virtual access GW6610, GW6640, GW6640W, GW6650, GW6650W User Manual

...

Download

Page 1

Issue:

1.5

Date:

09 September 2016

GW6600 Series and GW6600V Series User Manual

Page 2

_______________________________________________________________________________________________________

Table of Contents

1 Introduction ................................................................................................. 9

1.1 Document scope ....................................................................................... 9

1.2 Using this documentation ........................................................................... 9

2 GW6600 Series hardware ........................................................................... 12

2.1 Hardware specification ............................................................................. 12

2.2 Hardware features .................................................................................. 12

2.3 GSM and LTE technology .......................................................................... 13

2.4 Power supply .......................................................................................... 13

2.5 Dimensions ............................................................................................ 13

2.6 Compliance ............................................................................................ 13

2.7 Operating temperature range ................................................................... 13

2.8 Antenna ................................................................................................. 14

2.9 Components ........................................................................................... 14

2.10 Inserting the SIM cards ........................................................................... 15

2.11 Connecting the SIM lock .......................................................................... 15

2.12 Connecting cables ................................................................................... 15

2.13 Connecting the ante nna ........................................................................... 15

2.14 Connecting the WiFi antenna .................................................................... 15

2.15 Powering up ........................................................................................... 16

2.16 Reset button .......................................................................................... 16

3 GW6600 Series LED behaviou r .................................................................... 17

3.1 Main LED behaviour................................................................................. 17

3.2 Ethernet port LED behaviour .................................................................... 19

4 Factory configuration extraction from SIM card ......................................... 20

5 Accessing the router ................................................................................... 21

5.1 Configuration packages used .................................................................... 21

5.2 Accessing the router over Ethernet using the web interface .......................... 21

5.3 Accessing the router over Ethernet using an SSH client ............................... 22

5.4 Accessing the router over Ethernet using a Telnet client .............................. 23

5.5 Configuring the password ......................................................................... 23

5.6 Configuring the password using the web interfa ce ....................................... 23

5.7 Configuring the password using UCI .......................................................... 24

5.8 Configuring the password using package options......................................... 24

5.9 Accessing the device using RADIUS authentication ...................................... 25

5.10 Accessing the device using TACACS+ authentication ................................... 26

5.11 SSH ...................................................................................................... 29

5.12 Package dropbear using UCI ..................................................................... 31

5.13 Certs and private keys ............................................................................. 32

5.14 Configuring a router’s web server ............................................................. 33

5.15 Basic authentication (httpd conf) .............................................................. 38

_______________________________________________________________________________________________________ © Virtual Access 2016 GW6600 Series and GW6600V Series User Manual Issue: 1.5 Page 2 of 384

Page 3

_______________________________________________________________________________________________________

Table of Contents

5.16 Securing uhttpd ...................................................................................... 39

6 Configuring Dynamic DNS ........................................................................... 40

6.1 Overview ............................................................................................... 40

6.2 Configuration packages used .................................................................... 40

6.3 Configuring Dynamic DNS using the web interface ...................................... 40

6.4 Dynamic DNS using UCI........................................................................... 42

7 System settings .......................................................................................... 44

7.1 Configuration package used ..................................................................... 44

7.2 Configuring system properties .................................................................. 44

7.3 System settings using UCI ....................................................................... 48

7.4 System diagnostics ................................................................................. 49

8 Upgrading router f i r m wa re ......................................................................... 51

8.1 Upgrading firmware using the web interface ............................................... 51

8.2 Upgrading firmware using CLI .................................................................. 53

9 Router file structure ................................................................................... 54

9.1 System information ................................................................................. 54

9.2 Image files ............................................................................................. 55

9.3 Directory locations for UCI configuration files ............................................. 55

9.4 Viewing and changing cur rent configuration ............................................... 56

9.5 Configuration file syntax .......................................................................... 56

9.6 Managing configurations .......................................................................... 57

9.7 Exporting a configuration file .................................................................... 57

9.8 Importing a configuration file ................................................................... 59

10 Using the Command Line Interface ............................................................. 61

10.1 Overview of some common commands ...................................................... 61

10.2 Using Unified Configuration Interface (UCI) ................................................ 64

10.3 Configuration files ................................................................................... 69

10.4 Configuration file syntax .......................................................................... 69

11 Management configuratio n set tings ........................................................... 71

11.1 Activator ................................................................................................ 71

11.2 Monitor .................................................................................................. 71

11.3 Configuration packages used .................................................................... 71

11.4 Autoload: boot up activation ..................................................................... 72

11.5 Autoload packages .................................................................................. 72

11.6 Autoload using UCI ................................................................................. 75

11.7 HTTP Client: configuring activation using the web interface .......................... 76

11.8 Httpclient: Activator configuration using UCI .............................................. 78

11.9 User management using UC I .................................................................... 79

11.10 Configuring the managem ent user password using UCI ............................. 81

11.11 Configuring management user password using package options ................. 81

_______________________________________________________________________________________________________ © Virtual Access 2016 GW6600 Series and GW6600V Series User Manual Issue: 1.5 Page 3 of 384

Page 4

_______________________________________________________________________________________________________

Table of Contents

11.12 User management using UC I ................................................................. 81

11.13 Configuring user access to specific web pages ......................................... 82

12 Configuring an ADSL interface .................................................................... 83

12.1 ADSL connections ................................................................................... 83

12.2 ADSL connection options on your router .................................................... 83

12.3 Configuration package used ..................................................................... 84

12.4 Creating a new ADSL PPPoA connection ..................................................... 84

12.5 PPPoA: general setup .............................................................................. 86

12.6 PPPoA: advanced settings ........................................................................ 87

12.7 PPPoA: firewall settings ........................................................................... 88

12.8 Creating an ADSL PPPoA connection using UCI ........................................... 89

12.9 Creating a new ADSL PPPoEoA connection .................................................. 90

12.10 Configuring an ADSL PPPoEoA connection using UCI ................................. 95

12.11 Configuring an ADSL bridge connection with static IP ............................... 96

12.12 ADSL diagnostics ............................................................................... 103

13 Configuring an Ethernet interface ............................................................. 106

13.1 Configuration packages used .................................................................. 106

13.2 Configuring an Ethernet interface using the web interface .......................... 106

13.3 Interface configura tion using UCI ............................................................ 116

13.4 Configuring port maps ........................................................................... 119

13.5 Port map packages ................................................................................ 119

13.6 Interface diagnostics ............................................................................. 121

14 Configuring SAToP and CESoPSN .............................................................. 123

14.1 What are SAToP and CESoPSN? .............................................................. 123

14.2 Clocking ............................................................................................... 123

14.3 Virtual Access proprietary SAToP/CESoPSN protocol extension .................... 124

14.4 Configuration package used ................................................................... 124

14.5 Configuring SAToP/CESoPSN .................................................................. 125

14.6 Configuring main settings using UCI ........................................................ 126

14.7 Configuring port settings using the web inter face ...................................... 127

14.8 Configuring port settings using UCI ......................................................... 133

14.9 CESoPSN diagnostics ............................................................................. 134

15 ISDN pseudowire ...................................................................................... 144

15.1 Introduction ......................................................................................... 144

15.2 Pseudowire funct io nality ........................................................................ 145

15.3 ISDN pseudowire in client role ................................................................ 145

15.4 ISDN pseudowire in client and provider role (back-to-back) ....................... 146

16 Analogu e Leased Line interface ................................................................ 150

16.1 Terminal Server: V.23 modem emulation ................................................. 150

16.2 CESoPSN: transparent mode .................................................................. 150

_______________________________________________________________________________________________________ © Virtual Access 2016 GW6600 Series and GW6600V Series User Manual Issue: 1.5 Page 4 of 384

Page 5

_______________________________________________________________________________________________________

Table of Contents

16.3 Gain and attenuation control .................................................................. 150

16.4 ALL status ............................................................................................ 151

16.5 ALL statistics ........................................................................................ 152

16.6 ALL wiring ............................................................................................ 154

17 DHCP server and DNS configuration (Dnsmasq) ....................................... 155

17.1 Configuration package used ................................................................... 155

17.2 Configuring DHCP and DNS using the web interface .................................. 155

17.3 Configuring DHCP and DNS using UCI ...................................................... 163

17.4 Configuring DHCP pools using UCI ........................................................... 165

17.5 Configuring static leases using UCI .......................................................... 166

18 Configuring VLAN ..................................................................................... 167

18.1 Maximum number of VLANs supported .................................................... 167

18.2 Configuration package used ................................................................... 167

18.3 Configuring VLAN using the web interface ................................................ 167

18.4 Viewing VLAN interface settings .............................................................. 170

18.5 Configuring VLAN us ing the UCI interface ................................................. 171

19 Configuring static routes .......................................................................... 172

19.1 Configuration package used ................................................................... 172

19.2 Configuring static routes using the web interface ...................................... 172

19.3 Configuring IPv6 routes using the web interface ....................................... 173

19.4 Configuring routes using command line ................................................... 173

19.5 IPv4 routes using UCI ............................................................................ 174

19.6 IPv4 routes using package options .......................................................... 175

19.7 IPv6 routes using UCI ............................................................................ 175

19.8 IPv6 routes using packages options ......................................................... 175

19.9 Static routes diagnostics ........................................................................ 176

20 Configuring BGP (Border Gateway Protocol) ............................................ 177

20.1 Configuration package used ................................................................... 177

20.2 Configuring BGP using the web interface .................................................. 177

20.3 Configuring BGP using UCI ..................................................................... 180

20.4 Configuring BGP using packages options .................................................. 181

20.5 View routes statistics ............................................................................. 182

21 Configuring a WiFi connection .................................................................. 183

21.1 Configuration packages used .................................................................. 183

21.2 Configuring a WiFi interface using the web interface .................................. 183

21.3 Configuring WiFi in AP mode ................................................................... 189

21.4 Configuring WiFi using UCI ..................................................................... 191

21.5 Creating a WiFi in Client mode using the web interface .............................. 194

21.6 Configuring WiFi in Client mode using command line ................................. 195

22 Configuring a mobile connection .............................................................. 197

_______________________________________________________________________________________________________ © Virtual Access 2016 GW6600 Series and GW6600V Series User Manual Issue: 1.5 Page 5 of 384

Page 6

_______________________________________________________________________________________________________

Table of Contents

22.1 Configuration package used ................................................................... 197

22.2 Configuring a mobile connection using the web interface ............................ 197

22.3 Viewing mobile connectivity information .................................................. 202

22.4 Configuring a mobile connection using UCI ............................................... 203

22.5 Mobile status using UCI ......................................................................... 203

23 Configuring mobile manager..................................................................... 205

23.1 Configuration package used ................................................................... 205

23.2 Configuring mobile manager using the web interface ................................. 205

23.3 Configuring mobile manager using UCI .................................................... 208

23.4 Configuring a roaming interface template via the web interface .................. 209

23.5 Monitoring SMS .................................................................................... 209

23.6 Sending SMS from the router ................................................................. 210

23.7 Sending SMS to the router ..................................................................... 210

24 Configuring Multi-WAN ............................................................................. 211

24.1 Configuration package used ................................................................... 211

24.2 Configuring Multi-WAN using the web interface ......................................... 211

24.3 Multi-WAN traffic rules ........................................................................... 216

24.4 Configuring Multi-WAN using UCI ............................................................ 216

24.5 Multi-WAN diagnostics ........................................................................... 217

25 Automatic operator selection .................................................................... 220

25.1 Configuration package used ................................................................... 220

25.2 Configuring automatic operator selection via the web interface ................... 220

25.3 Configuring via UCI ............................................................................... 240

25.4 Configuring no PMP + roaming using UCI ................................................. 244

25.5 Automatic operator selection diagnostics v ia the web interface ................... 246

25.6 Automatic operator selection diagnostics v ia UCI ...................................... 248

26 Configuring IPSec ..................................................................................... 251

26.1 Configuration package used ................................................................... 251

26.2 Configuring IPSec using the web interface ................................................ 251

26.3 Configuring IPSec using UCI ................................................................... 259

26.4 Configuring an IPSec template for DMVPN via the web interface ................. 263

26.5 Configuring an IPSec template to use with DMVPN .................................... 270

26.6 IPSec diagnostics using the web interface ................................................ 272

26.7 IPSec diagnostics using UCI ................................................................... 272

27 Configuring firewall .................................................................................. 273

27.1 Configuration package used ................................................................... 273

27.2 Configuring firewall using the web interface ............................................. 273

27.3 Configuring firewall using UCI ................................................................. 285

27.4 IPv6 notes ........................................................................................... 287

27.5 Implic ations of DROP vs. REJECT ............................................................ 287

_______________________________________________________________________________________________________ © Virtual Access 2016 GW6600 Series and GW6600V Series User Manual Issue: 1.5 Page 6 of 384

Page 7

_______________________________________________________________________________________________________

Table of Contents

27.6 Connection tracking .............................................................................. 288

27.7 Firewall examples ................................................................................. 288

28 Configuring SNMP ..................................................................................... 296

28.1 Configuration package used ................................................................... 296

28.2 Configuring SMNP using the web interface................................................ 296

28.3 Configuring SNMP us ing c ommand line .................................................... 301

29 Configuring VRRP ..................................................................................... 308

29.1 Overview ............................................................................................. 308

29.2 Configuration package used ................................................................... 308

29.3 Configuring VRRP using the web interface ................................................ 308

29.4 Configuring VRRP using UCI ................................................................... 310

30 Dial modem .............................................................................................. 312

30.1 V.90 modem scenarios .......................................................................... 312

30.2 Setting up the V.90 physical port connection ............................................ 313

30.3 Configuring the modem as a dial out interface via UCI inter face .................. 313

30.4 Configuring the modem as a dial in interface via UCI ................................. 314

31 Dynamic Multipoint Virtual Private Network (DMVPN) ............................. 317

31.1 Prerequisites for configuring DMVPN ........................................................ 317

31.2 Advantages of using DMVPN ................................................................... 317

31.3 DMVPN scenarios .................................................................................. 318

31.4 Configuration packages used .................................................................. 320

31.5 Configuring DMVPN using the web interface ............................................. 320

31.6 DMVPN diagnostics ................................................................................ 322

32 Configuring Terminal Server ..................................................................... 325

32.1 Overview ............................................................................................. 325

32.2 Configuration packages used .................................................................. 325

32.3 Configuring Terminal Server using the web interface ................................. 325

32.4 Terminal Server using UCI ..................................................................... 335

32.5 Terminal Server using package options .................................................... 336

32.6 Terminal Server diagnostics ................................................................... 336

33 Configuring a GRE interface ...................................................................... 339

33.1 Configuration packages used .................................................................. 339

33.2 Creating a GRE connecti on using the web interface ................................... 339

33.3 GRE configuration using command line .................................................... 344

33.4 GRE configuration using UCI ................................................................... 344

33.5 GRE configuration using package options ................................................. 344

33.6 GRE diagnostics .................................................................................... 345

34 Configuring multicasting using PIM and IGMP interfaces ......................... 347

34.1 Overview ............................................................................................. 347

34.2 Configuration package used ................................................................... 347

_______________________________________________________________________________________________________ © Virtual Access 2016 GW6600 Series and GW6600V Series User Manual Issue: 1.5 Page 7 of 384

Page 8

_______________________________________________________________________________________________________

Table of Contents

34.3 Configuring PIM and IGMP using the web interface .................................... 347

34.4 Configuring PIM and IGMP using UCI ....................................................... 349

35 Event system ............................................................................................ 351

35.1 Configuration package used ................................................................... 351

35.2 Implementation of the event system ....................................................... 351

35.3 Supported events .................................................................................. 351

35.4 Supported targets ................................................................................. 352

35.5 Supported connection testers ................................................................. 352

35.6 Configuring the event system using the web interface ............................... 352

35.7 Configuring the event system using UCI .................................................. 352

35.8 Event system diagnostics ....................................................................... 362

36 Configuring SLA reporting on Monit or ....................................................... 369

36.1 Introduction ......................................................................................... 369

36.2 Configuring SLA reporting ...................................................................... 369

36.3 Configuring router upload protocol .......................................................... 370

36.4 Viewing graphs ..................................................................................... 370

36.5 Generating a report ............................................................................... 373

36.6 Reporting device status to Monitor using UCI ............................................ 376

37 Configuring SLA for a router ..................................................................... 380

37.1 Configuration package used ................................................................... 380

37.2 Configuring SLA for a router using the web interface ................................. 380

37.3 Configuring SLA for a router using the UCI interface .................................. 382

_______________________________________________________________________________________________________ © Virtual Access 2016 GW6600 Series and GW6600V Series User Manual Issue: 1.5 Page 8 of 384

Page 9

_______________________________________________________________________________________________________

GW6600 Series

Line

GW6610

1 4

Opt

GW6611W

1 4 1

Opt

GW6630

1 4

yes

Opt

GW6630W

1 4 1

yes

Opt

GW6640

1 4

yes

yes yes

Opt

GW6640W

1 4 1

yes

yes yes

Opt

GW6650

1 4

yes Opt

Opt

GW6650W

1 4 1

yes Opt

Opt

GW6600V Series

ADSL2+

GW6610V

1 4 opt opt yes

GW6640V

1 4 opt opt yes

yes

1 Introduction

Based on the very latest ADSL2+, WiFi and 3G HSPA+ technology, Virtual Access GW6600 Series routers address the needs of today’ s businesses for managed resilient broadband connectivity. Point of Sale (POS), retail branch office, security monitor ing and other key business applications demand managed co nnectivity that is cost-effective, high performance and resilient to network outage or last mile circuit failure.

Designed for managed network providers, GW6600 Series routers provide secure WAN connectivity for internet and private networking environments over both ADSL2+ and 3G broadband paths and incorporate optional 802.11n WiFi connectivity.

1.1 Document scope

This document covers the following GW6600 Series models.

1: Introduction

Model ADSL2+ ETH WiFi 3G/HSPA+ 4G/LTE CDMA

Model VDSL&

Eth WiFi 3G

1.2 Using this documentation

You can configure your router using either the router’s web interface or via the command line using UCI commands. Each chapter explains first the web interface settings, followed by how to configure the router using UCI. The web interface screens are shown along with a path to the screen for example, ‘In the top menu, se lect Service ->

SNMP.’ followed by a screen grab.

HSPA

4G LTE

450

CDMA 450

Dual SIM

V.92 Modem

V92 Modem

Analog Leased

ALL ISDN

ISDN BRI

BRI

After the screen grab there is an information table that describes each of the screen’s fields.

_______________________________________________________________________________________________________ © Virtual Access 2016 GW6600 Series and GW6600V Series User Manual Issue: 1.5 Page 9 of 384

Page 10

_______________________________________________________________________________________________________

Web Field/UCI/Packag e Optio n

Description

Opt: metric

1.2.1 Information tables

We use information tables to show the different ways to configure the router using the router’s web and command line. The left-hand column shows three options:

• Web: refers the command on the router’s web page,

• UCI: shows the specific UCI command, and

• Opt: shows the package option.

The right-hand column shows a description field that describes the feature’s field or command and shows any options for that feature.

Some features have a drop-down menu and the options are described in a table within the description column. The def ault value is shown in a grey cell.

Values for enabling and disabling a feature are var ied throughout the web interface, for example, 1/0; Yes/No; True/False; check/unc heck a radio button. In the table descriptions, we use 0 to denote Disable and 1 to denote Enable.

Some configuration s ections can be defined more than once. An example of this is the routing table where multiple routes can exist and all are named ‘route’. For these sections, the UCI command will have a code value [0] or [x] (where x is the section number) to identify the section.

1: Introduction

Web: Metric UCI: network.@route[0].metric

Specifies the route metric to use.

Note: these sections can be given a label for identification when using UCI or package options.

network.@route[0]=route network.@route[0].metric=0

can be witten as:

network.routename=route network.routename.metric=0

However the documenta t io n usually assumes that a section label is not configured. The following table shows fields from a variety of chapters to illustrate the explanations

above.

_______________________________________________________________________________________________________ © Virtual Access 2016 GW6600 Series and GW6600V Series User Manual Issue: 1.5 Page 10 of 384

Page 11

_______________________________________________________________________________________________________

Web Field/UCI/Packag e Optio n

Description

Disabled.

Enabled.

Emergency

Alert

Critical

Error

Warning

Notice

Informational

Debug

Opt: agentaddress

1: Introduction

Web: Enable UCI: cesop.main.enable Opt: enable

Web: Syslog Severity UCI: cesop.main.severity Opt: log_severity

Web: Agent Address UCI: snmpd.agent[0].agentadd ress

1.2.2 Definitions

Throughout the document, we use the host name ‘VA_router’ to cover all router models. UCI commands and package option examples are shown in the following format:

Enables CESoPSN services.

Selects the severity used for logging events CESoPS N in syslog . The following levels are available .

Specifies the address(es) and port(s) on which the agent should listen.

[(udp|tcp):]port[@address][,…]

Table 1: Example of an information table

root@VA_router:~# vacmd show current config

1.2.3 Diagnostics

Diagnostics are explained at the end of each feature’s chapter.

1.2.4 UCI commands

For detailed information on using UCI commands, read chapters ‘Router File Structure’ and ‘Using Command Line Interface’.

_______________________________________________________________________________________________________ © Virtual Access 2016 GW6600 Series and GW6600V Series User Manual Issue: 1.5 Page 11 of 384

Page 12

_______________________________________________________________________________________________________

GW6610

1 4 opt opt GW6611

1 4 opt

yes

opt GW6612

1 4 opt opt

yes

GW6630

1 4 opt

yes

yes opt GW6631

1 4 opt

yes

opt GW6632

1 4 opt

yes

yes opt

yes

GW6640

1 4 opt yes yes opt GW6641

1 4 opt yes yes

yes

opt GW6642

1 4 opt yes yes opt

yes

GW6650

1 4 opt

yes

opt

ADSL2+

GW6610V

1 4 opt opt yes

GW6640V

1 4 opt opt yes

yes

2 GW6600 Series hardware

2.1 Hardware spe cification

2.1.1 GW6600 Series router model variants

2: GW6600 Series hardware

Model ADSL2+ Eth WiFi 3G

HSPA

4G LTE

2.1.2 GW6600V Series router model variants

Model VDSL&

Eth WiFi 3G

HSPA

4G LTE

2.2 Hardware features

CDMA 450

Dual SIM

V92 Modem

ALL ISDN

BRI

ALL ISDN

BRI

2.2.1 GW6600 Series hardware features

• Dual SIM sockets

• Dual antenna SMA connectors

• Four 10/100 Mbps Ethernet ports

• Optional V.92, ALL or ISDN ports

• Optio nal WiFi

• Optional SIM cover

2.2.2 GW6600V Series hardware features

• Dual SIM sockets

• Quad antenna SMA connectors

• Four Gigabit Ethernet ports

• Optional V.92 dial modem

_______________________________________________________________________________________________________ © Virtual Access 2016 GW6600 Series and GW6600V Series User Manual Issue: 1.5 Page 12 of 384

Page 13

_______________________________________________________________________________________________________

Unit size:

225W 158D 37H mm

Unit weight:

916g

Safety

EN60950-1: 2006 + A12 : 2011

DC input cable

0°C to +65°C

• Optio nal WiFi (2.4Ghz & 5Ghz)

• Optional 3G/4G

• Optional SIM cover

2.3 GSM and LTE technology

• HSPA+

• EDGE/GPRS

• Download up to 21Mbps

• Upload up to 5.76Mbps

• 2100/1900/900/850MHz bands

• LTE 2100/1900/1800/850/2600/900/800MHz bands

2.4 Power supply

2: GW6600 Series hardware

The GW6600 Series and GW6600V Series router has three power supply options:

• 100V-240V AC PSU (standard)

• 100V-240V AC PSU with extended temperature support -20°C to +70°C

• 10V-30V DC power lead

2.5 Dimensions

2.6 Compliance

The GW6600 Series and GW6600V Series routers are compliant and tested to the following standards:

EMC EN55022: 2010 Class B and EN55024: 201 0 Environmental ETSI 300 019-1-3 Sinusoidal Vibration and Shock ETSI 300 019-2-3 Random Vibra tio n

2.7 Operating tem pera tu re ran ge

The operating temperature range depends on the router’s type of power supply.

Standard AC PSU: 0°C to +65°C Optional industrial PSU -20°C to +65°C

_______________________________________________________________________________________________________ © Virtual Access 2016 GW6600 Series and GW6600V Series User Manual Issue: 1.5 Page 13 of 384

Page 14

_______________________________________________________________________________________________________

2.8 Antenna

The GW6600 Series and GW6600V Series routers have four SMA connectors for connection of up to four antennas for antenna diversity. Antenna diversity helps improve the quality of a wireless link by mitigating problems associated with multipath interference.

2.9 Components

To enable and configure connections on your router, it must be correctly installed. The GW6600 Series router contains an internal web server that you use for

configurations. Before you can access the internal web server and start the configuration, ensure the components are correctly connecte d and that your PC has the correct networking setup.

All GW6600 Series routers come with the following components as standard:

1 x GW6600 Series route r (mo dels vary)

2: GW6600 Series hardware

1 x Ethernet cable RJ45 to RJ45 (yellow).

1 x ADSL cable: RJ11 to RJ11 (purple)

1 x 12V power supply unit (2 parts).

Table 2: GW6600 Series router standard components

Optional components include:

1 x V.90 cable: RJ45 to RJ11 (blue) (IE/EU customers only)

1 x V.90 cable: RJ45 to 431A BT cable (UK customers only) 1 x ISDN cable: RJ45 to RJ45 (yellow)

1 x lockable SIM cover.

1 x 3G antenna

1 x WiFi antenna

Extra antennas Virtual Access supplies a wide range of antennas for 3G and

WiFi. Please visit our website: www.virtualaccess.com contact Virtual Access for more information.

Table 3: GW6600 Series router optional components

_______________________________________________________________________________________________________ © Virtual Access 2016 GW6600 Series and GW6600V Series User Manual Issue: 1.5 Page 14 of 384

Page 15

_______________________________________________________________________________________________________

2.10 Inserting the SIM cards

2.10.1 GW6600 Series models

• Ensure the unit is powered off.

• Hold the SIM 1 card with the chip side facing down and the cut corner front left.

• Gently push the SIM card into the SIM slot 1 until it clicks in.

• If using SIM 2 hold the SIM with the chip side facing down and the cut corner

front left.

• Gently push the SIM card into the SIM slot 2 until it clicks in.

2.10.2 GW6600V Series models

• Ensure the unit is powered off.

• Hold the SIM 1 card with the chip side facing down and the cut corner front left.

2: GW6600 Series hardware

• Gently push the SIM card into the upper SIM slot 1 until it click s in.

• If using SIM 2 hold the SIM with the chip side facing down and the cut corner

front left.

• Gently push the SIM card into the lower SIM slot 2 until it clicks in.

2.11 Connecting the SIM lock

Connect the SIM lock using the Allen key provided.

2.12 Connecting cables

Connect one end of the Ethernet cable into port A and the other end to your PC or switch.

2.13 Connecting the antenna

If you are only connecting one antenna, screw the antenna into the MAIN SMA connector.

If you are using more than one antenna, screw the main antenna into the MAIN SMA connector and the secondary antenna into the 3G-AUX SMA connector.

2.14 Connecting the WiFi antenna

If you are connecting one antenna, screw the antenna into either of the WiFi SMA connectors. You can use a second WiFi antenna if necessary.

_______________________________________________________________________________________________________ © Virtual Access 2016 GW6600 Series and GW6600V Series User Manual Issue: 1.5 Page 15 of 384

Page 16

_______________________________________________________________________________________________________

Press Duration

Behaviour

Less than 2 seconds

Normal reset.

Between 20 seconds and 30 seconds

Recovery mode.

Over 30 seconds

Normal reset.

2.15 Powering up

Plug the power cable into an electrical socket suitable for the power supply. The GW6600 takes approximately 2 minutes to boo t up. During this time, the power LED

flashes. Other LEDs display different diagnostic patterns during boot up. Booting is complete when the power LED stops flashing and stays on steady.

2.16 Reset button

The reset button is used to request a system reset. When you press the reset button all LEDs turn on simultaneously. The length of time you

hold the reset button will determine its behaviour.

Between 2 and 15 seconds The router resets to factory configur ation.

2: GW6600 Series hardware

2.16.1 Recovery mode

Recovery mode is a fail-safe mode where the router can load a default configuration from the routers firmware. If your router goes into recovery mode, all config files are kept intact. After the next reboot, the router will revert to the previous config file.

You can use recovery mode to manipulate the config files, b ut should only be used if all other configs files are corrupt. If your router has entered recovery mod e, con t a ct your local reseller for access information.

_______________________________________________________________________________________________________ © Virtual Access 2016 GW6600 Series and GW6600V Series User Manual Issue: 1.5 Page 16 of 384

Page 17

_______________________________________________________________________________________________________

Power

Flashing slowly

Unit running in recovery mode (2.5 flashes per second).

Off

Not selected or SIM not inserted.

Off

WiFi access point not active.

Data link connected and signal streng th <= -89dBm.

3 GW6600 Series LED behaviour

3.1 Main LED behaviour

The GW6600 Series router has a single colour LED. When the router is powered on, the power LED is green.

Figure 1: LEDs on a GW6600 Series router

3: GW6600 Series LED behaviour

Figure 2: LEDs on a GW6600V Series router

The possible LED states are:

• Off

• Flashing slowing

• Flashing quickly

• On

The router takes approximately 2 minutes to boot up. During this tim e ,

the power LED flashes.

Booting up

Power LED

Config LED

SIM1 & SIM2 LEDs

WiFi

3G/4G Cellular Signal Strength LEDs

_______________________________________________________________________________________________________ © Virtual Access 2016 GW6600 Series and GW6600V Series User Manual Issue: 1.5 Page 17 of 384

Off No power/boot loader does not exist. On Unit running a valid configuration f ile .

Flashing quickly Unit running in factory configuration (5 flashes per second). On SIM selected and registered on the 3G/4G network.

Flashing SIM selecte d and not reg is tered on the networ k. On WiFi access point activ e .

Flashing WiFi data activity. None Data link not connected or signal strength <= -113dBm.

2 Data link connected and signal streng th be twee n -89dBm and -69dBm. 3 Data link connected and signal streng th >-69dBm.

Other LEDs display different diagnos tic p atter ns dur ing boot up. Booting is complete when the power LED stops flashing and stays on

steady.

Page 18

_______________________________________________________________________________________________________

Connected and established to ADS L or VDSL DSLAM.

Flashing quickly

Connection negotiating.

Connection established.

Flashing

Modem training.

Applies to the GW6610-ALL model.

Receive data.

Applies to the GW6610-ISDN model.

Audio channel active (dial tone or call in progres s ).

3: GW6600 Series LED behaviour

DSL SYN LED

DSL DAT LED

Off Not active. Flashing slowly Searching for DSL connection.

On Transmit data. Off No data transmit.

Table 4: GW6600 and GW6600V LED behaviours and meanings

3.1.1 LED variations for dial modem, ALL and ISDN

Applies to GW6631, GW6641 and GW6640V models.

Off Not connected.

V.92 SYN LED

V.92 DAT LED

Off No data transmit. Flashing Transmit data.

Table 5: V.92 LED behaviour descriptions

ALL SYN LED

ALL DAT LED

On CESoP enabled. Off CESoP disabled.

Off No data received.

Table 6: ALL LED behaviour descriptions

ISDN SY N LED

ISDN DAT LED

On Audio channel active (dial tone or call in progress). Off Audio channel inactive.

Off BRI channel 2 inactive. Audio channel inactive.

Table 7: LED behaviour and descriptions

Note: When PPP is not connected, none of the signal LEDs will light regardless of signal strength.

_______________________________________________________________________________________________________ © Virtual Access 2016 GW6600 Series and GW6600V Series User Manual Issue: 1.5 Page 18 of 384

Page 19

_______________________________________________________________________________________________________

Physical Ethernet link detected.

Flashing

Link operating at 100Mbps or 10 Mbps

Note: LED descriptions apply to all GW6600 Series and GW660 0V Series models.

3.2 Ethernet port LED behaviour

The Ethernet port ha s two LEDs: a LINK LED (green) and an ACT LED (amber). When looking at the port, the LED on the left hand side is the LINK LED, and the ACT LED is o n the right hand side.

Figure 3: Ethernet LED activity

3: GW6600 Series LED behaviour

Link LED (green)

Speed LED (amber)

Off No physical Ethernet link detected.

Flashing Data is being transmitted or received over the link Off Link operating at 1Gbps

_______________________________________________________________________________________________________ © Virtual Access 2016 GW6600 Series and GW6600V Series User Manual Issue: 1.5 Page 19 of 384

Page 20

_______________________________________________________________________________________________________

4: Factory configuration extraction from SIM card

4 Factory configuration extract ion from SIM c a rd

Virtual Access routers have a feature to update the factory configuration from a SIM card. This allows you to change the factory configuration of a router when installing the SIM.

1. Make sure the SIM card you are inserting has the required configuration written on it.

2. Ensure the router is powered off.

3. Hold the SIM 1 card with the chip side facing down and the cut cor ner front left.

4. Gently push the SIM card into SIM slot 1 until it clicks in.

5. Power up the router. Depending on the model, the power LED and/or the configuration LED flas h as usual.

The SIM LED starts flashing. This indicates the application responsible for 3G and configuration extraction management is running. It also means the update of the configuration is happening.

When the update is finished, depending on the model, the power LED and/or the configuration LE D blink alternatively and very fast for 20 seconds.

_______________________________________________________________________________________________________ © Virtual Access 2016 GW6600 Series and GW6600V Series User Manual Issue: 1.5 Page 20 of 384

Page 21

_______________________________________________________________________________________________________

Package

Sections

system

main

cert

PC IP address

192.168.100.100

5: Accessing the router

5 Accessing the router

Access the router through the web interface or by using SSH. By default, Telnet is disabled.

5.1 Configuration packages used

dropbear dropbear

uhttpd main

5.2 Accessing the router over Ethernet using the web interface

DHCP is disabled by default, so if you do not receive an IP addre ss via DHCP, assign a static IP to the PC that will be connected to the router.

Network mask 255.255.255.0 Default gateway 192.168.100.1

Assuming that the PC is connected to Port A on the router, in your interne t browser, type in the default local IP address 192.168.100.1, and press Enter. The Authorization page appears.

Figure 4: The login page

The password may vary depending on the factory configuration the router has been shipped with. The default settings are shown below. The username and password are case sensitive.

In the username field, type root. In the Password field, type admin. Click Login. The Status page appears.

_____________________________________________________________________________________________________ © Virtual Access 2016 GW6600 Series and GW6600V Series User Manual Issue: 1.5 Page 21 of 384

Page 22

_______________________________________________________________________________________________________

5.3 Accessing the router over Ethernet using an SSH client

You can also access the router over Ethernet, using Secure Shell (SSH) and optionally over Telnet.

To access CLI over Ethernet start an SSH client and connect to the router’s management IP address, on port 22: 192.168.100.1/24.

On the first connection, you may be asked to confirm that you trust the host.

5: Accessing the router

Figure 5: Confirming trust of the routers public key over SSH

Figure 6: SSH CLI logon screen

In the SSH CLI logon screen, enter the default username and password. Username: root Password: admin

5.3.1 SCP (Secure Copy Protocol)

As part of accessing the router over SSH, you can also use SCP protocol. Use the same user authentication credentials as for SSH access. You can use SCP protocol to securely manually transfer files from and to the router’s SCP server.

No dedicated SPC client is supported; select the SCP client software of you r own ch oice.

_____________________________________________________________________________________________________ © Virtual Access 2016 GW6600 Series and GW6600V Series User Manual Issue: 1.5 Page 22 of 384

Page 23

_______________________________________________________________________________________________________

Package

Sections

5.4 Accessing the router over Ethernet using a Telnet client

Telnet is disabled by default, when you enable Telnet, SS H is disabled. To enable Teln et, en ter:

root@VA_router: ~# /etc/init.d/dropbear disable root@VA_router: ~# reboot -f

To re-enable SSH, enter:

root@VA_router: ~# /etc/init.d/dropbear enable root@VA_router: ~# reboot -f

Note: As SSH is enabled by default, initial connection to the router to enable Telnet must be established over SSH.

5: Accessing the router

5.5 Configuring the password

5.5.1 Configuration packages used

system main

5.6 Configuring the password using the web interface

To change your password, in the top menu click System -> Administration. The Administration page appears.

Figure 7: The router password section

In the Router Password section, type your new password in the passw ord field and then retype the password in the confirmation field.

Scroll down the page and click Save & Apply. Note: the username ‘root’ cannot be changed.

_____________________________________________________________________________________________________ © Virtual Access 2016 GW6600 Series and GW6600V Series User Manual Issue: 1.5 Page 23 of 384

Page 24

_______________________________________________________________________________________________________

Web Field/UCI/Packag e Optio n

Description

5: Accessing the router

Web: Password UCI: system.main.password Opt: password

Defines the root password. The password is displ ay ed encrypte d via the CLI using the ‘hashpassword’ option.

UCI: system.main.hashpasswo rd Opt: hashpassword

5.7 Configuring the password using UCI

The root password is displayed encrypted via the CLI using the hashpassword option.

root@VA_router:~# uci show system system.main=system system.main.hostname=VA_router system.main.hashpassword=$1$jRX/x8A/$U5kLCMpi9dcahRhOl7eZV1

If changing the passwo rd via the UCI, enter the new password in plain tex t using the password option.

root@VA_router:~# uci system.main.password=newpassword root@VA_router:~# uci commit

The new password will take effect after reboot and will now be displayed in encrypted format via the hashpassword option.

5.8 Configuring the password using package options

The root password is displayed encrypted via the CLI using the hashpassword option.

root@VA_router:~# uci export system package system

config system 'main' option hostname 'VA_router' option hashpassword '$1$wRYYiJOz$EeHN.GQcxXhRgNPVbqxVw

If changing the passwo rd via the UCI, enter the new password in plain tex t using the password option.

package system

config system 'main' option hostname 'VA_router' option hashpassword '$1$wRYYiJOz$EeHN.GQcxXhRgNPVbqxVw option password ‘newpassword’

The new password will take effect after reboot and will now be displayed in encrypted format via the hashpassword option.

_____________________________________________________________________________________________________ © Virtual Access 2016 GW6600 Series and GW6600V Series User Manual Issue: 1.5 Page 24 of 384

Page 25

_______________________________________________________________________________________________________

UCI/Package Option

Description

5.9 Accessing the device using RADIUS authentication

You can configure R ADIUS a ut hentication to access the router over SSH, web or local console interface.

package system

config system 'main' option hostname 'VirtualAccess' option timezone 'UTC'

config pam_auth option enabled 'yes' option pamservice 'login' option pammodule 'auth'

5: Accessing the router

option pamcontrol 'sufficient' option type 'radius' option servers '192.168.0.1:3333|test|20 192.168.2.5|secret|10'

config pam_auth option enabled 'yes' option pamservice 'sshd' option pammodule 'auth' option pamcontrol 'sufficient' it checks package

management_users option type 'radius' option servers '192.168.0.1:3333|test|20 192.168.2.5|secret|10'

config 'pam_auth' option enabled 'yes' option pamservice 'luci" option pammodule 'auth' option pamcontrol 'sufficient' option type 'radius' servers '192.168.0.1:3333|test|20 192.168.2.5|secret|10'

UCI: system.@pam_auth[0].enabled=yes Opt: enabled

_____________________________________________________________________________________________________ © Virtual Access 2016 GW6600 Series and GW6600V Series User Manual Issue: 1.5 Page 25 of 384

Enables and disables RADIUS configuration sections.

yes Enables following RADIUS

Page 26

_______________________________________________________________________________________________________

configuration section.

User connecting over console cable.

sshd

User connecting over SSH.

Opt: type

no Disables following RADIUS

configuration section. UCI: system.@pam_auth[0].pamse rv ic e Opt: pamservice

UCI: system.@pam_auth[0].pamcontrol Opt: pamcontrol

UCI: system.@pam_auth[0].pammodule.auth

Opt: pammodule UCI: system.@pam_auth[0].type.radius

Selects the method which users should be authentic ate d by.

luci User connecting over web.

Specifies authentication behav i o ur after authentication fails or connection to RADIUS server is broken.

Sufficient First authenticates against remote

RADIUS if password authe nti c ation fails then it tries local database (user defined in package management_users)

Required If either authentication fails or

RADIUS server is not reachable then user is not allowed to access the router.

[success=done new_authtok_reqd=done authinfo_unavail=ignore default=die]

Enables user authentication.

Specifies the authentication metho d.

Local database is only checked if RADIUS server is not reachable.

5: Accessing the router

UCI: system.@pam_auth[0].servers Opt: servers

Specifies the RADIUS server or multiple servers along with port number and password. The example below explains the syntax.

192.168.0.1:3333|test|20 192.168.2.5|secret|10

Table 8: Information table for RADIUS authentication

5.10 Accessing the device using TACACS+ authentication

TACACS+ authentication can be configured for accessing the router over SSH, web or local console interface.

package system

config system 'main' option hostname 'VirtualAccess' option timezone 'UTC'

config pam_auth option enabled 'yes' option pamservice 'sshd' option pammodule 'auth' option pamcontrol 'sufficient'

_____________________________________________________________________________________________________ © Virtual Access 2016 GW6600 Series and GW6600V Series User Manual Issue: 1.5 Page 26 of 384

Page 27

_______________________________________________________________________________________________________

5: Accessing the router

option type 'tacplus' option servers '192.168.0.1:49|secret'

config pam_auth option enabled 'yes' option pamservice 'sshd' option pammodule 'account' option pamcontrol 'sufficient' option type 'tacplus' option servers '192.168.0.1:49|secret' option args 'service=ppp'

config pam_auth option enabled 'yes' option pamservice 'sshd' option pammodule 'session' option pamcontrol 'sufficient' option type 'tacplus' option servers '192.168.0.1:49|secret' option args 'service=ppp'

config pam_auth option enabled 'yes' option pamservice 'luci' option pammodule 'auth' option pamcontrol 'sufficient' option type 'tacplus' option servers '192.168.0.1:49|secret'

config pam_auth option enabled 'yes' option pamservice 'luci' option pammodule 'account' option pamcontrol 'sufficient' option type 'tacplus' option servers '192.168.0.1:49|secret' option args 'service=ppp'

_____________________________________________________________________________________________________ © Virtual Access 2016 GW6600 Series and GW6600V Series User Manual Issue: 1.5 Page 27 of 384

Page 28

_______________________________________________________________________________________________________

UCI/Package Option

Description

UCI: system.@pam_auth[0].enabled=yes

Enables and disables TACACS configuratio n sec tions.

5: Accessing the router

config pam_auth option enabled 'yes' option pamservice 'luci' option pammodule 'session' option pamcontrol 'sufficient' option type 'tacplus' option servers '192.168.0.1:49|secret' option args 'service=ppp' config pam_auth option enabled 'yes' option pamservice 'login' option pammodule 'auth' option pamcontrol 'sufficient' option type 'tacplus' option servers '192.168.0.1:49|secret'

config pam_auth option enabled 'yes' option pamservice 'login' option pammodule 'account' option pamcontrol 'sufficient' option type 'tacplus' option servers '192.168.0.1:49|secret' option args 'service=ppp'

config pam_auth option enabled 'yes' option pamservice 'login' option pammodule 'session' option pamcontrol 'sufficient' option type 'tacplus' option servers '192.168.0.1:49|secret' option args 'service=ppp'

_____________________________________________________________________________________________________ © Virtual Access 2016 GW6600 Series and GW6600V Series User Manual Issue: 1.5 Page 28 of 384

Page 29

_______________________________________________________________________________________________________

sshd

User connecting over SSH.

allowed to access the router.

default=die]

that access is allowed for the user

5: Accessing the router

Opt: enabled

UCI: system.@pam_auth[0].pamse rv ic e Opt: pamservice

UCI: system.@pam_auth[0].pamco ntro l Opt: pamcontrol

yes Enables following TACACS

configuration section.

no Disables following TACACS

configuration section.

Selects the method which users should be authentic ate d by.

luci User connecting over web.

Specifies authentication behav i o ur after authentication fails or connection to TACACS server is broken.

Sufficient First authenticates against

remote TACACS if pass word authentication fails then it tries local database (user defined in package management_users)

Required If either authentication fails

or TACACS server is not reachable then user is not

[success=done new_authtok_reqd=done authinfo_unavail=ignore

Local database is only checked if TACACS server is not reachable.

UCI: system.@pam_auth[0].pammodule.auth

Opt: pammodule

system.@pam_auth[0].type=tacplus Opt: type UCI: system.@pam_auth[0].serve r s Opt: servers

UCI: system.@pam_auth[1].args=service=ppp

Opt: args

5.11 SSH

SSH allows you to access remote machines over text based shell sessions. SSH uses public key cryptography to create a secure connection. These connections allow you to issue commands remotely via a command line.

Selects which TACACS module this part of configur ation relates to.

auth auth module provides the actual

authentication and sets credentials

account account module checks to make sure

session session module performs additional

tasks which are needed to allow

access

Specifies the authentication metho d.

Specifies the TACACS servers along with port number and password. The examp le below explains the syntax .

192.168.0.1:49|secret ' Additional arguments to pass to TACACS serer.

Table7: Information table for TACACS auth entication

The router uses a package called Dropbear to configure the SSH server on the box. You can configure Dropbear via the web interface or through an SSH connection by editing the file stored on: /etc/config_name/dropbear.

_____________________________________________________________________________________________________ © Virtual Access 2016 GW6600 Series and GW6600V Series User Manual Issue: 1.5 Page 29 of 384

Page 30

_______________________________________________________________________________________________________

Package

Sections

5.11.1 Configuration packages used

dropbear dropbear

5.11.2 SSH access using the web interface

In the top menu, click System -> Administration. The Administration page appears. Scroll down to the SSH Access section.

5: Accessing the router

Figure 8: The SSH access section

_____________________________________________________________________________________________________ © Virtual Access 2016 GW6600 Series and GW6600V Series User Manual Issue: 1.5 Page 30 of 384

Page 31

_______________________________________________________________________________________________________

Web Field/UCI/Packag e Optio n

Description

(unspecified)

listens on all interfaces.

Range

0-65535

Opt: PasswordAuth

Disabled.

Opt: RootPasswordAuth

Enabled.

30 seconds.

Range

5: Accessing the router

Basic settings Web: Interface UCI: dropbear.@dropbear[0].Interface Opt: interface

Listens only on the selected interface. If uns pec ified is checked, listens on all interfaces. All configured interfaces will be displayed via the web GUI.

Range Configured interface names. Web: Port UCI: dropbear.@dropbear[0].Port

Specifies the listening port of the Dropb e ar ins tanc e .

22 Opt: port

Web: Password authentication

If enabled, allows SSH password authentication.

UCI: dropbear.@dropbear[0].PasswordAuth

1 Enabled.

Web: Allow root logins with password UCI:

dropbear.@dropbear[0].RootPasswordAuth

Web: Gateway ports UCI:

dropbear.@dropbear[0].GatewayPorts Opt: GatewayPorts Web: Idle Session Timeout UCI: dropbear.@dropbear[0].IdleTimeout Opt: IdleTimeout

Web: n/a UCI: dropbear.@dropbear[0]. BannerFile Opt: BannerFile

Web: n/a UCI:

dropbear.@dropbear[0].MaxLoginAttempts Opt: MaxLoginAttempts

Table 9: Information table for SSH access settings

Allows the root user to login with password.

0 Disabled.

Allows remote hosts to connect to local SSH forw arded ports.

0 Disabled.

Defines the idle period where remote session will be closed after the allocated number of seconds of inactivity .

Range

Defines a banner file to be displayed during logi n.

/etc/banner

Specifies maximum login failures bef or e sess io n ter minate s

0-infinite

5.12 Package dropbear using UCI

root@VA_router:~# uci show dropbear dropbear.@dropbear[0]=dropbear dropbear.@dropbear[0].PasswordAuth=on dropbear.@dropbear[0].RootPasswordAuth=on dropbear.@dropbear[0].GatewayPorts=0 dropbear.@dropbear[0].IdleTimeout=30 dropbear.@dropbear[0].Port=22 dropbear.@dropbear[0].MaxLoginAttempts=3 Package dropbear using package options

_____________________________________________________________________________________________________ © Virtual Access 2016 GW6600 Series and GW6600V Series User Manual Issue: 1.5 Page 31 of 384

Page 32

_______________________________________________________________________________________________________

root@VA_router:~# uci export dropbear package dropbear config dropbear' option PasswordAuth 'on' option RootPasswordAuth 'on' option Port '22' option GatewayPorts ‘0’ option IdleTimeout ‘30’ option MaxLoginAttempts '3'

5.13 Certs and pri vate keys

Certificates are used to prove ownership of a public key. They contain information about the key, its owner’s ID, and the digital signature of a n individual that has verified the content of the certificate.

5: Accessing the router

In asymmetric cryptography, public keys are announced to the public, and a different private key is kept by the receiver. The public key is used to encrypt the message, and the private key is used to decrypt it.

To access certs and private keys, in the top menu, click System -> Administration. The Administration page appears. Scroll down to the Certs & Private Keys section.

Figure 9: The certificates & private keys section

This section allows you to upload any certificates and keys that you may have stored. There is support for IPSec, OpenVPN and VA certificates and keys.

If you have generated your own SSH public keys, you can input them in the SS H Keys section, for SSH public key authentication.

_____________________________________________________________________________________________________ © Virtual Access 2016 GW6600 Series and GW6600V Series User Manual Issue: 1.5 Page 32 of 384

Page 33

_______________________________________________________________________________________________________

Package

Sections

main

Figure 10: The SSH-keys box

5.14 Configuring a router’s web server

The router’s web server is configured in package uhttpd. This file defines the behaviour of the server and default values for certificates generated for SSL operation. uhttpd supports multiple instances, that is, multiple listen ports, each with its own document root and other features, as well as cgi and lua. There are two sections defined:

Main: this uHTTPd section contains general server settings. Cert: this section defines the default values for SSL certificates.

5: Accessing the router

5.14.1 Configuration packages used

uhttpd

To configure the router’s HTTP server parameters, in the top menu, select Services -> HTTP Server. The HTTP Server page has two sections.

Main Settings Server configurations Certificate Settings SSL certificates.

cert

_____________________________________________________________________________________________________ © Virtual Access 2016 GW6600 Series and GW6600V Series User Manual Issue: 1.5 Page 33 of 384

Page 34

_______________________________________________________________________________________________________

Web Field/UCI/Packag e Optio n

Description

interfaces.

[::]:443

Range

IP address an d/or port

Range

5.14.2 Main settings

5: Accessing the router

Web: Listen Address and Port UCI: uhttpd.main.listen_http Opt: list listen_http

Web: Secure Listen Address and Port UCI: uhttpd.main.listen_https Opt: list listen_https

Web: Home path UCI: uhttpd.main.home Opt: home

Web: Cert file UCI: uhttpd.main.cert Opt: cert

Web: Key file UCI: uhttpd.main.key Opt: key

Figure 11: HTTP server settings

Specifies the ports and addresses to listen on for plain HTTP access. If only a port number is given, the server will attempt to serve both IPv4 and IPv6 requests.

0.0.0.0:80 Bind at port 80 only on IPv4

[::]:80 Bind at port 80 only on IPv6

interfaces

Range IP address a n d/or port

Specifies the ports and address to listen on for encrypte d HTTPS access. The format is the same as listen_http.

0.0.0.0:443 Bind at port 443 only

Defines the server document root.

/www Range

ASN.1/DER certificate used to serve HTTPS connections. If no listen_https options are given the key options are ignored.

/etc/uhttpd.crt

ASN.1/DER private key used to serve HTTPS connections . If no listen_https options are given the key options are ignored.

/etc/uhttpd.key Range

_____________________________________________________________________________________________________ © Virtual Access 2016 GW6600 Series and GW6600V Series User Manual Issue: 1.5 Page 34 of 384

Page 35

_______________________________________________________________________________________________________

/cgi-bin

Range

/usr/lib/lua/luci/sgi/uhttpd.lua

Range

OpenWrt

/etc/http.conf

Range

Disabled.

5: Accessing the router

Web: CGI profile UCI: uhttpd.main.cgi_pref ix Opt: cgi_prefix

Web: N/A UCI: uhttpd.main.lua_prefi x Opt: lua_prefix

Web: N/A UCI: uhttpd.main.lua_handler Opt: lua_handler

Web: Script timeout UCI: uhttpd.main.script_time out Opt: script_timeout

Web: Network timeout UCI: uhttpd.main.network_ timeo ut Opt: network_timeout

Defines the prefix for CGI scripts, relative to the document root. CGI support is disabled if this option is miss ing.

Range

Defines the prefix for dispatching reque s ts to the embedd ed lua interpreter, relative to the document roo t. Lua s uppor t is disabled if this option is missing.

/luci

Specifies the lua handler script used to initia lis e the lua runtime on server start.

Range

Sets the maximum wait time for CGI or lua requests in seconds. Requested executables are terminated if no output w as generated.

Maximum wait time for network activity. Requeste d exec utable s are terminated and connection is shut down if no networ k activity occured for the specified number of seconds.

Web: N/A UCI: uhttpd.main.realm Opt: realm

Web: N/A UCI: uhttpd.main.config Opt: config

Web: N/A UCI: uhttpd.main.index_page Opt: index_page

Web: N/A UCI: httpd.main.error_pag e Opt: error_page

Web: N/A UCI: uhttpd.main.no_symlinks Opt: no_symlinks

Web: N/A UCI: uhttpd.main.no_dirlists Opt: no_symlinks

Defines basic authentication realm w he n pro mpting the client f or credentials (HTTP 400).

Range

Config file in Busybox httpd format for additional se tti ng s . Currently only used to specify basic auth ar e as.

Index file to use for directories, for examp le , add index.php when using php.

Virtual URL of file of CGI script to handle 404 requests. Must begin with ‘/’ (forward slash).

Range

Does not follow symbolic links if enabled .

0 Disabled. 1 Enabled.

Does not generate directory listings if enabled.

1 Enabled.

_____________________________________________________________________________________________________ © Virtual Access 2016 GW6600 Series and GW6600V Series User Manual Issue: 1.5 Page 35 of 384

Page 36

_______________________________________________________________________________________________________

Disabled.

5: Accessing the router

Web: rfc 1918 filter UCI: uhttpd.main.rfc1918_f ilte r=1 Opt: rfc1918_filter

Table 10: Information table for http server basic settings

5.14.3 HTTP server using UCI

Multiple sections of the type uhttpd may exist. The init script will launch one webserver instance per section.

A standard uhttpd configuration is shown below.

root@VA_router:~# uci show uhttpd uhttpd.main=uhttpd uhttpd.main.listen_http=0.0.0.0:80 uhttpd.main.listen_https=0.0.0.0:443 uhttpd.main.home=/www uhttpd.main.rfc1918_filter=1 uhttpd.main.cert=/etc/uhttpd.crt

Enables option to reject requests from RFC191 8 IPs to pub lic server IPs (DNS rebinding counter measur e ).

1 Enabled.

uhttpd.main.key=/etc/uhttpd.key uhttpd.main.cgi_prefix=/cgi-bin uhttpd.main.script_timeout=60 uhttpd.main.network_timeout=30 uhttpd.main.config=/etc/http.conf HTTP server using package options root@VA_router:~# uci export dropbear config uhttpd 'main' list listen_http '0.0.0.0:80' list listen_https '0.0.0.0:443' option home '/www' option rfc1918_filter '1' option cert '/etc/uhttpd.crt' option key '/etc/uhttpd.key' option cgi_prefix '/cgi-bin' option script_timeout '60' option network_timeout '30' option config '/etc/http.conf'

_____________________________________________________________________________________________________ © Virtual Access 2016 GW6600 Series and GW6600V Series User Manual Issue: 1.5 Page 36 of 384

Page 37

_______________________________________________________________________________________________________

Web Field/UCI/Packag e Optio n

Description

Range

5.14.4 HTTPs server certificate settings

To configure HTTPs server certificate settings, in the top menu, select Services -> HTTP Server. Scroll down to the Certificate Settings section.

Figure 12: HTTP server certificate settings

5: Accessing the router

Web: Days UCI: uhttpd.px5g.days Opt: days

Web: Bits UCI: uhttpd.px5g.bits Opt: bits

Web: Country UCI: uhttpd.px5g.country Opt: country Web: State UCI: uhttpd.px5g.state Opt: state Web: Location UCI: uhttpd.px5g.location Opt: location Web: Commonname UCI: uhttpd.commonname Opt: commonname

Table 11: Information table for HTTP server certificate settings

Validity time of the generated certifica te s in days.

730 Range

Size of the generated RSA key in bits.

1024

ISO code of the certificate issuer.

State of the certificate issuer.

Location or city of the certificate user.

Common name covered by the certificate. For the purposes of secure Activation, this must be set to the serial numb er (Eth0 MAC address) of the device.

_____________________________________________________________________________________________________ © Virtual Access 2016 GW6600 Series and GW6600V Series User Manual Issue: 1.5 Page 37 of 384

Page 38

_______________________________________________________________________________________________________

5.14.5 HTTPs se rv er usin g UCI

root@VA_router:~# uci show uhttpd.px5g uhttpd.px5g=cert uhttpd.px5g.days=3650 uhttpd.px5g.bits=1024 uhttpd.px5g.country=IE uhttpd.px5g.state=Dublin uhttpd.px5g.location=Dublin uhttpd.px5g.commonname=00E0C8000000 HTTPs server using package options root@VA_router:~# uci export uhttpd package uhttpdconfig 'cert' 'px5g' option 'days' '3650'

5: Accessing the router

option 'bits' '1024' option 'state' 'Dublin'

option 'location' 'Dublin' option 'commonname' '00E0C8000000'

5.15 Basic authentication (httpd conf)

For backward compatibility reasons, uhttpd uses the file /etc/httpd.conf to define authentication areas and the associated usernames and passwords. This conf iguration file is not in UCI format.

Authentication realms are defined in the format prefix:username:password with one entry and a line break.

Prefix is the URL part covered by the realm, for example, cgi-bin to request basic auth for any CGI program.

Username specifies the username a client has to login with. Password defines the secret password required to authenticate.

The password can be either in plain text format, MD5 encoded or in the form $p$user where the user refers to an account in /etc/shadow or /etc/passwd.

If you use $p$… format, uhttpd will compare the client provided p a ss word against the one stored in the shadow or passwd database.

_____________________________________________________________________________________________________ © Virtual Access 2016 GW6600 Series and GW6600V Series User Manual Issue: 1.5 Page 38 of 384

Page 39

_______________________________________________________________________________________________________

5.16 Securing uhttpd

By default, uhttpd binds to 0.0.0.0 which also includes the WAN port of your router. To bind uhttpd to the LAN port only you have to change the listen_http and listen_https options to your LAN IP address.

To get your current LAN IP address, enter:

uci get network.lan.ipaddr

Then modify the configuration appropriately:

uci set uhttpd.main.listen_http='192.168.1.1:80' uci set uhttpd.main.listen_https='192.168.1.1:443'

config 'uhttpd' 'main' list listen_http 192.168.1.1:80 list listen_https 192.168.1.1:443

5: Accessing the router

_____________________________________________________________________________________________________ © Virtual Access 2016 GW6600 Series and GW6600V Series User Manual Issue: 1.5 Page 39 of 384

Page 40

_______________________________________________________________________________________________________

Package

Sections

ddns

service

6 Configuring Dynamic DNS

6.1 Overview

Dynamic DNS (DDNS) functionality on a Virtual Access router will dynamically perform DDNS updates to a server so it can associate an IP address with a correc tly associated DNS name. Users can then c ontact a machine, router, device and so on with a DNS name rather than a dynamic IP address.

An account is required with the provider, and one or more domain names are associated with that account. A dynamic DNS client on the router monitors the public IP address associated with an interface and whenever the IP address changes, the client notifies the DNS provider to update the corresponding domain name.

When the DNS provider responds to queries for the domain name, it sets a low lifetime, typically a minute or two at most, on the response so that it is not cached. Updates to the domain name are thus visible throughout the whole Internet with little delay.

Note: most providers impose restrictions on how updates are handled: updating when no change of address occurred is considered abusive and may result in an acco un t b eing blocked. Sometimes, addresses must be refreshed periodically, for example, once a month, to show that they are still in active use.

6: Configuring Dynamic DNS

6.2 Configuration packages used

6.3 Configuring Dynamic DNS using the web interface

In the top menu, select Services -> Dynamic DNS. The Dynamic DNS Configuration page appears.

Figure 13: The Dynamic DNS configuration page

Enter a text name that will be used for the dynamic DNS section in the configuration. Select Add. The Dynamic DNS configuration options appear.

_____________________________________________________________________________________________________ © Virtual Access 2016 GW6600 Series and GW6600V Series User Manual Issue: 1.5 Page 40 of 384

Page 41

_______________________________________________________________________________________________________

Web Field/UCI/Package Option

Description

Opt: enabled

Disabled.

Enabled

Opt: service_name

Opt: update_url

Opt: domain

Opt: username

Opt: password

network

IP is a associated with a network configuratio n

interface

IP is associated with an interface

web

IP is associated with a URL

6.3.1 Dynamic DNS settings

6: Configuring Dynamic DNS

Figure 14: The dynamic DNS main setti n gs page

Web: Enable UCI: ddns.<name>.enabled

Web: Service UCI: ddns.<name>.service_name

Web: Customer update-URL UCI: ddns.<name>.update_url

Web: Hostname UCI: ddns.<name>.domain

Web: Username UCI: ddns.<name>.username

Web: Password UCI: ddns.<name>.password

Enables a Dynamic DNS entry on the router.

Defines the Dynamic DNS provider

Defines the customer DNS provider. Displayed when the service is set to custom in the web UI.

Defines the fully qualified domain name assoc iate d w ith this entry. This is the name to update with the new IP address as needed.

Defines the user name to use for authenticating domain updates with the selected provider.

Defines the password to use for authenticating domain name updates with the selected provider.

Web: Source of IP address UCI: ddns.<name>.ip_source Opt: ip_source

_____________________________________________________________________________________________________ © Virtual Access 2016 GW6600 Series and GW6600V Series User Manual Issue: 1.5 Page 41 of 384

Defines the type of interface whose IP needs to be updated

Page 42

_______________________________________________________________________________________________________

All the configured network interfaces will be shown.

All the configured interfaces will be show n.

Opt: ip_url

10 . Range

minutes

hours

Disabled.

Range

Enabled

minutes

hours

All configured interfaces will be displa y ed .

6: Configuring Dynamic DNS

Web: Network UCI: ddns.<name>.ip_network Opt: ip_network

Web: Inteface UCI: ddns.<name>.ip_interf ace Opt: ip_interface

Web: URL UCI: ddns.<name>.ip_url

Web: Check for changed IP every UCI: ddns.<name>.check_interval Opt: check_interval

Web: Check-time unit UCI: ddns.<name>.check_unit Opt: check_unit

Web: Force update every UCI: ddns.<name>.force_interval Opt: force_interval

Web: Force-time unit UCI: ddns.<name>.force_unit Opt: force_unit

Defines the network whose IP needs to be updated. Displayed when the Source of IP address option is set to

network.

Defines the interface whose IP needs to be updated. Displayed when the Source of IP address option is set to

interface.

Defines the URL where the IP downloaded from. Displayed when the Source of IP address option is set to URL.

Defines how often to check for an IP change. Used in conjunction with check_unit.

Defines the time unit to use for check for an IP change. Used in conjunction with check_interval.

Defines how often to force an IP update to the provider. Used in conjunction with force_unit.

Defines the time unit to use for check for an IP change. Used in conjunction with force_interval.

Web: Listen on UCI: ddns.<name>.interface Opt: interface

Table 12: Information table for dynamic DNS settings

6.4 Dynamic DNS us ing UCI

Dynamic DNS uses the ddns package /etc/config/ddns

6.4.1 UCI commands for DDNS

root@VA_router:~# uci show ddns ddns.ddns1=service ddns.ddns1.enabled=1 ddns.ddns1.service_name=dyndns.org ddns.ddns1.domain=fqdn_of_interface ddns.ddns1.username=testusername ddns.ddns1.password=testpassword

Defines the interface for ddns monitoring . Typ ic a lly this w i ll be the same as the interface whose IP is being updated – as defined ip_network or ip_interface

ddns.ddns1.ip_source=network ddns.ddns1.ip_network=dsl0 ddns.ddns1.check_interval=10

_____________________________________________________________________________________________________ © Virtual Access 2016 GW6600 Series and GW6600V Series User Manual Issue: 1.5 Page 42 of 384

Page 43

_______________________________________________________________________________________________________

6: Configuring Dynamic DNS

ddns.ddns1.check_unit=minutes ddns.ddns1.force_interval=72 ddns.ddns1.force_unit=hours ddns.ddns1.interface=dsl0 Package options for DDNS root@VA_router:~# uci export ddns package ddns

config service 'ddns1' option enabled '1' option service_name 'dyndns.org' option domain 'fqdn_of_interface' option username 'test' option password 'test' option ip_source 'network' option ip_network 'dsl0' option check_interval '10' option check_unit 'minutes' option force_interval '72' option force_unit 'hours' option interface 'dsl0'

_____________________________________________________________________________________________________ © Virtual Access 2016 GW6600 Series and GW6600V Series User Manual Issue: 1.5 Page 43 of 384

Page 44

_______________________________________________________________________________________________________

Package

Sections

main

timeserver

Section

Description

General settings

Configure host name, local time and time zone.

section.

Language and Style

Configure the router’s web language and style.

Time synchronization

Configure the NTP server in this section.

7 System settings

The system section contains settings that apply to the most basic operation of the system, such as the host name, time zone, logging details, NTP server, language and style.

The host name appears in the top left hand corner of the interface menu. It also appears when you open a Telnet o r S SH session.

Note: this document shows no host name in screen grabs. Throughout the document we use the host name ‘VA_router’.

The system configurat ion contains a logging section for the configuration of a Syslog client.

7.1 Configuration package used

system

7: System settings

7.2 Configuring s ystem properties

To set your system properties, in the top menu, click System. There are four sections in the System page.

Logging Configure a router to log to a server. You can configure a Syslog client in this

7.2.1 General settings

Figure 15: General settings in system properties

_____________________________________________________________________________________________________ © Virtual Access 2016 GW6600 Series and GW6600V Series User Manual Issue: 1.5 Page 44 of 384

Page 45

_______________________________________________________________________________________________________

Web Field/UCI/Packag e Optio n

Description

date –s YYYY.MM.DD-hh:mm:ss

Opt: hostname

Opt: timezone

10m

Web Field/UCI/Packag e Optio n

Description

Range

16 KB

Range

0.0.0.0

Range

514

7: System settings

Web: Local Time

Web: hostname UCI: system.main.hostname

Web: Timezone UCI: system.main.timezone

Web: n/a UCI: system.main.timezone Opt: time_save_interval_m in

7.2.2 Logging

Sets the local time and syncs with browser. You can manually configure on CLI, using:

Specifies the hostname for this system .

Specifies the time zone that the date and time should be rendered in by default.

Defines the interval in minutes to store the loca l time for use o n next reboot.

Table 13: Information table for general settings section

Figure 16: The logging section in system properties

Web: System log buffer size UCI: system.main.log_size Opt: log_size

Web: External system log server UCI: system.main.log_ip Opt: log_ip

Web: External system log server port UCI: system.main.log_port Opt: log_port

_____________________________________________________________________________________________________ © Virtual Access 2016 GW6600 Series and GW6600V Series User Manual Issue: 1.5 Page 45 of 384

Log buffer size in KB.

External syslog server IP address.

External syslog server port number.

Page 46

_______________________________________________________________________________________________________

Web value

Description

UCI

debugging the application.

require no action.

error conditions.

if action is not taken.

Error

Error conditions

Critical

Critical conditions

Alert

Should be addressed immediately

Emergency

System is unusable

Web value

Description

UCI

Normal

Normal operation messages

Warning

Error messages

Debug

Debug messages

Opt: log_file

7: System settings

Web: Log output level UCI: system.main.conloglev e l Opt: conloglevel

Web: Cron Log Level UCI: system.main.cronloglev el Opt: cronloglevel

Sets the maximum log output level severity for system events. System events are written to the system log. Messages with a lower level or level equal to the configured level are dis p la yed in the console using the logread command, or alter native ly wr itten to flash, if configured to do so.

Debug Information useful to developers for

Info Normal operational messages that

Notice Events that are unusual, b ut not

Warning May indicate that an error will occur

Sets the maximum log level for kernel messages to be logged to the console. Only messages with a level lower, or level equal to the configured level will be printed to the console.

Web: n/a UCI: system.main.log_file

Web: n/a UCI: system.main.log_type Opt: log_type

Table 14: Information table for the logging section

7.2.3 Language and style

Since logread is only small in size it can be beneficial to write system events to flash. This option define s the file path to write the events. Set to ‘root/syslog.messages’

Defines whether to write the system events to a file rather than logread. Set to ‘file’ to write to the file configured under log_file option.

_____________________________________________________________________________________________________ © Virtual Access 2016 GW6600 Series and GW6600V Series User Manual Issue: 1.5 Page 46 of 384

Figure 17: The language and style section in system properties

Page 47

_______________________________________________________________________________________________________

Web Field/UCI/Packag e Optio n

Description

Auto

English

Web Field/UCI/Packag e Optio n

Description

Opt: config timeserver

auto

Range

auto; 1-23

By default all fields are set to 0.0.0.0.

Language Sets the language to ‘auto’ or ‘English’.

Design Sets the router’s style.

Table 15: Information table for the language and style page

7.2.4 Time synchro niz at ion

7: System settings

Figure 18: The time synchronization section in system properties

Web: Enable built-in NTP Server UCI: system.ntp

Web: NTP update interval UCI: system.ntp.interval_hours Opt: interval_hours

Web: NTP server candidates UCI: system.ntp.server Opt: list server

7.2.5 System reboot

The router can be configured to reboot immediately, or sche duled to reboot a configured time in the future.

Enables NTP server.

Specifies interval of NTP requests in hours. Default value set to auto.

Defines the list of NTP servers to poll the time from. If the list is empty, the built in NTP daemon is not started. Multiple serv e rs can be configured and are separated by a space if using UCI.

Table 16: Information table for time synchronization section

In the top menu, select System -> Reboot. The System page appears. Ensure you have saved all yo ur configuration changes before you reboot.

_____________________________________________________________________________________________________ © Virtual Access 2016 GW6600 Series and GW6600V Series User Manual Issue: 1.5 Page 47 of 384

Page 48

_______________________________________________________________________________________________________

7: System settings

Figure 19: The reboot page

Check the Reboot now check box and then click Reboot.

7.3 System setti n gs using UCI

root@VA_router:~# uci show system system.main=system system.main.hostname=VA_router system.main.timezone=UTC system.main.log_ip=1.1.1.1 system.main.log_port=514 system.main.conloglevel=8 system.main.cronloglevel=8 system.ntp.interval_hours=auto system.ntp.server=0.VA_router.pool.ntp.org 10.10.10.10 System settings using package options root@VA_router:~# uci export system package 'system'

config 'system' 'main' option 'hostname' "VA_router" option 'timezone' "UTC" option 'log_ip' "1.1.1.1" option 'log_port' "514" option time_save_interval_min "10" option conloglevel '8' option cronloglevel '8'

_____________________________________________________________________________________________________ © Virtual Access 2016 GW6600 Series and GW6600V Series User Manual Issue: 1.5 Page 48 of 384

Page 49

_______________________________________________________________________________________________________

config 'timeserver' 'ntp' option interval_hours 'auto' list server "0.VA_router.pool.ntp.org" list server ’10.10.10.10’

7.4 System diagnostics

7.4.1 System events

Events in the system have a class, sub class and severity. All events are written to the system log.

7.4.1.1 Logread

To view the system log, use:

7: System settings

root@VA_router:~# logread

Shows the log.

root@VA_router:~# logread |tail

Shows end of the log.

root@VA_router:~# logread | more

Shows the log page by page.

root@VA_router:~# logread –f

Shows the log on an ongoing basis. To s top this o ption, p ress ctrl-c.

root@VA_router:~# logread –f &

Shows the log on an ongoing basis while in the background. This allows you to run other commands while still tracing the event logs. To stop this option, type fg to view the current jobs, then press ctrl-c to kill those jobs.

7.4.2 System events in flash

Since logread is only small in size it can be beneficial to write system events to flash. To do this you need to modify the system config under the system package. Set the options ‘log_file’, ‘log_size’ and ‘log_type’ as below:

root@VA_router:~# uci export system package system

_____________________________________________________________________________________________________ © Virtual Access 2016 GW6600 Series and GW6600V Series User Manual Issue: 1.5 Page 49 of 384

Page 50

_______________________________________________________________________________________________________

7: System settings

config system 'main' option hostname 'VA_router' option zonename 'UTC' option timezone 'GMT0' option conloglevel '8' option cronloglevel '8' option time_save_interval_hour '10' option log_hostname '%serial' option log_ip '1.1.1.1' option log_port '514' option log_file '/root/syslog.messages' option log_size '400' option log_type 'file'

The above commands will take effect after a reboot.

root@VA_router:~# cat /root/syslog.messages

Shows all the system events stored in flash.

root@VA_router:~# tail /root/syslog.messages

Shows end of the events stored flash.

root@VA_router:~# tail –f /root/syslog.messages &

Shows the log on an ongoing basis. To stop this option, press ctrl-c.

_____________________________________________________________________________________________________ © Virtual Access 2016 GW6600 Series and GW6600V Series User Manual Issue: 1.5 Page 50 of 384

Page 51

_______________________________________________________________________________________________________

8 Upgrading router firmware

8.1 Upgrading firmware using the web interface

Copy the new firmware issued by Virtual Access to a PC connected to the router. In the top menu, select System tab > Backup/Flash Firmware. The Flash operations

page appears.

8: Upgrading router firmware

Figure 20: The flash operations page

Under Flash new firmware image, click Choose File or Browse. Note: the button will vary depending on the browser you are using.

Select the appropriate image and then click Flash Image . The Flash Firmware – Verify page appears.

_____________________________________________________________________________________________________ © Virtual Access 2016 GW6600 Series and GW6600V Series User Manual Issue: 1.5 Page 51 of 384

Page 52

_______________________________________________________________________________________________________

8: Upgrading router firmware

Figure 21: The flash firmware - verify page

Click Proceed. The System – Flashing… page appears.

Figure 22: The system – flashing…page

When the ‘waiting for router’ icon disappears, the upgrade is complete, and the login homepage appears.

To verify that the router has been upgraded successfully, click Status in the top menu. The Firmware Version shows in the system list.

Figure 23: The system status list

_____________________________________________________________________________________________________ © Virtual Access 2016 GW6600 Series and GW6600V Series User Manual Issue: 1.5 Page 52 of 384

Page 53

_______________________________________________________________________________________________________

8.2 Upgrading firmware using CLI

To upgrade firmware using CLI, you will need a TFTP server on a connected PC. Open up an SSH or Telnet session to the router. Enter in the relevant username and password. To change into the temp folder, enter cd /tm p To connect to your TFTP server, enter

atftp x.x.x.x

(where x.x.x.x is the IP of your PC). Press Enter. While in the TFTP application to get the image, enter:

get GIG-15.00.38.image

Note: this is an example, substitute the correct file name. When the image has downloaded, to leave TFPT and get back into the co m m a nd line,

enter:

8: Upgrading router firmware

quit

To write the image into the alternative image, enter:

mtd write GIG-15.00.38.image altimage

Note: this is an example, substitute the correct file name.

To set the next image to boot to the alternative image, enter:

vacmd set next image altimage

For your configuration changes to apply, you must reboot your router. Enter:

reboot

_____________________________________________________________________________________________________ © Virtual Access 2016 GW6600 Series and GW6600V Series User Manual Issue: 1.5 Page 53 of 384

Page 54

_______________________________________________________________________________________________________

9 Router file structure

This section describes the file structure and location of essential directories and files on Virtual Access routers.

Throughout this document, we use information tables to show the different ways to configure the router using the router’s web and command line (CLI).

When showing examples of the command line interface we use the host name ‘VA_router’ to indicate the system prompt. For example, the table below displays what the user should see when entering the command to show the current configura tion in use on the router:

root@VA_router:~# va_config.sh

9.1 System information

General information about software and configuration used by the router is displaye d on the Status page. To view the running configuration file status on the web interface, in the top menu, select Status -> Overview. This page also appears immediately after you have logged in.

9: Router file structure

Figure 24: The status page

System information is also available from the CLI if you enter the following command:

root@VA_router:~# va_vars.sh

_____________________________________________________________________________________________________ © Virtual Access 2016 GW6600 Series and GW6600V Series User Manual Issue: 1.5 Page 54 of 384

Page 55

_______________________________________________________________________________________________________

The example below shows the output from the above command.

VA_SERIAL: 00E0C8121215 VA_MODEL: GW0000 VA_ACTIVEIMAGE: image2 VA_ACTIVECONFIG: config1 VA_IMAGE1VER: VIE-16.00.44 VA_IMAGE2VER: VIE-16.00.44

9.2 Image files

The system allows for two firmware image files:

• image1, and

• image2

Two firmware images are supported to enable the system to rollback to a previous firmware version if the upgrade of one image fails.

9: Router file structure

The image names (image1, image2) themselves are symbols that point to different partitions in the overall file system. A spe cial image name “altimage” exists which always points to the image that is not running.

The firmware upgrade system always downloads firmware to “altimage”.

9.3 Directory locations for UCI configuration files

Router configurations files are stored in folders on:

• /etc/factconf,

• /etc/config1, and

• /etc/config2

Multiple configuration files exist in e ach folder. Each configuration file conta ins configuration parameters for different areas of functionality in the system.

A symbolic link exists at /etc/config, which always points to one of factconf, config1 or config2 is the active configuration file.

Files that appear to be in /etc/config are actually in /etc /factconf|config1|config2 depending on which configuration is active .

If /etc/config is missing on start-up, for example on first boot, the links and directories are created with configuration files copied from /rom/etc/config/.

At any given time, only one of the configurations is the active configuration. The UCI system tool (Unified Configuration Interface) only acts upon the currently active configuration.

_____________________________________________________________________________________________________ © Virtual Access 2016 GW6600 Series and GW6600V Series User Manual Issue: 1.5 Page 55 of 384

Page 56

_______________________________________________________________________________________________________

Command

Target

Description

evaluate configuration file s as shell s cr ip ts .

option.

configuration in compressed notation.

of the given section.

value.

9.4 Viewing and changing current configura tion

To show the configuration currently running, enter:

root@VA_router:~# va_config.sh

To show the configuration to run after the next reboot, enter:

root@VA_router:~# va_config.sh next

To set the configuration to run after the next reboot, enter:

root@VA_router:~# va_config.sh -s [factconf|config1|config2|altconfig]

9.5 Configuration file syntax

The configuration files consist of sections – or packages - that contain one or more config statements. These optional statements define actual values.

9: Router file structure

Below is an example of a simple configuration file .

package 'example' config 'example' 'test' option 'string' 'some value' option 'boolean' '1' list 'collection' 'first item' list 'collection' 'second item'

The config 'example' 'test' statement defines the start of a section with the type example and the name test.

export [<config>] Exports the configuration in a machine

readable format. It is used internally to

import [<config>] Imports configuration files in UCI sy ntax. add <config> <section-type> Adds an anonymous section of type-section

type to the given configuration.

add_list <config>.<section>.<option>=<string> Adds the given string to an existing list

show [<config>[.<section>[.<option>]]] Shows the given option, section or

get <config>.<section>[.<option>] Gets the value of the given option or the type

Set <config>.<section>[.<option>]=<value> Sets the v alue of the give n option, o r add s a

delete <config>[.<section[.<option>]] Deletes the given section or option.

Table 1: Common commands, target and their descriptions

_____________________________________________________________________________________________________ © Virtual Access 2016 GW6600 Series and GW6600V Series User Manual Issue: 1.5 Page 56 of 384

new section with the type set to the given

Page 57

_______________________________________________________________________________________________________

9: Router file structure

9.6 Managing con figurations

9.6.1 Managing sets of configuration files using directory manipulation

Configurations can also be managed using directory manipulation. To remove the contents of the current folder, enter:

root@VA_router:/etc/config1# rm –f *

Warning: the above command makes irreversible changes.

To remove the contents of a specific folder regardless of the current folder (config2), enter:

root@VA_router:/ # rm –f /etc/config1/*

Warning: the above command makes irreversible changes.

To copy the contents of one folder into another (config2 into config1), enter:

root@VA_router:/etc/config1# cp /etc/config2/* /etc/config1

9.7 Exporting a configuration file

9.7.1 Exporting a configuration file using the web interface

The current running configuration file may be exported using the web interface. In the top menu, select Syste m > Backup/Flash Firmware. The Flash operations

page appears.

_____________________________________________________________________________________________________ © Virtual Access 2016 GW6600 Series and GW6600V Series User Manual Issue: 1.5 Page 57 of 384

Page 58

_______________________________________________________________________________________________________

9: Router file structure

Figure 25: The flash operations page

In the Backup/Restore section, select Generate Archive.

9.7.2 Exporting a configuration file using UCI

You can view any configuration file segment using UCI. To export the running configuration file, enter:

root@VA_router:~# uci export

To export the factory configuration file, enter:

root@VA_router:~# uci –c /etc/factconf/ export

To export config1 or config2 configuration file, enter:

root@VA_router:~# uci –c /etc/config1/ export root@VA_router:~# uci –c /etc/config2/ export

_____________________________________________________________________________________________________ © Virtual Access 2016 GW6600 Series and GW6600V Series User Manual Issue: 1.5 Page 58 of 384

Page 59

_______________________________________________________________________________________________________

9.8 Importing a co n figuration file

9.8.1 Importing a configuration file using the web interface

You can import a configuration file to the alternate conf iguration segment using the web interface. This will automatically reboot the ro uter into this configuration file.

In the top menu, select Syste m > Backup/Flash Firmware. The Flash operations page appears.

9: Router file structure

Figure 26: The flash operations page

Under Backup/Restore, choose Restore Backup: Choose file . Select the appropriate file and then click Upload archive.

Figure 27: The system – restoring…page

When the ‘waiting for router’ icon disappears, the upgrade is complete, and the login homepage appears.

_____________________________________________________________________________________________________ © Virtual Access 2016 GW6600 Series and GW6600V Series User Manual Issue: 1.5 Page 59 of 384

Page 60

_______________________________________________________________________________________________________

9.8.2 Importing a configuration file using uci

You can import a configuration file to any file segment using UCI. To import to config1, enter:

root@VA_router:~# uci –c /etc/config1/ import <paste in config file> <CTRL-D>

Note: it is very important that the config file is in the correct format otherwise it will not import correctly.

9: Router file structure

_____________________________________________________________________________________________________ © Virtual Access 2016 GW6600 Series and GW6600V Series User Manual Issue: 1.5 Page 60 of 384

Page 61

_______________________________________________________________________________________________________

10 Using the Command Line Interface

This chapter expla ins how to view Virtual Access routers' log files and edit configu ration files using a Command Line Interface (CLI) and the Unified Configuration Interface (UCI) system.

10.1 Overview of some common commands

Virtual Access routers’ system has an SSH server typically running on port 22. The factconf default password for the root user is admin. To change the factconf default password, enter:

root@VA_router:/# uci set system.main.password=”******” root@VA_router:/# uci commit system

To reboot the system, enter:

10: Using the Command Line Interface

root@VA_router:/# reboot

The system provides a Unix-like command line. Common Unix commands are available such as ls, cd, cat, top, grep, tail, head, more and less.

Typical pipe and redirect operators are also available, such as: >, >>, <, | The system log can be viewed using any of the following commands:

root@VA_router:/# logread

root@VA_router:/# logread | tail

root@VA_router:/# logread –f

These commands will sho w the full log, end of the log (tail) and continuously (-f). Enter Ctrl-C to stop the continuous output from logread -f.

To view and edit configuration files, the system uses the Unified Configuration I nt erface (UCI) which is described further on in this chapter. This is the preferred method of editing configuration files. However, you can also view and edit these files using some of the standard Unix tools.

For example, to view a text or configuration file in the system, enter:

root@VA_router:/# cat /etc/passwd

_____________________________________________________________________________________________________ © Virtual Access 2016 GW6600 Series and GW6600V Series User Manual Issue: 1.5 Page 61 of 384

Page 62

_______________________________________________________________________________________________________

10: Using the Command Line Interface

The command output information shows the following, or similar output.

root:x:0:0:root:/root:/bin/ash daemon:*:1:1:daemon:/var:/bin/false ftp:*:55:55:ftp:/home/ftp:/bin/false sftp:*:56:56:sftp:/var:/usr/lib/sftp-server network:*:101:101:network:/var:/bin/false nobody:*:65534:65534:nobody:/var:/bin/false

To view files in the current folder, enter:

root@VA_router:/# ls

bin etc lib opt sbin usr bkrepos home linuxrc proc sys var dev init mnt root tmp www

For more details add the -l argument:

root@VA_router:/# ls -l

drwxrwxr-x 2 root root 642 Jul 16 2012 bin drwxr-xr-x 5 root root 1020 Jul 4 01:27 dev drwxrwxr-x 1 root root 0 Jul 3 18:41 etc drwxr-xr-x 1 root root 0 Jul 9 2012 lib drwxr-xr-x 2 root root 3 Jul 16 2012 mnt drwxr-xr-x 7 root root 0 Jan 1 1970 overlay dr-xr-xr-x 58 root root 0 Jan 1 1970 proc drwxr-xr-x 16 root root 223 Jul 16 2012 rom drwxr-xr-x 1 root root 0 Jul 3 22:53 root drwxrwxr-x 2 root root 612 Jul 16 2012 sbin drwxr-xr-x 11 root root 0 Jan 1 1970 sys drwxrwxrwt 10 root root 300 Jul 4 01:27 tmp drwxr-xr-x 1 root root 0 Jul 3 11:37 usr lrwxrwxrwx 1 root root 4 Jul 16 2012 var -> /tmp drwxr-xr-x 4 root root 67 Jul 16 2012 www

_____________________________________________________________________________________________________ © Virtual Access 2016 GW6600 Series and GW6600V Series User Manual Issue: 1.5 Page 62 of 384

Page 63

_______________________________________________________________________________________________________

10: Using the Command Line Interface

To change the current folder, enter cd followed by the desired path:

root@VA_router:/# cd /etc/config1 root@VA_router:/etc/config1#

Note: if the specified directory is actually a link to a directory, the real directory will be shown in the prompt.

To view scheduled jobs, enter:

root@VA_router:/# crontab –l

0 * * * * slaupload 00FF5FF92752 TFTP 1 172.16.250.100 69

To view currently running processes, enter:

root@VA_router:/# ps

PID Uid VmSize Stat Command 1 root 356 S init 2 root DW [keventd] 3 root RWN [ksoftirqd_CPU0] 4 root SW [kswapd] 5 root SW [bdflush] 6 root SW [kupdated] 8 root SW [mtdblockd] 89 root 344 S logger -s -p 6 -t 92 root 356 S init 93 root 348 S syslogd -C 16 94 root 300 S klogd 424 root 320 S wifi up

549 root 364 S httpd -p 80 -h /www -r VA_router 563 root 336 S crond -c /etc/crontabs

6712 root 392 S /usr/sbin/dropbear 6824 root 588 S /usr/sbin/dropbear 7296 root 444 S -ash 374 root 344 R ps ax 375 root 400 S /bin/sh /sbin/hotplug button 384 root 396 R /bin/sh /sbin/hotplug button 385 root RW [keventd]

_____________________________________________________________________________________________________ © Virtual Access 2016 GW6600 Series and GW6600V Series User Manual Issue: 1.5 Page 63 of 384

Page 64

_______________________________________________________________________________________________________

To search for a process, enter: pgrep -fl '<process name or part of name>':

root@VA_router:/# pgrep -fl ‘wifi’

424 root 320 S wifi up

To kill a process, enter the PID:

root@VA_router:~# kill 424

10.2 Using Unified Configuration Interface (UCI)

The system uses Unified Configuration Interface (UCI) for centra l configuration management. Most common and useful configuration settings can be accessed and configured using the UCI system.

UCI consists of a Command Line Utility (CLI), the files containing the actual configuration data, and scripts that take the configuration data and a pp ly it to the proper parts of the system, such as the networking interfaces. Entering the command 'uci' on its own will display the list of valid arguments for the command and their format.

10: Using the Command Line Interface

root@VA_router:/lib/config# uci

Usage: uci [<options>] <command> [<arguments>]

Commands: export [<config>] import [<config>] changes [<config>] commit [<config>] add <config> <section-type> add_list <config>.<section>.<option>=<string> show [<config>[.<section>[.<option>]]] get <config>.<section>[.<option>] set <config>.<section>[.<option>]=<value> delete <config>[.<section[.<option>]] rename <config>.<section>[.<option>]=<name> revert <config>[.<section>[.<option>]] Options:

-c <path> set the search path for config files (default: /etc/config)

-d <str> set the delimiter for list values in uci show

-f <file> use <file> as input instead of stdin

-m when importing, merge data into an existing package

_____________________________________________________________________________________________________ © Virtual Access 2016 GW6600 Series and GW6600V Series User Manual Issue: 1.5 Page 64 of 384

Page 65

_______________________________________________________________________________________________________

Command

Target

Description

programs working directly with UCI files .

file or if none given, all configuration files.

type to the given configuration.

delete

<config>[.<section[.<option>]]

Deletes the given section or option.

given name.

section or configuration file.

10: Using the Command Line Interface

-n name unnamed sections on export (default)

-N don't name unnamed sections

-p <path> add a search path for config change files

-P <path> add a search path for config change files and use as default

-q quiet mode (don't print error messages)

-s force strict mode (stop on parser errors, default)

-S disable strict mode

-X do not use extended syntax on 'show'

The table below describes commands for the UCI command line and some further examples of how to use this utility.

Writes changes of the given configuration file, or if none is given, all configuration files, to the filesystem. All "uci set", "uci add", "uc i rename" and "uci delete" commands are

commit [<config>]

staged into a temporary location and written to flash at once with "uci commit". This is not needed after editing configuration files with a text editor, but for scripts, GUIs and other

export [<config>]

import [<config>] Imports configuration files in UCI syntax.

changes [<config>]

add <config> <section-type>

add_list <config>.<section>.<option>=<string> Adds the given string to an existing list option.

show [<config>[.<section>[.<option>]]]

get <config>.<section>[.<option>]

set <config>.<section>[.<option>]=<value>

rename <config>.<section>[.<option>]=<name>

revert <config>[.<section>[.<option>]]

Exports the configuration in a UCI syntax and does validation.

Lists staged changes to the given configuration

Adds an anonymous section of type section-

Shows the given option, section or configuration in compressed notation.

Gets the value of the given option or the type of the given section.

Sets the value of the given option, or add a new section with the type set to the given value.

Renames the given option or section to the

Deletes staged changes to the given option,

Table 17: Common commands, target and their descriptions

Note: all operations do not act directly on the configuration files. A commit command is required after you have finished your configuration.

root@VA_router:~# uci commit

_____________________________________________________________________________________________________ © Virtual Access 2016 GW6600 Series and GW6600V Series User Manual Issue: 1.5 Page 65 of 384

Page 66

_______________________________________________________________________________________________________

10.2.1 Using uci commit to avoid router reboot

After changing the port, uhttpd listens on from 80 to 8080 in the file /etc/config/uhttpd; save it, then enter:

root@VA_router:~# uci commit uhttpd

Then enter:

root@VA_router:~# /etc/init.d/uhttpd restart

For this example, the router does not need to reboot as the changes take effect when the specified process is restarted.

10.2.2 Export a configuration

Using the uci export command it is possible to view the entire configuration of the router or a specific package. Using this method to view configurations does not show comments that are present in the configuration file:

10: Using the Command Line Interface

root@VA_router:~# uci export httpd

package 'httpd' config 'httpd' option 'port' '80' option 'home' '/www'

10.2.3 Show a configuration tree

The configuration tree format displays the full path to each option. This path can then be used to edit a specific option using the uci set command.

To show the configuration ‘tree’ for a given config, enter:

root@VA_router:/# uci show network

network.loopback=interface network.loopback.ifname=lo network.loopback.proto=static network.loopback.ipaddr=127.0.0.1 network.loopback.netmask=255.0.0.0 network.lan=interface network.lan.ifname=eth0 network.lan.proto=dhcp network.wan=interface network.wan.username=foo

_____________________________________________________________________________________________________ © Virtual Access 2016 GW6600 Series and GW6600V Series User Manual Issue: 1.5 Page 66 of 384

Page 67

_______________________________________________________________________________________________________

10: Using the Command Line Interface

network.wan.password=bar network.wan.proto=3g network.wan.device=/dev/ttyACM0 network.wan.service=umts network.wan.auto=0 network.wan.apn=arkessa.com network.@va_switch[0]=va_switch network.@va_switch[0].eth0=A B C network.@va_switch[0].eth1=D

It is also possible to display a limited subset of a configuration:

root@VA_router:/# uci show network.wan network.wan=interface network.wan.username=foo network.wan.password=bar network.wan.proto=3g network.wan.device=/dev/ttyACM0 network.wan.service=umts network.wan.auto=0 network.wan.apn=hs.vodafone.ie

10.2.4 Display just the value of an option

To display a specific value of an individual option within a package, enter:

root@VA_router:~# uci get httpd.@httpd[0].port 80 root@VA_router:~#

10.2.5 High level image commands

To show the image running currently, enter:

root@VA_router:~# vacmd show current image

To set the image to run on next reboot, enter:

root@VA_router:~# vacmd set next image [image1|image2|altimage] root@VA_router:~# reboot

_____________________________________________________________________________________________________ © Virtual Access 2016 GW6600 Series and GW6600V Series User Manual Issue: 1.5 Page 67 of 384

Page 68

_______________________________________________________________________________________________________

10.2.6 Format of multiple rules

When there are multiple rules next to each other, UCI uses array-like references for them. For example, if there are 8 NTP servers, UCI will let you reference their sections as timeserver.@timeserver[0] for the first section; or timeserver.@timeserver[7] for the last section.

You can also use negative indexes, such as timeserver.@timeserver[-1] ‘-1’ means the last one, and ‘-2’ means the second -to-last one. This is use ful when appending new rules to the end of a list.

root@VA_router:/# uci show va_eventd va_eventd.main=va_eventd va_eventd.main.enabled=yes va_eventd.main.event_queue_file=/tmp/event_buffer va_eventd.main.event_queue_size=128K va_eventd.@conn_tester[0]=conn_tester

10: Using the Command Line Interface

va_eventd.@conn_tester[0].name=Pinger va_eventd.@conn_tester[0].enabled=yes va_eventd.@conn_tester[0].type=ping va_eventd.@conn_tester[0].ping_dest_addr=192.168.250.100 va_eventd.@conn_tester[0].ping_success_duration_sec=5 va_eventd.@target[0]=target va_eventd.@target[0].name=MonitorSyslog va_eventd.@target[0].enabled=yes va_eventd.@target[0].type=syslog va_eventd.@target[0].target_addr=192.168.250.100 va_eventd.@target[0].conn_tester=Pinger va_eventd.@target[0].suppress_duplicate_forwardings=no va_eventd.@forwarding[0]=forwarding va_eventd.@forwarding[0].enabled=yes va_eventd.@forwarding[0].className=ethernet va_eventd.@forwarding[0].target=MonitorSyslog va_eventd.@forwarding[1]=forwarding va_eventd.@forwarding[1].enabled=yes va_eventd.@forwarding[1].className=auth va_eventd.@forwarding[1].target=MonitorSyslog va_eventd.@forwarding[2]=forwarding va_eventd.@forwarding[2].enabled=yes va_eventd.@forwarding[2].className=adsl

_____________________________________________________________________________________________________ © Virtual Access 2016 GW6600 Series and GW6600V Series User Manual Issue: 1.5 Page 68 of 384

Page 69

_______________________________________________________________________________________________________

File

Description

Management

/etc/config/monitor

Monitor details

/etc/config/dhcp

Dnsmasq configuration and DHCP setting s

/etc/config/system

Misc. system settings including sys l og

Other

/etc/config/uhttpd

Web server options (uHTTPd)

/etc/config/strongswan

IPSec settings

va_eventd.@forwarding[2].target=MonitorSyslog va_eventd.@forwarding[3]=forwarding va_eventd.@forwarding[3].enabled=yes va_eventd.@forwarding[3].className=ppp va_eventd.@forwarding[3].target=MonitorSyslog

10.3 Configuration files

The table below lists common package configuration files that ca n be edited using uci commands. Other configuration files may also be present depending on the specific options available on the Virtual Access router.

/etc/config/autoload Boot up Activation behaviour (typically used in factconf) /etc/config/httpclient Activato r add res ses a nd url s

10: Using the Command Line Interface

Basic /etc/config/dropbear SSH server options

/etc/config/firewall NAT, packet filter, port forwarding, etc. /etc/config/network Switch, inte rface, L2TP and route configuration

/etc/config/snmpd SNMPd settings

10.4 Configuration file syntax

The configuration files usually consist of one or more config statements, so-called sections with one or more option statements defining the actual values.

Below is an example of a simple configuration file .

package 'example' config 'example' 'test' option 'string' 'some value' option 'boolean' '1' list 'collection' 'first item' list 'collection' 'second item'

The config 'example' 'test' statement defines the start of a section with the type example and the name test. There can also be so-called anonymous sections with only a type, but no name identifier. The type is important for the processing programs to decide how to treat the enclosed options.

_____________________________________________________________________________________________________ © Virtual Access 2016 GW6600 Series and GW6600V Series User Manual Issue: 1.5 Page 69 of 384

Page 70

_______________________________________________________________________________________________________

10: Using the Command Line Interface

The option 'string' 'some value' and option 'boolean' '1' lines define simple values within the section.

Note: there are no syntactical differences between text and boolean options. Per convention, boolean options may have one of the values '0', 'no', 'off' or 'false' to specify a false value or '1' , 'yes', 'on' or 'true' to specify a true value.

In the lines starting with a list keyword, an option with multiple values is defined. All list statements that share the same name collect ion in o ur example will be combined into a single list of values with the same order as in the configuration file.

The indentation of the option and list stateme nts is a conv ention to improve the readability of the configuration file but it is not syntactically required.

Usually you do not need to enclose identifier s or values in quotes. Quotes are only required if the enclosed value contains spaces or tabs. Also it is legal to use doublequotes instead of single-quotes when typing configuration options.

All of the examples below are valid syntax.

option example value option 'example' value option example "value" option "example" 'value' option 'example' "value"

In contrast, the following examples are not valid syntax.

option 'example" "value'

Quotes are unbalanced.

option example some value with space

Missing quotes around the value. It is important to note that identifiers and config file names may only contain the

characters a-z, A-Z, 0-9 and _. However, option values ma y contain any charact er, as long they are properly quoted.

_____________________________________________________________________________________________________ © Virtual Access 2016 GW6600 Series and GW6600V Series User Manual Issue: 1.5 Page 70 of 384

Page 71

_______________________________________________________________________________________________________

Package

Sections

autoload

main

httpclient

default

management_users

user

11 Management c onfig urati on se tting s

This chapter contains the configuration sections a nd parameters required to manage and monitor your device using Activator and Monitor.

11.1 Activator

Activator is a Virtual Access proprietary provisioning system, where specific router configurations and firmware can be stored to allow central management and provisioning. Activator has two distinct roles in provisioning firmware and configuration files to a router.

• Zero touch activation of firmware and configuration files on router boot up o In this scenario the router will initiate the requesting of firmware and

configuration files on boot and is generally used for router installation. The router will be installed with a factory config that will a l low it to contact Activator. The autoload feature controls the behaviour of the router in requesting firmware and configuration files; this includes when to start the Activation process and the specific files requested. The HTTP Client (uhttpd) contains information about the Activator server and the protocol used for activation.

11: Management configuration settings

• Deployment of firmware to routers after installation

o In this scenario, Activator will initiate the process. This process, known as

Active Update, allows for central automatic deplo yment of firmware and configuration files. It is used when configuration or firmware changes need to be pushed to live routers.

11.2 Monitor

Monitor is a Virtual Access proprietary tool, based on SNMP protocol, to monitor wide networks of deployed routers. The router will be configured to send information to Monitor, which is then stored and viewed centrally via the Monitor application. This includes features such as traffic light availabi li ty status, syslog and SLA monitoring.

11.3 Configuration packages used

_____________________________________________________________________________________________________ © Virtual Access 2016 GW6600 Series and GW6600V Series User Manual Issue: 1.5 Page 71 of 384

Page 72

_______________________________________________________________________________________________________

Package

Sections

autoload

main

11.4 Autoload: boot up activation

Autoload configurations specify how the device should behave with respect to activation when it boots up. Autoload entries contain information abo ut the specific files to be downloaded and the destination for the downloaded file. Standard autoload entry configurations to download are:

• A firmware file ($$.img)

• A configuration file ($$.ini)

• A .vas file ($$.vas). This file signals the end of the autolaod sequence to Activator

Activator identifies the device using the serial number of the router. $$ syntax is used to denote the serial number of the router when requesting a file. The requested files are written to the alternate image or config segment.

You can change the settings either directly in the configuration file or via appropriate UCI set commands. It is normal procedure for autoload to be enabled in the router’s factory settings and disabled in running configurations (config 1 and 2).

Autoload may already have been set at factory config level. If you wish to enable autoload services, proceed through the following steps.

11: Management configuration settings

11.5 Autoload packa g es

11.5.1 Create a configuration file

In the top menu, select Services ->Autoload. The Autoload page has two sections: Basic Settings and Entries. Click Add to access configuration settings for each section.

_____________________________________________________________________________________________________ © Virtual Access 2016 GW6600 Series and GW6600V Series User Manual Issue: 1.5 Page 72 of 384

Page 73

_______________________________________________________________________________________________________

Web Field/UCI/Packag e Optio n

Description

Basic settings

Enabled.

Disabled.

10 Range

0-300 secs

30 Range

0-300 secs

5 Range

Range

11: Management configuration settings

Figure 28: The autoload settings page

Web: Enabled UCI: autoload.main.enabled Opt: Enabled

Web: Start Timer UCI: autoload.main.StartTimer Opt: StartTimer

Web: Retry Timer UCI: autoload.main.Retry Timer Opt: RetryTimer

Web: N/A UCI: autoload.main.NumberOfR e tries Opt: Numberofretries

Web: N/A UCI: autoload.main.BackoffTimer Opt: Backofftimer

Enables activation at system boot.

Defines how long to wait after the boot up completes before starting activation.

Defines how many seconds to wait between retries if a download of a particular autoload entry fails.

Defines how many retries to attempt before failing the overall activation sequence, backing off and tryi ng the whole a c tivatio n sequence again.

Defines how many minutes to back off for if a download and all retires fail. After the backoff period, the entire autoload sequence will start again.

_____________________________________________________________________________________________________ © Virtual Access 2016 GW6600 Series and GW6600V Series User Manual Issue: 1.5 Page 73 of 384

Page 74

_______________________________________________________________________________________________________

Altconfig

Alternative configuration

Config1

Configuration 1

Config2

Configuration 2

Factconf

Factory configuration

Altimage

Alternative image

Image 1

image 1

Image 2

image 2

Entries

Enabled.

Disabled.

$$.vas

Notifies activator sequence is comple te .

$$ ini

Request configuration

$$ img

Request firmware

Note: $$.vas should always be requested last.

11: Management configuration settings

Web: Boot Using Config UCI: autoload.main.BootUs ingC o nfig Opt: BootUsingConfig

Web: Boot Using Image UCI: autoload.main.BootUs ingImage Opt: BootUsingImage

Web: Configured UCI: autoload.@entry[x].Configured Opt: Configured

Web: Segment Name UCI: autoload.@entry[x].Se gme ntNa me Opt: SegmentName

Web: RemoteFilename UCI: autoload.@entry[x].Re mote Filename Opt: RemoteFilename

Specifies which configuration to boot up with after the activation sequence.

Specifies which image to boot up with after the activa tio n sequence completes successfully.

Enables the autoload sequence to process this entry .

Typically only altconfig and altimage are used .

Defines the name of the file to be downloaded from Activator .

Table 18: Information table for autoload

_____________________________________________________________________________________________________ © Virtual Access 2016 GW6600 Series and GW6600V Series User Manual Issue: 1.5 Page 74 of 384

Page 75

_______________________________________________________________________________________________________

11.6 Autoload using UCI

root@VA_router:/# uci show autoload autoload.main=core autoload.main.Enabled=yes autoload.main.StartTimer=10 autoload.main.RetryTimer=30 autoload.main.NumberOfRetries=5 autoload.main.BackoffTimer=15 autoload.main.BootUsingConfig=altconfig autoload.main.BootUsingImage=altimage autoload.@entry[0]=entry autoload.@entry[0].Configured=yes autoload.@entry[0].SegmentName=altconfig

11: Management configuration settings

autoload.@entry[0].RemoteFilename=$$.ini autoload.@entry[1]=entry autoload.@entry[1].Configured=yes autoload.@entry[1].SegmentName=altimage autoload.@entry[1].RemoteFilename=$$.img autoload.@entry[2]=entry autoload.@entry[2].Configured=yes autoload.@entry[2].SegmentName=config1 autoload.@entry[2].RemoteFilename=$$.vas Autoload using package options root@VA_router:/# uci export autoload package 'autoload'

config 'core' 'main' option 'Enabled' "yes" option 'StartTimer' "10" option 'RetryTimer' "30" option 'NumberOfRetries' "5" option 'BackoffTimer' "15" option 'BootUsingConfig' "altconfig" option 'BootUsingImage' "altimage"

config 'entry'

_____________________________________________________________________________________________________ © Virtual Access 2016 GW6600 Series and GW6600V Series User Manual Issue: 1.5 Page 75 of 384

Page 76

_______________________________________________________________________________________________________

Package

Sections

Httpclient

default

11: Management configuration settings

option 'Configured' "yes" option 'SegmentName' "altconfig" option 'RemoteFilename' "\$\$.ini"

config 'entry' option 'Configured' "yes" option 'SegmentName' "altimage" option 'RemoteFilename' "\$\$.img"

config 'entry' option 'Configured' "yes" option 'SegmentName' "config1" option 'RemoteFilename' "\$\$.vas"

11.7 HTTP Client: configuring activation us ing the web interface

This section contains the settings for the HTTP Client used during activation and active updates of the device.

The httpclient core section configures the basic functionality of the module used for retrieving files from Activator during the activation process.

11.7.1 HTTP Client configuraton packages

11.7.2 Web configuration

To configure HTTP Client for Activator, in the top menu, c lick Services -> HTTP Client. The HTTP Client page has two sections: Basic Settings and Advanced Settings.

_____________________________________________________________________________________________________ © Virtual Access 2016 GW6600 Series and GW6600V Series User Manual Issue: 1.5 Page 76 of 384

Page 77

_______________________________________________________________________________________________________

Web Field/UCI/Packag e Optio n

Description

Basic settings

Enabled.

Disabled.

UCI.

using UCI.

Enabled.

Disabled.

Advanced settings

ss/Httpserver.asp

Range

11: Management configuration settings

Figure 29: The HTTP client page

Web: Enabled UCI: httpclient.default.ena b led Opt: Enabled

Web: Server IP Address UCI: httpclient.default.F ile s erve r Opt: list Fileserver

Web: Secure Server IP Address UCI: httpclient.default.Se cureFileServer Opt: ListSecureFileServer

Web: Secure Download UCI: httpclient.default.Se cureDownload Opt: SecureDownload

Web: ActivatorDownloadPath UCI:

httpclient.default.ActivatorDownloadPath Opt: ActivatorDownloadPa th

Enables the HTTP client.

Specifies the address of Activator that us es http por t 80. This can be an IP address or FQDN. The syntax should be x.x.x.x:80 or FQDN:80. Multiple servers should be sep ara te d by a space using

Specifies the address of Secure Activator that use s por t 443. This can be an IP address or FQDN. The syntax should be x.x.x.x:443 or FQDN:443. Multiple servers should be separate d by a space

Enables Secure Download (port 443).

Specifies the URL on Activator to which the client should se nd requests.

/Activator/Sessionle

_____________________________________________________________________________________________________ © Virtual Access 2016 GW6600 Series and GW6600V Series User Manual Issue: 1.5 Page 77 of 384

Page 78

_______________________________________________________________________________________________________

Opt: ValidateServerCertif ic a teEnabl e d

Enabled.

Disabled.

Enabled.

Disabled.

PEM DER

/etc/httpclient.crt

Range

/etc/httpclient.key

Range

Enabled.

Disabled.

chunky image download.

100k

100K Bytes

1-infinite

Available values

None

By default there is no limit

1-infinite

Available values in kbps

11: Management configuration settings

Web: Check Server Certificate UCI:

httpclient.default.ValidateServerCertificate Enabled

Web: Present Client Certificate to Server UCI: httpclient.default.

PresentCertificateEnabled Opt: PresentCertificateEna b led

Web: CertificateFile Format UCI: httpclient.default.C e r tificateFormat Opt: CertificateFormat

Web: Certificate File Path UCI: httpclient.default.C e r tificateFile Opt: CertificateFile

Web: Certificate Key File Path UCI: httpclient.default.C e r tificateKey Opt: CertificateKey

Web: N/A UCI: ValidateServerCertificateFieldEnabled Opt: ValidateServerCertif ic a te

Web: N/A UCI:

httpclient.default.ActivatorChunkyDownlo adPath

Opt: ActivatorChunkyDownloadPath

Checks for the certificates presence a nd validity.

Specifies if the client presents its cer tificate to the server to identify itself.

Specifies the value the client expects to see in the specified field in the server certificate.

Defines the directory/location of the certificate .

Specifies the directory/loca tion of the certif ic a te key.

Defines the field in the server certific ate that the c lie nt s hould check.

Enables partial download activations and active updates. The default value is httpclient.default.ActivatorChunkyDownloadPath=/activator/parti

al/download The url (on activator) to which the client should s e nd requests fo r

Web: N/A

Specifies the size of each packet payloa d UCI: httpclient.default.ChunkSize Opt: ChunkSize

Web: N/A UCI: httpclient.default.RateLimit

Throtle activation/activ e update s tr affic received by device to

specified limit Opt: RateLimit

Table 19: Information table for HTTP client

11.8 Httpclient: A ctivator configuration using UCI

root@VA_router:~# uci show httpclient httpclient.default=core httpclient.default.Enabled=yes httpclient.default.FileServer=10.1.83.36:80 10.1.83.37:80 httpclient.default.SecureFileServer=10.1.83.36:443 10.1.83.37:443 httpclient.default.ActivatorDownloadPath=/Activator/Sessionless/Httpserver.

asp httpclient.default.SecureDownload=no httpclient.default.PresentCertificateEnabled=no

_____________________________________________________________________________________________________ © Virtual Access 2016 GW6600 Series and GW6600V Series User Manual Issue: 1.5 Page 78 of 384

Page 79

_______________________________________________________________________________________________________

Package

Sections

management_users

users

11: Management configuration settings

httpclient.default.ValidateServerCertificateEnabled=no httpclient.default.CertificateFile=/etc/httpclient.crt httpclient.default.CertificateFormat=PEM httpclient.default.CertificateKey=/etc/httpclient.key httpclient.default.ActivatorChunkyDownloadPath=/activator/partial/download httpclient.default.ChunkSize=100k httpclient.default.RateLimit=2 Httpclient: Activator configuration package options example root@VA_router:~# uci export httpclient package httpclient

config core 'default' option Enabled 'yes' listFileServer '1.1.1.1:80' listFileServer '1.1.1.2:80' listSecureFileServer '1.1.1.1:443' listSecureFileServer '1.1.1.2:443' optionActivatorDownloadPath '/Activator/Sessionless/Httpserver.asp' optionSecureDownload 'no' optionPresentCertificateEnabled 'no' optionValidateServerCertificateEnabled 'no' optionCertificateFile '/etc/httpclient.crt' optionCertificateFormat 'PEM' optionCertificateKey '/etc/httpclient.key' option ActivatorChunkyDownloadPath '/activator/partial/download' option ChunkSize '100k' option RateLimit '2'

11.9 User management using UCI

User management is not currently available using the web interface. You can configure the feature using UCI or Activator.

11.9.1 User management packages

_____________________________________________________________________________________________________ © Virtual Access 2016 GW6600 Series and GW6600V Series User Manual Issue: 1.5 Page 79 of 384

Page 80

_______________________________________________________________________________________________________

Web Field/UCI/Packag e Optio n

Description

General settings

Disabled.

Enabled.

Opt: username

displayed using the srphash option

Disabled.

Enabled.

Disabled.

Enabled.

Disabled.

Enabled.

Disabled.

Enabled.

Disabled.

Enabled.

Opt: linuxuser

Disabled.

Enabled.

Opt: list allowed_pages

11.9.2 Configuring user management

You can create different users on the system by defining them in the user management configuration file. This gives users access to different services.

11: Management configuration settings

Web: n/a UCI: management_users.@user [x ].e nabled Opt: enable

Web: n/a UCI: management_users.@user [x ].us e rname

Web: n/a UCI: management_users.@user [x ].password Opt: password

Web: n/a UCI: management_users.@user [x ].w eb us er Opt: webuser

Web: n/a UCI: management_users.@user [x ].c ha p us er Opt: chapuser

Web: n/a UCI: management_users.@user[x].papuser Opt: papuser

Web: n/a UCI: management_users.@user [x ].s rp us er Opt: srpuser

Web: n/a UCI: management_users.@user [x ].s m s user Opt: smsuser

Web: n/a UCI: linuxuser

Enables/creates the user.

Specifies the user’s username.

Specifies the user’s password. When enter ing the user password enter in plain text using the password option. After reboot the password is displayed encrypte d v ia the CLI using the hashpassword option.

UCI: management_users.@user [x ].hashpassword Opt: hashpassword. Note: a SRP user password will be

Specifies web access permissions for the user. Note: webuser will only work if linuxuser is set to Enabled .

Specifies CHAP access permissions for the PPP connection. Note: chapuser will only work if linux user is set to Enabled .

Specifies PAP access permissions for the PPP co nnection.

Specifies SRP access permissions for the PPP co nnectio n.

Specifies SMS access permissions for the user.

Specifies linuxuser access permissions for the user.

Web: n/a UCI: List allowed_pages

Note:

• webuser will only work if linuxuser is set to yes

• chapuser will only work if linuxuser is set to no

When a new user is created on the system and given web access, you will no longer be able to login to the router web interface with the default root user details. The user must use their new user login details.

_____________________________________________________________________________________________________ © Virtual Access 2016 GW6600 Series and GW6600V Series User Manual Issue: 1.5 Page 80 of 384

Specifies which pages the user can view. Multiple p ages should be entered using a space to separate if using UCI.

Table 20: Information table for config user commands

Page 81

_______________________________________________________________________________________________________

11: Management configuration settings

11.10 Configuring the management user password using UCI

The user password is displayed encrypted via the CLI using the hashpassword option.

root@VA_router:~# uci show management_users management_users.@user[0].username=test management_users.@user[0].hashpassword=$1$XVzDHHPQ$SKK4geFonctihuffMjS4U0

If you are changing the password via the UCI, enter the new passwor d in plain te xt using the password option.

root@VA_router:~# uci set management_users.@user[0].username=newpassword root@VA_router:~# uci commit

The new password will take effect after reboot and will now be displayed in encrypted format through the hashpassword option.

11.11 Configuring management user password using package options

The root password is displayed encrypted via CLI using the hashpassword option.

root@VA_router:~# uci export management_users package management_users

config user option hashpassword '$1$wRYYiJOz$EeHN.GQcxXhRgNPVbqxVw

If you are changing the password using UCI, enter the new password in plain text using the password option.

package management_users

config user option hashpassword '$1$wRYYiJOz$EeHN.GQcxXhRgNPVbqxVw option password ‘newpassword’

The new password will take effect after reboot and will now be displayed in encrypted format via the hashpassword option.

11.12 User management using UCI

root@VA_router:~# uci show management_users management_users.@user[0]=user management_users.@user[0].enabled=1

_____________________________________________________________________________________________________ © Virtual Access 2016 GW6600 Series and GW6600V Series User Manual Issue: 1.5 Page 81 of 384

Page 82

_______________________________________________________________________________________________________

11: Management configuration settings

management_users.@user[0].username=test management_users.@user[0].hashpassword=$1$XVzDHHPQ$SKK4geFonctihuffMjS4U0 management_users.@user[0].webuser=1 management_users.@user[0].linuxuser=1 management_users.@user[0].papuser=0 management_users.@user[0].chapuser=0 management_users.@user[0].srpuser=0 management_users.@user[0].smsuser=0 User management using package options root@VA_router:~# uci export management_users

package management_users config user option enabled ‘1’ option username ‘test’ option hashpassword ‘$1$XVzDHHPQ$SKK4geFonctihuffMjS4U0’ option webuser ‘1’ option linuxuser ‘1’ option papuser ‘0’ option chapuser ‘0’ option srpuser ‘0’ options smsuser ‘0’

11.13 Configuring user access to specific web pages

To specify particular pages a user can view, add the list allowed_pages. Examples are:

listallowed_pages '/admin/status'

The user can view admin status page only.

listallowed_pages 'admin/system/flashops'

The user can view flash operation page only. To specify monitor widgets only, enter:

listallowed_pages 'monitor/<widgetname>'

Example widget names are: dhcp, arp, 3gstats, interfaces, memory, multiwan, network, openvpn, routes, system, ipsec, dmvpn, tservd.

_____________________________________________________________________________________________________ © Virtual Access 2016 GW6600 Series and GW6600V Series User Manual Issue: 1.5 Page 82 of 384

Page 83

_______________________________________________________________________________________________________

12 Configuring an ADSL interface

12.1 ADSL connections

ADSL access services typically use the Asynchronous Transfer Mode (ATM) protocol to provide a low level communications path between the user's access equipment and the service provider head end. The headend may be a Broadband Access Server (BAS) that sits, logically, behind the ADSL central office Dig ital Subscriber Line Acc ess Multiplexer (DSLAM) and is connected using an ATM backbone. ATM is a high-speed switching technology where data is grouped into cells.

Connection between the user equipment and the BA S is t hen achieved using the Pointto-Point Protocol (PPP) running over the ATM connection path. PPP is a defined industry standard used widely to allow two devices to communicate across a logical link. It is extensively deployed by service providers as a mea n s of connecting customer s to Internet Protocol (IP)-based services, such as the Internet.

The method of running PPP between the user equipment and the BAS may be either directly over the ATM layer (PPPoA) or over an intermediate Ethernet layer (PPPoE).

12: Configuring an ADSL interface

12.2 ADSL connection options on your router

You can configure two main types of ADSL service on your router:

• ADSL routed PPPoA connection

• ADSL bridged connection

If you select the routed PPP service, you can run the PPP over ATM (PPPoA) or over Ethernet (PPPOE). The following diagrams illustrate the topology of these co nnections.

Figure 30: A routed ADSL connection o ver PPPoA

_____________________________________________________________________________________________________ © Virtual Access 2016 GW6600 Series and GW6600V Series User Manual Issue: 1.5 Page 83 of 384

Page 84

_______________________________________________________________________________________________________

Package

Sections

network

adsl

Section

Description

interfaces here.

port map fields.

into the provider network.

12: Configuring an ADSL interface

Figure 31: A routed ADSL connection o ver PPPoE

Less commonly, you may need to configure a bridged connection over ADSL. In this type of configuration the router will be receiving Ethernet packets over the ADSL line and can be configured with an IP address for management.

12.3 Configuration package used

12.4 Creating a new ADSL PPPoA connection

To create a new ADSL PPPoA interface via the web interface, in the top menu, click Network -> Interfaces. The Interfaces overview page appears.

There are three sections in the Interfaces page.

Interface Ov erview S hows existing interfaces and their status. You can create new, and edit ex is ting

Port Map In this section you can map device ports to Ethernet interf aces . Por ts ar e marked

ATM Bridges ATM bridges expose encapsulated Ether ne t in AAL5 connections as virtual Linux

In the Interface Overview section, click Add new interface. The Create Interface page appears.

with capital letters starting with 'A'. Typ e in space sepa r a ted port num b er s in the

network interfaces, which can be used in conjunction with DHCP or PPP to dial

_____________________________________________________________________________________________________ © Virtual Access 2016 GW6600 Series and GW6600V Series User Manual Issue: 1.5 Page 84 of 384

Page 85

_______________________________________________________________________________________________________

Web Field/UCI/Packag e Optio n

Description

Opt: [..x..]

Option

Description

netmask.

DHCP.

Unmanaged

Unspecified

(RFC4213)

IPv4

GRE

Generic Routing Encapsulation.

IOT L2TP

Layer 2 Tunnelling Protocol.

PPP

Point to Point Protocol.

PPPoE

Point to Point Protocol over Ethernet.

PPPoATM

Point to Point Protocol over ATM.

GPRS/EV-DO

AT-style 3G modem.

Opt: type

Disabled.

Enabled.

Opt:ifname

12: Configuring an ADSL interface

Figure 32: The create new interface page

Web: Name of the new interface UCI: network.[..x..]

Web: Protocol of the new interface UCI: network.[..x..].proto Opt: proto

Allowed characters are A-Z, a-z, 0-9 and _

Protocol type. Select PPPoATM.

Static Static c o nfiguration with fixed address and

DHCP Client Address and netmask are assigned by

IPv6-in-IPv4

IPv6 over

LTE/UMTS/

IPv4 tunnels that carry IPv6.

IPv6 over IPv4 tunnel.

CDMA, UMTS or GPRS connection using an

Web: Create a bridge over multiple interfaces

UCI: network.[..x..].type

Web: Cover the following interface UCI: network.[..x..].ifname

_____________________________________________________________________________________________________ © Virtual Access 2016 GW6600 Series and GW6600V Series User Manual Issue: 1.5 Page 85 of 384

Enables bridge between two interfaces.

Select interfaces for bridge connection.

Table 21: Information table for the create new interface page

Page 86

_______________________________________________________________________________________________________

Section

Description

information, user name and password.

Advanced Settings

Set forwarding mode for the connection.

Firewall settings

Assign a firewall zone to the connection.

Web Field/UCI/Package Opt ion

Description

Opt: N/A

Opt: proto

VC-Mux

Virtual Circuit Multiplexing.

LLC

Logical Link Control.

0 1

Opt:vci

Range

Opt:vpi

Range

Click Submit. The Common Configuration page appears. There are three sections in the Common Configurations page.

General Setup Configur e the basic inte rf a c e settings s uc h as proto col, s er v ice typ e , APN

12.5 PPPoA: general setup

12: Configuring an ADSL interface

Figure 33: The PPPoA common configuration page

Web: Status UCI: N/A ifconfig

Web: Protocol UCI: network.[..x..].proto

Web: PPPoA Encapsulation UCI: network.[..x..].encaps Opt: encaps

Web: ATM Device Number UCI: network.[..x..]. atmdev Opt:atmdev

Web: ATM Virtual Channel Identifier (VCi) UCI: network.[..x..].vci

Web: ATM Virtual Path Identifier (VPi) UCI: network.[..xx..].vpi

Shows the current status of the interface.

Note: run ifconfig command on SSH to check interf ace status.

Protocol type. The PPPoA interface protoc o l is show ing as the

selected interface.

Service type that will be used to connect to the network.

Sets the ATM device number. Set to 0.

_____________________________________________________________________________________________________ © Virtual Access 2016 GW6600 Series and GW6600V Series User Manual Issue: 1.5 Page 86 of 384

Page 87

_______________________________________________________________________________________________________

Opt:password

Option

Disabled.

Enabled.

Disabled.

Enabled.

Opt: ipv6

Disabled.

Enabled.

Disabled.

Enabled.

Opt: peerdns

Disabled.

Enabled.

12: Configuring an ADSL interface

Web: PAP/CHAP username UCI: network.[..x..].username Opt: username

Web: PAP/CHAP password UCI: network. [..x..]..password

Table 22: Information table for PPPoA general set up

12.6 PPPoA: advanced settings

User name used to authenticate PPP connectio n.

Password used to connect to authenticate PPP connec tion.

Figure 34: The PPPoA advanced settings page

Web Field/UCI/Packag e

Web: Bring up on boot UCI: network.[..x..].auto Opt: auto

Web: Monitor interface state UCI: network.[..x..].monitor ed. Opt: monitored

Web: Enable IPv6 negotiation on the PPP link

UCI: network.[..x..].ipv6

Web: Use default gateway UCI: network.[..x..].defaultroute Opt: defaultroute

Web: Use DNS servers advertised by peer

UCI: network.[..x..].peer d ns

Description

Enables the interface to connect automatic a lly on boot up. This option is enabled by default.

Enabled if status of interface is presented o n Monito r ing p latform.

Enable IPv6 negotiation on the PPP.

If disabled, no default route is configured .

If disabled, DNS from peer will not be accepted.

_____________________________________________________________________________________________________ © Virtual Access 2016 GW6600 Series and GW6600V Series User Manual Issue: 1.5 Page 87 of 384

Page 88

_______________________________________________________________________________________________________

Range

Opt: demand

gre

option local_interface

lt2p

option src_ipaddr

iot

option wan1 wan2

6in4

option ipaddr

6to4

option ipaddr

Web Field/UCI/Packag e Optio n

Description

Opt: name

12: Configuring an ADSL interface

Web: LCP echo failure threshold UCI: network.[..x..].keepa live Opt: keepalive

Web: LCP echo internal UCI: network.[..x..].keepalive Opt: keepalive

Web: Inactivity timeout UCI: network.[..x..].demand

Web: Dependant Interfaces UCI: network.[..x..].dependants Opt: dependants

Table 23: Information table for PPPoA advanced settings

Presume peer to be dead after given amount of LCP echo failures, use 0 to ignore failures.

Send LCP echo requests at the given interval in seconds, only eff ectiv e in conjunction with failure threshold .

Close inactive connection after the giv e n amount of seco nds, use 0 to persist connection.

Lists interfaces that are dependant on this parent inte rface. Dependant interfaces will go down when parent interf ac e is down and will start or restart when parent interface starts.

Separate multiple interfaces by a space when using UCI. Example: option dependants ‘PPPADSL MOBILE’

This replaces the following previous options in child interfaces.

12.7 PPPoA: firewall settings

Use this section to select the firewall zone you want to assign to this interface. Select unspecified to remove the interface from the associated zone or fill out the create field to define a new zone and attach the interface to it.

Figure 35: The PPPoA firewall settings page

Web: Create/Assign firewall zone UCI: firewall.@zone[2].name

_____________________________________________________________________________________________________ © Virtual Access 2016 GW6600 Series and GW6600V Series User Manual Issue: 1.5 Page 88 of 384

Select existing firewall zone or sele c t unspe c ified –or-create to

create new firewall zone.

Table 24: Information table for PPPoADSL interface

Page 89

_______________________________________________________________________________________________________

12.8 Creating an ADSL PPPoA connection using UCI

The configuration file is stored at:

Network file /etc/config/network

To view the configuration file, enter:

uci export network config adsl-device 'adsl' option fwannex 'a' option annex 'a' option Enabled 'yes' config interface 'ADSL' option proto 'pppoa' option encaps 'vc' option atmdev '0'

12: Configuring an ADSL interface

option vci '35' option vpi '0' option username 'test5@pppoa.com' option password 'test5'

To view uci commands, enter:

uci show network network.adsl.fwannex=a network.adsl.annex=a network.adsl.Enabled=yes network.ADSL=interface network.ADSL.proto=pppoa network.ADSL.encaps=vc network.ADSL.atmdev=0 network.ADSL.vci=35 network.ADSL.vpi=0 network.ADSL.username=test5@pppoa.com network.ADSL.password=test5

_____________________________________________________________________________________________________ © Virtual Access 2016 GW6600 Series and GW6600V Series User Manual Issue: 1.5 Page 89 of 384

Page 90

_______________________________________________________________________________________________________

Web Field/UCI/Packag e Optio n

Description

Range

Opt: encaps

VC-Mux

Virtual circuit multiplexi ng .

LLC

Logical Link Control.

12.9 Creating a new ADSL PPPoEoA connection

From the top menu select Network -> Interfaces. The Interfa c es Overview page appears. Scroll down to the bottom of the page until you see the ATM Bridges section. Click Add.

12.9.1 PPPoEoA: general setup

12: Configuring an ADSL interface

Figure 36: The ATM bridges general setup page

Web: ATM Virtual Channel Identifier (VCI) UCI: network.@atm-bridge[x].vci Opt: vci

Web: ATM Virtual Path Identifier (VPI ) UCI: network.@atm-bridge[x].vpi Opt: vpi

Web: Encapsulation mode UCI: network.@atm-bridge[x].encaps

Table 25: Information table for ATM bridges

Type the VCI number.

Type the VPI number.

Select either LLC or VC-Mux.

_____________________________________________________________________________________________________ © Virtual Access 2016 GW6600 Series and GW6600V Series User Manual Issue: 1.5 Page 90 of 384

Page 91

_______________________________________________________________________________________________________

Web Field/UCI/Packag e Optio n

Description

Opt: atmdev

Opt: unit

address for management.

(PPPoA) or over Ethernet (PPPoE).

12.9.2 PPPoEoA: advanced settings

Figure 37: The ATM bridges advanced settings page

12: Configuring an ADSL interface

Web: ATM device number UCI: network.@atm-bridge[x].atmdev

Web: Bridge unit number UCI: network.@atm-bridge[x].unit

Web: Forwarding mode UCI: network.@atm-bridge[0].payload Opt: payload

Leave the default ATM device number set to 0.

Leave the default Bridge unit number set to 0.

Select either Bridged or Routed as the forwarding mode.

Bridged

Routed Select Routed to run the PPP over ATM

Table 26: Information table for the ATM bridges advanced settings page

Click Save.

12.9.3 Create a new PPPoEoA interface

Scroll to the top of the page and click Add new interface….the Create Interface page appears.

Select Bridged to allow the router to receive Ethernet packets over the ADSL line and to be configured with an IP

_____________________________________________________________________________________________________ © Virtual Access 2016 GW6600 Series and GW6600V Series User Manual Issue: 1.5 Page 91 of 384

Page 92

_______________________________________________________________________________________________________

Web Field/UCI/Packag e Option

Description

Opt:

Option

Description

netmask.

DHCP.

Unmanaged

Unspecified

(RFC4213)

IPv4

GRE

Generic Routing Encapsulation.

IOT L2TP

Layer 2 Tunnelling Protocol.

PPP

Point to Point Protocol.

PPPoE

Point to Point Protocol over Ethernet.

PPPoATM

Point to Point Protocol over ATM.

GPRS/EV-DO

AT-style 3G modem.

Opt: ifname

12: Configuring an ADSL interface

Web: Name of the new interface UCI:

Web: Protocol of the new interface UCI: network.[..x..].proto Opt: proto

Figure 38: The create interface page

Type the name of the new interface.

Allowed characters are A-Z, a-z, 0-9 and _

Protocol type. Select PPPoE.

Static Static c o nfiguration with fixed address and

DHCP Client Address and netmask are assigned by

IPv6-in-IPv4

IPv6 over

LTE/UMTS/

IPv4 tunnels that carry IPv6.

IPv6 over IPv4 tunnel.

CDMA, UMTS or GPRS connection using an

Web: Cover the following interface UCI: network.[..x..].ifname

Click Submit. The Interfaces page appears.

_____________________________________________________________________________________________________ © Virtual Access 2016 GW6600 Series and GW6600V Series User Manual Issue: 1.5 Page 92 of 384

Select Custom Interf ace, and then type nas0.

Table 27: Information table for create a new interface section

Page 93

_______________________________________________________________________________________________________

Web Field/UCI/Packag e Optio n

Description

Opt: proto

Opt: username

Opt: password

Opt: acname

Opt: service

12: Configuring an ADSL interface

Figure 39: The new interface page

Web: Protocol of the new interface UCI: network.[..x..].proto

Web: PAP/CHAP username UCI: network.[..x..].username

Web: PAP/CHAP password UCI: network.[..x..].passw or d

Web: Access Concentrator UCI: network.[..x..].acname

Web: Service name UCI: network.[..x..].serv ic e

Table 28: Information table for the new PPPoEoA interface

Protocol type. The protocol shows the one selec ted for this

interface.

Type the PAP/CHAP username.

Type the password.

Leave this field empty to autodetect, or type the AC name.

Leave this field empty to autodetect, or type the Service name.

_____________________________________________________________________________________________________ © Virtual Access 2016 GW6600 Series and GW6600V Series User Manual Issue: 1.5 Page 93 of 384

Page 94

_______________________________________________________________________________________________________

Web Field/UCI/Packag e Optio n

Description

Disabled.

Enabled.

Disabled.

Enabled.

Opt: ipv6

Disabled.

Enabled.

Opt: defaultroute

Disabled.

Enabled.

Disabled.

Enabled.

Range

12.9.4 PPPoEoA advanced settings

12: Configuring an ADSL interface

Figure 40: The PPPoEoA advanced settings page

Web: Bring up on boot UCI: network.[..x..].auto Opt: auto

Web: Monitor interface state UCI: network.[..x..].monitor ed. Opt: monitored

Web: Enable IPv6 negotiation on the PPP link

UCI: network.[..x..].ipv6

Web: Use default gateway UCI: network.[..x..].defaultroute

Web: Use DNS servers advertised by peer UCI: network.[..x..].peer d ns Opt: peerdns

Web: LCP echo failure threshold UCI: network.[..x..].keepa live Opt: keepalive

Enables the interface to connect automatic a lly on boot up.

This option is enabled by default.

Enabled if status of interface is presented o n Monito r ing platform.

Enables IPv6 negotiation on the PPP

If unchecked, no default route is configured.

If unchecked, DNS from peer will not be accepted.

Presume peer to be dead after given amount of LCP echo

failures. Use 0 to ignore failures.

Web: LCP echo internal UCI: network.[..x..].keepa live Opt: keepalive

Web: Inactivity timeout UCI: network.[..x..].demand Opt: demand

_____________________________________________________________________________________________________ © Virtual Access 2016 GW6600 Series and GW6600V Series User Manual Issue: 1.5 Page 94 of 384

Sends LCP echo requests at the given interv al in s eco nds , only

effective in conjunction with failure thr e s hold .

Closes inactive connection after the give n amount of second s .

Use 0 to persist connection.

Table 29: Information table for PPPoA advanced settings

Page 95

_______________________________________________________________________________________________________

12.9.5 PPPoEoA: firewall settings

Use this section to select the firewall zone you want to a ss ign to this interface. Select unspecified to remove the interface from the associated zone or fill out the

create field to define a new zone and attach the interface to it. Click Save & Apply.

12: Configuring an ADSL interface

Figure 41: The interfaces page firewall settings tab

12.10 Configuring an ADSL PPPoEoA connection using UCI

The configuration file is stored on : Network file /etc/config/network To view the configuration file, enter:

uci export network config adsl-device 'adsl' option fwannex 'a' option annex 'a' option Enabled 'yes'

config interface 'ADSL' option proto 'pppoe' option ifname 'nas0' option username 'test5@pppoe.com' option password 'test5' option ac 'test' option service 'test' option defaultroute '0'

config atm-bridge

_____________________________________________________________________________________________________ © Virtual Access 2016 GW6600 Series and GW6600V Series User Manual Issue: 1.5 Page 95 of 384

Page 96

_______________________________________________________________________________________________________

12: Configuring an ADSL interface

option unit '0' option atmdev '0' option encaps 'llc' option payload 'bridged' option vci '35' option vpi '0'

To view uci commands, enter:

uci show network network.adsl=adsl-device network.adsl.fwannex=a network.adsl.annex=a network.adsl.Enabled=yes network.ADSL=interface network.ADSL.proto=pppoe network.ADSL.ifname=nas0 network.ADSL.username=test5@pppoe.com network.ADSL.password=test5 network.ADSL.ac=test network.ADSL.service=test network.ADSL.defaultroute=0 network.@atm-bridge[0]=atm-bridge network.@atm-bridge[0].unit=0 network.@atm-bridge[0].atmdev=0 network.@atm-bridge[0].encaps=llc network.@atm-bridge[0].payload=bridged network.@atm-bridge[0].vci=35 network.@atm-bridge[0].vpi=0

12.11 Configuring an ADSL bridge connection with static IP

12.11.1 Bridged connection with static IP: general setup

From the top menu select Network -> Interfaces. The Interfa c es Overview page appears. Scroll down to the bottom of the page until you see the ATM Bridges section. Click Add. The ATM Bridges page appears.

_____________________________________________________________________________________________________ © Virtual Access 2016 GW6600 Series and GW6600V Series User Manual Issue: 1.5 Page 96 of 384

Page 97

_______________________________________________________________________________________________________

Web Field/UCI/Packag e Optio n

Description

Opt: vci

Range

VC-Mux

Virtual Circuit Multiplexing.

LLC

Logical Link Control.

12: Configuring an ADSL interface

Figure 42: The ATM bridges section

Web: ATM Virtual Channel Identifier (VCi)

Type the VCI number. UCI: network.@atm-bridge[x].vci

Web: ATM Virtual Path Identifier (VPi)

Type the VPI number. UCI: network.@atm-bridge[x].vpi Opt: vpi

Web: Encapsulation mode

Select either LLC or VC-Mux. UCI: network.@atm-bridge[x].encaps Opt: encaps

Table 30: Information table for ATM bridges

12.11.2 Bridged connection with static IP: advanced settings

Select the Advan ced Settings tab. The ATM Bridges page appears.

_____________________________________________________________________________________________________ © Virtual Access 2016 GW6600 Series and GW6600V Series User Manual Issue: 1.5 Page 97 of 384

Figure 43: The ATM bridges advanced settings tab

Page 98

_______________________________________________________________________________________________________

Web Field/UCI/Packag e Optio n

Description

Opt: atmdev

Opt: unit

management.

ATM (PPPoA) or over Ethernet (PPPoE).

12: Configuring an ADSL interface

Web: ATM device number UCI: network.@atm-bridge[x].atmdev

Web: Bridge unit number UCI: network.@atm-bridge[x].unit

Web: Forwarding mode UCI: network.@atm-bridge[0].payload Opt: payload

Leave the default ATM device number set to 0.

Leave the default Bridge unit number set to 0.

Select Bridged as the forwarding mode.

Table 31: Information table for the ATM bridges advanced settings page

Click Save.

12.11.3 Create a new Static IP interface

Scroll to the top of the page and click Add new interface….The Create Interface page appears.

Bridged

Routed Routed allows the router to run PPP over

Bridged allows the router to receive Ethernet packets over the ADSL line and to be configured with an IP address for

_____________________________________________________________________________________________________ © Virtual Access 2016 GW6600 Series and GW6600V Series User Manual Issue: 1.5 Page 98 of 384

Figure 44: The create interface page

Page 99

_______________________________________________________________________________________________________

Web Field/UCI/Packag e Optio n

Description

Opt:[..x..]

Option

Description

and netmask.

DHCP.

Unmanaged

Unspecified

(RFC4213)

IPv4

GRE

Generic Routing Encapsulation

IOT L2TP

Layer 2 Tunnelling Protocol

PPP

Point to Point Protocol

PPPoE

Point to Point Protocol over Ethernet

PPPoATM

Point to Point Protocol over ATM

GPRS/EV-DO

an AT-style 3G modem.

Opt: type

Disabled.

Enabled.

Opt: ifname

12: Configuring an ADSL interface

Web: Name of the new interface UCI: network.[..x..]

Web: Protocol of the new interface UCI: network.[..x..].proto Opt: proto

Web: Create a bridge over multiple interfaces

UCI: network.[..x..].type

Allowed characters are A-Z, a-z, 0-9 and _

Protocol type. Select Static Address.

Static Static c o nfiguration with fixed address

DHCP Client Address and netmask are assigned by

IPv6-in-IPv4

IPv6 over

LTE/UMTS/

IPv4 tunnels that carries IPv6

IPv6 over IPv4 tunnel.

CDMA, UMTS or GPRS connection using

Enables a bridge between two interfaces.

Web: Cover the following interface UCI: network.[..x..].ifname

Select interfaces for bridge connection.

Select Custom Interface and then type nas0.

Table 32: Information table for creating a static interface

Click Submit. The Interfaces page appears.

Figure 45: The new static interfa ce page

_____________________________________________________________________________________________________ © Virtual Access 2016 GW6600 Series and GW6600V Series User Manual Issue: 1.5 Page 99 of 384

Page 100

_______________________________________________________________________________________________________

Web Field/UCI/Packag e Optio n

Description

Opt: proto

UCI: network.[..x..].ipaddrOpt:ipaddr

Opt: netmask

Opt: gateway

Opt: broadcast

Opt: dns

Opt: accept_ra

Opt: ip6addr

Opt: ip6gw

Opt: [..x..]

Opt: N/A

12: Configuring an ADSL interface

Web: Protocol of the new interface UCI: network.[..x..].proto

Web: IPv4 address

Web: IPv4 netmask UCI: network.[..x..].netmask

Web: IPv4 gateway UCI: network.[..x..].gateway

Web: IPv4 broadcast UCI: network.[..x..].broadcast

Web: Use custom DNS servers UCI: network.[..x..].dns

Web: Accept router advertisements UCI: network.[..x..]. accept_ra

Web: IPv6 address UCI: network.[..x..].ip6addr

Protocol type. The protocol shows the one selec ted for this interface.

Type the IP address.

Type or choose netmask.

Leave this field empty or type the gateway address.

Leave this field empty to autodetect, or ty pe broadcast IP address.

Leave this field empty to autodetect, or type DNS IP address.

Accept router advertisement for ipv6 addresses. Leave this field empty if ipv6 is not needed.

IPv6 address. Leave this field empty if ipv6 is not needed.

Web: IPv6 gateway UCI: network.[..x..].ipv6gw

Web: IP-Aliases UCI: network.[..x..]

Web: Setup DHCP Server UCI: N/A

Ipv6 gateway address. Leave this field empty if ipv6 is not need ed.

Provide an arbitrary name for alias interfa c e . Leave this fie ld b lank if alias interface is not needed.

Leave this field blank if DHCP server is not needed on this interf ace.

Table 33: Information table for the new static interface

_____________________________________________________________________________________________________ © Virtual Access 2016 GW6600 Series and GW6600V Series User Manual Issue: 1.5 Page 100 of 384