of the product due to overcurrent.
The product must be secured with a suitable fuse against
currents exceeding 1.6 A.
13
Page 14
Safety MoRoS ADSL 2.1 PRO
Caution!
Overvoltage and voltage peaks from the mains supply!
Fire hazard and damage of the product due to overvoltage.
Install suitable overvoltage protection.
Caution!
Damage due to chemicals!
Ketones and chlorinated hydrocarbons dissolve the plastic
housing and damage the surface of the device.
Never let the device come into contact with ketones (e.g.
acetone) or chlorinated hydrocarbons, such as
dichloromethane.
14
Page 15
MoRoS ADSL 2.1 PRO Using Open Source Software
3 Using Open Source Software
3.1 General Information
Our product MoRoS ADSL 2.1 PRO contains, amongst others, so-called opensource software that is provided by third parties and has been published for free
public use. The open-source software is subject to special open-source software
licenses and the copyright of third parties. Basically, each customer can use the
open-source software freely in compliance with the licensing terms of the respective producers. The rights of the customer to use the open-source software beyond
the purpose of our product are regulated in detail by the respective concerned
open-source software licenses. The customer use the open-source software freely,
as provided in the respective effective license, beyond the purpose that the opensource software gets in our product. In case there is a contradiction between the
licensing terms for our product and the respective open-source software license,
the respective relevant open-source software license takes priority over our licensing terms, as far as the respective open-source software is concerned by this.
The use of the used open-source software is possible free of charge. We do not
demand usage fees or any comparable fees for the use of the open-source software contained in our product. The use of the open-source software in our product
by the customer is not part of the earnings we achieve with the contractual compensation.
All open-source software programs contained in our product can be taken from the
available list. The most important open-source software licenses are listed in the
Licenses section at the end of this publication.
As far as programs contained in our product are subject to the GNU General Public
License (GPL), GNU Lesser General Public License (LGPL), Clarified Artistic License
or another open-source software license, which regulates that the source code
must be made available, and if this software is not already delivered in source code
on a data carrier with our product, we will send you this at any time upon request.
If it is required to send this on a data carrier, the sending will be made against
payment of a cost compensation of € 10,00. Our offer to send the source code
upon request ceases automatically 3 years after delivery of our product to the customer. Requests must be directed to the following address, if possible under specification of the serial number:
INSYS MICROELECTRONICS GmbH
Hermann-Köhl-Str. 22
93049 Regensburg, Germany
Phone +49 941 58692 0
Fax +49 941 58692 45
E-mail: support@insys-icom.de
15
Page 16
Using Open Source Software MoRoS ADSL 2.1 PRO
3.2 Special Liability Regulations
We do not assume any warranty or liability, if the open-source software programs
contained in our product are used by the customer in a manner that does not comply any more with the purpose of the contract, which is the basis of the acquisition
of our product. This concerns in particular any use of the open-source software
programs outside of our product. The warranty and liability regulations that are
provided by the respective effective open-source software license for the respective open-source software as listed in the following are effective for the use of the
open-source software beyond the purpose of the contract. In particular, we are not
liable, if the open-source software in our product or the complete software configuration in our product is changed. The warranty granted with the contract, which is
the basis of the acquisition of our product., is only effective for the unchanged
open-source software and the unchanged software configuration in our product.
3.3 Used Open-Source Software
Please contact our support department (support@insys-icom.de) for a list of the
open-source software used in this product.
16
Page 17
MoRoS ADSL 2.1 PRO Device variants
4 Device variants
This manual describes different versions of the MoRoS ADSL 2.1 PRO that only
differ regarding the supported ADSL specification. These devices are referred to as
MoRoS ADSL 2.1 PRO in the manual. The devices are:
MoRoS ADSL 2.1A PRO
MoRoS ADSL 2.1B PRO
If the devices are different, this will be mentioned explicitly in the respective
sections.
The MoRoS ADSL 2.1A PRO supports the ADSL specifications Annex A, Annex M,
and Annex L. The MoRoS ADSL 2.1B PRO supports the ADSL specification
Annex B. The specifications mainly differ regarding the used frequency ranges.
Annex B is used in Germany almost exclusively.
17
Page 18
Scope of Delivery MoRoS ADSL 2.1 PRO
5 Scope of Delivery
The scope of delivery includes all accessories listed below. Please check if all
accessories are included in the box. If a part is missing or damaged, please contact
your distributor.
1 MoRoS ADSL 2.1 PRO
1 Quick Installation Guide
1 Support CD with operator manual in PDF format
The following related documents can be found on the delivered Support CD or in
the download area and on the product page of the MoRoS ADSL 2.1 PRO under
www.insys-icom.com:
Add-On Manual ASCII Configuration File
Add-On Manual Automatic Update
18
Page 19
MoRoS ADSL 2.1 PRO Technical Data
6 Technical Data
6.1 Physical Features
All specified data was measured with nominal input voltage, at full load, and an
ambient temperature of 25 . The limit value tolerances are subject to the usual
variations.
Physical Feature Value
Operating voltage minimum 10 V DC
maximum 60 V DC
Power consumption 6 W
Level inputs HIGH level = 3-12 V (contact open or
voltage strength for external supply)
LOW level = 0-1 V
Current consumption of an active input
against GND (internal +5V)
Switch output, maximum switch
voltage
Switch output, maximum current load 1 A (DC) / 0.5 A (AC)
Weight 370 g
Dimensions (Width x Depth x Height) 100 mm x 110 mm 75 mm
Temperature range -20 °C … 55 °C
Maximum permissible humidity 95% non-condensing
IP rating Housing IP40, Terminals IP20
Table 1: Physical Features
Typically 0.35 mA (when enabling the
input by connecting to GND)
30 V (DC) / 42 V (AC)
19
Page 20
Technical Data MoRoS ADSL 2.1 PRO
6.2 Technological Features
Technological Feature Description
Supported Standards ADSL/ADSL2/ADSL2+ (G.992.1, G.992.2, T1.413,
G992.3, G.992.5) with optimised AFE (Analogue
Front End) designed to meet ADSL (TR-067) and
ADSL2+ (TR-100) requirements
Extended INP (32 kB Reed Solomon memory) for
improved IPTV quality and noise immunity
LLC encapsulation according to RFC1483
4-port Ethernet switch 10/100 Mbit/s full/half duplex auto sense;
automatic detection of "crossover" or "patch"
wiring.
RS232 interface Max. baud rate 115,200 bit/s; hardware
handshake RTS/CTS; software handshake
XON/XOFF; various data formats
Table 2: Technological Features
20
Page 21
MoRoS ADSL 2.1 PRO Display and Control Elements
7 Display and Control Elements
Figure 1: Display and control elements on the front of the device
Position Description
1 Status/VPN LED
2 Data LED
3 COM LED
4 Power LED
5 Status LED for Switch LAN 1
6 Status LED for Switch LAN 2
7 Status LED for Switch LAN 3
8 Status LED for Switch LAN 4
9 Reset key
10 ADSL Status LED
11 ADSL Data LED
12 ADSL Sync LED
Table 3: Description of the display and control elements on the front panel of the device
21
Page 22
Display and Control Elements MoRoS ADSL 2.1 PRO
7.1 Meaning of the display elements
LED Colour Function off flashing blinking on
Switch
yellow
LAN 1-4
green
Link 10
Mbit/s
Link 100
Mbit/s
Data
traffic
connected
Power green Supply missing present
green PPP link establishing
COM
orange PPP link
green
Data
orange
offline
PPP
data
traffic
established
VPN connec-
Status /
VPN
green VPN
red Status
tion established
Initialization,
FW update,
fault
ADSL
Status
ADSL
Data
ADSL
Sync
Table 4: Meaning of the display elements
red Status Alert
green Status
green Sync
ADSL
data
traffic
ADSL
connection establish-
ADSL connection established
ment
22
Page 23
MoRoS ADSL 2.1 PRO Display and Control Elements
7.2 Function of the Control Elements
Description Operation Meaning
Reset key
Press once for a short
time.
Resets the software and
restarts it.
(Soft reset)
Press for at least 3
seconds.
Resets the hardware and
restarts it.
(Hard reset)
Press three times for a
short time within 2
seconds.
Table 5: Description of the functions and meaning of the control elements
Deletes all settings and
resets the device to the
factory defaults.
23
Page 24
Connections MoRoS ADSL 2.1 PRO
8 Connections
8.1 Front Panel Connections
Figure 2: Connections on the front panel of the device
Position Description
1 Serial interface (RS232 socket V.24/V.28)
3 ADSL line connection RJ45
2 Switch with 4 Ethernet ports (RJ45, 10/100 BT)
Table 6: Description of the connections on the front panel of the device
24
Page 25
MoRoS ADSL 2.1 PRO Connections
8.2 Terminal Connections on the Top
Figure 3: Connections on the top of the device
Terminal Description Description
1 OUT 1-NC Output 1 normally closed
2 OUT 1 Output 1
3 OUT 1-NO Output 1 normally open
4 OUT 2-NC Output 2 normally closed
5 OUT 2 Output 2
6 OUT 2-NO Output 2 normally open
Table 7: Description of the connections on the top of the device
25
Page 26
Connections MoRoS ADSL 2.1 PRO
8.3 Terminal Connections on the Bottom
Figure 4: Connections on the bottom of the device
Terminal Description Description
19 GND Ground
20 Input 2 Input 2
21 Input 1 Input 1
22 GND Ground
23 Reset Reset input
24
25 10 ... 60 VDC Power supply 10 V – 60 V DC
26 GND Ground
Table 8: Description of the connections on the bottom of the device
26
GND Ground
Page 27
MoRoS ADSL 2.1 PRO Connections
8.4 Pin Assignment of the Serial Interface
Figure 5: 9-pin D-Sub socket at the device
Pin Signal Description
1 DCD Data Carrier Detect
2 RXD Receive Data
3
4 DTR Data Terminal Ready
5 GND Ground
6 DSR Data Set Ready
7 RTS Request To Send
8 CTS Clear To Send
9 RI Ring Indication
Table 9: Description of the pin allocation of the D-Sub socket
TXD Transmit Data
8.5 LAN Connection
Table 10: RJ45 connector Ethernet cable
Pin Signal Description
1 RX+ Receive positive
2 RX- Receive negative
3 TX+ Transmit positive
4 n/a Not connected
5 n/a Not connected
6 TX- Transmit negative
7 n/a Not connected
8 n/a Not connected
Table 11: Description of the pin allocation of the RJ45 connector
27
Page 28
Connections MoRoS ADSL 2.1 PRO
8.6 ADSL line connection RJ45
Figure 6: RJ45 connector
Pin Signal Description
1 n/c Not connected
2 n/c Not connected
3 n/c
4 a ADSL line connection wire a
5 b ADSL line connection wire b
6 n/c Not connected
7 n/c Not connected
8 n/c Not connected
Table 12: Description of the pin allocation of the RJ45 connector
Not connected
28
Page 29
MoRoS ADSL 2.1 PRO Function Overview
9 Function Overview
The MoRoS ADSL 2.1 PRO provides you with the following functions:
Configuration via web interface or configuration file
All functions can be configured and set via a web interface. The
access to the web interface is protected with a user name and
password query. The TCP port which is used to access the web
interface can be set freely. Alternatively, a file (ASCII or binary), which
contains the configuration, can also be uploaded.
IPv6 routing
Additionally to the IPv4 addresses, the interfaces have also addresses
according to the IPv6 protocol. The router configures one or several
IPv6 addresses for itself using SLAAC (StateLess Address Auto
Configuration). If a router with router advertisement advertises IPv6
address prefixes in the LAN, the router configures itself another IPv6
address with the advertised prefix in addition to the already
configured IPv6 addresses. In addition, the router can distribute its
prefix to local devices (router advertisement).
Serial Ethernet gateway
It is possible to output arriving data from a certain network port at the
serial interface. Also, data arriving at the serial interface are sent to an
IP remote terminal. Together with the INSYS VCom driver, the serial
Ethernet gateway enables the transmission of a serial connection via
a network.
DHCP server
Ethernet devices connected to the switch can retrieve their IP address
automatically.
DHCP client
IP addresses from the network can be retrieved automatically at the
ADSL interface optionally.
Static IP address
A static IP address can be configured for the ADSL interface.
ADSL connections via PPPoE or PPPoA
A connection can either be established via PPPoE ("PPP over
Ethernet") or PPPoA ("PPP over ATM"). This enables a use in many
countries.
ADSL leased line operation
A permanent connection via an ADSL connection can be established
and maintained. This makes it possible to communicate with an
external network via a "leased line".
29
Page 30
Function Overview MoRoS ADSL 2.1 PRO
Periodic ADSL connection set-up
An ADSL connection can be established and also terminated time-
controlled. Fixed times can be specified for the connection set-up and
termination. This function is only available for a PPPoE connection.
Dynamic ADSL connection set-up
An ADSL connection can be established independently if required.
The connection will be terminated again after a configurable idle time
or after a configurable maximum connection time.
Dialling filters for ADSL connection set-up
The dialling filters allow to define, which data packets lead to an
ADSL connection establishment. This helps to avoid needless
connections and save costs. This function is only available for a
PPPoE connection.
NAT and port forwarding
The router can also forward data packets via NAT and port
forwarding. According to defined rules, incoming IP packets to
definable ports and port ranges will be forwarded to IP addresses and
ports in the LAN.
IP forwarding
IP forwarding rules can be used to create additional IP addresses at
the LAN ext interface. Packets to one of these IP addresses will be
forwarded to the IP address in the local LAN that is assigned to it.
OpenVPN
The router can be used as OpenVPN server or client. This enables
machines to establish a safe connection to the LAN behind the router
from the outside via an unsafe network. An entire LAN can also be
connected interception-proof and interference-proof via an unsafe
Internet connection through a VPN tunnel to another network (e.g.
the company network). The authentication when connecting to an
OpenVPN server via a static key, a certificate with user name and
password, or just a certificate is supported with this. An OpenVPN
connection without authentication can also be established.
PPTP
The router can be used as PPTP server or client. This enables
machines to establish a safe connection to the LAN behind the router
from the outside via an unsafe network. An entire LAN can also be
connected interception-proof and interference-proof via an unsafe
Internet connection through a VPN tunnel to another network (e.g.
the company network).
30
Page 31
MoRoS ADSL 2.1 PRO Function Overview
IPsec protocol
Two subnets can be connected with each other via an unsafe Internet
connection tap- and interference-proof using an IPsec tunnel. The
authentication when connecting to an IPsec terminal device via
certificates or a passphrase (PSK) is supported with this. Up to
10 tunnels can be established at the same time.
GRE tunnel
GRE tunnel enable a transparent data transmission through an
existing connection without changing the original packets.
IPT protocol
Support of communication via IPT (Internet-Protokoll Telemetrie). The
router can connect to an IPT master as IPT slave and tunnel payload
of the serial Ethernet gateway to another IPT slave.
Dynamic DNS update
The assigned IP address can be deposited at a dynamic DNS service
(e.g. DynDNS) after the set-up of a PPP connection to an Internet
service provider . The router can be accessed from the Internet. This
function is not available for a PPPoA connection.
DNS relay server
DNS requests can be forwarded to previously configured DNS servers
in the Internet or the DNS servers passed on during PPP connection
establishment.
Firewall (stateful firewall)
The firewall enables the limitation of incoming and outgoing IP
connections. A flexible rule may be created for each connection and
stored user. If one of these firewall rules applies to a connection
through the router, this connection will be allowed, otherwise the
connection is inhibited. The "Stateful Firewall" will allow connections
also for protocols with special requirements, e.g. FTP.
Configurable Ethernet switch
For each port at the switch, the transmission rate, the transmission
mode and the LED display for certain network events may be set
individually. The settings are detected automatically in default setting.
The switch can be divided in up to four VLANs.
Port mirroring at the Ethernet switch for analysis purposes
A port at the switch can reproduce a copy of the data at another
network port of the switch. At these mirror ports, the transmitted data
can be read for analysis purposes (e.g. for intrusion detection
systems, problem analysis of end terminals), without affecting the
network traffic.
31
Page 32
Function Overview MoRoS ADSL 2.1 PRO
MAC filter
The MAC filter allows that only those packets are accepted at the
Ethernet interface that come from explicitly permitted network
devices.
E-Mail dispatch and SNMP trap triggering on different events
It is possible to send an e-mail to any recipient on different events or
trigger an SNMP trap. A series of pre-define events are available for
this, like set-up of connections or tunnels, input signals, link condition
changes, false authentication at the web interface, firewall rejection,
configuration changes and other device-internal procedures.
SNMP agent for processing SNMP requests
It is possible to respond to incoming SNMP requests (SNMP Get
requests) if the SNMP agent is enabled. Almost all configuration
parameters can be read out with this.
Digital switch outputs and inputs
Two potential-free control outputs are available, which can be used to
switch other functions in an application. Digital inputs are also
available, which are used to establish connections or to send
messages via e-mail or SMS.
Time synchronisation via NTP
Synchronisation of the system time via Network Time Protocol with
an NTP server in the Internet. The system time will thus always be
current and the internal clock must not be set manually.
NTP server
An NTP server can respond to NTP requests in the local network.
HTTP and HTTPS proxy with URL filter
The proxy is used to limit the access to web addresses for
applications in the local network of the router, and to avoid
connection timeouts. The protocols HTTP and HTTPS are supported.
The proxy maintains connections during the connection setup of the
communication device to prevent a premature timeout. The proxy will
not work as a cache for frequently accessed websites
Log files
Different log files can be downloaded as text file via the web
interface.
Downloadable configuration files
The configuration can be downloaded as binary or ASCII file. The file
can be used as backup copy for configurationafter a reset to factory
defaults, or for convenient loading of the same configuration into a
different router. The ASCII configuration file can be edited and offers
a comfortable option for an alternative configuration.
32
Page 33
MoRoS ADSL 2.1 PRO Function Overview
Firmware update via web interface
The firmware can be updated via the web interface. An update can be
performed locally or remotely.
Automatic daily update
A daily automatic update of firmware files, configuration files (binary
and ASCII) or sandbox image files that are provided accordingly on a
server is possible.
An optional, redundant communication device may be connected.
You can connect a second INSYS communication device via the serial
interface to secure the dial-out and dial-in communication through
redundancy and to increase the availability.
Freely programmable sandbox
A freely configurable sandbox is available. The sandbox is a kind of a
virtual machine, which runs on the router and allows to start
programs, collect data and offer services in the sandbox, which do
not exist in the actual system.
Debugging tools for analysing network connections
Different tools are available to be able to analyse problems with
network connections. Ping packets can be sent, routes of IP packets
can be traced, DNS information can be queried and network packets
can be recorded with this.
Querying and setting objects via MCIP protocol
The digital I/Os and a part of the LEDs can be queried or set via MCIP
protocol. The MCIP protocol is available in the sandbox as well as
from external devices via TCP/IP.
33
Page 34
Assembly MoRoS ADSL 2.1 PRO
10 Assembly
This section describes how to mount the MoRoS ADSL 2.1 PRO to a DIN rail,
connect the power supply and uninstall it again. Observe the instructions in
the "Safety" section of this manual, in particular the "Safety Instructions for
Electrical Installation" for that purpose unconditionally.
Caution!
Moisture and liquids from the environment may seep into
the interior of the device!
Fire hazard and damage of the product.
The device must not be used in wet or damp environments,
or in the direct vicinity of water. Install the device at a dry
location, protected from water spray. Disconnect the power
supply before you perform any work on a device which
may have been in contact with moisture.
Caution!
The device could be destroyed if the wrong power supply is
used!
If the device is operated with a power supply that supplies
a voltage exceeding the permissible operating voltage, it
will be destroyed.
Make sure that you use the suitable power supply. Refer to
the Technical Data section for the proper voltage range.
34
Page 35
MoRoS ADSL 2.1 PRO Assembly
Mounting the device to the DIN rail
How to mount the MoRoS ADSL 2.1 PRO to a DIN rail:
1. Position the device at the DIN rail as seen in the following diagram.
There are two snap-in hooks at the upper and lower edge of the DIN
rail groove. Hook the upper one into place behind the upper edge of
the DIN rail.
2. Lift the device perpendicular to the DIN rail until the two lower,
flexible snap-in hooks engage in the DIN rail.
The MoRoS ADSL 2.1 PRO is now readily mounted.
Connecting the power supply
The device has already been mounted to the DIN rail.
The power supply is connected and switched off.
1. Connect the ground lead of the power supply to the terminal "GND".
2. Connect the plus pole of the power supply to the terminal for the
power supply.
The MoRoS ADSL 2.1 PRO is now connected to the power supply.
35
Page 36
Assembly MoRoS ADSL 2.1 PRO
Disconnecting the power supply
The device is mounted to the DIN rail.
The power supply is connected and switched off.
1. Disconnect the ground lead of the power supply from the terminal
"GND".
2. Disconnect the plus pole of the power supply from the terminal for
the power supply.
The MoRoS ADSL 2.1 PRO is disconnected from the power supply.
Removing the device from the DIN rail
How to uninstall the MoRoS ADSL 2.1 PRO from a DIN rail in a switch
cabinet:
You will need a small flat-blade screwdriver.
The power supply of the switch cabinet is switched off and secured against
being switched on accidentally.
All cables at the device are disconnected.
1. Insert the flat-blade screwdriver into the groove in the bottom as
shown in the following figure.
36
Page 37
MoRoS ADSL 2.1 PRO Assembly
2. Turn the flat-blade screwdriver into the direction of the device as
shown in the following figure.
The plastic spring of the snap-in hook is stretched.
3. While you hold the plastic spring apart with the lower snap-in hooks,
pull the device away from the DIN rail.
4. Un-hook the device and take it off perpendicularly to the DIN rail.
The MoRoS ADSL 2.1 PRO is now removed.
37
Page 38
Commissioning MoRoS ADSL 2.1 PRO
11 Commissioning
This chapter describes how to activate the MoRoS ADSL 2.1 PRO, i.e. how to
connect it to a PC, and how to prepare it for the configuration.
Connecting to a LAN and a PC
How to connect the MoRoS ADSL 2.1 PRO to a PC for configuration and a
DSL connection.
The power supply is disabled.
You will need a phone connection cable.
You will need a Cat 5 network patch cable.
You will need a network card in the PC.
1. Locate the RJ-45 socket of the network card at the PC.
2. Plug one end of the network cable into the RJ-45 socket at the PC,
and the other end into a network socket at the MoRoS ADSL 2.1 PRO
switch.
3. Plug one end of the phone connection cable into your phone socket or
DSL splitter, and the other end into the ADSL Line socket.
4. Connect the device to the power supply.
The Power LED lights and the ADSL LED starts to blink. The ADSL
LED lights permanently after successful synchronisation.
The device is installed successfully and ready for configuration.
The device provides no direct Internet connection via the Ethernet
interface. A PPPoE client must be used to establish an Internet
connection, for example for diagnostic purposes. A detailed and
simple description of how to establish a PPPoE connection under
Windows XP can be found in the Microsoft Knowledge Base
(http://support.microsoft.com/kb/283070).
38
Page 39
MoRoS ADSL 2.1 PRO Commissioning
Configuring the MoRoS ADSL 2.1 PRO
The device is connected to the PC.
The power supply of the device is enabled.
You have the required access rights to change the IP address of the
network card to which the MoRoS ADSL 2.1 PRO is connected.
1. Change the IP address of the network card to which the device is
connected to an address that starts with 192.168.1.
As an alternative, you may also configure your network card to
"Automatic address allocation". The integrated DHCP server of the
MoRoS ADSL 2.1 PRO will then allocate an address from the
according address range to your network card.
Do not use the address 192.168.1.1. This is the factory default IP
address of the device. For example, use 192.168.1.2 as IP address for
the network card in your PC.
2. Open a web browser and enter the URL "http://192.168.1.1" into the
address bar.
The browser loads the start page of the MoRoS ADSL 2.1 PRO.
If you see the message in your browser window that the page with
this address cannot be found, follow the following steps: Check,
whether the device is supplied with power. If yes, most probably a
wrong IP address is configured in the device. Press the reset key three
times within two seconds and repeat this instruction from step 2.
A dialogue will prompt you to enter a user name and password for
authentication.
3. Enter the user name "insys" and the password "moros".
User name and password are set as factory defaults. If the registratio
at the web interface does not work
the device to the factory defaults.
Press the reset key three
instruction from step 2.
times within two seconds and repeat this
with the data entered, just reset
n
You should now see the start page of the web interface.
The MoRoS ADSL 2.1 PRO is installed successfully and ready for
configuration.
39
Page 40
Operating Principle MoRoS ADSL 2.1 PRO
12 Operating Principle
This chapter describes how to operate and configure the MoRoS ADSL 2.1 PRO.
Configuration and operation are performed using a web-based interface (web
interface). The web interface itself is displayed and operated using a web browser.
12.1 Operating the Web Interface
The web interface allows easy configuration using a web browser. All
functions can be configured via the web interface. The operation is mostly
self-explanatory. The web interface also provides an online help feature, which
describes the meaning of possible settings The online help is displayed by
selecting the option "Display help text" in the title bar below the language
selection.
We urgently recommend to enable online help for the first
configurations to allow a quick and flawless configuration.
Configuring with the web interface
How to configure with the web interface basically.
The device is connected to a network and switched on.
A PC that is physically connected to the same network as the device.
The PC is configured in a way that it is also logically connected to the
device in the same network. The first three octets of the IP address of the
PC and the MoRoS ADSL 2.1 PRO must be identical. For example, the
device has the IP address 192.168.1.1. and the PC has the IP address
192.168.1.2.
A web browser is installed on the PC.
1. Start the web browser.
2. Enter the IP address in the address line.
The factory default IP address is 192.168.1.1.
A dialogue will prompt you to enter the user name and the password
for authentication.
40
Page 41
MoRoS ADSL 2.1 PRO Operating Principle
3. Enter the user name and the password and click OK.
The default setting of the web interface is as follows:
the user name is "insys", the password is "moros".
The start page of the web interface is displayed.
4. Use the menu on the left side to select the menu item, in which you
want to change settings.
5. Enter the required settings.
6. Click on the button OK on the according configuration page to save
the settings.
After you completed the configuration changes, always click the
button OK . Otherwise the settings will not be taken over as soon as
you change to another page or close the browser.
41
Page 42
Operating Principle MoRoS ADSL 2.1 PRO
12.2 Access via HTTPS Protocol
The web interface also allows a secure configuration using the HTTPS
protocol. The HTTPS protocol allows an authentication of the server (i.t. the
MoRoS ADSL 2.1 PRO) as well as an encryption of the data transmission.
in case of a first access via the HTTPS protocol, the browser indicates that the
MoRoS ADSL 2.1 PRO uses an invalid security certificate. The certificate is not
trusted, because the CA (certification authority) certificate is unknown.
You can ignore this warning and (depending on browser and operating
system) add an exception for this server or establish the secure connection to
this server nevertheless.
We recommend to download the CA certificate CA_MoRoS.crt from the
certificate page (http://www.insys-icom.com/certificate/) and import it into
your browser, to approve INSYS MICROELECTRONICS as certification
authority. Proceed for this as described in the documentation of your browser.
If INSYS MICROELECTRONICS is stored as certification authority in your
browser and you access the device again via the HTTPS protocol, the browser
indicates again that an invalid security certificate is used. The certificate is not
trusted, because the Common Name of the certificate differs from your input
in the address bar of the browser. The browser indicates that a different
device answers under this URL. The Common Name of the certificate consists
of the MAC address of the MoRoS ADSL 2.1 PRO, where the colons are
replaced by underscores.
You can ignore this warning and (depending on browser and operating
system) add an exception for this server or establish the secure connection to
this server nevertheless.
In order to avoid this browser warning as well, you must enter the Common
Name of the MoRoS ADSL 2.1 PRO to be accessed into the address bar of
your browser. The Common Name must be connected with the IP address of
the device that the URL leads to the correct device. You can find out the
general name (Common Name) by downloading and viewing the certificate
from the device. The proceeding for this depends on your browser. The
proceeding for setting up the link depends on your operating system.
Editing of /etc/hosts (Linux/Unix)
Editing of C:\WINDOWS\system32\drivers\etc\hosts (Windows XP)
Configuring your own DNS server
For further information, refer to the documentation of your operating system.
42
Page 43
MoRoS ADSL 2.1 PRO Functions
13 Functions
13.1 Basic Settings
13.1.1 Web Interface (User Name, Password, Remote Configura-
tion)
The web interface is used to configure the MoRoS ADSL 2.1 PRO. It is protected
against unauthorized access by a user name and password query. The web
interface can be configured for a configuration from a computer in the internal
network or for remote configuration from the WAN via the HTTP or HTTPS
protocol. A location can be entered for a better differentiation. You can specify the
port, under which the web interface can be accessed.
Configuration via the web interface
User name and password are entered in the menu "Basic Settings" on
the page "Web interface" in the field "Authentication".
You can enable or disable the permissible configuration using the
respective checkbox.
The web interface port is defined in the entry field "Port for HTTP web
interface" or "Port for HTTPS web interface". Port 80 (HTTP) or port 443
(HTTPS) is configured for the web interface by default.
A description or location of the router may be entered in the entry field
"Location". This description appears in the browser window title as well
as the start page of the web interface than and facilitates a differentiation
if more web interface windows are open.
Save your settings by clicking "OK".
43
Page 44
Functions MoRoS ADSL 2.1 PRO
13.1.2 Setting IP Addresses
It must be possible to access the MoRoS ADSL 2.1 PRO in the LAN under a certain
IP address. You must assign a static IP address for this. You can enter an IPv4 and
an IPv6 address here. The router can configure one or several IPv6 addresses for
itself using SLAAC (StateLess Address AutoConfiguration). If a router with router
advertisement advertises IPv6 address prefixes in the LAN, the router configures
itself another IPv6 address with the advertised prefix in addition to the already
configured IPv6 addresses.
A virtual net address can be assigned to the local network. Devices in the local
network can then be addresses with the virtual address via WAN. The router
replaces the network portion of the virtual IP address with the network portion of
the local network and forwards the packet to the destination.
Configuration via the web interface
In order to configure a static IP address, change in the "Basic Settings"
menu to the "IP address (LAN)" page.
Enter the IPv4 address of the router in the LAN into the entry field "IP
address" and the Netmask into the field "Netmask".
When changing the local IP address, the address range of the DHCP
server will be adjusted to the new network automatically, if the
netmask has not changed. The DHCP server will be disabled with a
changed netmask and must be configured manually. This is indicated
in a notification.
The MAC address can be found in the entry fields for the IP address and
the network mask under "MAC address" on this page.
Check the checkbox "Retrieve IPv6 address automatically (SLAAC)" that
the router configures one or more IPv6 addresses automatically.
Enter the IPv6 address of the router in the LAN into the entry field "IPv6
address" or select the link "Generate new ULA" to generate a ULA
(Unique Local Address).
In order to assign a virtual net address to the local network, check the
checkbox "Activate netmapping" and enter the address into the "Virtual
net address" field (e.g. 192.168.2.0). This virtual address is only visible
from the WAN side.
If, for example, the local address is 192.168.1.1/255.255.255.0, an
entered virtual address 192.168.2.1 will be changed to 192.168.2.0
and stored.
Save your settings by clicking "OK".
44
Page 45
MoRoS ADSL 2.1 PRO Functions
13.1.3 Enter Static Route
You can define static routes for forwarding data packets in the MoRoS ADSL 2.1
PRO, which are loaded during system start.
Configuration via the web interface
In order to enter a static route, change in the menu "Basic Settings" to
the page "Routing".
Enter in the section "Add new route" the Net address, the Netmask
address as well as the Gateway into the respective fields for IPv4 or IPv6.
All fields must be completed that a new route for the respective IP
version is taken over into the table. Save the route by clicking "OK".
In order to delete an existing route, check under "Existing routes" the
checkbox of the route(s) to be deleted.
Save your settings by clicking "OK".
Neither a default gateway can be entered nor NAT can be enabled or
disabled here. This is configured in the menu "LAN (ext)" on the
respective page "Routing".
13.1.4 Entering Host Names
You can specify the host and domain name of the MoRoS ADSL 2.1 PRO here.
Moreover, a host table can be created, in which IP addresses are combined with
host names.
Configuration via the web interface
In order to enter the host name, change in the "Basic Settings" menu to
the "Host names" page and enter the host name into the "Host name"
field.
In order to enter the domain name, enter the domain name into the
"Domain name" field.
In order to enter a new host into the host table, enter in the "Add new
host" section the IP address and the associated Host name into the
respective fields. Save the host in the table by clicking "OK".
In order to delete an existing host, check under "Existing hosts" the
checkbox of the host(s) to be deleted.
Save your settings by clicking "OK".
45
Page 46
Functions MoRoS ADSL 2.1 PRO
13.1.5 Configuring MAC Filter
A MAC filter can be enabled in the MoRoS ADSL 2.1 PRO. This will then only
accept packets at the local Ethernet interface that come from network devices that
are explicitly permitted in the filter.
Note
Loss of availability!
If the MAC address of the computer that is used for
configuration is not entered, no further configuration will
be possible any more.
It is necessary that you enter the MAC address of the
computer that is used for configuration into the list of
allowed source MAC addresses before activating the MAC
filter.
Configuration via the web interface
In order to enable the MAC filter, check in the menu "Basic Settings" on
the page "MAC filter" the checkbox "Activate MAC filter".
In order to enter a new source MAC address, enter this into the "Allow
new source MAC" field. Save the entry by clicking "OK".
In order to delete an existing MAC address, check under "Allowed source
MAC addresses" the checkbox of the route(s) to be deleted.
Save your settings by clicking "OK".
46
Page 47
MoRoS ADSL 2.1 PRO Functions
13.2 LAN (ext)
13.2.1 Configuring the Interface to the ADSL Modem (WAN)
The MoRoS ADSL 2.1 PRO uses its router function to switch the data traffic
between an "internal network" and an ADSL connection. The LAN ext interface
serves for connecting to the ADSL access. You can select here between a
connection with the ADSL access in the modes PPPoE (PPP over Ethernet), PPPoA
(PPP over ATM), Bridge, static IP or DHCP client.
Configuration via the web interface
In order to specify the operating mode, select in the "LAN (ext)" menu on
the "LAN (ext)" page the respective radio button.
For a bridge operation, select the radio button "Bridge". Then, the ADSL
connection behaves like another switch port. This is the mode IPoE (IP
over Ethernet).
For an ADSL connection over PPPoEto a WAN, configure in the "LAN
(ext)" menu on the "DSL" page the ADSL connection first. Then, select in
the "LAN (ext)" menu on the "LAN (ext)" page the radio button "PPPoE
connection".
For an ADSL connection over PPPoAto a WAN, configure in the "LAN
(ext)" menu on the "DSL" page the ADSL connection first. Then, select in
the "LAN (ext)" menu on the "LAN (ext)" page the radio button "PPPoA
connection".
In order to enable the DHCP client, select the "DHCP-Client" radio
button. In order to obtain another IP address for each host table entry,
check the checkbox "Request an additional IP address for each entry of
the host table".
In order to assign a fix IP address to the ADSL connection, select the
"static IP address" radio button. Then, enter into the entry fields "static IP
address" and "Netmask" an IPv4 address as well as a netmask. The IP
address must be an address from the external LAN, to which you
connect the router.
Check the checkbox "Retrieve IPv6 address automatically (SLAAC)" that
the router configures one or more IPv6 addresses automatically.
Enter the IPv6 address of the router in the LAN into the entry field "IPv6
address" or select the link "Generate new ULA" to generate a ULA
(Unique Local Address).
Save your settings by clicking "OK".
47
Page 48
Functions MoRoS ADSL 2.1 PRO
13.2.2 Configuring ADSL
The MoRoS ADSL 2.1 PRO can connect to a WAN via ADSL. It can communicate
with the DSL modem via the LAN ext interface configured in the previous section.
The ATM (Asynchronous Transfer Mode) parameters of the ADSL connection must
be configured first that an ADSL connection to the DSLAM can be established.
Configuration via the web interface
In order to configure the ADSL access, the ATM configuration elements
(VPI, VCI, Multiplex) must be configured accordingly first. Refer to your
provider for the appropriate values.
Enter the VPI (Virtual Path Identifier) value in the "LAN (ext)" menu on
the "DSL“ page into the "VPI" field.
Enter the VCI (Virtual Channel Identifier) value into the "VCI" field.
Select the Multiplex operation to be used, by selecting under "Multiplex"
either the "LLC" (Logical Link Control) or "VC-MUX" (Virtual Circuit
Multiplexing) radio button.
Enter then user name and password for ADSL access into the "User
name" and "Password" entry fields.
The following parameters are only relevant, if the LAN ext interface
has been configured for a PPPoE or PPPoA connection.
Enter an optional idle time into the entry field "Idle time" in seconds,
after which the connection is terminated, if no data is transferred
anymore. If you enter "0", the connection remains established for an
unlimited time.
Enter an optional maximum connect time into the entry field "Maximum
connect-time" in seconds, after which the connection will be terminated.
Enter "0" to disable the time-controlled connection termination.
In order to adjust the MTU (maximum permissible number of bytes in a
packet to be received), change the entry in the entry field "MTU
(Maximum Transmission Unit)".
In order to adjust the MRU (maximum permissible number of bytes in a
packet to be sent), change the entry in the entry field "MRU (Maximum
Receive Unit)".
The default settings of MTU and MRU are suitable for most
applications and do not need to be modified usually.
Check the checkbox "Request DNS server address" that the IP addresses
of the name servers are retrieved from the DSL provider.
Save your settings by clicking "OK".
48
Page 49
MoRoS ADSL 2.1 PRO Functions
In order to configure a default route, check in the menu "LAN (ext)" on
the page "Routing" the checkbox "Set default route to gateway". The
device cannot switch the data traffic between the internal network at the
switch and the ADSL connection without the default route to the internal
ADSL modem.
Save your settings by clicking "OK".
13.2.3 Configuring Leased Line Operation
You can configure the MoRoS ADSL 2.1 PRO to permanently maintain the
previously configured DSL connection. The connection will immediately be
established the connection after system start in this operating mode. The device
checks the connection for its function periodically. The connection check can be
performed either via a DNS request of a host name or via PING at a host.
Configuration via the web interface
In order to configure a leased line, check in the menu "LAN (ext)" on the
page "DSL" the checkbox "Connect immediately and hold connection".
If necessary, enter another time in minutes for the connection check into
the entry field "Interval for checking connection". The default setting is 5
minutes. If a closed connection is determined after this time, the MoRoS
ADSL 2.1 PRO will attempt to re-establish the connection after one
minute. If the attempt fails, there will be another attempt after 5 minutes.
The next attempt will take place after 30 minutes; if this attempt fails as
well, the device will attempt to re-establish the connection every 60
minutes.
Select the method for connection check using the radio buttons behind
"Type to check the connection" and enter a host name or an "IP
address". If the checkbox "Renegotiate PPP connection in case of failure"
is checked, a failed ping or DNS request causes that a possibly existing
connection will be closed. It will be attempted to establish a connection
again afterwards in any case.
Save your settings by clicking "OK".
This function is only effective, if the LAN ext interface is configured for
a PPPoE connection.
49
Page 50
Functions MoRoS ADSL 2.1 PRO
13.2.4 Configuring a Periodical DSL Connection Establishment
The MoRoS ADSL 2.1 PRO can establish and terminate the previously configured
DSL connection time-controlled. The DSL connection is established and terminated
daily at a certain time.
This function initiates individual events, regardless whether other times have
already been defined for the connection termination. Example: If you already
configure a daily connection termination at 14:00 and a daily connection
establishment at 16:00, other settings and events can also initiate a connection
establishment within this period, e.g. a packet, that complies with the dialling filter.
The connection is also terminated, if the configured "Idle time" has expired, for
example.
Configuration with the web interface
In order to establish a daily connection at a certain time, check in the
menu "LAN (ext)" on the page "DSL" the checkbox "Connect
automatically once a day at" and enter a time for the connection set-up
into the entry fields for hours and minutes.
In order to terminate a daily connection at a certain time, check the
checkbox "Disconnect automatically once a day at" and enter a time for
the disconnection into the entry fields for hours and minutes.
Save your settings by clicking "OK".
This function is only effective, if the LAN ext interface is configured for
a PPPoE connection.
50
Page 51
MoRoS ADSL 2.1 PRO Functions
13.2.5 Routing
Routing is the core function of the MoRoS ADSL 2.1 PRO. Routing means that
incoming data packets are routed to certain network devices according to certain
rules defined by you.
The routes determine whereto packets are forwarded. A net address and netmask
are used to distinguish, whether a route is applied to a IP packet or not. If a packet
comes in, that has a destination with an existing route, the device forwards the
packet to the gateway address defined in the route.
You can specify a default route. All incoming packets, which cannot be assigned to
a route, are sent to this gateway. If you have connected a DSL modem to the LAN
ext interface, you can set the default route to the DSL modem.
Moreover, Network Address Translation is supported. If NAT is enabled, the device
replaces the source address of the packets of an outgoing connection with its own.
The device stores the actual source address in its NAT table. If it receives a reply
packet of the remote terminal of this connection, it replaces the destination address
of the packet with the address of the original source.
Configuration via the web interface
In order to configure an IPv4 default route, check in the menu "LAN
(ext)" on the page "Routing" the checkbox "Set default route to gateway"
and enter the default gateway behind. The entry field is not visible in DSL
operation.
In order to configure an IPv6 default route, check the checkbox "Set IPv6
default route to gateway" and enter the default gateway behind. The
entry field is not visible in DSL operation.
In order to disable the NAT function for incoming packets, deactivate the
checkbox "Activate NAT for incoming IPv4 packets". This may be useful
in LAN operation if the routed packets must not be changed.
In order to disable the NAT function for outgoing packets, deactivate the
checkbox "Activate NAT for outgoing IPv4 packets". This may be useful
in LAN operation if the routed packets must not be changed.
In order to add a new route, enter in the section "Add new route" the
"net address", the associated "netmask" and a gateway into the
respective fields for IPv4 or IPv6. All fields must be completed that a new
route for the respective IP version is taken over into the table. Save the
route by clicking "OK".
In order to delete an existing route, check under "Existing routes" the
checkbox of the route(s) to be deleted.
Save your settings by clicking "OK".
51
Page 52
Functions MoRoS ADSL 2.1 PRO
13.2.6 Setting up a Dialling Filter
The dialling filter can restrict the network traffic which could trigger a connection
establishment. All packets with external destination initiate a connection
establishment without dialling filter. If the dialling filter is enabled, only the packets,
which are permitted by the rules, can initiate a connection establishment.
Configuration via the web interface
In order to enable the dialling filter, check in the menu "LAN (ext)" on the
page "Dial filters" the checkbox "Activate Dial-Out filters for LAN (ext)
interface".
In order to permit connections via a certain protocol, select in the field
"Create new rule" the permitted protocol in the drop-down list
"Protocol".
In order to permit connections of certain IP addresses, enter the
permitted source IP address into the entry field "Source IP address".
In order to permit connections to certain ports, enter the permitted
destination port into the entry field "Destination port".
In order to permit connections to certain IP addresses, enter the
permitted destination IP address into the entry field "Destination IP
address".
Optionally, you can use the checkbox "Allow DNS requests from source
IP address to initiate a connection" to allow that DNS requests of the
defined source IP addresses are allowed to initiate a connection
establishment.
Save your settings by clicking "OK".
In order to disable individual dialling filter rules temporarily, uncheck in
the section "These data packets are allowed to initiate a Dial-Out" the
checkbox in the column "active". Click on "OK" to confirm the settings.
In order to delete one or more rules, check in the section "These data
packets are allowed to initiate a Dial-Out" the checkbox in the column
"delete". Click on "OK" to confirm the settings.
This function is not effective, if the LAN ext interface is configured for
a PPPoA connection.
52
Page 53
MoRoS ADSL 2.1 PRO Functions
13.2.7 Creating or Deleting a Firewall Rule
A firewall is available for all connections via the LAN ext interface. It is used to
prevent unauthorized data traffic. The logic of the firewall states that any data
traffic is forbidden, which is not explicitly permitted through a rule. If you enable
the firewall for the connection type "Dial-Out", only connections will be possible
which are authorised by the firewall rules. All other connections will be blocked.
Configuration via the web interface
In order to enable the firewall for IPv4 connections via the LAN ext
interface, check in the menu "LAN (ext)" on the page "Firewall" the
checkbox "Activate firewall for LAN (ext) interface".
In order to enable the firewall for IPv6 connections via the LAN ext
interface, check the checkbox "Activate IPv6 firewall for LAN (ext)
interface".
It is strongly recommended to keep the firewall for IPv6 always
enabled, even if IPv6 is not used.
In order to create a rule for a permitted IP connection, proceed as
follows.
Select in the section "Allow new connection" in the drop-down list field
"Data direction" a data direction for the rule.
Define the protocol of the permitted connection in the drop-down list
field "Protocol".
Select the IP version for which the rule shall apply in the drop-down list
"IP version".
Enter the further specifications of the connections permitted by the
router into the entry fields "Source IP address", "Destination IP address"
and "Destination port". Only rules can be created, which are not valid for
individual machines (hosts), but for whole networks. In this case, the
netmask must be entered following the "/".
Save your settings by clicking "OK".
In order to temporarily disable firewall rules, uncheck in the section
"Allowed connections ..." the check box in the column "active" in the
firewall rule overview. Click on "OK" to confirm the settings.
In order to delete one or more rules, check the checkbox in the column
"delete" in the firewall rule overview. Click on "OK" to confirm the
settings.
If the LAN ext interface is configured for a PPPoA connection, all
incoming packets come from the ADSL modem and thus have the
same sender IP address.
53
Page 54
Functions MoRoS ADSL 2.1 PRO
13.2.8 Creating or Deleting an IP Forwarding Rule
IP forwarding rules create additional IP addresses at the LAN (ext) interface, if
"static IP address" has been selected on the "LAN (ext)" page. Packets to one of
these IP addresses will be forwarded to the IP address in the local LAN that is
assigned to it.
The firewall is also effective for these additional IP addresses.
Therefore, these additional IP addresses must be permitted in the
"LAN (ext)" menu on the "Firewall" page, if the firewall is enabled.
Otherwise, all packets that are not directed to these IP addresses
would be discarded.
Configuration via the web interface
In order to enable IP forwarding, check in the "LAN (ext)" menu on the
"IP forwarding" page the checkbox "Activate IP forwarding".
In order to create an IP forwarding rule, in the "Create new rule" section
the additional IP address with netmask into the "LAN (ext) IP address"
field and the destination address into the "Destination IP address" field.
The packets to the additional address will then be forwarded to this
address. Save the entry by clicking "OK".
In order to delete an existing rule, check under "Existing rules" the
checkbox of the rule(s) to be deleted.
Save your settings by clicking "OK".
54
Page 55
MoRoS ADSL 2.1 PRO Functions
13.2.9 Creating or Deleting a Port Forwarding Rule
If port forwarding is enabled, the router forwards packets coming in from the WAN
to the machines in the LAN, which have been specified in the port forwarding
rules.
Only the WAN IP address of the MoRoS ADSL 2.1 PRO is accessible from the
WAN, if NAT is enabled for packets going into the WAN. The local terminal devices
in the network of the device can still be accessed with this IP address using port
forwarding. Packets from the WAN sent to the WAN IP address at a port x, can be
forwarded to a machine with the IP address Y at the port y.
Configuration via the web interface
In order to enable port forwarding, check in the menu "LAN (ext)" on the
page "Port forwarding" the checkbox "Activate port forwarding for LAN
(ext) interface".
In order to create a port forwarding rule, select in the field "Create new
rule" the protocol and specify the port range, for the incoming packets at
the MoRoS ADSL 2.1 PRO. Enter an IP address for the routing
destination in the entry field "to IP address" and a port in the entry field
"to port"; this is the address and the port where the packets are routed
to.
In order to disable an existing rule, disable the checkbox "active" of the
respective rule and then click on "OK".
In order to delete an existing rule, check the checkbox "delete" of the
respective rule and then click on "OK".
The rules in the list are processed from top to bottom. If two rules
contradict each other (for example, the same port is used twice), only the
rule which is further up in the list will be processed.
55
Page 56
Functions MoRoS ADSL 2.1 PRO
13.2.10 Defining the Exposed Host
All packets which do not comply with any port forwarding rule, can be forwarded
to a predefined computer in the LAN, also called "Exposed Host" (for example, for
diagnostic purposes) optionally. The exposed host contains all packets which have
not been requested by the local network of the MoRoS ADSL 2.1 PRO or which
have not been forwarded to a participant in the local network by a port forwarding
rule. If no exposed host is configured, these incoming packets are discarded.
Configuration via the web interface
In order to define an exposed host, enter in the menu "LAN (ext)" on the
page "Port forwarding" in the entry field "Exposed host" the IP address of
a computer in the LAN, which shall be accessible from outside via all
ports.
Save your settings by clicking "OK".
56
Page 57
MoRoS ADSL 2.1 PRO Functions
13.3 VPN
13.3.1 VPN General
A VPN (virtual private network) is used to connect IP end devices or entire
networks with each other, in a safe way. The data is transmitted tamper-proof to a
destination and can not be read by third parties.
You can configure the MoRoS ADSL 2.1 PRO for an OpenVPN, PPTP or IPsec
connection.
The exact proceeding for creating a certificate structure and configuring a VPN
participant is described in a series of configuration guides. These are available from
our website (http://www.insys-icom.com/cg/) or our support team (support@insysicom.de).
13.3.2 OpenVPN General
You can use the MoRoS ADSL 2.1 PRO as OpenVPN server or OpenVPN client.
Figure 7 shows a sample configuration for an OpenVPN connection. One MoRoS
ADSL 2.1 PRO is configured as OpenVPN server and a second as OpenVPN client
here. Both, client as well as server can be replaced by any OpenVPN-capable
devices. In the example, a PPP connection between the two devices exists. Via this
PPP connection, an OpenVPN connection is established.
As soon as a WAN connection has been established, IP connections between both
networks can be established. OpenVPN uses an existing WAN connection to
establish a VPN tunnel. A tunnel consists of an IP connection, which transports all
packets to be tunnelled in its payload. OpenVPN will make a virtual network card
available for sending data traffic.
Figure 7: OpenVPN connection and IP addresses in the sample configuration
57
Page 58
Functions MoRoS ADSL 2.1 PRO
In the sample configuration, the end points of the OpenVPN connection will have
the IP addresses 10.1.0.1 and 10.1.0.2. The VPN tunnel will be established within
an already existing WAN connection. The OpenVPN clients and servers must also
know which network is located behind the according tunnel ends. In the sample
configuration, this is the network 192.168.200.0/24 on one side. On the other side,
this is the network 192.168.1.0/24. As soon as the tunnel is established, data for
these target networks is sent through the OpenVPN tunnel. If only data with a
target in the network behind the tunnel end are to be transmitted via the WAN
interface, it is recommended to enable the firewall after successful configuration.
This will limit the communication to the port at which the OpenVPN tunnel is
established (default setting: UDP port 1194).
The MoRoS ADSL 2.1 PRO supports several authentication methods when
establishing the VPN tunnel:
Authentication type Usage Characteristics
None For testing purposes
and to connect
networks without
encryption.
Static key For encrypted
connections of one
client and one server
each in small
applications
User
name/password and
common CA
certificate (can only
For encrypted
connections from one or
more clients to an
OpenVPN server.
be configured at the
OpenVPN client)
Certificate-based;
each participant has
an individual
certificate and key.
For encrypted
connections from one or
more clients to an
OpenVPN server.
No encrypted connection. It is
not possible to log in several
clients at the server at the same
time.
Encrypted connection. It is not
possible to log in several clients
at the server at the same time.
Flexible application for several
clients. Cannot be used with the
MoRoS ADSL 2.1 PRO as
OpenVPN server.
Solution for maximum security,
but the configuration is more
complicated. This is the
recommended operating mode.
Table 13: Authentication methods for OpenVPN
For detailed information and troubleshooting, we also recommend the OpenVPN
web site: http://openvpn.net/howto.html
58
Page 59
MoRoS ADSL 2.1 PRO Functions
13.3.3 Setting Up an OpenVPN-Server
You can use the MoRoS ADSL 2.1 PRO as OpenVPN server, if you want to send
confidential data via an unsecured network, for example. This section describes the
set-up of an OpenVPN server. The basic settings are reasonable factory defaults,
which you may change in certain circumstances. Here, you define which port of
the MoRoS ADSL 2.1 PRO is used to create the OpenVPN tunnel and if the
OpenVPN transmission is performed with the UDP or the TCP protocol. Moreover,
you can specify here, whether the clients are informed about the server network,
the remote terminal may change its IP address, LZO compression is used, packets
are masked before tunnelling, which encryption algorithm is used during
transmission, how big the tunnel packets are to be, and in which time intervals the
OpenVPN server sends VPN pings. In addition, you will have the option to display
the OpenVPN status, to display the current configuration file, to create a
configuration for an OpenVPN remote terminal, and to display a log of the last
connection. You can use the generated configuration file to create an OpenVPN
configuration file for exampple, which can be used as basis for the operation of an
OpenVPN instance on a client PC. The OpenVPN packet for Windows clients can
be downloaded from the INSYS icom web site (www.insys-icom.com/driver).
This program is used as remote terminal, if you want to establish an OpenVPN
connection from a Windows PC.
Configuration via the web interface
In order to use the OpenVPN server for a connection, check in the menu
"LAN (ext)" on the page "OpenVPN server" the checkbox "Activate
OpenVPN server".
In order to define the local port at the MoRoS ADSL 2.1 PRO as well as
the port at the remote terminal, enter a value for the required port into
the entry fields "Tunnelling over port (local / remote)" (default setting
1194).
The OpenVPN transmission protocol is selected with the radio buttons
"UDP" or "TCP". We recommend using UPD to minimise latency.
In order to inform the clients about the route to the network behind the
server, check the checkbox "Inform clients about server network". If this
setting is disabled, a communication can only be initiated from the
network of the server.
In order to enable remote OpenVPN terminals to change its IP during a
connection ("Floating"), check the checkbox "Remote terminal is allowed
to change its IP address (float)". This setting is activated by default.
59
Page 60
Functions MoRoS ADSL 2.1 PRO
In order to enable or disable LZO compression, check or uncheck the
checkbox "Activate LZO compression". If already strongly compressed
data (e.g. jpg) is transmitted, the compression will have hardly any effect;
however, if compressible data (e.g. text) is transmitted, the compression
may significantly reduce the transmitted volume of data. Switch the
compression off, if the remote terminal does not support LZO
compression.
In order to mask the packets with the virtual tunnel IP address, check the
checkbox "Masquerade packets before tunnelling". The recipient of the
packets sees the IP address of the tunnel end as sender then, not the
address of the original sender.
In order to use a different encryption method than the preset method for
the OpenVPN connection, select one of the encryption types in the dropdown list "Cipher algorithm".
In order to configure the detail level of the messages in the connection
log, enter the detail level into the field "Log level", where "0" disables the
log record completely and "9" records the most detailed information.
In order to define a certain fragmenting size for the OpenVPN tunnel
packets in bytes, use the entry field "Fragment packets". Enter the
required maximum packet size in bytes here. If you don't enter a value,
the OpenVPN packets will have a maximum size of 1.500 bytes. The
actually transmitted amount of user data is lower, because OpenVPN
creates a "protocol overhead", which means that the protocol
information that is transmitted as well is a part of the packet size.
In order to adjust the interval up to the key renegotiation, use the entry
field "Interval for renegotiation of data channel key". This interval
configures the time in seconds, which must expire before new keys are
created.
In order to adjust the VPN ping interval, use the entry field "Ping
interval". Enter the interval in the amount of seconds, in which the
OpenVPN server of the MoRoS ADSL 2.1 PRO sends ping packets to the
remote VPN terminal. The frequent ping is used to keep the connection
open via several routers and gateways, which may participate in the
connection and would close the channel in case there was no
communication.
In order to adjust the ping restart interval, use the entry field "Ping restart
interval". The ping restart interval configures the time in seconds after
which the tunnel is to be established again, if no ping from the remote
terminal has arrived during the complete time. The value "0" prevents the
tunnel to be terminated, even if no ping is received any more.
The ping interval and the ping restart interval must be adjusted to each
other. Typical values are 30 and 60 (default). The ping interval should
not exceed half of the ping restart interval. We recommend for poor
WAN connections to reduce the ping interval and, if required, increase
the ping restart interval.
60
Page 61
MoRoS ADSL 2.1 PRO Functions
In order to configure the authentication with certificates, select the radio
button "Authentication based on certificate". It is indicated under the
option here, whether the individual certificates and keys are present
(green checkmark) or not (red cross). Present certificates can also be
downloaded (blue arrow) or deleted again (red cross on white box). The
private key can only be deleted. Check the checkbox "Allow
communication between clients" to enable a communication between
the clients as well. Define the IP address pool for the clients in the fields
"IPv4 address pool / Netmask" or "IPv6 address pool / Netmask". In order
to create a new route to a client network, enter in the section "Create
new route to a client network" the Common Name of the client into the
field "Name in certificate" as well as its net address and netmask into the
fields "IPv4 net address / netmask" or "IPv6 net address / netmask".
Optionally, enter the VPN IPv4 address for the tunnel end of a client into
the field "VPN IPv4 address". One IPv4 and one IPv6 address will always
be assigned to each tunnel end, even if the tunnel of one IP version is not
used at all. Click on "OK" to take over the new route. You can delete
existing routes by checking the checkbox in the column "delete" of the
respective route and clicking on "OK".
A link of a network address with "DEFAULT" as "Common Name" may
be created as "Standard route". It is always used as route, when a
client registers with a certificate, for whose "Common Name" no other
link has been entered.
In order to configure the authentication with static key, select the radio
button "No authentication or authentication with preshared key". It is
indicated under the option here, whether the static key is present (green
checkmark) or not (red cross). A present key can also be downloaded
(blue arrow) or deleted again (red cross on white box). If no key exists,
the remote terminal will neither be authenticated nor the data traffic
through the OpenVPN tunnel will be encrypted. You can also generate a
new static key using the "Generate a new static key" link. This static key
must then be downloaded and also uploaded to the remote terminal.
Both OpenVPN remote terminals must have the same static key that a
tunnel is functional with this authentication type. Enter the IP address or
the domain name of the remote terminal into the "IP address or domain
name of remote site" field. You can enter the IP address or the domain
name of an alternative remote terminal into the "Alternative remote site"
field. Enter the IP address of the local tunnel end into the "IPv4 tunnel
address local" or "IPv6 tunnel address local" field and the IP address of
the remote tunnel end into the "IPv4 tunnel address remote" or "IPv6
tunnel address remote" field. Enter the address as well as the associated
netmask of the network behind the OpenVPN tunnel into the "IPv4 net
address behind the tunnel" or "IPv6 net address behind the tunnel" and
"IPv4 netmask behind the tunnel" or "IPv6 netmask behind the tunnel"
fields.
In order to confirm all settings made above, click on "OK".
61
Page 62
Functions MoRoS ADSL 2.1 PRO
In order to upload a certificate or key, click in the section "Upload key or
certificates" on the "Browse..." button (button depends on the used
browser). Then, select in the "Upload file" window the desired file on the
respective data carrier and click on the "Open" button. If the file is
encrypted, you must also enter the password into the "Password (only
with encrypted file)" field. Click on "OK" then to upload the file.
13.3.4 Setting Up an OpenVPN-Client
You can use the MoRoS ADSL 2.1 PRO as OpenVPN client, if you want to connect
to an OpenVPN server via an unsecured network. This section describes the set-up
of an OpenVPN client. The basic settings are reasonable factory defaults, which
you need to adjust to the VPN which will be connected to the MoRoS ADSL 2.1
PRO. Here, you define with which IP address or domain and via which ports the
OpenVPN tunnel is established, and if the OpenVPN transmission is performed with
the UDP or the TCP protocol. If the remote terminal can only be accessed via a
proxy server, this can be configured accordingly. Moreover, you can specify here,
whether a default route is set, the local address and the port are fixed, the remote
terminal may change its IP address, LZO compression is used, packets are masked
before tunnelling, which encryption algorithm is used during transmission, how big
the tunnel packets are to be, and in which time intervals the OpenVPN client sends
VPN pings to the server. In addition, you will have the option to display the
OpenVPN status, the current configuration file, a configuration for an OpenVPN
remote terminal (the OpenVPN sever) and a log of the last connection.
Configuration via the web interface
In order to use the OpenVPN client for a connection, check in the menu
"LAN (ext)" on the page "OpenVPN client" the checkbox "Activate
OpenVPN client".
In order to define the IP address or the domain name of the remote
terminal, which you use to have the router establish the OpenVPN
connection, enter an IP address or a domain name in the field "IP address
or domain name of remote site".
Optionally, an alternative remote terminal can be defined, which will be
used to establish the VPN connection, if the remote terminal configured
above is not available. Enter an IP address or domain name into the
"Alternative remote site" field for this.
In order to define the local port at the MoRoS ADSL 2.1 PRO as well as
the port at the remote terminal, enter a value for the required port into
the entry fields "Tunnelling over port (local / remote)".
The OpenVPN transmission protocol is selected with the radio buttons
"UDP" or "TCP". We recommend to use UDP to minimize latency.
62
Page 63
MoRoS ADSL 2.1 PRO Functions
If the remote terminal can only be accessed via a proxy server, enter its
IP address or domain name into the "IP address or domain name of proxy
server" field, select its type using the "HTTP" or "SOCKS5" radio buttons
and enter its port into the "Port" field. If the proxy server requires an
authentication, enter the access data into the "User name" and
"Password" fields.
In order to set a default route, check the checkbox "Set default route
(redirect-gateway)". The complete data traffic will be routed through the
tunnel then.
It is not obligatory to provide the local port and the IP address of the
OpenVPN connection. If you want to leave the use of ports and the IP
address free, uncheck the checkbox "Bind to local address and port".
In order to enable remote OpenVPN terminals to change its IP during a
connection ("Floating"), check the checkbox "Remote terminal is allowed
to change its IP address (float)". This setting is activated by default.
In order to enable or disable LZO compression, check or uncheck the
checkbox "Activate LZO compression". If already strongly compressed
data (e.g. jpg) is transmitted, the compression will have hardly any effect;
however, if compressible data (e.g. text) is transmitted, the compression
may significantly reduce the transmitted volume of data. Switch the
compression off, if the remote terminal does not support LZO
compression.
In order to mask the packets with the virtual tunnel IP address, check the
checkbox "Masquerade packets before tunnelling". The recipient of the
packets sees the IP address of the tunnel end as sender then, not the
address of the original sender.
In order to use a different encryption method than the preset method for
the OpenVPN connection, select an encryption type in the drop-down list
"Cipher algorithm".
In order to configure the detail level of the messages in the connection
log, enter the detail level into the field "Log level", where "0" disables the
log record completely and "9" records the most detailed information.
In order to define a certain fragmenting size for the OpenVPN tunnel
packets in bytes, use the entry field "Fragment packets". Enter the
required maximum packet size in bytes here. If you don't enter a value,
the OpenVPN packets will have a maximum size of 1.500 bytes. The
actually transmitted amount of user data is lower, because OpenVPN
creates a "protocol overhead", which means that the protocol
information that is transmitted as well is a part of the packet size.
In order to adjust the interval up to the key renegotiation, use the entry
field "Interval for renegotiation of data channel key". This interval
configures the time in seconds, which must expire before new keys are
created.
63
Page 64
Functions MoRoS ADSL 2.1 PRO
In order to adjust the VPN ping interval, use the entry field "Ping
interval". Enter the interval in the amount of seconds, in which the
OpenVPN client of the MoRoS ADSL 2.1 PRO sends ping packets to the
remote VPN terminal. The frequent ping is used to keep the connection
open via several routers and gateways, which may participate in the
connection and would close the channel in case there was no
communication.
In order to adjust the ping restart interval, use the entry field "Ping restart
interval". The ping restart interval configures the time in seconds after
which the tunnel is to be established again, if no ping from the remote
terminal has arrived during the complete time. The value "0" prevents the
tunnel to be terminated, even if no ping is received any more.
In order to send a ping via ICMP protocol to a domain or an IP address
additionally, enter this into the entry field "Additional ICMP Ping to". It is
recommended to enter a domain name or IP address, which can only be
connected via the tunnel, here. If the ping is not successful, a possibly
existing tunnel will be terminated, and a new tunnel will be established.
The ping interval is 15 minutes.
In order to configure the authentication with certificates, select the radio
button "Authentication based on certificate". It is indicated under the
option here, whether the individual certificates and keys are present
(green checkmark) or not (red cross). Present certificates can also be
downloaded (blue arrow) or deleted again (red cross on white box). The
private key can only be deleted. Alternatively, or in addition to the usage
of a client certificate and a private key, an user name/password
combination can be used for the authentication with the OpenVPN server
(however, the CA certificate is required in any case, which must be
possessed by every participant of this VPN). Enter a user name into the
field "User name" as well as the associated password into the field
"Password" for this. In order to check the certificate type of the remote
terminal, check the checkbox "Check remote certificate type".
64
Page 65
MoRoS ADSL 2.1 PRO Functions
In order to configure the authentication with static key, select the radio
button "No authentication or authentication with preshared key". It is
indicated under the option here, whether the static key is present (green
checkmark) or not (red cross). A present key can also be downloaded
(blue arrow) or deleted again (red cross on white box). If no key exists,
the remote terminal will neither be authenticated nor the data traffic
through the OpenVPN tunnel will be encrypted. You can also generate a
new static key using the "Generate a new static key" link. This static key
must then be downloaded and also uploaded to the remote terminal.
Enter the IP address of the local tunnel end into the "IPv4 tunnel address
local" or "IPv6 tunnel address local" field and the IP address of the
remote tunnel end into the "IPv4 tunnel address remote" or "IPv6 tunnel
address remote" field. Enter the address as well as the associated
netmask of the network behind the OpenVPN tunnel into the "IPv4 net
address behind the tunnel" or "IPv6 net address behind the tunnel" and
"IPv4 netmask behind the tunnel" or "IPv6 netmask behind the tunnel"
fields.
In order to confirm all settings made above, click on "OK".
In order to upload a certificate or key, click in the section "Upload key or
certificates" on the "Browse..." button (button depends on the used
browser). Then, select in the "Upload file" window the desired file on the
respective data carrier and click on the "Open" button. If the file is
encrypted, you must also enter the password into the "Password (only
with encrypted file)" field. Click on "OK" then to upload the file.
65
Page 66
Functions MoRoS ADSL 2.1 PRO
13.3.5 PPTP General
PPTP (Point-to-Point Tunnelling Protocol) is a VPN (virtual private network) that is
not recommended for new installations. A recent alternative is OpenVPN.
PPTP establishes a PPP connection via a tunnel set-up with the GRE protocol. To
establish the tunnel, it is essential that the GRE (Generic Routing Encapsulation)
protocol is routed without restrictions between the two PPTP participants and a
TCP connection with port 1723 is possible. The TCP port 1723 is fix and cannot be
modified. The GRE protocol is not always routed directly in the Internet. In this
case, NAT can prevent to establish a tunnel, if performed.
We strongly recommend to use as long as possible passwords with special
characters and the encryption method MPPE-128 Bit.
13.3.6 Setting Up a PPTP Server
The settings for the MoRoS ADSL 2.1 PRO as PPTP server are configured here. A
maximum of 5 PPTP clients can log on to this server at the same time. However, it
is possible to create more users, but only 5 tunnels can be active at the same time.
Configuration via the web interface
For an operation as PPTP server, check in the menu "LAN (ext)" on the
page "PPTP server" the checkbox "Activate PPTP server".
In order to display the messages of the last connection, select the link
"Display log of last connection".
In order to select the authentication method for the PPTP client at the
server, select this from the drop-down list "Authentication". If the data
traffic is to be encrypted via the PPTP connection using MPPE, the
authentication type MS-CHAP-v2 is mandatory.
In order to select the encryption for the PPTP connection, select this
from the drop-down list "Encryption". The same encryption must also be
configured for the client.
In order to adjust the MTU (maximum permissible number of bytes in a
packet to be transmitted), change the entry in the entry respective field.
In order to adjust the MRU (maximum permissible number of bytes in a
packet to be received), change the entry in the respective field.
The default settings of MTU and MRU are suitable for most
applications and do not need to be modified usually.
Enter the IP address of the local tunnel end into the field "IPv4 tunnel
address local". If no explicit address is specified, the PPTP server will use
the IP address 192.168.0.1. If this address is already reserved, another
address can be specified here.
66
Page 67
MoRoS ADSL 2.1 PRO Functions
Define the available IP address pool for the tunnel ends of the PPTP
clients in the fields "IP address pool". This pool must be in the network of
the LAN. The PPTP clients address their destination directly with IP
addresses in the LAN of the MoRoS ADSL 2.1 PRO.
In order to add a new user, that is permitted for the connection of PPTP
clients, enter a user name and a password into the respective fields for
this. Click on "OK" to take over the user. You can delete existing users by
checking the checkbox in the column "delete" of the respective user and
clicking on "OK".
In order to confirm all settings for the loaded tunnel made above, click
on "OK".
13.3.7 Setting Up a PPTP Client
The settings for the PPTP client are configured here. All packets through the PPTP
tunnel are masked by the MoRoS ADSL 2.1 PRO with its tunnel address.
Configuration via the web interface
In order to use the MoRoS ADSL 2.1 PRO as PPTP client, check in the
menu "LAN (ext)" on the page "PPTP client" the checkbox "Activate
PPTP client".
In order to display the messages of the last connection, select the link
"Display log of last connection".
In order to define the IP address or the domain name of the remote
terminal, to which the VPN connection is to be established, enter an IP
address or a domain name in the field "IP address or domain name of
remote site".
Enter the user name and the password of the PPTP client for login to the
server into the respective fields.
In order to select the encryption for the PPTP connection, select this
from the drop-down list "Encryption". The encryption that is also used by
the PPTP server must be selected.
In order to set the default route to this PPTP tunnel, check the checkbox
"Set default route". The complete data traffic will be routed through the
tunnel then. However, this is only possible, if no preferential default route
has been set before.
If no default route to the tunnel is set, the local subnet behind the tunnel
must be defined. Enter this network with respective netmask into the
field "Remote subnet". Only that way, packets into the network behind
the PPTP tunnel will be routed through the tunnel.
In order to adjust the MTU (maximum permissible number of bytes in a
packet to be transmitted), change the entry in the entry respective field.
67
Page 68
Functions MoRoS ADSL 2.1 PRO
In order to adjust the MRU (maximum permissible number of bytes in a
packet to be received), change the entry in the respective field.
The default settings of MTU and MRU are suitable for most
applications and do not need to be modified usually.
In order to configure a connection check using a ping via ICMP protocol
to a domain or an IP address, enter this into the entry field "Additional
ICMP ping to". It is recommended to enter a domain name or IP address,
which can only be connected via the tunnel, here. If the connection
check is not successful, a possibly existing tunnel will be terminated, and
a new tunnel will be established. The ping interval is 15 minutes.
If a tunnel aborts, this will not be re-established automatically, but the
establishment will only be made after a new WAN connection
establishment. Therefore, the condition of the tunnel should be
checked using an ICMP ping in any case.
In order to confirm all settings for the loaded tunnel made above, click
on "OK".
13.3.8 Setting Up IPsec
IPsec (Internet Protocol Security) is a security protocol for the safe communication
via IP networks and can be used to set-up virtual private networks (VPN). Two
subnets can be connected together using two suitable routers (e.g. INSYS
MoRoS 2.1) via a secure tunnel. It is possible to configure up to 10 different
tunnels.
Configuration via the web interface
In order to use the IPsec for a connection, check in the menu "LAN (ext)"
on the page "IPsec" the checkbox "Activate IPsec".
In order to display the current state of the IPsec tunnels, select the link
"IPsec current state".
In order to display the messages of the last connection, select the link
"Display log of last connection".
In order to configure NAT traversal, use the drop-down list "NATTraversal" to select the desired option. If you select "activate" (default
setting), all ESP (Encapsulating Security Payload) packets are additionally
packed into a UDP packet and sent using the UDP port 4500, if a NAT
router is detected. If you select "force", this behaviour will be enforced
without checking for a NAT router (the remote terminal must also have
NAT traversal enabled in this case). If you select "deactivate", a UDP data
encapsulation will be prevented, what might lead to problems in
operation with a NAT router. This setting applies for all tunnels.
68
Page 69
MoRoS ADSL 2.1 PRO Functions
In order to configure the interval of the keep alive packets, which are
sent, if NAT traversal is used, enter the time in seconds into the field
"Keep alive interval". This can prevent that e.g. a stateful firewall blocks
the connection after an extended inactivity period.
In order to select the tunnel, whose settings are to be edited, select the
desired tunnel from the drop-down list "Tunnel name" and click on the
button "load to edit" then. If settings are made to the currently loaded
tunnel, these must be taken over before using the button "OK", before a
new tunnel is loaded to prevent that these settings get lost. Loading a
tunnel does not save settings that have been made!
In order to activate the loaded tunnel, check the checkbox "Activate
tunnel".
In order to assign a descriptive name to the loaded tunnel, enter it into
the field "Tunnel name". This makes the assignment of messages in the
log or status view easier.
In order to specify the remote terminal, to which the tunnel is to be
established, enter the IP address or the domain name of the remote
terminal into the field "IP address or domain name of remote site". If no
remote terminal is specified, incoming connection requests from all
remote terminals are accepted, but no connection can be initiated. In this
case, the "Action on dead peer" of the dead peer detection must be set
to "hold", since no new incoming connection request can be accepted
any more in case the existing connection has been terminated.
In order to define a network behind the switch of the MoRoS ADSL 2.1
PRO to be tunnelled, enter this network with according netmask into the
field "Local subnet". This does not have to be the actual local subnet, but
can also be behind further gateways. In such a case it must be observed
that the required routing rules are entered correctly. If this field is not
completed, the local subnet is used automatically.
In order to define the local subnet behind the remote terminal, enter this
network with according netmask into the field "Remote subnet". Only
data, which is addressed to this network, is packed in ESP packets.
In order to specify the ID of the remote terminal, enter it into the field
"Remote ID". The respective IP address is used as ID by default. If the
actual IP address differs from the received ID (e.g. due to NAT routers in
between) or is unknown, the ID of the remote terminal can be specified
explicitly (a self-defined string, which must contain an "@"). When using
certificates, the DN (Distinguished Name) is used as ID by default. The
domain name of the remote terminal can also be used as ID, because it is
resolved by a DNS lookup.
In order to adjust the own ID, enter it into the field "Local ID". This is only
necessary, if the default ID can or shall not be used.
69
Page 70
Functions MoRoS ADSL 2.1 PRO
In order to specify the authentication mode, select it in the drop-down
list "Authentication mode". The main mode is more secure, because all
authentication data is transmitted encrypted. The aggressive mode is
quicker, because it does not use encryption and the authentication is
preformed via a passphrase.
In order to define encryption and hash algorithms as well as the DiffieHellman group for the IKE key exchange, select these from the dropdown lists "IKE algorithms".
In order to define encryption and hash algorithms for the IPsec
connection, select these from the drop-down lists "IPsec algorithms".
In order to enter the maximum number of connection attempts, which
must be exceeded that a remote terminal is considered as not available,
enter this into the field "Maximum retries". A value of "0" means an
infinite number of attempts here.
In order to mask the received packets with the local IP address of the
MoRoS ADSL 2.1 PRO, check the checkbox "Mask packets through
tunnel". The recipient of the packets will see the local IP address of the
MoRoS ADSL 2.1 PRO as sender than, not the address of the original
sender from the local net of the remote terminal.
In order to configure the dead peer detection, enter the interval, which is
used to send requests to the remote terminal, in seconds into the field
"Dead peer detection interval" and the maximum time, in which these
requests must be replied, in seconds into the field "Dead peer detection
timeout". Select the behaviour for a connection, which is considered as
interrupted, in the drop-down list "Action on dead peer". If you select
"restart" (default setting) here, the connection will be restarted, for
"clear", it will be terminated, and for "hold", it will be held.
In order to enable perfect forward secrecy, check the checkbox "Activate
perfect forward secrecy". This can prevent that the next key can be
discovered more quickly from a hacked encryption. Both remote
terminals must have matching settings to be able to establish the
connection.
In order to configure the interval for the key renegotiation, enter the
value in seconds into the field "Interval for renegotiation of data channel
key". The minimum value is 3600 seconds (1 hour). The regular renewal
of the used keys can ensure the security of the IPsec connection for a
longer period.
in order to send an additional ping via ICMP protocol to an IP address,
enter this address, which must be located in the local subnet of the
remote terminal, into the field "Additional ICMP ping to". If the ping is
not successful, a possibly existing tunnel will be terminated, and a new
tunnel will be established. The ping interval is 15 minutes.
70
Page 71
MoRoS ADSL 2.1 PRO Functions
In order to configure the authentication for an IPsec connection, select
either the radio button "Authentication based on certificates" or the radio
button "Authentication with pre shared key (PSK)“. The authentication
with certificates can be used for the main mode. It is indicated under the
option here, whether the individual certificates and keys are present
(green checkmark) or not (red cross). Present certificates can also be
downloaded (blue arrow) or deleted again (red cross on white box). The
private key can only be deleted. The authentication with passphrase can
be used for main mode and aggressive mode. The passphrase, which
must be used by all IPsec participants, must be entered into the field
below the option for this.
In order to confirm all settings for the loaded tunnel made above, click
on "OK".
In order to upload a certificate or key, click in the section "Upload key or
certificates" on the "Browse..." button. Then, select in the "Upload file"
window the desired file on the respective data carrier and click on the
"Open" button. If the file is encrypted, you must also enter the password
into the "Password (only with encrypted file)" field. Click on "OK" then to
upload the file.
71
Page 72
Functions MoRoS ADSL 2.1 PRO
13.3.9 Configring GRE Tunnel
The Generic Routing Encapsulation protocol allows to transmit data transparently
through an existing connection without changing the original packets.
Configuration via the web interface
In order to enable a GRE tunnel, check in the menu "LAN (ext)" on the
page "GRE" the checkbox "Activate GRE tunnel".
Enter the remote tunnel terminal as IP address or domain name into the
"IP address or domain name of remote site" field.
Enter the own IP address that is to be used as tunnel end point into the
"Own IP address" field. This may be the WAN, VPN or local LAN address
for example.
Enter the IP address of the local tunnel end into the field "Tunnel address
local". A netmask can be specified optional here. In this case, an
appropriate route to this network will be created automatically, which
enables to access the tunnel address of the remote terminal for example.
In order to adjust the MTU (maximum permissible number of bytes in a
packet to be transmitted), change the entry in the entry respective field.
The default settings of MTU is suitable for most applications and does
not need to be modified usually.
If you want to specify a TTL (Time to Live), enter this into the "TTL (Time
to live)" field. If no TTL is specified, the TTL value from the tunneled
packet is used for the GRE packet.
In order to add a new route, enter in the section "Add new route" the
"IPv4 net address" and the "Netmask" as well as the "Gateway" into the
respective fields. All fields must be completed that a new route is taken
over into the table. Save the route by clicking "OK".
In order to delete an existing route, check under "Existing routes" the
checkbox of the route(s) to be deleted.
Save your settings by clicking "OK".
72
Page 73
MoRoS ADSL 2.1 PRO Functions
13.4 Inputs and Outputs
13.4.1 Querying the State of the Inputs
The MoRoS ADSL 2.1 PRO has digital inputs, which may trigger a PPP connection
set-up, a message dispatch via e-mail, an OpenVPN tunnel set-up, a PPTP tunnel
set-up, an IPsec tunnel set-up, or the set-up of a serial Ethernet connection. The
inputs are closed when connected to GND. They are opened when there is no
connection to GND. The states of the two inputs can be queried via the web
interface.
Configuration via the web interface
In order to query the status of the inputs, click in the menu "In / Outputs" on the page "Inputs" on the "Refresh" button. After the page
has been reloaded, the states of the inputs are displayed next to "Input
1:" and "Input 2:".
73
Page 74
Functions MoRoS ADSL 2.1 PRO
13.4.2 Configuring the Function of the Inputs
The MoRoS ADSL 2.1 PRO can establish a pre-configured dial-out connection, an
OpenVPN tunnel, a PPTP tunnel, an IPsec tunnel or a serial Ethernet gateway
connection, as soon as input 2 is closed for at least 4 seconds, i.e. connected to
"GND". When activating the input, a dial-out or tunnel or connection set-up is
performed as configured in the according menu. The connection will remain as
long as the connection configuration allows.
Configuration via the web interface
In order to configure the function of input 2, select in the menu "In/Outputs" on the page "Inputs" either the option "none", "Dial-Out
automatically", "Establish OpenVPN tunnel", "Establish IPsec tunnel", or
"Establish outgoing serial Ethernet connection".
The respective Dial-Out or OpenVPN/IPsec functions must be configured,
to be triggered by the input.
In order to trigger a PPPoE dial-out connection only with input 2, check
the checkbox "Exclusively (dial-on-demand is deactivated)". This function
is not effective, if the LAN ext interface is configured for a PPPoA
connection.
In order to terminate a Dial-Out connection by opening input 2, check the
checkbox "Cancel if no longer connected with GND".
In order to trigger an OpenVPN tunnel only with input 2, check the
checkbox "Establish exclusively via input (not automatically after DialOut)".
In order to terminate an OpenVPN tunnel by opening input 2, check the
checkbox "Cancel if no longer connected with GND".
In order to trigger a PPTP tunnel only with input 2, check the checkbox
"Establish exclusively via input (not automatically after Dial-Out)".
In order to terminate a PPTP tunnel by opening input 2, check the
checkbox "Cancel if no longer connected with GND".
In order to trigger an IPsec tunnel only with input 2, check the checkbox
"Establish exclusively via input (not automatically after Dial-Out)".
In order to terminate an IPsec tunnel by opening input 2, check the
checkbox "Cancel if no longer connected with GND".
In order to terminate an outgoing serial Ethernet connection by opening
input 2, check the checkbox "Cancel if no longer connected with GND".
Save your settings by clicking "OK".
74
Page 75
MoRoS ADSL 2.1 PRO Functions
13.4.3 Switch Outputs
The MoRoS ADSL 2.1 PRO has digital outputs, whose status can be queried and
changed via the web interface.
The outputs can also be operated daily at a certain time. Moreover, it is possible to
operate the outputs by establishing a PPP connection, an OpenVPN tunnel, a PPTP
tunnel, or a serial Ethernet connection.
Configuration via the web interface
In order to query the status of the outputs, change to the menu "In/Outputs" and the page "Outputs". The status of the outputs is displayed
in the section "Manual switching of outputs" by the radio buttons next to
the text "Output 1/2".
In order to change the state of the outputs, select in the menu "In/Outputs" on the page "Outputs" in the section "Manual switching of
outputs" for the respective output "Idle condition" or "Operated
condition" using the radio buttons and click "OK".
In order to switch an output to operated condition daily at a certain time,
check in the section "Switching times Output 1/2" the checkbox
"Switches to operated condition at" and enter into the following field the
time for operating the respective output.
In order to switch an output to idle condition daily at a certain time,
check in the section "Switching times Output 1/2" the checkbox
"Switches to idle condition at" and enter into the following field the time
for releasing the respective output.
In order to configure output 1 for an operation with the presence of a
PPPoE connection, select under "Function of output 1" the option
"Switches to operated condition if a PPP connection is established". This
function is not effective, if the LAN ext interface is configured for a
PPPoA connection.
In order to configure output 2 for an operation with the presence of an
OpenVPN tunnel, select under "Function of output 2" the option
"Switches to operated condition if an OpenVPN tunnel is established".
In order to configure output 2 for an operation with the presence of an
PPTP tunnel, select under "Function of output 2" the option "Switches to
operated condition if an PPTP tunnel is established".
In order to configure output 2 for an operation with the presence of an
IPsec tunnel, select under "Function of output 2" the option "Switches to
operated condition if an IPsec tunnel is established".
In order to configure output 2 for an operation with the presence of a
serial Ethernet connection, select under "Function of output 2" the option
"Switches to operated condition if a serial Ethernet connection is
established".
Save your settings by clicking "OK".
75
Page 76
Functions MoRoS ADSL 2.1 PRO
13.5 Configurable Switch
13.5.1 Querying Configuration and Status of the Switch Ports
The switch of the MoRoS ADSL 2.1 PRO is configurable. This means that you can
determine for each switch port individually which transmission rate should be used
or if it is supposed to be operated in half-duplex or full-duplex mode. You may also
control via the web interface, to which switch port a cable is connected and if a
physical connection exists.
Configuration via the web interface
You can see the current configuration of the individual switch ports in
the menu "Switch" on the page "Port configuration" next to the port list.
The coloured fields indicate whether a cable is connected to the switch.
These fields indicate the four switch ports. The boxes are green if there is
a network cable connected, and red if there is no cable connected or if
no physical connection exists to the network.
76
Page 77
MoRoS ADSL 2.1 PRO Functions
13.5.2 Configuring Switch Ports
You can determine, which switch port is operated with which transmission rate
and if it is operated in half-duplex or full-duplex mode. You can also determine if
the auto negotiation (the recognition of the network cabling) is available at each
port. These settings may be required if end devices have problems with the
automatic recognition of the connection parameters. You can determine how the
events at the network and the states of the switch ports are displayed at the switch
port status LEDs.
Configuration via the web interface
In order to enable or disable the respective switch port, use in the menu
"Switch" on the page "Port configuration" the checkbox "active" of the
respective switch port.
In order to enable or disable auto negotiation, use in the menu "Switch"
on the page "Port configuration" the checkbox "Auto negotiation" of the
respective switch port.
In order to define the transmission rate of a switch port, use the radio
buttons "10 Mbit/s" and "100 Mbit/s".
To operate a switch port in full-duplex or half-duplex mode, use the radio
buttons "Half-duplex" and "Full-duplex".
Save your settings by clicking "OK".
Note
Loss of availability!
The configuration will immediately be transferred to the
switch after clicking on "OK". This may result that the
13.5.3 Configuring the LED Display of the Switch Ports
device cannot be accessed any more.
Do not disable the switch port that is used to connect the
configuration PC with the router.
You can determine how the events at the network and the states of the switch ports
are displayed at the switch port status LEDs. We recommend not to change the
basic settings and to change the displays only temporarily for diagnosis purposes.
Configuration with the web interface
Select for the respective network event or the state of the port the colour
of the LED display of the switch port status LED in the menu "Switch" on
the page "LED configuration" via the radio buttons.
Save your settings by clicking "OK".
77
Page 78
Functions MoRoS ADSL 2.1 PRO
13.5.4 Configuring VLAN
The switch of the MoRoS ADSL 2.1 PRO can be divided in up to four VLANs. The
VLANs are described as VLAN A, VLAN B, VLAN C, and VLAN D. The ports 1 to 4
are the switch ports accessible from outside. The device itself is connected to the
4-port switch via an internal port. The belonging of a port to a VLAN can be
defined. The device can also belong to a VLAN. Each Ethernet packet that belongs
to a VLAN will be marked by an identifier (tag). The VLAN tag contains the VLAN ID
amongst others. Each port that belongs to a VLAN, will insert the VLAN tag
automatically for the received packets, if it not already contained in the packet.
Configuration via the web interface
In order to enable the VLAN configuration, check in the "Switch" menu
on the "VLAN configuration" page the checkbox "Activate VLAN
configuration".
In order to assign a port or the router to a VLAN, check the respective
checkbox in the configuration matrix.
In order to specify a VLAN ID for a >VLAN, enter it into the field "VLAN
ID".
In order to specify for a port that belongs to a VLAN, whether it shall
insert a VLAN tag into every received packet, or remove a possibly
already existing one, use the radio buttons "Insert VLAN tag" or "Remove
VLAN tag" for the respective port. If a port shall belong to several
VLANs, the VLAN tag must not be removed. The device connected to
this port must be able to interpret these VLAN tags. The VLAN tags will
always be removed for packets to the router.
Save your settings by clicking "OK".
Note
Loss of availability!
The configuration will immediately be transferred to the
switch after clicking on "OK". This may result that the
device cannot be accessed any more.
Therefore, configure the set VLAN on your locally
connected device accordingly.
78
Page 79
MoRoS ADSL 2.1 PRO Functions
13.5.5 Configuring Port Mirroring
With port mirroring, you can copy the data traffic of a switch port to a definable,
other switch port, called the sniffer port. This enables you to read the network
traffic for analysis purposes. The transmitting and receiving packets (TX/RX) of
certain ports can be mirrored separately to a sniffer port, where the network traffic
can be read.
Configuration with the web interface
To use a port as sniffer port, select the according port in the menu
"Switch" on the page "Port mirroring" in the drop-down list "Sniffer
port".
Select in the drop-down list "TX mirroring to sniffer port" the port, whose
TX line data you want to copy to the sniffer port.
Select in the drop-down list "RX mirroring to sniffer port" the port, whose
RX line data you want to copy to the sniffer port.
Save your settings by clicking "OK".
79
Page 80
Functions MoRoS ADSL 2.1 PRO
13.6 Serial Ethernet gateway
13.6.1 Setting up the Serial Ethernet Gateway
The serial Ethernet gateway enables the addressing of serial end devices from the
local network of the MoRoS ADSL 2.1 PRO or via the WAN interface, which are
connected to the serial interface. The data which is sent to a configurable network
port of the MoRoS ADSL 2.1 PRO is output at the serial interface. The connection
to the serial Ethernet gateway can either be maintained permanently (leased line
mode) or set-up if required (connection on request).
If the serial Ethernet gateway is enabled, a redundant communication device
cannot be used at the serial interface. If the sandbox is enabled and the serial
interface is reserved for the sandbox in addition, the sandbox has priority, i.e.
redundant communication device and serial Ethernet gateway are disabled. The
serial Ethernet gateway can be made dependent of the status of input 2 in the
menu "In- / Outputs" on the page "Inputs".
Configuration via the web interface
In order to enable the serial Ethernet gateway, check in the menu "Serial
Ethernet" on the page "Serial Ethernet" the checkbox "Activate serial
Ethernet gateway".
In order to display the current state of the serial Ethernet gateway, click
on the link "Serial Ethernet gateway current state".
In order to display the log of the serial Ethernet gateway, click on the link
"Serial Ethernet gateway log".
In order to configure the display of the serial Ethernet gateway log, enter
on the page "Serial Ethernet gateway log" into the field "Refresh after“
the update interval of the log in seconds as well as into the field "show
last … lines" the number of lines to be displayed and select "OK".
In order to configure the operation mode of the serial Ethernet gateway ,
select either the radio button "Leased line mode" or "Connection on
request".
In order to use an IPT connection, check the checkbox "Use IPT". In this
case, the IPT slave must also be configured and enabled in the menu
"Server services" on the page "IPT".
In order to increase the time between connection attempts in leased line
mode, check the checkbox "increase reconnection interval". In this case,
the interval between the connection attempts will increase (1, 5, 15, 30,
60 minutes). Otherwise, the MoRoS ADSL 2.1 PRO will try to establish a
connection every minute, if this is interrupted.
80
Page 81
MoRoS ADSL 2.1 PRO Functions
In order to enable incoming connections in "Connection on request"
mode as well, check the checkbox "Accept incoming connection" and
enter the port, on which the serial Ethernet gateway reacts on incoming
connections, into the entry field "TCP port" (it is possible to allow
incoming and outgoing connections at the same time). If an incoming or
outgoing connection is active in this case, the other is not available until
the active connection is closed.
In order to specify that the connection is only accepted, if an UDP or TCP
authentication of an INSYS VCom has been performed before, select in
the "VCOM authentication" section for "incoming" either the radio button
"UDP" or "TCP". An existing connection will be terminated by a VCom
authentication during the existing connection. This setting is ignored if
IPT is used.
In order to specify that an ATD dialling command triggers an outgoing
connection, select in the "Outgoing connection" section the radio button
"triggered by dialling command ATD". Then, the serial interface will be
operated in AT command mode and a connection must be initiated by an
ATD command. The Serial Ethernet Gateway expects the dialling
command ATD via the serial interface with the destination as IP address
or domain name, followed by the TCP port (e.g.: ATD192.168.1.1:1234 or
ATD"name.company.com":1234. When using IPT, only the IPT number is
specified here (e.g.: "ATD12345").
In order to specify that a character on the serial interface triggers an
outgoing connection, select in the "Outgoing connection" section the
radio button "triggered by serial character". Then, a connection will be
established as soon as the serial interface receives a character. A
destination must be specified in this operation mode. Enter the IP
address or the domain name of the target into the "IP address or domain
name" field as well as the port into the "Port" field. Alternatively, enter
for an IPT connection the IPT number into the "IPT dial number" field. A
secondary target can be entered optionally, to which a connection will be
established if the primary target is not available. If the connection set-up
fails, a new connection set-up cannot be performed before 5 minutes
have expired.
In order to specify a set-up of an outgoing connection by an active WAN
connection, select in the "Outgoing connection" section the radio button
"triggered by active WAN connection". Then, a connection will be
established as soon as a WAN connection is established. A destination
must be specified in this operation mode. Enter the IP address or the
domain name of the target into the "IP address or domain name" field as
well as the port into the "Port" field. Alternatively, enter for an IPT
connection the IPT number into the "IPT dial number" field. A secondary
target can be entered optionally, to which a connection will be
established if the primary target is not available.
81
Page 82
Functions MoRoS ADSL 2.1 PRO
In order to establish a connection in leased line mode, it is also
necessary, to enter the IP address or the domain name of the target as
well as the port or the IPT dial number. A secondary destination can be
entered optionally.
In order to establish an outgoing connection via input 2, it is also
necessary, to enter the IP address or the domain name of the target as
well as the port or the IPT dial number. A secondary destination can be
entered optionally. The function itself can be enabled in the menu "In- /
Outputs" on the page "Inputs".
In order to use authentication via TCP or UDP at an INSYS VCom for
outgoing connections, select in the "VCom authentication" section for
"outgoing" either the radio button "UDP" or "TCP". This authentication
will also be used in leased line mode or when establishing a connection
via an input. This setting is ignored if IPT is used.
Save your settings by clicking "OK". The serial Ethernet gateway will be
restarted with this. Existing serial Ethernet gateway connections will be
terminated.
13.6.2 Configuring Serial Ethernet Gateway Interface
The serial Ethernet gateway of the MoRoS ADSL 2.1 PRO allows a comprehensive
configuration of the serial interface and the packing of the data arriving there into
TCP packets. It is also possible to use the Telnet protocol. RFC 2217 is also
supported with this, which allows to modify the serial interface parameters during
the operation via a Telnet connection.
Configuration via the web interface
In order to configure the serial interface speed, select in the menu" Serial
Ethernet" on the page "Interfaces" the speed in the drop-down list
"Speed (in Bit/s)".
Configure the data format of the serial interface in the drop-down lists
"Data bits / Parity bits / Stop bits".
Select the data flow control (Hardware, i.e. RTS/CTS or Software i.e.
XON/XOFF) in the drop-down list "Flow control". If the connected serial
device does not support the respective data flow control, you must not
use this.
In order to use the control lines DCD and DTR, check the checkbox "Use
modem control lines".
In order to reset the control lines after the connection is terminated,
check the checkbox "Reset modem control lines after connection
termination".
82
Page 83
MoRoS ADSL 2.1 PRO Functions
In order to specify the maximum block size, from which the serially
received data are packed to a TCP packet and sent when reached, enter
the value into the field "Maximum block size".
In order to specify the maximum time until packing a TCP packet, enter
the time into the field "Aggregation timeout" in milliseconds. If this time
has expired, the serially received data will be packed to a TCP packet and
sent, even if the maximum block size has not yet been reached. This
timer will only be restated if the RS232 input buffer is empty and the first
character is received. The subsequent characters do not reset the timer.
In order to close the serial Ethernet connection automatically, if no data
is transmitted any more, enter a timeout value in seconds into the field
"Idle time". If no data transfer takes place as long as specified here, the
connection will be closed. To ensure that the connection is never closed,
set the value to "0". The value "0" is the default setting.
In order to enable sending keep alive packets, enter the sending interval
of the packets in seconds into the field "Keep alive interval". This
function is disabled by entering "0". If the serial Ethernet gateway
receives no reply to a keep alive packet for three consecutive times, the
connection will be considered as interrupted and the serial Ethernet
gateway terminates the connection.
In order to use the Telnet protocol, check the checkbox "Use Telnet
protocol". In this case, the serial Ethernet gateway filters all Telnet
commands from the incoming TCP data and replies them. Additionally,
the serial and the TCP data stream are adjusted to transmit Telnet control
characters error free.
Save your settings by clicking "OK".
83
Page 84
Functions MoRoS ADSL 2.1 PRO
13.6.3 Modem Emulator
The serial Ethernet gateway can emulate a modem. It provides a series of AT
commands for this. A modem will be emulated for each connection type with this
function. If an outgoing connection has been triggered by the ATD command, the
modem emulator will always be used, even if it is disabled. The following AT
commands are supported:
AT command Description
ATA Manual acceptance of an incoming TCP connection (by
evaluating the serial RING message)
ATD<IP>:<port>
ATD“<domain>“:<po
rt>
ATDL Redialling of the last dialled connection (only possible as
ATH The serial Ethernet gateway closes the serial Internet
ATE<n> Configuring the echo behaviour
+++ Puts the serial Ethernet gateway into command mode (a
ATO Change from command mode into data mode
ATQ<n> Configuring the quiet behaviour
Connection set-up to <IP>:<port> or <domain>:<port>
Following this, the serial Ethernet gateway is in data
mode
long as the serial Ethernet gateway has not been
restarted)
connection
ATE0 Echo disabled
ATE1 Echo enabled (default)
pause of at least one second is necessary before and
after the string)
ATQ0 Messages are sent (default)
ATQ1 No messages are sent
ATV<n> Configuring the message format
ATV0 Messages in short format, i.e. only the error
number
ATV1 Messages in long format, i.e. the error text
(default)
ATS0=<n> Automatic call acceptance after <n> ring tones (<n> =
0 for disabling the automatic call acceptance)
Table 14: List of the AT commands supported by the serial Ethernet gateway
Moreover, a reply to the ATI command is defined in the default AT
answer file.
84
Page 85
MoRoS ADSL 2.1 PRO Functions
Configuration via the web interface
In order to enable the modem emulator, check in the menu "Serial
Ethernet" on the page "Modem emulator" the checkbox "Activate
modem emulator".
In order to enable the echo function using the ATE command in the
modem emulator, check the checkbox "Enable echo (ATE)".
In order to disable the answers using the ATQ command in the modem
emulator, check the checkbox "Disable answers (ATQ)".
In order to enable the verbose answers using the ATV command in the
modem emulator, check the checkbox "Enable verbose answers (ATV)".
In order to configure the number of ring tones until call acceptance,
enter the number of ring tones into the field "Number of rings until
connection is answered (ATS0)".
In order to configure the default answer for unknown commands, enter
this into the field "Default answer for unknown commands". If nothing is
entered here, the message "ERROR" is returned in case of an unknown
or invalid AT command.
In order to download the current AT answer file, click on the link
"Download current AT answer file".
In order to upload an AT answer file, click on the "Browse…" button and
locate the respective file. The file will be uploaded after clicking on "OK".
This file must be a text file, which defines an associated answer for each
desired AT command. Each line in this text file defines an "commandanswer-pair" in the form <i="Serial Ethernet Gateway Version 1.0">. The
part preceding the "=" indicates the command (here "i" for ati; the "at"
must be removed) and the part following in quotation marks indicates
the associated answer (here "Serial Ethernet Gateway Version 1.0"). In
this case, the message "Serial Ethernet Gateway Version 1.0" would be
replied on the ati command. A multi-line answer within the quotation
marks is possible. Capitalization is ignored. Moreover, the order of the
entries must be observed. If an answer for the atxy command and the atx
command is defined for example, the entry for the atxy command must
be entered before the entry for the atx command, because otherwise the
entry for the atx command would be found first and processed after
entering the atxy command, before looking for a aty command, which
does not exist.
Save your settings by clicking "OK".
85
Page 86
Functions MoRoS ADSL 2.1 PRO
13.7 Messages
13.7.1 Configuring the Message Dispatch
The MoRoS ADSL 2.1 PRO can send an e-mail to any recipient on different events
or trigger an SNMP trap. A series of pre-define events are available for this, like
signals or pulses at input 1 or set-up of connections or VPN tunnels for example.
Configuration with the web interface
In order to enable to send an e-mail, you must enter the necessary data
for the e-mail account in the menu "Messages" on the
page"Configuration" in the section "E-mail". Enter the e-mail address into
the field "E-mail address" for this. Enter the first and last name of the
person holding the e-mail account (or any text) into the field "Real
name". Enter the domain name or the IP address of the SMTP server into
the field "SMTP server" as well as the port, at which the SMTP server
receives e-mails, into the field "SMTP port" (usually port 25). Enter the
user name for the e-mail account into the field "User name" as well as
the associated password into the field "Password".
In order to enable to trigger an SNMP trap, you must specify the SNMP
version in the menu "Messages" on the page"Configuration" in the
section "SNMP traps". In order to use SNMP v2c, select the radio button
"SNMP v2c". Moreover, the community string must be entered into the
field "Community". In order to use SNMP v3, select the radio button
"SNMP v3". Moreover, the community string must be entered into the
field "Community". In order to use an optional SNMP v3 authentication,
select the authentication method in the drop-down list "Authentication"
and enter the password for the authentication (at least 8 characters) into
the respective field. In order to use an optional SNMP v3 encryption,
select the encryption method in the drop-down list "Encryption" and
enter the password for the encryption (at least 8 characters) into the
respective field. An authentication is pre-condition for an encryption.
Save your settings by clicking "OK".
86
Page 87
MoRoS ADSL 2.1 PRO Functions
13.7.2 Configuring E-Mail Dispatch
The MoRoS ADSL 2.1 PRO can send an e-mail to any recipient on different, predefined events. An attachment, which can be selected from different log files, can
be attached to every e-mail. Moreover, it is possible to attach the status page of the
web interface to the message text. It is possible to create and manage a series of
different combinations of recipient, event, attachment, and text.
The signals at input 1 are distinguished between a long, at least 4 seconds long
pulse and single pulses, which last between 200 milliseconds and 2 seconds with a
pause between the pulses with the same time slot. The long pulse triggers the
message for the simple alarm. The short pulses trigger the dispatch of messages
for the according number of pulses.
Sending an e-mail is only possible if the access data for the e-mail account are
entered correctly in the menu "Messages" on the page "Configuration".
Configuration via the web interface
In order to enable e-mail dispatch, check in the menu "Messages" on the
page "E-mail" the checkbox "Activate e-mail messages".
In order to create an e-mail message, you have to define this in the
section "Create new e-mail". Enter the e-mail address of the recipient
into the field "Recipient" for this. Select from the drop-down list "Event"
the respective event for triggering the e-mail dispatch. Select from the
drop-down list "Attachment" the respective log file to be attached to the
e-mail. If this file is not present on the MoRoS ADSL 2.1 PRO, the e-mail
will be sent without attachment. Check the checkbox "Attach current
status to message text", if the status page of the web interface is to be
attached to the message text. Enter the message text into the field
"Text".
Save your settings by clicking "OK".
In order to temporarily switch off e-mail messages, uncheck in the
section "Existing e-mails" the check box in the column "active" in the email message overview. Click on "OK" to confirm the settings.
In order to delete one or more e-mail messages, check in the section
"Existing e-mails" the check box in the column "delete" in the e-mail
message overview. Click on "OK" to confirm the settings.
87
Page 88
Functions MoRoS ADSL 2.1 PRO
13.7.3 Configuring SNMP Trap Triggering
The MoRoS ADSL 2.1 PRO can trigger an SNMP trap that sends a message to any
recipient on different predefined events. It is possible to create and manage a
series of different combinations of recipient and event. The SNMP traps are
described in the MIB (Management Information Base).
The signals at input 1 are distinguished between a long, at least 4 seconds long
pulse and single pulses, which last between 200 milliseconds and 2 seconds with a
pause between the pulses with the same time slot. The long pulse triggers the
message for the simple alarm. The short pulses trigger the dispatch of messages
for the according number of pulses.
Triggering an SNMP trap is only possible if the settings for the SNMP traps are
configured correctly in the menu "Messages" on the page "Configuration".
Configuration via the web interface
In order to enable triggering of SNMP traps, check in the menu
"Messages" on the page "SNMP traps" the checkbox "Activate SNMP
tarps".
In order to download the private MIB, click on the link "Download private
MIB".
In order to create an SNMP trap, you have to define this in the section
"Create new SNMP trap". Enter the IP address or the domain name and
the associated port of the recipient into the fields "IP address or domain
name" and "Port" for this. Select from the drop-down list "Event" the
respective event for triggering the SNMP trap.
Save your settings by clicking "OK".
In order to temporarily switch off SNMP traps, uncheck in the section
"Existing SNMP traps" the check box in the column "active" in the SNMP
trap overview. Click on "OK" to confirm the settings.
In order to delete one or more SNMP traps, check in the section
"Existing SNMP traps" the check box in the column "delete" in the SNMP
trap overview. Click on "OK" to confirm the settings.
88
Page 89
MoRoS ADSL 2.1 PRO Functions
13.8 Server Services
13.8.1 Setting up DNS Forwarding
You may use the MoRoS ADSL 2.1 PRO as DNS relay server. If it is configured as
DNS server at the locally connected network devices, it will either forward the DNS
requests to the previously configured DNS servers in the Internet, or will use the
DNS server sent during the PPP connection. If IP addresses are combined with host
names in the local host table ("Basic Settings" menu, "Host names" page), these
will be processed first.
Configuration via the web interface
In order to disable the DNS relay, uncheck in the menu "Server services"
on the page "DNS" the checkbox "Activate DNS relay".
In order to specify further optional DNS servers, enter the IP addresses of
the according name servers in the entry fields "First DNS server address"
or "First IPv6 DNS server address" and "Second DNS server address" or
"Second IPv6 DNS server address".
Save your settings by clicking "OK".
89
Page 90
Functions MoRoS ADSL 2.1 PRO
13.8.2 Dynamic DNS Update
The MoRoS ADSL 2.1 PRO can forward the IP address, which it was allocated
during the dial-in into the Internet, to a DynDNS provider, so it can be reached from
the Internet with a domain name. This means that the network behind the MoRoS
ADSL 2.1 PRO can always be reached with the same domain name from the
Internet, also for dynamically allocated IP addresses (if the allocated IP address for
incoming connections is not protected). The IP address connected to the domain
name at the DynDNS provider will be updated for this during each dialup. For this
function, you will need an account with a DynDNS provider.
Configuration via the web interface
In order to configure the dynamic DNS update, check in the menu
"Server services" on the page "Dyn. DNS update" the checkbox "Activate
dynamic DNS update".
Select a DynDNS provider from the drop-down list "DynDNS provider".
In order to define an own DynDNS server, select in the drop-down list
"DynDNS provider" the entry "Userdefined DynDNS" and enter a
DynDNS server in the entry field "Userdefined DynDNS server".
Enter the domain name to be updated into the entry field "Domain
name".
Enter user name and password of your DynDNS account into the entry
fields "User name" and "Password".
Save your settings by clicking "OK".
This function is not effective, if the LAN ext interface is configured for
a PPPoA connection.
90
Page 91
MoRoS ADSL 2.1 PRO Functions
13.8.3 Setting up the DHCP Server
On request, the DHCP server of the MoRoS ADSL 2.1 PRO can automatically
allocate other devices in the LAN an address. This automatically allocated, dynamic
IP addresses are only valid for a certain time. The validity of the IP addresses
allocated by the DHCP server are controlled via the "Lease time". If there is already
a DHCP server in the network, in which the MoRoS ADSL 2.1 PRO is used, this
function must absolutely be disabled in the device. Otherwise, clients would let
their IP address be assigned by a wrong DHCP server.
IP addresses, which are in the IP pool and for which a connection to a MAC
address exists, are exclusively reserved for this DHCP client. The IP address is thus
not in the IP pool anymore. No IP addresses should be selected from the IP pool for
this MAC IP address connections. The pool should only be available for the DHCP
clients, for which no MAC address is known or is to be considered.
Configuration via the web interface
In order to setup the DHCP server, check in the menu "Server services"
on the page "DHCP" the checkbox "Activate DHCP server".
Enter into the entry fields "First and last IP address" the first IP address
and the last IP address of the address range, from which the DHCP
server of the device allocates addresses in the LAN. The IP address range
of the DHCP server must be located in the same network as the IP
address of the MoRoS ADSL 2.1 PRO.
Enter into the entry field "Lease Time" a validity period in seconds enter a
Validity period for the IP addresses to be allocated by the DHCP server.
The default value is 3.600 seconds.
In order to inform the DHCP clients about a special DNS server, enter its
IP address into the entry field "Alternative DNS server address". If the
field is empty, the local IP address of the router and the IP addresses of
the fixed configured DNS servers are communicated to the clients.
In order to specify an alternative gateway, enter its IP address into the
"Alternative default gateway address" field. If the field is empty, the IP
address of the router will be proposed to the clients as gateway.
Save your settings by clicking "OK".
In order to view the IP addresses allocated by the DHCP server and their
"Lease Time" (validity period), use the link "Display DHCP lease times".
You can define fix allocations in the section "Add new allocation of MAC
address and IP address" in order to allocate always the same IP address
to DHCP clients. For this, enter the MAC address of the respective DHCP
client into the entry field "MAC address" and the IP address, to which the
DHCP client is to be connected, into the field "IP address". Save the
allocation by clicking "OK".
91
Page 92
Functions MoRoS ADSL 2.1 PRO
In order to delete one or more allocations, check in the section "Fixed
allocation of IP addresses to MAC addresses“ the checkbox in the
column "delete" and click then "OK" to accept the setting.
13.8.4 Configuring the Router Advertiser
IPv6 prefixes can be advertised in the local LAN with the router advertiser.
Machines connected to the LAN can configure one or several IPv6 addresses
(SLAAC) independently using these received prefixes.
In order to support the configuration of the prefixes to be distributed, it will be
displayed, which prefix is set in the MoRoS ADSL 2.1 PRO and which prefixes are
indicated at the LAN (ext) interface.
Configuration via the web interface
In order to enable the router advertiser, check in the menu "Server
services" on the page "Router Advertiser" the checkbox "Activate router
advertiser".
Select the Preference in the drop-down list field "Preference". It specifies
the importance to be used by the machines in the LAN for handling the
received routes. If several router advertisers that distribute default routes
are in the LAN, the preference decides, which default route is used by
the machine in the end.
In order to add a new prefix, enter in the section "Add new prefix" the
the IPv6 net address and the netmask into the respective fields. Save the
prefix by clicking "OK".
In order to delete an existing prefix, check under "Existing prefixes" the
checkbox of the prefix(es) to be deleted.
Save your settings by clicking "OK".
92
Page 93
MoRoS ADSL 2.1 PRO Functions
13.8.5 Configuring a Proxy Server
The MoRoS ADSL 2.1 PRO provides a proxy server. This does not serve as a cache
for frequently accessed websites. It is used to delay the connection timeouts for
connections that load slowly and to filter undesired URLs (e.g. www.xyz.xx).
The proxy supports the HTTP and HTTPS protocols.
Configuration via the web interface
In order to enable the proxy server, check in the menu "Server services"
on the page "Proxy" the checkbox "Activate proxy server".
Enter in the entry field "Port of proxy server" the port, which you want to
use to access the proxy server from the internal network at the IP
address of the MoRoS ADSL 2.1 PRO.
In order to terminate connections,which seem to be inactive, after a
certain time, you can configure the time in seconds in the entry field
"Timeout for inactive connections".
In order to avoid overloading, you can restrict the number of clients
which can connect at the same time. Enter the maximum number of
simultaneously authorized clients in the entry field "Maximum amount of
allowed clients".
In order to increase the availability of the proxy, you can define a
minimum number of proxy server processes. Enter the desired number
of proxy server processes that are always running into the entry field
"Minimum amount of free proxy servers".
In order to avoid overloading with proxy requests, you can define a
maximum number of proxy server processes. An individual proxy server
process is started on the MoRoS ADSL 2.1 PRO for each client request.
Enter the desired maximum number of simultaneous proxy server
processes in the entry field "Maximum amount of free proxy servers" for
this. If more requests are received than proxy servers are available, the
additional requests are rejected.
Save your settings by clicking "OK".
93
Page 94
Functions MoRoS ADSL 2.1 PRO
13.8.6 Configuring an URL Filter
With the help of the URL filter, the proxy server can restrict possible URLs, which
can be accessed by computers from the internal network of the MoRoS ADSL 2.1
PRO. This will allow only access to URLs which are entered in the filter list. All
other URLs are blocked. To allow access to the Internet only via the proxy, the
firewall must be activated. Without the firewall, the access to any URLs would be
possible just by bypassing the proxy.
The IP address and the port of the proxy must be defined at the clients (e.g. a web
browser on a PC), which establish connections via the proxy.
Configuration via the web interface
In order to enable the URL filter, check in the menu "Server services" on
the page "Proxy" the checkbox "Activate filter".
In order to enter an allowed URL, which is accessible from the internal
network, enter the desired URL in the entry field "Allowed URLs".
In order to delete an URL from the list, delete the text of the URL from
the list.
Save your settings by clicking "OK".
13.8.7 Configuring IPT
The MoRoS ADSL 2.1 PRO also allows data transfer via an IPT channel. It can act
as IPT slave here.
Configuration via the web interface
In order to enable IPT, check in the menu "Server services" on the page
"IPT" the checkbox "Activate IPT slave".
In order to display the current state of the IPT slave, click on the link "IPT
current state".
In order to display the messages of the IPT slave, click on the link "IPT
log". This helps to draw conclusions on the failure cause in case of an
unsuccessful connection attempt.
In order to configure the connection to the IPT master, enter its IP
address or domain name into the entry field "IP address or domain
name". Enter the port on which the IPT master accepts the connection
into the entry field "Port". Enter the access data for registering at the IPT
master into the entry fields "User name" and "Password". These data
must be entered for the primary IPT master. A secondary IPT master can
be entered optionally that will be used following an unsuccessful
connection attempt to the primary IPT master.
94
Page 95
MoRoS ADSL 2.1 PRO Functions
In order to specify the IPT device identifier, enter it into the entry field
"IPT device identifier". By default, a combination of the string "INS" and
the MAC address of the MoRoS ADSL 2.1 PRO is entered.
In order to increase the time between connection attempts, check the
checkbox "Increase reconnection interval". In this case, the interval
between the connection attempts will increase (1, 5, 15, 30, 60 minutes).
Otherwise, the MoRoS ADSL 2.1 PRO will try to establish a connection
every minute.
In order to specify the maximum time between IPT request and IPT
response that must be exceeded that the connection to the IPT master
will be disconnected and re-established again, enter this time in seconds
into the field "Timeout between request and response".
In order to specify the maximum time between two characters of an IPT
command that must be exceeded that the connection to the IPT master
will be disconnected and re-established again, enter this time in seconds
into the field "Timeout between characters".
In order to enable scrambling of the IPT connection, check the checkbox
"Use scrambling". If scrambling is used, a challenge and a fix scramble
key must be specified. The fix scramble key encrypts the registration
with the IPT master and the challenge scramble key is used for
encryption following the successful registration. While the challenge
scramble key is transferred from the slave to the master, the fix scramble
key must be configured identically at the master and at the slave. Both
keys must have the fix length of 32 bytes that must be specified
hexadecimal with 64 digits for the configuration.
Save your settings by clicking "OK". The IPT slave will be restarted with
this. Existing IPT connections to the master or existing IPT data tunnels
will be closed before.
95
Page 96
Functions MoRoS ADSL 2.1 PRO
13.8.8 Configuring the SNMP Agent
The MoRoS ADSL 2.1 PRO provides an SNMP agent that responds to incoming
SNMP Get requests. All parameters that exist in the ASCII configuration file, can be
read via SNMP Get requests (except user name and password of the web interface
authentication). These parameters are described in the MIB (Management
Information Base).
Configuration with the web interface
In order to enable the SNMP agent, check in the menu "Server services"
on the page "SNMP agent" the checkbox "Activate SNMP agent".
In order to download the private MIB, click on the link "Download private
MIB".
In order to permit SNMP Get requests only from the local network and
send responds only to the local network, check the checkbox
"Exclusively allow SNMP local".
In order to specify the port, on which the SNMP agent receives UDP
messages, enter the port into the field "Port".
In order to specify a contact information for the SNMP agent, you can
enter this into the field "Contact information".
In order to specify a description for the SNMP agent, you can enter this
into the field "description".
In order to use the SNMP agent, you must specify and configure the
SNMP versions to be used. In order to use SNMP v1 or SNMP v2c,
check the checkbox "Use SNMP v1/v2c" and enter the community string
into the field "Community". In order to use SNMP v3, check the
checkbox "Use SNMP v3" and enter the SNMP user name into the field
"User name". In order to use an SNMP v3 authentication, select the
authentication method in the drop-down list "Authentication" and enter
the password for the authentication (at least 8 characters) into the
respective field. In order to use an SNMP v3 encryption, select the
encryption method in the drop-down list "Encryption" and enter the
password for the encryption (at least 8 characters) into the respective
field. An authentication is pre-condition for an encryption.
Save your settings by clicking "OK".
96
Page 97
MoRoS ADSL 2.1 PRO Functions
13.8.9 Configuring MCIP
MCIP (Management Control and Information Protocol) is a minimalist protocol for
exchanging short telegrams between an MCIP server and MCIP device drivers
based on TCP. Device drivers register with the MCIP server and inform it about the
Object IDs (OIDs) which can be addressed by it. An OID can be assigned to the
objects contained in the router so that they can be addressed in MCIP telegrams.
The state of the objects can be set and/or queried via the device drivers.
Configuration via the web interface
In order to enable device drivers to register with the MCIP server via
TCP, check in the "Server services" menu on the "MCIP" page the
checkbox "Accept incoming TCP connections on port" and specify the
TCP port in the field behind.
Assign an Object ID to the objects contained in the MoRoS ADSL 2.1
PRO by entering this into the field behind the respective object. An OID is
a number between 1001 and 65534.
Save your settings by clicking "OK".
97
Page 98
Functions MoRoS ADSL 2.1 PRO
13.9 System Configuration
The MoRoS ADSL 2.1 PRO displays system data such as firmware version, serial
number, hardware revision or firmware checksum, together with short system
messages about events and errors in the menu "System" on the page "System
data". This information is helpful and should be known together with the configured IP address if you contact the support. Furthermore, several links enable to
display system states and connection logs.
13.9.1 Displaying the System Log
The MoRoS ADSL 2.1 PRO allows to display the detailed system log in the menu
"System" on the page "System data". The number of displayed lines and the update interval can be configured.
Configuration with the web interface
In order to view the detailed system messages via the web interface,
click on the link "Show the extensive system log".
In order to configure the display of the system log, enter on the page
"System log" into the field "Refresh after“ the update interval of the log
in seconds as well as into the field "show last … lines" the number of
lines to be displayed and select "OK".
13.9.2 Displaying the Last System Messages
The MoRoS ADSL 2.1 PRO displays short system messages about events and
errors in the menu "System" on the page "System data". For analysis purposes, you
can dispaly the last messages on the web interface.
Configuration via the web interface
In order to display the last system messages, click on the link "Show the
last system messages".
98
Page 99
MoRoS ADSL 2.1 PRO Functions
13.9.3 Setting Time and Time Zone
The MoRoS ADSL 2.1 PRO has an internal clock to control time-controlled events.
This clock must be set to ensure that time-controlled events are processed
precisely to the desired time, and that system messages are dated correctly. The
clock can be updated automatically via an NTP server from the Internet. During
each connection establishment, it will be tried to synchronize the time from the
specified NTP server. In contrast to the time, the time zone must be manually
adjusted to the location. An NTP server for the local network can be started on the
router itself. In this case, it is recommended that the router synchronises its clock
via a WAN connection regularly, that the inaccuracies of the internal clock is
compensated by a regular synchronisation to avoid that an inaccurate time will be
broadcast in the network.
Configuration via the web interface
In order to configure time and date, enter in the menu "System" on the
page "Time" the values for day, month,year as well as hours and minutes
into the entry fields "DD MM YYYY hh mm".
Configure the time zone of the operation location by selecting it from the
drop-down list field "Timezone".
In order to synchronise time and date via NTP server, check the
checkbox "Clock synchronization with" and enter the name of an NTP
server or its IP address into the entry field.
In order to synchronise time and date via NTP server daily at a defined
time, check the checkbox "Additionally every day at" and enter the time
for the daily synchronisation into the entry field.
In order to synchronise time and date via NTP server immediately, check
the checkbox "Update time now". Then, it will be tried to establish a onetime connection with the NTP server to synchronise the time with saving
the settings. This enables an immediate test of the NTP server settings.
In order to act as an NTP server itself, check the checkbox "Activate local
time server". Local NTP requests will then be responded at UDP port
123.
Save your settings by clicking "OK".
99
Page 100
Functions MoRoS ADSL 2.1 PRO
13.9.4 Reset
You can reset the MoRoS ADSL 2.1 PRO via the web interface or by pressing the
reset key on the front of the device. A software reset can be initiated by briefly
pressing the reset key once. Pressing the reset key for at least three seconds
initiates a hardware reset. A restart will be made in both cases. Pressing the reset
key briefly three times within two seconds loads the factory defaults (see Section
Display and Control Elements – Function of the Control Elements).
Configuration via the web interface
In order to restart, select in the menu "System" on the page "Reset" the
radio button "Reset". Click on "OK" to execute the reset.
In order to restart and load the default settings, select in the menu
"System" on the page "Reset" the radio button "Load default
configuration and reset". Then, click on "OK" to execute the restart and
reset the device to default settings.
In order to configure a daily restart at a defined time, check the checkbox
"Daily restart at" and enter the time for the daily restart into the entry
field.
Save your settings by clicking "OK".
100
Loading...