Wieland Electric Wienet Router V2 Configuration Manual
wienet router
v2
configuration manual
Dok.-Nr. BA000819
Stand: 01/2012 (Rev. A)
2
Wieland Electric | BA000819 | 01/2012 (Rev. A)
This work is copyright. The resulting rights remain with the company Wieland Electric Inc.
Any duplication of this document or parts thereof is permitted only within the limits of the
statutory provisions of the Copyright Act. Alteration or abridgement of without the express
written consent of Wieland Electric GmbH.
wienet is a trademark of Wieland Electric. Other names may in this assembly manual mentioned product and brand- trademarks or registered trademarks of their respective owners
could be used, whose use by third parties for their own purposes could violate the rights of
the owners.
Wieland Electric | BA000819 | 01/2012 (Rev. A)
3
Contents
4
Wieland Electric | BA000819 | 01/2012 (Rev. A)
Contents
1 About this docoment........................................................................................ 6
1.1 Function of this document .......................................................................................... 6
1.1 Scope and revision levelel ........................................................................................... 6
1.2 Target group ................................................................................................................ 6
1.3 Function and design of this installation manual.......................................................... 6
1.4 Symbols and notations................................................................................................ 7
2 Safety instructions ........................................................................................... 8
2.1 Qualified persons......................................................................................................... 8
2.2 Intended Use ............................................................................................................... 8
3 Configuration settings over web browser ........................................................ 9
3.1 Secured access to web configuration ....................................................................... 10
3.2 Network status .......................................................................................................... 10
3.3 DHCP status .............................................................................................................. 12
3.4 GPRS/UMTS status.................................................................................................... 13
3.5 IPsec status................................................................................................................ 16
3.6 DynDNS status .......................................................................................................... 17
3.7 System log................................................................................................................. 18
3.8 LAN configuration ..................................................................................................... 19
3.9 VRRP configuration ................................................................................................... 22
3.10 GPRS configuration ................................................................................................... 22
3.10.1 GPRS connection....................................................................................................... 22
3.10.2 DNS address configuration ....................................................................................... 22
3.10.3 Check PPP connection configuration ........................................................................ 22
3.10.4 Data limit configuration ............................................................................................. 22
3.10.5 Switch between SIM cards configuration ................................................................. 22
3.10.6 Dial-In access configuration ...................................................................................... 22
3.10.7 PPPoE bridge mode configuration ............................................................................ 22
3.10.8 PPPoE configuration.................................................................................................. 22
3.11 Firewall configuration................................................................................................ 22
3.12 NAT configuration ..................................................................................................... 22
3.13 OpenVPN tunnel configuration ................................................................................. 22
3.14 IPSec tunnel configuration ........................................................................................ 22
3.15 GRE tunnels configuration......................................................................................... 22
3.16 L2TP tunnel configuration ......................................................................................... 22
3.17 DynDNS client configuration..................................................................................... 22
3.18 NTP client configuration ............................................................................................ 22
3.19 SNMP configuration .................................................................................................. 22
3.20 SMTP configuration................................................................................................... 22
3.21 SMS configuration..................................................................................................... 22
3.21.1 Send SMS .................................................................................................................. 22
3.22 Expansion port configuration .................................................................................... 22
3.23 USB port configuration.............................................................................................. 22
3.24 Startup script .............................................................................................................. 22
3.25 Up/Down script ......................................................................................................... 22
4 Possible problems .......................................................................................... 22
5 FAQ ................................................................................................................ 22
Contents
Wieland Electric | BA000819 | 01/2012 (Rev. A)
5
6 Customers support ......................................................................................... 22
7 List of figures ................................................................................................. 22
About this docomen
t
Wieland Electric | BA000819 | 01/2012 (Rev. A)
1 About this docoment
Please read this chapter carefully before working with this users guide and the wienet
mobile router
1.1 Function of this document
In this wienet mobile router User's Guide the device and the functions of it are described.
Use the User's Guide, especially for the configuring of the mobile router.
1.1 Scope and revision levelel
This installation manual is valid for the products wienet VPN router, which are associated
with this installation manual. The installation instructions accompanying the product is
downloadable in the electronic catalog of Wieland. Be sure to always use the information
provided in the current version of this installation manual. The version and revision level
can be seen in the title page and the footer..
1.2 Target group
This manual is aimed at planners, engineers, installers and service personnel who are
planning a remote control or remote maintenance solution and put into operation.
1.3 Function and design of this installation manual
This installation manual guide the technical staff of router installer on installation, programming, operation and diagnosis of wienet router.
Chapter "Safety instructions" on side 8 contain basic safety instructions. Please read and
follow these instructions in each case.
You can also use our Internet site at http://eshop.wieland-
electric.com/catalog/de_*/Wieland-de/Netzwerktechnik%20$2F%20Feldbussysteme. You
can also download the following files:
Product informations wienet router and switches
Data sheets wienet router
Technical notes WIE-SERVICE24.com VPN Server portal
NOTICE
About this docoment
Wieland Electric | BA000819 | 01/2012 (Rev. A)
7
1.4 Symbols and notations
The symbol "DANGER" means an imminent danger. If it is not avoided, can result in death
or serious injury.
"DANGER" is used to warn of dangers at the time of the warning are already existing (eg
hot surfaces, sharp edges, pinch points, etc.).
It is used exclusively in danger of personal injury!
The symbol "WARNING" indicates a possible threat. If it is not avoided, can result in death
or serious injury could result.
The symbol "CAUTION" indicates a possible threat. If it is not avoided, slight or minor injury can result.
Refer to notes for special features of a device.
Instructions also tell you about a potentially harmful situation. If it is not avoided, the system can be damaged or something in their environment.
DANGER
WARNING
CAUTION
NOTICE
Safety instructions
8
Wieland Electric | BA000819 | 01/2012 (Rev. A)
2 Safety instructions
This chapter is for your safety and the safety of equipment operators. Please read this
chapter carefully before working with a VPN-Router.
General Safety
Personnel who makes installation, programming, makes operational or maintenance of
wienet router, must have read and understood this manual.
The personnel must be thoroughly familiar with all warnings, instructions and requirements contained in this manual.
The applicable local safety, protection and installation requirements must be observed.
The user is solely responsible for selecting the correct product and the technical design
in accordance with appropriate local regulations
2.1 Qualified persons
Wienet VPN router must be installed by competent persons only, configured in operation,
commissioned and maintained. Qualified is, who
has an appropriate technical training and
has access to the wienet VPN router installation manuals, and this has been read and
understood.
2.2 Intended Use
Please, observe the following instructions:
The router must be used in compliance with all applicable international and national laws
and in compliance with any special restrictions regulating the utilization of the router in
prescribed applications and environments.
To prevent possible injury to health and damage to appliances and to ensure that all the
relevant provisions have been complied with, use only the original accessories. Unauthorised modifications or utilization of accessories that have not been approved may result
in damage to the router and in a breach of applicable regulations. Unauthorized modifications or utilization of accessories that have not been approved may result in the termination of the validity of the guarantee.
The router can not be opened.
Caution! The SIM card could be swallowed by small children.
Voltage at the feed connector of the router must not be exceeded.
Do not expose the router to extreme ambient conditions. Protect the router against dust,
moisture and high temperature.
The router should not be used at petrol stations. We remind the users of the duty to
observe the restrictions concerning the utilization of radio devices at petrol stations, in
chemical plants, or in the course of blasting works in which explosives are used.
Switch off the router when travelling by plane. Utilization of the router in a plane may
endanger the operation of the plane or interfere with the mobile telephone network, and
may be unlawful. Failure to observe these instructions may result in the suspension or
cancellation of telephone services for the respective client, or, it may result in legal sanctions; it may also result in both eventualities.
When using the router in the close proximity of personal medical devices, such as car-
diac pacemakers or hearing aids, you must proceed with heightened caution.
If it is in the proximity of TV sets, radio receivers and personal computers, the telephone
may cause interference.
It is recommended that you should create an appropriate copy or backup of all the im-
portant settings that are stored in the memory of the device
For any other use, or changes to the equipment - even in the context of mounting and
installation - any warranty claim against Wieland Electric Gmb expired.
WARNING
WARNING
Configuration settings over web browser
Wieland Electric | BA000819 | 01/2012 (Rev. A)
9
3 Configuration settings over web
browser
If the SIM card is not inserted in the router, then wireless transmissions will not work. The
inserted SIM card must have activated GPRS. Insert the SIM card when the router is switched-off.
Monitoring of the status, configuration and administration of the router can be performed
by means of the web interface, which is available after insertion of IP address of the modem into the web browser. The default IP address of the modem is 192.168.1.1. Configuration may be performed only by the user "root" with initial password "root".
The left part of the web interface contains the menu with pages for monitoring of the Status, Configuration and Administration of the router.
Name of the router is displayed depending on type of your router. Items' Name and Location displays the name and location of the router filled in the SNMP configuration. (See
SNMP Configuration).
For enhanced security of network managed router is must change the default password
router. If the router's default password is set, the item "Change password" is highlighted in
red.
After green LED starts to blink it is possible to restore initial settings of the router by pressing button RST on front panel. If press button RST, configuration is restored to default
and it is reboot (green LED will be on).
CAUTION
F
ig 1: Web
configuration
NOTICE
Configuration settings over web browser
10
Wieland Electric | BA000819 | 01/2012 (Rev. A)
3.1 Secured access to web configuration
To the web configuration can be accessed via a secure HTTPS protocol.
In the event of a default router IP address is a secure router configuration accessed by
typing address https://192.168.1.1 in the web browser. The first approach is the need to
install a security certificate. If your browser reports a disagreement in the domain, this
message can be prevented use the following procedure.
Since the domain name in the certificate is given the MAC address of the router (such
separators are used dashes instead of colons), it is necessary to access the router under
this domain name. For access to the router via a domain name, it is adding a DNS record
in the DNS table, the operating system.
Editing /etc/hosts (Linux/Unix)
Editing C:\WINDOWS\system32\drivers\etc\hosts (Windows XP)
Configuring your own DNS server
In addition to configuring the router with MAC address 00:11:22:33:44:55 is accessed to
secure configuration by typing address https://00-11-22-33-44-55 in the web browser. The
first approach is the need to install a security certificate.
When using self signing certificate must upload your files and http_cert http_key directory
/etc/certs in the router.
3.2 Network status
To view the system information about the router operation, select the Network menu item.
The upper part of the window displays detailed information about active interfaces.
Interface Desciption
eth0 Networks interface
ppp0 Interface (active connection to GPRS/EDGE)
tun0 OpenVPN tunnel interface
ipsec0 IPSec tunnel interface
gre1 GRE tunnel interface
NOTICE
Table 1: Description of
interface in network
status
Configuration settings over web browser
Wieland Electric | BA000819 | 01/2012 (Rev. A)
11
By each of the interfaces is then shown the following information:
Item Desciption
HWaddr Hardware (unique) address of networks interface
inet IP address of interface
P-t-P IP address second ends connection
Bcast Broadcast address
Mask Mask of network
MTU Maximum size of packet, which is equipment able transmit
Metric Number of routers, over which packet must go trought
RX
packets received packets
errors number of errors
dropped dropped packets
overruns incoming packets lost because of overload
frame wrong incoming packets because of incorrect packet size
TX
packets transmit packets
errors number of errors
dropped dropped packets
overruns outgoing packets lost because of overload
carrier wrong outgoing packets with errors resulting from the
physical layer
collisions Number of collisions on physical layer
txqueuelen Length of front network device
RX bytes Total number of received bytes
TX bytes Total number of transmitted bytes
It is possible to read status PPP connection from the network information. If the PPP connection is active, then it is in the system information shown as ppp0 interface.
For industrial router XR5i v2, interface ppp0 indicates PPPoE connection.
Table
2
:
Description of
information in network
status
NOTICE
F
ig
2
:
Network status
Configuration settings over web browser
12
Wieland Electric | BA000819 | 01/2012 (Rev. A)
3.3 DHCP status
Information on the activities of the DHCP server can be accessed by selecting the DHCP
status.
DHCP status informs about activities DHCP server. The DHCP server provides automatic
configuration of devices connected to the network managed router. DHCP server assigns
to each device's IP address, netmask, default gateway (IP address of router) and DNS server (IP address of router).
For each configuration, the DHCP status window displays the following information
Item Desciption
lease Assigned IP address
starts Time of assignation of IP address
ends Time of termination IP address validity
hardware ethernet Hardware MAC (unique) address
uid Unique ID
client-hostname Computer name
In the extreme, the DHCP status can display two records for one IP address. That could
have been caused by resetting of network cards.
Table
3
:
DHCP status
description
F
ig
3
: D
HCP status
NOTICE
Configuration settings over web browser
Wieland Electric | BA000819 | 01/2012 (Rev. A)
13
3.4 GPRS/UMTS status
The industrial router XR5i v2 is not availability item GPRS/UMTS status.
GPRS menu item contains actual information about GPRS/UMTS connections.
Item Desciption
PLMN Code of operator
Cell The cell to which the router is connected
Channel The channel on which the router communicates
Level The signal quality of the selected cell
Neighbours Signal quality of neighboring hearing cells
Uptime Time to establish PPP connection
If the neighbor cell is highlighted in red, risk of often switching between neighbor and
actual cells.
The next section of this window displays information about the quality of the GPRS/UMTS
connection in each period.
Item Desciption
Today Today from 0:00 to 23:59
Yesterday Yesterday from 0:00 to 23:59
This week This week from Monday 0:00 to Sunday 23:59
Last week Last week from Monday 0:00 to Sunday 23:59
This period This accounting period. The interval must be set in the GPRS Con-
figuration
Last period Last accounting period. The interval must be set in the GPRS Con-
figuration
Item Desciption
Level Min. Minimal signal strength
Level Avg. Average signal strength
Level Max. Maximal signal strength
Cells Number of switch between cells
Availability Availability of PPP connection
Availability is information in percentage, that is calculated us ration of PPP connect time
and router power on time.
After you place your cursor on the maximum or minimum signal strength, will show the
last time when the signal strength reaching the router.
In the middle part of window is shows information about transferred data and number of
connection both SIM card, for each period
NOTICE
Table 4: Description of
GSM information item
NOTICE
Table 5: Description of
period
Table
6
:
Description of
GSM statistic
NOTICE
NOTICE
Configuration settings over web browser
14
Wieland Electric | BA000819 | 01/2012 (Rev. A)
Item Desciption
RX data Total volume of received data
TX data The total volume of data sent
Connections Number of PPP connection establishment
Table 7: Description of
GSM traffic
Configuration settings over web browser
Wieland Electric | BA000819 | 01/2012 (Rev. A)
15
The PPP Connection Log is in the bottom of window, where are information about the
make-up of the PPP connection and problems in establishment.
F
ig 4: GPRS status
Configuration settings over web browser
16
Wieland Electric | BA000819 | 01/2012 (Rev. A)
3.5 IPsec status
Information on actual IPsec tunnel state can be called up in option IPsec in the menu.
After correct build the IPsec tunnel, status display IPsec SA established (highlighted in red)
in IPsec status information. Other information is only internal character.
F
ig 5: IPsec status
Configuration settings over web browser
Wieland Electric | BA000819 | 01/2012 (Rev. A)
17
3.6 DynDNS status
DynDNS up - dating entry result on server www.dyndns.org can be called up in option
DynDNS item in the menu.
In detecting the status of updates DynDNS record are possible following message:
Report
DynDNS client is disabled.
Invalid username or password.
Specified hostname doesn’t exist.
Invalid hostname format.
Hostname exists, but not under specified username.
No update performed yet.
DynDNS record is already up to date.
DynDNS record successfully update.
DNS error encountered.
DynDNS server failure.
For correct function DynDNS, SIM card of router must have assigned public IP address.
F
ig 6: DynDNS status
Table
8
:
Possibly
DynDNS report
NOTICE
Configuration settings over web browser
18
Wieland Electric | BA000819 | 01/2012 (Rev. A)
3.7 System log
In case of any problems with connection to GPRS it is possible to view the system log by
pressing the System Log menu item. In the window, are displayed detailed reports from
individual applications running in the router. By the help of button
Save
it is possible to
save the system log to the computer.
Program syslogd can be started with two options that modifies its behavior. Option "-s"
followed by decimal number set maximal number of lines in one log file. Option "-r" followed by hostname or IP address enable logging to remote syslog daemon.
In the Linux must be enabled remote logging on the target computer. Typically running
syslogd with the parameter “-r”. On Windows must be installed the syslog server (for example Syslog Watcher).
For starting syslogd with these options you could modify script "/etc/init.d/syslog" or add
lines "killall syslogd" and "syslogd <options> &" into Startup Script.
Example of logging into the remote daemon at 192.168.2.115
F
ig 7: System log
NOTICE
F
ig
8
: E
xample
program syslogd start
with parameter
Configuration settings over web browser
Wieland Electric | BA000819 | 01/2012 (Rev. A)
19
3.8 LAN configuration
To enter the network configuration, select the
LAN
menu item. ETH network set in
Pri-
mary LAN
configuration, expansion PORT ETH set in
Secondary LAN
configuration.
Item Desciption
DHCP Client disabled – The router does not allow automatic allocation IP
address from a DHCP server in LAN network.
enabled – The router allows automatic allocation IP address
from a DHCP server in LAN network.
IP address Fixed set IP address of network interface ETH.
Subnet Mask IP address of Subnet Mask.
Media type Auto-negation – The router selects the speed of communication
of network options.
100 Mbps Full Duplex – The router communicates at 100Mbps,
in the full duplex mode.
100 Mbps Half Duplex - The router communicates at 100Mbps,
in the half duplex mode.
10 Mbps Full Duplex - The router communicates at 10Mbps, in
the full duplex mode.
10 Mbps Half Duplex - The router communicates at 10Mbps, in
the half duplex mode.
Default Gateway IP address of Default gateway of router. When entering IP address
of default gateway, all packets for which the record was not found
in the routing table, sent to this address.
DNS server IP address of DNS server of router. Address where they are for-
warded to all DNS questions on the router.
DHCP server assigns IP address, gateway IP address (IP address of the router) and IP address of the DNS server (IP address of the router) to the connected clients.
DHCP server supports static and dynamic assignment of IP addresses. Dynamic DHCP
server assigns clients IP addresses from a defined address space. Static DHCP assigns IP
addresses that correspond to the MAC addresses of connected clients.
Item Desciption
Enable dynamic
DHCP leases
If this option is checked, can enable a dynamic DHCP server.
IP Pool Start Start IP addresses space to be allocated to the DHCP clients.
IP Pool End End IP addresses space to be allocated to the DHCP clients.
Lease time Time in seconds, after which the client can use IP address.
Item Desciption
Enable static DHCP
leases
If this option is checked, can enable a static DHCP server.
MAC Address MAC address of a DHCP client.
IP Address Assigned IP address.
Enable static DHCP
leases
If this option is checked, can enable a static DHCP server.
Table 9: Configuration
of network interface
Table 10
:
Configuration
of dynamic DHCP
server
Table 11
:
Configuration
of static DHCP server
Configuration settings over web browser
20
Wieland Electric | BA000819 | 01/2012 (Rev. A)
It is important not to overlap ranges of static allocated IP address with address allocated by
the dynamic DHCP. Then risk collision of IP addresses and incorrect function of network.
Example of the network interface with dynamic DHCP server:
The range of dynamic allocated addresses from 192.168.1.2 to 192.168.1.4.
The address is allocated 600 second (10 minutes).
192.168.1.3
192.168.1.4
ETH
192.168.1.2
GSM/GPRS
192.168.1.1
NOTICE
F
ig 9: Topology of
example LAN
configuration 1
F
ig 10: Example LAN
configuration
Configuration settings over web browser
Wieland Electric | BA000819 | 01/2012 (Rev. A)
21
Example of the network interface with dynamic and static DHCP server:
The range of allocated addresses from 192.168.1.2 to 192.168.1.4.
The address is allocated 10 minutes.
Client's with MAC address 01:23:45:67:89:ab has IP address 192.168.1.10.
Client's with MAC address 01:54:68:18:ba:7e has IP address 192.168.1.11.
192.168.1.3
192.168.1.4
ETH
192.168.1.2
GSM/GPRS
192.168.1.10
01-23-45-67-89-ab
192.168.1.11
01-54-68-18-ba-7e
192.168.1.1
F
ig 11: Topology of
example LAN
configuration 2
F
ig 12:
E
x
ample LAN
configuration 2
Configuration settings over web browser
22
Wieland Electric | BA000819 | 01/2012 (Rev. A)
Example of the network interface with default gateway and DNS server:
Default gateway IP address is 192.168.1.20
DNS server IP address is 192.168.1.20
192.168.1.3
192.168.1.4
192.168.1.1
ETH
192.168.1.2
GSM/GPRS
192.168.1.20
F
ig 13: Topologie of
example LAN
configuration 3
F
ig 14: Example LAN
configuration 3
Configuration settings over web browser
Wieland Electric | BA000819 | 01/2012 (Rev. A)
23
3.9 VRRP configuration
To enter the VRRP configuration select the VRRP menu item.
VRRP
protocol (Virtual
Router Redundancy Protocol) is a technique, by which it is possible to forward routing
from main router to backup router in the case of the main router failure. If the
Enable
VRRP
is checked, then it is possible to set the following parameters.
Item Desciption
Virtual Server IP
Address
This parameter sets virtual server IP address. This address should
be thesame for both routers. A connected device sends its data via
this virtual address.
Virtual Server ID
Parameter
Virtual Server ID
distinguishes one virtual router on the
network from others. Main and backup routers must use the same
value for this parameter.
Host Priority
The router, with higher priority set by the parameter
Host Priority
,
is the main router. According to RFC 2338 the main router has the
highest possible priority - 255. The backup router has priority in
range 1 – 254 (init value is 100). The priority value equals 0 is not
allowed.
Virtual Server IP
Address
This parameter sets virtual server IP address. This address should
be the same for both routers. A connected device sends its data
via this virtual address.
It is possible to set Check PPP connection flag in the second part of the window. The currently active router (main/backup) will send testing messages to defined Ping IP Address at
periodic time intervals (Ping Interval) with setting time of waiting for answer (Ping Timeout). The function check PPP connection is used as a supplement of VRRP standard with
the same final result. If there are no answers from remote devices (Ping IP Address) for a
defined number of probes (Ping Probes), then connection is switched to the other line.
Item Desciption
Ping IP Address Destinations IP address ping queries. Address can not specify as
domain name.
Ping Interval Time intervals between the outgoing pings.
Ping Timeout Time to wait to answer.
Ping Probes Number of failed ping requests, after which the route is considered
to be impassable.
Ping IP address is possible to use for example a DNS server of mobile operator as a test
message (ping) IP address.
There's an additional way for evaluating the state of the active line. It is activated by selecting Enable traffic monitoring parameter. If this parameter is set and any packet different
from ping is sent to the monitored line, then any answer to this packet is expected for Ping
Timeout. If Ping Timeout expires with no answer received then process of testing the active line continues the same way like in the case of standard testing process after first test
message answer drops out.
Table 12: VRRP
configuration
Table 13
:
Check PPP
connection
NOTICE
Configuration settings over web browser
24
Wieland Electric | BA000819 | 01/2012 (Rev. A)
Example of the VRRP protocol:
Main router
Vir tual server ID 5
Host priority 255
192.168.1.1
192.168.1.2
192.168.1.3
Backup router
Virtual server ID 5
Host priority 100
ETH
10.0.1.3
APN 1
APN 2
F
ig 15: Topology of
example VRRP
configuration
F
ig 1
6
: :
Example
VRRP configuration –
main router
F
ig 17: : Example
VRRP configuration –
backup router
Loading...