Eurogard Servicerouterv3 User manual

eurogard ServiceRouterV3

Manual

Maike Symior <[email protected]>

Mario Cappello <[email protected]>

Oliver Kosmann <[email protected]>

eurogard ServiceRouterV3: Manual

von Maike Symior, Mario Cappello und Oliver Kosmann

Inhaltsverzeichnis

1. System description ..................................................................................................................... 1

1. Overview ......................................................................................................................... 1

2. Client network with central ServiceServer .............................................................................. 1

3. Legacy version, Router as VPN Server .................................................................................. 2

4. Functional overview and concept ......................................................................................... 3

5. Access routes .................................................................................................................... 4

6. Data logging and alarm management .................................................................................... 4

7. Additional functions: USB tunnel and optional Node-RED ........................................................ 4

8. Preconditions in the target network (End customer LAN) ......................................................... 5

2. Commissioning and operation ...................................................................................................... 6

1. Hardware installation, technical specification .......................................................................... 6

1.1. Connection and control elements ............................................................................... 6

1.1.1. Supply voltage ............................................................................................. 7

1.1.2. Reset button ................................................................................................ 7

1.1.3. Setup button ................................................................................................ 7

1.1.4. Error LED ................................................................................................... 8

1.1.5. Status LED .................................................................................................. 8

1.1.6. LTE LEDs .................................................................................................. 8

1.1.7. WiFi-LED ................................................................................................... 8

1.1.8. VPN switch ................................................................................................. 8

1.2. Network connections at the front of the device ............................................................. 8

1.2.1. WAN connector ........................................................................................... 8

1.2.2. LAN connectors ........................................................................................... 8

1.2.3. USB connectors ............................................................................................ 9

2. Establishing first contact ..................................................................................................... 9

3. Operating concept .............................................................................................................. 9

4. Installation - quick set up guide ......................................................................................... 10

4.1. ServiceRouterV3 Preparation ................................................................................... 11

4.2. Connection to the Internet ....................................................................................... 12

4.3. Time ................................................................................................................... 12

4.4. Router as VPN Client ............................................................................................ 13

4.5. Router as VPN-Server ............................................................................................ 13

3. Information about the ServiceRouterV3 ....................................................................................... 15

1. Contact ........................................................................................................................... 15

2. System ........................................................................................................................... 15

3. Test ............................................................................................................................... 16

4. Configuration options of the ServiceRouterV3 .............................................................................. 15

1. Administration area .......................................................................................................... 17

2. Basic Settings/LAN .......................................................................................................... 17

2.1. Host name ............................................................................................................ 17

2.2. Domain name ....................................................................................................... 18

2.3. IP address of the Router in the LAN network ............................................................. 18

2.4. Netmask ............................................................................................................... 18

2.5. DHCP Server for the LAN ...................................................................................... 18

2.6. DHCP Pool .......................................................................................................... 18

2.7. HTTPS port of the web interface ............................................................................. 18

3. Web Access/WAN ........................................................................................................... 19

3.1. WAN media ......................................................................................................... 19

3.1.1. Ethernet ..................................................................................................... 19

3.1.2. DSL/PPPoE ............................................................................................... 20

3.1.3. WiFi ......................................................................................................... 20

3.1.4. LTE .......................................................................................................... 20

3.1.5. Username and password ............................................................................... 20

3.1.6. Data counter .............................................................................................. 20

3.1.7. Enable log file ............................................................................................ 21

iii

eurogard ServiceRouterV3

3.1.8. MTU ........................................................................................................ 21

3.2. Router control via SMS commands .......................................................................... 21

4. WAN-Fallback Configuration ............................................................................................. 21

4.1. Disabled ............................................................................................................... 21

4.2. Switching ............................................................................................................. 21

4.3. Multi-WAN .......................................................................................................... 22

5. Time .............................................................................................................................. 22

5.1. Time source ......................................................................................................... 22

5.2. Time zone ............................................................................................................ 22

5.3. Device is NTP Server ............................................................................................ 22

5.4. NTP Server chart .................................................................................................. 23

6. dDNS ............................................................................................................................. 23

7. Certificates ...................................................................................................................... 24

7.1. Field contents ....................................................................................................... 25

7.2. Validity in days .................................................................................................... 25

7.3. Generate server certificates ..................................................................................... 26

7.4. Import root certificates ........................................................................................... 26

7.4.1. Internet Explorer 10 .................................................................................... 26

7.5. Show server certificates .......................................................................................... 29

8. OpenVPN ....................................................................................................................... 30

8.1. OpenVPN-Mode .................................................................................................... 30

8.2. OpenVPN-Client ................................................................................................... 30

8.2.1. Checklist Router as OpenVPN client .............................................................. 31

8.2.2. HTTP Proxy Server ..................................................................................... 32

8.3. OpenVPN Server ................................................................................................... 32

8.3.1. DHCP range for VPN clients ........................................................................ 32

8.3.2. VPN Transport protocol ............................................................................... 32

8.3.3. Port .......................................................................................................... 32

8.3.4. Enable client to client connections ................................................................. 32

8.3.5. Limit VPN packet size ................................................................................. 32

8.3.6. Activate mobile access ................................................................................. 33

8.3.7. Enable log file ............................................................................................ 33

8.3.8. Log verbosity ............................................................................................. 33

8.3.9. Maximum log size ...................................................................................... 33

8.3.10. Time interval for keep-alive pakets in seconds ................................................ 33

8.3.11. Restart VPN-connection after loss of how many keep-alive pakets ...................... 34

8.3.12. Cryptoalgorithm ........................................................................................ 34

9. Accounts ........................................................................................................................ 34

9.1. Refresh status ....................................................................................................... 34

9.2. Add new account .................................................................................................. 35

9.3. New user certificate ............................................................................................... 35

9.4. Download ............................................................................................................. 35

9.5. Change password .................................................................................................. 36

9.6. Delete account ...................................................................................................... 36

10. WLAN (only with WLAN option) .................................................................................... 36

10.1. WLAN interface .................................................................................................. 36

10.2. Wireless mode ..................................................................................................... 36

10.3. Radio band ......................................................................................................... 36

10.4. ESSID ............................................................................................................... 37

10.5. Encryption .......................................................................................................... 37

10.6. Passphrase .......................................................................................................... 37

10.7. Country .............................................................................................................. 37

11. Logs ............................................................................................................................. 37

12. Firewall ........................................................................................................................ 37

12.1. Port 22 - ssh ....................................................................................................... 38

12.2. Port 443 - https ................................................................................................... 38

12.3. Allow LAN devices access to WAN ....................................................................... 38

12.4. Parameterized firewall rules incoming connections .................................................... 38

eurogard ServiceRouterV3

13. Routing ........................................................................................................................ 40

14. Ports ............................................................................................................................ 40

5. Devices .................................................................................................................................. 42

1. Host Configuration ........................................................................................................... 42

2. Data logger ..................................................................................................................... 42

2.1. Set up connection to a device .................................................................................. 42

2.2. Changing a connection ........................................................................................... 43

2.3. Configuration of measured data ............................................................................... 44

2.3.1. Analog values of S7 compatible controls ......................................................... 44

2.3.2. Analog values in Modbus devices .................................................................. 45

2.3.3. Digital values with S7 compatible controls ...................................................... 46

2.3.4. Digital Digital values with Modbus devices ..................................................... 47

3. Fault messenger ............................................................................................................... 48

3.1. Configure message trigger ....................................................................................... 48

4. Data synchronization ........................................................................................................ 49

4.1. Setting up a server connection ................................................................................. 49

5. Node-RED ...................................................................................................................... 50

6. USB-Tunnel .................................................................................................................... 53

6. Messaging .............................................................................................................................. 54

1. Email ............................................................................................................................. 54

1.1. Emailing .............................................................................................................. 54

1.2. Email address ....................................................................................................... 54

1.3. Server/Port ........................................................................................................... 54

1.4. Username/Password ............................................................................................... 54

1.5. Transport encryption .............................................................................................. 54

1.6. Allow certificates of unknown origin ........................................................................ 55

1.7. Email address of recipient ....................................................................................... 55

1.8. Test configuration .................................................................................................. 55

2. SMS-Gateway ................................................................................................................. 55

3. Reports ........................................................................................................................... 57

7. Status-Logs ............................................................................................................................. 58

1. Network ......................................................................................................................... 58

1.1. IP-Addresses ......................................................................................................... 58

1.2. Interfaces ............................................................................................................. 58

1.3. DHCP ................................................................................................................. 58

1.4. VPN-Status .......................................................................................................... 58

1.5. LTE-Status ........................................................................................................... 59

2. Logs .............................................................................................................................. 59

3. dDNS ............................................................................................................................. 59

4. Diagnosis ........................................................................................................................ 60

5. Routing .......................................................................................................................... 60

8. Backup Maintenance ................................................................................................................ 62

1. Backup ........................................................................................................................... 62

1.1. Restore point ........................................................................................................ 62

1.2. Factory defaults ..................................................................................................... 62

1.3. Configuration ........................................................................................................ 63

1.4. Firmware-Update ................................................................................................... 63

2. Service ........................................................................................................................... 63

2.1. Maintenance access ................................................................................................ 64

9. Declaration of Conformity ......................................................................................................... 65

10. Disclaimer ............................................................................................................................. 66

1. General .......................................................................................................................... 66

2. Safety instructions ............................................................................................................ 66

3. Proper use, installation and assembly .................................................................................. 66

A. Glossary ................................................................................................................................ 67

Liste der Beispiele

4.1. Host and Domain name .......................................................................................................... 18

4.2. URL with HTTPS on changed port .......................................................................................... 19

Kapitel 1. System description

1. Overview

The demand for secure Internet access solutions for remote service and operation of PLC-based systems has been

continuously growing over the past years. Compared to the standard operating and monitoring solutions, Ether-

net-ready controllers and web-based user interfaces have the advantage of global accessibility. In order to make

full use of the potential of these possibilities, an easy-to-handle and secure Internet access is required.

eurogard GmbH now presents the third generation of the ServiceRouter. Our combined TeleService know-how

since 1995 has been incorporated into this professional and easy-to-handle Internet-based solution for industrial

use, optimally adapted for PLC networks and at the same time extending the functionality range.

The ServiceRouterV3 is a complete solution for remote maintenance of automation and other networks via a fast

Internet connection. Wired communication with DSL or wireless communication via WiFi or LTE are optional.

The ServiceRouterV3 can act as VPN Server as well as VPN Client.

This allows for easy implementation of different network structures.

For the operation of larger service networks, eurogard offers different portal servers. These solutions offer suffici-

ent bandwidth for up to 1000 VPN channels and form the basis for customized projects with special requirements,

eg regarding specific access strategies of individual users to clients or IP ranges in the service network.

2. Client network with central ServiceServer

Distributed plants are equipped with ServiceRouters in client mode.

The ServiceRouter sets up a VPN connection to an identified ServiceServer, monitors the connection and forms a

service network with other clients. This requires a ServiceServer as a central server. This kind of network allows

for cross communication between the remote plants. Furthermore, plants may be connected via wireless LTE,

high-priced M2M SIM cards are no longer required.

System description

Since mobile communication networks are normally blocked from the Internet through firewalls, the individual

plant routers have to be interconnected as clients on a server outside of the mobile communication network.

Together with the server they constitute a combined and closed network in which they can communicate and can

be reached by a chosen application in the service network (data base, programming device).

When using a ServiceServer, plants are organized in different and separated customer networks. A combined

admin network may be implemented. For further information please contact us.

Summary

• Very easy integration of the Routers as clients in the target network

• No port forwarding, only an IP with Internet access is required

• Wireless connection to plants via LTE offers sufficient bandwidth - uncomplicated and for world-wide use

• Reasonably-priced start with ServiceServer as central VPN server

• Complex structures may be implemented at any point in time through the portal server „MAGNUM“

3. Legacy version, Router as VPN Server

The ServiceRouter at the remote plant is VPN server. This requires the Router to be integrated into the (end

customer) target network and to be accessible at least through port forwarding of the VPN port. If the target

network only has a dynamic IP, a service such as DynDNS is required to update the current IP.

The free software EurogardSRConnect establishes the connection to the VPN server. In addition, your certificates

are managed and the access times for subsequent invoicing are saved.

Continuous communication between individual systems is not possible in this scenario.

System description

Summary

• Easy and secure point-to-point VPN connections to all plants

• The ServiceRouter is integrated into the plant network via port forwarding or has its own DSL modem.

• It makes little sense to operate the ServiceRouterV3 as a server via LTE, since the mobile phone providers block

external access to the mobile phone networks via firewalls.

• TheeurogardVPNClientSoftware"EurogardSRConnect"makestheconnectionsetupclearandstraightforward

4. Functional overview and concept

The following overview screen shows the structure of the firmware.

System description

5. Access routes

At delivery, the ServiceRouterV3 exclusively accepts VPN or SSL encrypted data on the WAN side. The firewall

is blocked for all other ports but can be configured with port forwarding and custom rules. Please contact the

manufacturer directly for customer specific adjustments.

WLAN access in position Access Point allows for direct local communication with the PLC network, in order to

enable mobile use of programming devices during commissioning or use of WLAN operating units.

6. Data logging and alarm management

The ServiceRouterV3 includes an integrated SQL database where up to 16 million values may be saved in a ring

buffer. A data link to connected devices such as S7 controls or Modbus TCP devices may be set up by means of

various communication drivers. Up to 5 controls with an adjustable log cycle of 1 – 999 seconds may be logged

at the same time. This means that optimization, production data acquisition and fault diagnostics are directly

integrated into the remote access concept.

The alarm messaging function sends configurable messages via email, Web-SMS and/or SMS via SIM card with

the LTE version. Changes of status are detected by preconfigured trigger bits via the data connection to the target

unit; the corresponding message is immediately transmitted. The use of Web-SMS also allows for Routers without

SIM card to send text messages to mobile phones.

7. Additional functions: USB tunnel and optional Node-

RED

USB devices may be connected to the USB ports of the Router and can then be remotely accessed as well. In this

case, the USB port is forwarded to the remote computer and can be used like a locally connected device. USB

cameras, programming adapters or mass storage devices are possible applications.

System description

Node-RED allows for IIoT functionality of the ServiceRouterV3 (see https://eurogard.de/de/produkte/fernwar-

tung/iiot.html)

8. Preconditions in the target network (End customer

LAN)

Operation as client in the target network

If the ServiceRouterV3 is operated as client in the target network, port forwarding does not apply – along with

many a discussion with local IP administrators.

The ServiceRouterV3 only requires an IP in the network, the IP of a DNS server and access to the Internet, just

as with any other PC in this network.

Access to an NTP Server should optionally be allowed via port 123.

Operation as server in the target network

The ServiceRouterV3 has to be integrated through forwarding of the ports described below. Furthermore it has to

be accessible through updating of its IP via DynDNS.

All ports described may be configured

• UDP 1194 for tunneled connection to the PLC network (VPN)

• TCP 443 for access to the configuration interface (SSL)

• Only temporarily: TCP 22 for emergency support through manufacturer eurogard. The ports 443 and 22 in the

Router may be blocked after initial start-up and no longer have to be forwarded.

• Since, as a standard, the public IP of our customers is dynamic, the public IP of the ServiceRouter is dynamic, as

well. For external access to the ServiceRouter, the local IP has to be updated via the DynDNS Internet service.

In order to do this, outward communication of the Router to port 80 is required.

• The Router requires access to an NTP server in order to update its system time. In case no internal NTP is

available, port 123 outgoing has to be enabled in order to access an Internet NTP. The battery-buffered real-

time clock of the ServiceRouter bridges offline times and ensures continuous accessibility of the Router.

Kapitel 2. Commissioning and

operation

1. Hardware installation, technical specification

The Router is designed for installation, eg in a switching cabinet, for DIN-rail mounting. It requires a slot with the

following dimensions: Height = 178 mm, Width = 50 mm, Depth = 168 mm

Technical data

• Platform: AMD GX-412TC SOC

• 2 GB DDR3-RAM, 4 GB optional

• 4 x 1 GHz core with 64 bit, 2 MB L2 cache

• 3 x Gigabit Ethernet

• 16 GB SSD, RAID1 with 2 SSDs optional

• USB 3.0, RS232

• VPN switch

• Supply voltage 12-30V / 6- 10W

• Ambient temperature 5-50°C non-condensing

• DIN-rail mounting

• Robust metal housing

• Dimensions: H: 178, W: 50, D: 168 mm

1.1. Connection and control elements

The supply terminal, the Reset button, the Setup button as well various LEDs indicating errors and operating

conditions are located at the front of the device.

Commissioning and operation

1.1.1. Supply voltage

Supply voltage is 12-30VDC/6-10W. The two input terminals for +-potential are separated by diodes, allowing

for redundant power supply of the Router, as long as the ground potential of the sources has the same level. The

Power LED indicates sufficient supply.

1.1.2. Reset button

After pressing the Reset button for at least 3 seconds, the reset procedure is initiated when the button is released.

This is indicated by fast flashing of the LEDs. The device restarts twice after a few seconds. After approximately

one minute, the device is back in default status.

The reset function is available 15 seconds after power-up of the device, indicated by flashing of the Error LED.

1.1.3. Setup button

After pressing the Setup button for at least 10 seconds, the restore procedure is initiated when the button is released.

Providing a restore point on the Router has previously been generated or has been uploaded via the web interface,

the status is restored during this procedure. This is indicated by fast flashing of the LEDs. The device reboots after

a few seconds. The device is set back to the last secured status after approximately one minute.

With Routers with WLAN option, the WLAN may be switched on or off via the setup button. Press the Setup

button briefly, for a maximum of 2 seconds. If the button is pressed for more than 2 seconds, the restore function

may be triggered unintentionally.

Commissioning and operation

Additionally, the WAN fallback interface can be activated or deactivated with this button. In this case, the Setup

button must be pressed for at least 3 seconds and a maximum of 7 seconds without interruption. If the WAN

fallback interface is deactivated at the time of pressing, it is then activated. This is also indicated by the Error LED

flashing at 100 ms intervals. In the reverse case, the WAN fallback interface is deactivated again and the Error

LED flashes at 1 second intervals.

1.1.4. Error LED

The Error LED indicates errors and operating status messages.

After start up of the device, the device requires approximately 15 seconds in order to initialize the hardware and

the operating system.

Subsequently, the LED starts flashing at one second intervals and the Router starts setting up its configuration.

When this process is terminated, the LED switches off and the Router is in operating mode; should this not be the

case, an error has occurred during installation of the stored configuration.

If a reset is triggered or a restore point is loaded, the LED flashes rapidly for a short period of time and the device

will restart. After re-initialisation, the server carries out a new configuration which is also indicated by fast flashing

of the LED. Subsequently, the system is restarted again.

1.1.5. Status LED

The green Status LED indicates the status of the VPN connection. If the device is parameterized as VPN client

or VPN server, the Status LED starts flashing. As soon as a VPN tunnel has been set up, the LED switches from

flashing to a continuous light.

1.1.6. LTE LEDs

The LTE LEDs indicate the status of the LTE modem as well as the connection status to the mobile network. The

LTE P-LED lights permanently after the LTE modem has been configured and switched on. As soon as the device

has logged into the mobile network, the LTE L-LED lights permanently.

1.1.7. WiFi-LED

If WiFi is activated on the ServiceRouterV3, the WiFi LED lights up permanently.

1.1.8. VPN switch

As the last instance, the VPN switch activates or deactivates the function of the configured VPN. This gives the

end customer full control over the remote access to his system at all times.

1.2. Network connections at the front of the device

Three RJ-45 Gigabit Ethernet network connections are located at the front of the device.

1.2.1. WAN connector

Connect the WAN socket to a web-enabled network or to a DSL modem. All Internet traffic has to be handled

via this socket.

1.2.2. LAN connectors

The LAN1 and LAN2 sockets are bridged internally and have switch functionality. All terminal devices from the

local network for remote access are connected to the LAN1/2 sockets of the device either directly or via external

switch.

Commissioning and operation

1.2.3. USB connectors

USB devices such as webcams, programming cables or storage units may be connected here and can then be

remotely accessed.

2. Establishing first contact

All administrative interactions with the ServiceRouterV3 are carried out via the web interface. In order to access

this interface, the LAN-IP of the ServiceRouterV3 has to be accessible for your PC. As a standard, connect the

LAN interface of the ServiceRouterV3 directly to your PC via switch or patch cable. If not configured beforehand,

set your PC to obtain an IP address automatically via DHCP.

Enter the URL http://192.168.155.1 in your browser in order to access the web interface of the ServiceRou-

terV3. In case an error messages appears, check the network settings of your PC and, where necessary, deactivate

the use of a proxy server through your browser.

Local settings. Allow the Router to assign an IP address. Log in as user "eurogard" with password „euro-

gard“ (default). Go through the configuration menu in the order described below. Please change the password

(under Admin accounts) at a later point in time! Click on the Test button in order to test the router configuration.

(s. Abschnitt 3, „Test“).

The following parameters are set as default on initial power-up:

WAN / Internet: Connection Ethernet, DHCP client, waiting for IP from the customer network.

LAN: DHCP-Server on: As soon as you connect a PC to the LAN side via Ethernet, the Router attempts to allocate

an IP to this PC via DHCP protocol.

DynDNS: no connection allocated

WLAN: disabled

Accounts: the device is delivered with the following Administrator / User accounts:

Admin: User: eurogard, Password: eurogard

Settings: Name: Servicerouter Domain: dyndns.org Language: German

VPN: No certificates generated, either for the Router or for the user.

3. Operating concept

Since the eurogard ServiceRouterV3 is a network component, the entire interaction with the user is carried out via

a web frontend in the browser. Operation using a monitor, keyboard and mouse is not supported.

Commissioning and operation

The user interface has a main menu on the left hand side and a corresponding submenu depending on the selected

menu item.

Some of the menu items only display information, some allow for changing the settings. Menu items allowing

changes to settings often have a "Save" button. Only after pressing the "Save" button will specified data be sub-

mitted. Some of the tables apply direct changes and the "Save" button need not be pressed. Additionally, some

events require confirmation after a safety query.

This manual can also be found in the device in browser form. The help link in the submenu bar connects to the

relevant chapter of this context-sensitive manual. In this process, the browser opens a new window or a new tab.

Where no help pages are displayed after clicking the help link, please check to see if a new tab has appeared in

the background or if you have received notification from a popup blocker.

4. Installation - quick set up guide

This chapter guides you through the configuration. Only the basic operational parameters are set here. For a more

detailed and exhaustive explanation of all menu items, please see chapter Abschnitt 2, „Establishing first contact“.

Call up the web interface of the ServiceRouterV3.

Commissioning and operation

Before proceeding, log on to the ServiceRouter as Admin.

Enter eurogard both as user name and password.

After successful login the Login link changes to the Logout link, stating the name of the current user, in this case

"eurogard".

You are now logged in as administrator on the eurogard ServiceRouterV3.

Go through the various subsections in sequence.

4.1. ServiceRouterV3 Preparation

Open the main menu item Router Configuration and the submenu item Basic Settings/LAN

Settings which should be altered in all cases are the host and domain names. These names will reappear in the

certificates which have to be generated as one of the next steps in case the Router is to be configured as VPN server.

On the LAN side the ServiceRouter has been set to IP 192.168.155.1. Please change this address to a valid IP

from the address range of your service network, eg 192.168.1.1 for the 192.168.1 network. This is set under the

menu item IP address in plant network.

Commissioning and operation

Where the IP has been changed, and after pressing the Save button, the device can be accessed via its new IP.

Please adjust the network settings of your PC accordingly. In the above example, the Router can now be accessed

via the address 192.168.1.1.

If your computer is configured for address allocation via DHCP, briefly disconnect the network cable or enter the

following line at the command prompt:

ipconfig /renew

Your computer should receive a new IP from the device and display a similar text:

Microsoft Windows [Version 6.1.7600]

C:\Users\klaus>ipconfig /renew

Windows-IP-Konfiguration

Ethernet-Adapter LAN-Verbindung:

Verbindungsspezifisches DNS-Suffix: example.com

Verbindungslokale IPv6-Adresse . : fe80::cd46:3019:dbd7:c9f1

IPv4-Adresse . . . . . . . . . . : 192.168.1.100

Subnetzmaske . . . . . . . . . . : 255.255.255.0

Standardgateway . . . . . . . . . : 192.168.1.1

Adjust the entry in the address bar of your browser to the newly configured IP of the Router.

4.2. Connection to the Internet

You can set your preferred access to the Internet under the menu item Router Configuration # Web Access/WAN.

You can choose between Ethernet via DHCP or static IP, as well as PPPoE (DSL), WiFi client or LTE.

Select your way of access and test the functionality. Go to Status-Logs →Diagnosis. You should be able to ping

an Internet host such as, for example, google.com. This is precondition for the following installation steps.

Try restarting if the device is unable to access the Internet in spite of correct settings. Please refer to Backup

Maintenance →Service.

4.3. Time

For safe and stable VPN operation between eurogard ServiceRouterV3 and Client-PCs or ServiceServers, all

subscribers require a synchronized time base.

As default, the Router synchronizes the correct time via Internet via NT

The correct time zone for Germany is pre-set.

Commissioning and operation

The correct time of the server can be viewed in the upper right-hand corner, below the Adminlogin link. The time

displayed is the time of the website access, not the current time.

If the clock has not been set, the time indicated flashes in red.

4.4. Router as VPN Client

Certificates. As previously stated, all VPN clients require a certificate. If the Router is configured as VPN

client, a certificate of the server to which the Router is to connect is required.

OpenVPN. Call up the menu item Router Configuration →OpenVPN. Set the select field to Client and press

Browse. Select the tar file generated by the server. Terminate the process by pressing the save button.

The Router should now be connected to the server. This is indicated by the continuous light of the status LED.

Achtung

Please note that the network settings for the LAN side have to correspond to the service network settings

on the server. If, for example, the service network 192.168.0.0 has been parameterized, the Router has

to obtain a fixed and unique address from this network.

4.5. Router as VPN-Server

Certificates. As previously stated, all VPN clients require a certificate. The contents of the certificate are deter-

mined by particular specifications. In order to keep the operation of the device as simple as possible, most entries

are set automatically. Only very few remain to be set by you.

Since a certificate is a kind of digital passport, it should include 'personal' data of the owner.

Call up Router Configuration →Certificates.

Enter the relevant data for your company. The pre-entered data in the text fields serves as an example.

Commissioning and operation

Enter your Internet country code (ISO 3166-2), for example DE for Germany or AT for Austria.

Confirm your settings by pressing the button save in the bottom right corner of your screen.

Achtung

After expiry of the validity period, access to the VPN network with the expired certificate is no longer

possible. Set up a reminder in due time in order to create and use new certificates.

Initiate the generation of the certificates for the ServiceRouterV3 by pressing generate new certificates. Since this

utilizes random values, the duration of this process may vary from time to time. Please be patient as this may

take several minutes.

OpenVPN. Call up the menu item Router Configuration →OpenVPN. Set the select field to Server and press

save. There is a wide range of options but standard and recommended values are already pre-set.

Your Router is now ready for operation as VPN server. Under the menu item Router Configuration →Accounts

you can now set up a VPN client account.

Table of contents

Other Eurogard Network Hardware manuals

Eurogard

Eurogard ServiceServer User manual

Popular Network Hardware manuals by other brands

Paradyne

Paradyne ACCULINK 316x Operator's guide

Seenergy

Seenergy SVR-204 quick guide

Ubiquiti

Ubiquiti UniFi US-48-500W quick start guide

Lanner

Lanner NCA-5210 user manual

Airvana

Airvana S1000 user guide

Humanware

Humanware BrailleNote Touch Plus quick start guide

eks

eks 0 1000 6123-BIDIB manual

SHARX SECURITY

SHARX SECURITY HTNR4560 Reference manual

Maxtor

Maxtor Shared Storage Plus+ user guide

Cisco

Cisco DOC 785983 Quick reference guide

ADTRAN

ADTRAN NetVanta 834 Information

Alcatel-Lucent

Alcatel-Lucent ISAM FTTN 7330 brochure

Vigitron

Vigitron MaxiiPower Vi22401U installation manual

Linksys

Linksys WMB54G - Wireless-G Music Bridge Network Audio... install guide

Alcatel-Lucent

Alcatel-Lucent Intelligent Services Access Manager brochure

Advantech

Advantech FWA-2320 user manual

Nortel

Nortel 2600 Getting started

Allied Telesis

Allied Telesis AT-TN109-A Specifications

Eurogard ServiceRouterV3 User manual

Popular Network Hardware manuals by other brands