Seneca VPN BOX2 User manual
Page 1
SENECA s.r.l.
Via Austria, 26 - 35127 - PADOVA - ITALY
Tel. +39.049.8705355 - 8705359 Fax. +39.049.8706287
Website: www.seneca.it
(Other)
This document is the property of SENECA srl. Unauthorized duplication and reproduction (even partial) is prohibited. The
content of this document refers to the described products and technologies. Despite the continuous effort to achieve
perfection, all the technical data contained in this document can be modified or added for technical and commercial needs;
it is impossible to completely eliminate discrepancies and inconsistencies. However, the content of this documentation is
subject to periodic review. For any question, do not hesitate to contact our structure or write to the e-mail addresses
indicated above.
USER MANUAL
VPN BOX2 Hardware
VPN BOX2 Virtual Machine SW
VIRTUAL PRIVATE NETWORK SERVER
USER MANUAL –VPN-BOX2
2
Date
Revision
Note
Author
Code
02/05/2023
1
First edition
AS
MI00601-0
12/05/2023
2
Translation
AZ
MI00601-1
USER MANUAL –VPN-BOX2
3
TABLE OF CONTENTS
1. SENECA VPN BOX2....................................................................................................5
2. SOFTWARE OPEN SOURCE ......................................................................................6
3. INTRODUZIONE...........................................................................................................6
3.1. SPECIFICHE HARDWARE ................................................................................................................................. 7
3.2. SPECIFICHE VIRTUAL MACHINE (VMWARE).................................................................................................... 7
4. INSTALLAZIONE VPN BOX2.......................................................................................8
4.1. INSTALLAZIONE HARDWARE .......................................................................................................................... 8
4.2. INSTALLAZIONE VM ....................................................................................................................................... 9
5. CONFIGURAZIONE DI RETE ETHERNET DI DEFAULT..........................................10
6. PRIMA CONFIGURAZIONE DEL VPN BOX2............................................................11
6.1. LOGIN ...........................................................................................................................................................12
6.2. WELCOME.....................................................................................................................................................13
6.1. MODE ...........................................................................................................................................................14
6.1. NETWORK .....................................................................................................................................................16
6.1. SECURITY ......................................................................................................................................................18
6.1. LICENSE.........................................................................................................................................................19
7. AMMINISTRAZIONE DEL SERVER...........................................................................20
7.1. HOME ...........................................................................................................................................................20
7.2. DEVICES ........................................................................................................................................................22
7.3. USERS............................................................................................................................................................24
7.4. GROUPS ........................................................................................................................................................28
7.5. NETWORKS (VPN) .........................................................................................................................................31
7.6. CONFIG. GENERAL.........................................................................................................................................34
USER MANUAL –VPN-BOX2
4
7.7. CONFIG. NETWORK .......................................................................................................................................35
7.8. CONFIG. SNMP..............................................................................................................................................36
7.9. CONFIG. BACKUP (AUTOMATICI)...................................................................................................................37
7.10. CONFIG. CERTBOT .........................................................................................................................................39
7.11. CONFIG. ADVANCED......................................................................................................................................40
7.12. LOGS .............................................................................................................................................................41
7.13. BACKUP.........................................................................................................................................................42
8. RESET DI FABBRICA ED AGGIORNAMENTO DEL VPN BOX2 .............................43
8.1. RESET DI FABBRICA .......................................................................................................................................43
8.1. AGGIORNAMENTO DEL VPN BOX2 ................................................................................................................44
9. CONFIGURAZIONE DEL ROUTER/FIREWALL........................................................45
10. PRINCIPIO DI FUNZIONAMENTO VPN NETWORK SINGLE LAN...........................47
10.1. CONFIGURAZIONE DELLA VPN.......................................................................................................................48
11. PRINCIPIO DI FUNZIONAMENTO VPN POINT TO POINT.......................................49
11.1. CONFIGURAZIONE DELLA VPN.......................................................................................................................50
12. CONNESSIONE TRAMITE VPN CLIENT COMMUNICATOR....................................51
12.1. CONNESSIONE VPN GUI (SL o P2P)................................................................................................................51
12.1. CONNESSIONE VPN SERVICE MODE (SOLO SL) ..............................................................................................52
12.2. CONNESSIONE DIRETTA DAL BROWSER ........................................................................................................53
13. CONNESSIONE TRAMITE CLIENT SMARTPHONE (SOLO MODO SINGLE LAN) 55
14. GLOSSARIO...............................................................................................................57
USER MANUAL –VPN-BOX2
5
1. SENECA VPN BOX2
ATTENTION!
IN NO EVENT, SHALL SENECA S.R.L. OR ITS SUPPLIERS BE LIABLE FOR LOSS OF REGISTRATION
DATA/INCOME OR FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES RESULTING FROM
NEGLIGENCE OR THE IMPROPER OR IRRESPONSIBLE USE OF Z-LINK2-LO, EVEN IF SENECA IS
AWARE OF SUCH POSSIBLE DAMAGES.
SENECA, ITS SUBSIDIARIES, AFFILIATES, GROUP COMPANIES, ITS SUPPLIERS AND ITS DEALERS DO NOT
WARRANT THAT THE FUNCTIONS WILL FULLY MEET YOUR EXPECTATIONS OR THAT Z-LINK2-LO, THE
FIRMWARE AND THE SOFTWARE ARE ERROR-FREE OR WORK IN A CONTINUOUS WAY.
USER MANUAL –VPN-BOX2
6
2. SOFTWARE OPEN SOURCE
The Seneca VPN BOX2 product contains Open Source software distributed under the GPL license. In
compliance with section 3b of said license, Seneca provides the sources of this software. It is possible to
3. INTRODUCTION
VPN Box is a server device that allows you to create secure VPN (Virtual Private Network) connections
between geographically distant Systems and Servers/PCs in a simplified way, maintaining centralized
management of all SENECA devices enabled for the use of a VPN.
Remote connections based on VPN technology allow transparent communication using the most common
TCP/IP protocols in the industrial world. Since these are connections based on IP (Internet Protocol), it is
possible to convey multiple communication protocols simultaneously via VPN. For example, it will be possible
to communicate in Modbus TCP/IP with a remote device while carrying out maintenance on the software of
a PLC belonging to the same system.
The SENECA devices compatible with VPN BOX2 allow connections from the system both on the Ethernet and
directly Mobile/Cellphone networks (only products equipped with modem).
The types of VPN that can be created with this product are of two types: VPN Single LAN and VPN Point to
Point.
The Single LAN type solves the cases in which it is necessary to create a connection that allows
communication between devices installed in different and distant sites, so as to form a single network which
can also include the subnets of the devices, if desired; these cases are typical in SCADA and Telecontrol
environments.
The Point to Point type allows a maintainer to reach a single device and, optionally, its subnet to intervene
on it; the typical use is the remote assistance in the field of the machines and the reprogramming of a
PLC/HMI, the verification of some functions and the solution of the problems.
The VPN Box is a server device that needs to be configured via the web interface
The VPN Client Communicator software is provided to create the VPN tunnel between a remote PC and the
network/device.
VPN BOX2 is only compatible with VPN Client Communicator versions > v4.0.0.0.
All the software needed to use the VPN BOX2 product can be downloaded from the official product page in
the SOFTWARE & APP section.
The VPN BOX2 is available in two versions: Hardware and Virtual Machine (vmware) the following are the
characteristics of each version.
USER MANUAL –VPN-BOX2
7
3.1. HARDWARE SPECIFICATIONS
To obtain the technical specifications of the box pc with which the product is supplied in the "hardware"
version, consult the installation manual of the VPN BOX2 product.
3.2. VIRTUAL MACHINE (VMWARE) SPECIFICATIONS
The Virtual Machine version is supplied in exported OVF format with a general indication of the hardware
requirements of the Virtual application. These requirements must then be suitably modified by the user when
creating the VPN BOX2 Virtual machine in order to take into account:
•Number of Seneca devices to manage
•Number of users to manage
•Workload that the server will have to take care of
For a minimal configuration it is recommended to meet the following requirements:
Requirement
Minimum value admitted
CPU
64 bit / 2 cores
RAM
8 GB
Disc
64 GB SSD
SO
compatible with LINUX distributions
Networking
1xETH (100/1000 Mbit)
Host/Hypervisor
Support host: Intel-VT or AMD-V / Hypervisor: VMware
The configurations can be changed after the creation of the server to ensure the application scalability.
For further instructions on using the OVF format to start a VPN BOX2 Virtual Machine see the VM Installation
chapter.
USER MANUAL –VPN-BOX2
8
4. VPN BOX2 INSTALLATION
4.1. HARDWARE INSTALLATION
To install the VPN BOX2 hardware, proceed as follows:
•Place the server horizontally on a flat surface
•Connect the hardware box power terminals to a dedicated power source. Power requirements are
listed in the user manual
•The VPN BOX2 hardware does not require a keyboard, mouse or monitor to operate. However, they
may be required in case of technical service by Seneca personnel.
•Start the VPN BOX2 by pressing and releasing the ON/OFF button on the front panel of the box once
only
•The POWER led will light up instantly but the server will not be immediately operational, it will take
a few minutes to start up completely (start-up time max 5 min)
ATTENTION!
the VPN BOX2 is a server device, needs to be switched on and off correctly, avoiding sudden power cuts.
For this reason it is recommended to install a UPS to protect the server power supply.
To turn the server off:
•Press and release the ON/OFF button once
•Wait for the POWER led to switch off completely
•In some cases the normal shutdown procedure may take 1 or 2 minutes.
If the server is blocked from starting up or fails to shut down, proceed with a forced shutdown as follows:
•Press and hold down the ON/OFF button once
•Keep the button pressed until the POWER led goes off.
•Repeat the start procedure
For further details on the installation of the VPN BOX2 hardware, consult the product installation manual.
USER MANUAL –VPN-BOX2
9
4.2. VM INSTALLATION
In the case of virtual machine installation, the file with the ".ovf" extension must be imported into your
virtualization software. All the supplied accessory files must be in the same folder as the OVF file to avoid
errors during the import and creation of the virtual machine.
The OVF file is compatible with VMware Workstation Pro virtualization software, the instructions below show
how to import the VPN BOX 2 virtual machine application into that software
•Double click on the file name with the .ovf extension to start the application import
•Follow the import virtual machine wizard
•Start the virtual application
•Once the start is complete, the login screen will be displayed on the console. As shown in the following
screenshot
ATTENTION!
No operator action is required on this screen. Simply minimize the console to an icon and use the VPN
BOX2 server via web access with a compatible browser.
USER MANUAL –VPN-BOX2
10
The VMware compatibility is set as follows:
ESXi: 6.0, 5.5, 5.1, 5.0 - Fusion: 8.x, 7.x, 6.x, 5.x, 4.x - Workstation: 12.0, 11.x, 10.x, 9.x, 8.x
ATTENTION!
The virtual machine and the Guest operating system is of the 64 bit type therefore the Server/PC Host must
be compatible with the Intel-VT or AMD-V technologies which must be previously activated in the bios.
5. DEFAULT ETHERNET NETWORK CONFIGURATION
Regardless of the Hardware or Virtual type, the VPN BOX2 is supplied by default with its Ethernet port set to
DCHP (automatically obtain IP address from the network).
Once connected to the network, the server will try to acquire IP address, gateway and DNS from a DHCP
server present on the network.
To detect the current IP address of the VPN BOX2 it is recommended to use the SDD (Seneca Discovery
Device) software installed on a PC connected to the same network as the box or running directly on the same
Host server on which the Virtual Machine is running.
The SDD software can be easily installed by running the installation program available at the following link:
http://www.seneca.it/products/sdd
once the network has been scanned with the "Scan..." button, the IP address will be visible in the "Address"
column corresponding to the row of the "VPN BOX2" device:
USER MANUAL –VPN-BOX2
11
6. FIRST TIME CONFIGURATION OF THE VPN BOX2
To configure the VPN BOX2 it is necessary to use a browser of the same type used for Internet browsing.
Once you have obtained the current IP of the server via SDD, start the web browser and enter the following
URL in the address bar:
Errore. Riferimento a collegamento ipertestuale non valido.
NOTE: replace the value with <actual-ip-address> with the IP address found via SDD e.g. 192.168.90.101, an
example of a valid URL is as follows:
https://192.168.90.101/
at this point the browser will show the login screen.
USER MANUAL –VPN-BOX2
12
6.1. LOGIN
At each access, including the first configuration, the server asks the user to identify himself:
The default login credentials are as follows:
Username: supervisor
Password: seneca
ATTENTION!
For security reasons it is recommended to change the default credentials of the user with maximum
"supervisor" privileges and it is recommended to create a user for each individual who needs to access
the system.
Once login is verified, if the server has never been configured, the first configuration wizard will appear,
otherwise the Home panel will be displayed.
USER MANUAL –VPN-BOX2
13
6.2. WELCOME
When first started, a first configuration wizard will appear which will allow the operator to choose between
•Creating a new configuration
•Restoring a VPN BOX2 from backup file
In the case of restoring the backup file, you can choose whether to import a file from a previous VPN BOX v1
installation or a file from a VPN BOX2
USER MANUAL –VPN-BOX2
14
Click on the "Backup" text, select the backup file you wish to restore and confirm by clicking on "upload":
At the end of the file upload, the VPN BOX2 server will restart, wait for the procedure to complete.
6.1. MODE
In the case of a new installation, the basic network mode selection popup will appear where it will be possible
to choose between the options:
•Point to Point
•Single LAN
And among the compatibility modes with Seneca devices:
•Box V1: all the devices will connect to the VPN BOX2 believing they are accessing a previous version
VPN BOX (v1). Activation of the VPN connection is slower as the protocol used is not realtime. It is the
only possibility if you only have Seneca devices that are not compatible with VPN BOX2.
•Box V2: VPN BOX2 compatible devices will use all the features available on the server such as:
minimization of waiting times in activating the VPN connection.
it will always be possible to change these settings at a later time through the appropriate Networks menu.
In Point to Point mode it is necessary to choose the maximum number of simultaneous connections that the
VPN BOX2 server in P2P mode will have to manage. From this count, the SL connections must be excluded,
which will be counted separately and better defined in the Networks (VPN) setup in the Server Administration
section:
USER MANUAL –VPN-BOX2
15
In Single LAN mode it is not possible to choose between the number of simultaneous users as all users
belonging to that network will have simultaneous access to all the devices of the Single LAN network:
To learn more about the differences between the two operating modes Single Lan and Point to Point, see the
respective chapters on the operating principles: "vpn network single lan operating principle" and "vpn
network point to point operating principle".
USER MANUAL –VPN-BOX2
16
6.1. NETWORK
The "network" popup of the first configuration wizard allows you to set the communication parameters of
the VPN BOX2.
The following window shows the classic network settings of an Ethernet-based device which can be static or
dynamic with the help of DHCP:
The meaning of each parameter is shown in the following table:
Parameter
Meaning
Station
Name of the vpn box which will be shown in the title bar for easier identification
of the server function.
Default: VpnBox
DHCP
Indicates whether the IP address for the vpn box should be obtained automatically
from the network. If enabled, the IP, Netmask, Gateway, DNS parameters can no
longer be set by the user.
Default: ON
IP
IP address for the vpn box
Default: 192.168.90.101
Netmask
Netmask for vpn box
Default: 255.255.255.0
USER MANUAL –VPN-BOX2
17
Gateway
IP address of the Host Gateway that allows the vpn box to surf the Internet
Default: 192.168.90.1
DNS
Address of the server for name resolution, it can be an IP belonging to the LAN of
the VPN BOX2 or even external.
Default: 8.8.8.8
NTP
IP address or hostname of the NTP server to be used for time synchronization of
the VPN BOX2 server
Default: time.inrim.it
ATTENTION!
The vpn box must be able to browse the Internet in order to carry out the following essential operations
for correct operation:
•to synchronize the system clock (NTP) without which the vpn could not be created
•security updates
•application updates
USER MANUAL –VPN-BOX2
18
6.1. SECURITY
The "security" popup of the first configuration wizard allows you to set/change the default passwords
•of the user with maximum "supervisor" access privileges
•of devices for preliminary authentication (to be entered in the configuration menu of the device itself)
For comparison, see the user manual of the device used in the "VPN configuration" paragraph:
USER MANUAL –VPN-BOX2
19
6.1. LICENSE
The "security" popup of the first configuration wizard allows you to load the VPN BOX2 software user license
The license code can be requested from SENECA Srl by contacting the sales office at the addresses:
It consists of an alphanumeric code with 6 groups of 6 digits to be entered in the "Key" field, an example
follows:
AAA000-BBB111-CCC222-DDD333-EEE444-FFF555
When the "Finish" button is pressed, all the settings entered in the previous wizard pop-ups will be applied
to the server and the license associated with the code just entered will be activated.
If the user does not have a license code, he can continue leaving the "Key" field empty, the VPN BOX2 will
still be operational with the following limitations:
Number of enabled users: 2
Number of connectable devices: 2
It will be possible to introduce the license at a later time.
USER MANUAL –VPN-BOX2
20
7. SERVER ADMINISTRATION
In this chapter the functions of each item of the navigation menu of the VPN BOX2 server will be studied in
depth.
7.1. HOME
The home page will be visible immediately after the user login. It is divided into 3 main sections: the
navigation menu (1), the user management bar with attached notification area (2) and the central panel (3)
divided in turn into several status panels:
The currently logged in user management bar allows logout and management of user preferences:
by pressing the "Edit profile" button in this section it will be possible to:
•Modify your email
•Change your credentials (password)
•Activate 2-factor authentication (2FA)
•Change your web interface language preference
The home page status panels consist of the following:
Table of contents
Other Seneca Server manuals
