Viola systems M2m User manual

Viola M2M Gateway

User's Manual

Version 2.0

Modified Aug 13, 2004

Viola M2M Gateway User's Manual

Copyrig t and Trademark

Ltd. (referred in t is manual as Viola Systems). All rig ts reserved. No part of t e contents of t is

manual may be transmitted or reproduced in any form or by any means wit out t e written

permission of Viola Systems.

Et ernet is a trademark of XEROX Corporation. Windows and Internet Explorer are trademarks of

Microsoft Corporation. Netscape is a trademark of Netscape Communications Corporation. Linux is a

Registered Trademark of Linus Torvalds. All ot er product names used in t is manual are t e

properties of t eir respective owners and are acknowledged.

Viola Systems Ltd.

Lemminkäisenkatu 32

FIN-20520 Turku

Finland

Technical Support

P one: +358 (0)20 1226 226

Fax: +358 (0)20 1226 220

E-mail: support@violasystems.com

On-line: ttp://www.violasystems.com/

Viola M2M Gateway User's Manual

Disclaimer and Revisions

Viola Systems reserves t e rig t to c ange t e tec nical specifications or functions of its products,

or to discontinue t e manufacture of any of its products or to discontinue t e support of any of its

products, wit out any written announcement and urges its customers to ensure, t at t e

information at t eir disposal is valid.

Viola software and programs are delivered “as is”. T e manufacturer does not grant any kind of

warranty including guarantees on suitability and applicability to a certain application. Under no

circumstances is t e manufacturer or t e developer of a program responsible for any possible

damages caused by t e use of a program. T e names of t e programs as well as all copyrig ts

relating to t e programs are sole property of Viola Systems. Any transfer, licensing to a t ird party,

leasing, renting, transportation, copying, editing, translating, modifying into anot er programming

language or reverse engineering for any intent is forbidden wit out t e written consent of Viola

Systems.

Viola Systems as attempted to verify all information in t is manual as of t e publication date. We

assume no responsibility for any errors t at may appear in t is guide. Information in t is manual

may c ange wit out prior notice from Viola Systems.

Revision History:

05/2004 Manual released, version 1.0

08/2004 Version 2.0

Viola M2M Gateway User's Manual

Warranty and Safety Instructions

Read t ese safety instructions carefully before using t e product:

Warranty will be void, if t e product is used in any way, w ic is in contradiction wit t e

instructions given in t is manual, or if t e product as been tampered wit .

T e devices mentioned in t is manual are to be used only according to t e instructions described in

t is manual. Faultless and safe operation of t e devices can be guaranteed only if t e transport,

storage, operation and andling of t e devices is appropriate. T is also applies to t e maintenance

of t e products.

To prevent damage bot t e product and any terminal devices must always be switc ed OFF before

connecting or disconnecting any cables. It s ould be ascertained t at different devices used ave

t e same ground potential. Before connecting any power cables t e output voltage of t e power

supply s ould be c ecked.

T is product is not fault-tolerant and is not designed, manufactured or intended for use or resale as

on-line control equipment in azardous environments requiring fail-safe performance, suc as in t e

operation of nuclear facilities, aircraft navigation or communication systems, air traffic control,

direct life support mac ines, or weapons systems, in w ic t e failure of our ardware or software

could lead directly to deat , personal injury, or severe p ysical or environmental damage.

Viola M2M Gateway User's Manual

Table of Contents

1. Introduction......................................................................................................6

1.1. Features............................................................................................................................7

2. Network Requirements.....................................................................................8

2.1. Connection Principle..........................................................................................................8

2.2. Minimal Requirements for Network....................................................................................8

2.3. Routing Setup...................................................................................................................9

2.4. HTTP Server for SSH key exc ange....................................................................................9

2.5. Ot er Network Services.....................................................................................................9

2.6. Recommended Network Setup.........................................................................................10

2.7. Using t e Second Et ernet Port.......................................................................................11

3. P ysical Interfaces..........................................................................................12

3.1. Front Panel......................................................................................................................12

3.2. Back Panel......................................................................................................................12

3.3. Power Switc and Connector...........................................................................................13

3.4. Product Label..................................................................................................................13

4. Getting started...............................................................................................14

4.1. Configuring t e IP address...............................................................................................14

4.2. Using Webmin.................................................................................................................16

5. VPN Configuration for Arctic...........................................................................17

5.1. VPN Client Settings.........................................................................................................17

5.2. Key Management............................................................................................................18

5.3. Routing mode..................................................................................................................18

5.4. C ecking VPN Status from Arctic.....................................................................................19

6. VPN Configuration for M2M Gateway..............................................................20

6.1. Adding Peer.....................................................................................................................21

6.2. C ecking VPN Status from M2M Gateway........................................................................21

7. VPN Setup Examples.......................................................................................22

7.1. Example 1. Basic VPN Tunnel..........................................................................................22

7.2. Example 2. Tunneling Network........................................................................................26

7.3. Example 3. Proxy ARP.....................................................................................................27

8. Troubles ooting..............................................................................................28

9. Tec nical Specifications..................................................................................29

10. Limited Warranty..........................................................................................30

10.1. Coverage.......................................................................................................................30

10.2. Excluded Products and Problems...................................................................................30

10.3. Remedies......................................................................................................................30

10.4. Obtaining Warranty Service...........................................................................................30

11. Tec nical Support.........................................................................................31

11.1. Contacting Tec nical Support........................................................................................31

11.2. Recording Product Information......................................................................................31

Viola M2M Gateway User's Manual 1. Introduction

1. Introduction

T e Viola M2M Gateway is a network device t at enables VPN connection between company

network and remote Arctic devices. It can also be used to control and monitor Arctic devices in local

or remote networks. Concept of t e Viola M2M Gateway is described in t e following picture.

Only a computer wit network connection and a HTML browser is required to configure t e Viola

M2M Gateway. Using t e Viola M2M Gateway Webmin user interface you can configure and view t e

status of t e remote Arctic devices and configure t e VPN connection between Viola M2M Gateway

and Arctic device. Arctics ave a WWW user interface w ic can be used to configure t em using a

HTML browser.

Note: Before setting up Viola M2M Gateway, read at least c apters 2 and 3.

For t e rest of t is documentation, t e Viola M2M Gateway is referred as M2M Gateway.

Viola M2M Gateway User's Manual 1. Introduction

1.1. Features

T e M2M Gateway offers different advanced features for network usage. In most simple usage only

VPN feature is used, but M2M Gateway makes possible to make complex network configurations.

Routing

M2M Gateway can forward packets to local Et ernet (et 0) w ic it is connected to company

network. Also it is possible to route packets to second Et ernet (et 1) of M2M Gateway. More

complex routing solutions can be made but t ey need consultation of your local network

administrator.

Firewall

T e M2M Gateway as internal firewall wit grap ical user interface. It is possible to connect M2M

Gateway directly to t e Internet and filter unwanted connections wit out external firewall. T e

recommend met od is to use a dedicated firewall and install M2M Gateway be ind it.

VPN

VPN is used to connect remote Arctic devices to local network. Connection is started by Arctic and

t e M2M Gateway decides based on it's configuration does it allow remote Arctic start VPN

connection. VPN connection can be disabled from M2M Gateway. If connection is for some reason

terminated, it comes automatically back up. If routing is not needed, Proxy ARP can be used to

access Arctic devices like in local network.

Remote Management

M2M Gateway offers full remote management. Also traditional console access is available using

SSH.

Viola M2M Gateway User's Manual 2. Network Requirements

2. Network Requirements

To work properly M2M Gateway requires t e parameters described in t is c apter to be configured.

For your network settings contact your local network administrator.

Note: Misconfiguration of t e M2M Gateway can seriously inder your network. Make

sure you verify your network configuration wit local network administrator.

2.1. Connection Principle

Company Intranet is normally connected to Internet via firewall. T e following picture s ows t e

M2M Gateway connected to t e Demilitarized Zone (DMZ) of t e firewall. T is configuration allows

osts from Company Intranet to connect via firewall to t e M2M Gateway. Ot er configurations are

also possible. E.g. subnets and proxy ARP can be used.

Note: It is possible t at internal routing in company intranet may require configuration in

order to integrate M2M Gateway to an existing network.

2.2. Minimal Requirements for Network

At it's minimum t e M2M Gateway requires t ese settings

•One public IP address for M2M Gateway

•SSH port (22) unblocked for incoming connections to M2M Gateway from t e remote network.

Viola M2M Gateway User's Manual 2. Network Requirements

Alt oug t is configuration is minimal it can be used for testing and evaluating more complex

systems. It is always recommended to consult local network administrator w en installing new

servers to public network.

2.3. Routing Setup

W en t e M2M Gateway is installed to existing network some configuration require adding route to

M2M Gateway and devices be ind it. T is means t at for example local firewall to router needs to

be aware of routes going via t e M2M Gateway. Routing can be complex to setup in large networks

and it is recommend to consult local network administrator also about routing.

2.4. HTTP Server for SSH key exc ange

If a server key is needed to be received (default met od is copy&paste) from t e M2M Gateway

HTTP port (80) as to be opened from firewall. By default HTTP server is enabled in t e M2M

Gateway and keys can be received wit Arctic Web Configurator user interface. C apter 5 describes

briefly Arctic configuration.

If HTTP server is not needed, it is recommended to disable it by issuing t e following commands in

t e s ell of M2M Gateway. Server will be disabled after reboot.

[root@m2m-gw]# chkconfig --level 3 httpd off

[root@m2m-gw]# /etc/init.d/httpd stop

Stopping httpd: [ O ]

[root@m2m-gw]#

2.5. Ot er Network Services

M2M Gateway network services are listed in Table 1. T e only mandatory service is Secure S ell

(SSH). SSH server listens for incoming connections from Arctic devices in port 22. T is port must not

be blocked by any firewall ot erwise t e remote Arctic devices are not able to open VPN

connections to t e M2M Gateway.

Arctic uses ICMP ECHO (ping) messages to c eck it's network connection to t e M2M Gateway. By

default t e private IP address of t e VPN peer is used as t e target for t e network connection

status c eck. I.e. t e M2M Gateway is not required to accept ICMP ECHO messages.

T e network connection status c eck can also be made using some public IP address (e.g. t e

public IP address of t e M2M Gateway). In t is case t e target ost of t e network connection c eck

is required to accept ICMP ECHO messages and t at t ey are not blocked by any firewall.

Viola M2M Gateway User's Manual 2. Network Requirements

Service Port Description

SSH 22 VPN aut entication and data transfer mandatory

HTTP 80 Server key exc ange optional

ICMP ECHO - Network connection c ecking optional

Table 1. Network services

2.6. Recommended Network Setup

T e M2M Gateway is recommended to be connected to a DMZ of a firewall. T is way t e M2M

Gateway can ave public or private IP address depending on t e firewall configuration. W en

placed in DMZ t e firewall protects efficiently against any unaut orized access to t e M2M

Gateway. Only incoming SSH connections are required to ave access to DMZ zone. Services ot er

t an SSH are optional.

If t e M2M Gateway is located in t e DMZ and it as a private IP address t e firewall as to support

port forwarding or destination network address translation (DNAT). For firewall configuration please

refer to your firewall documentation or to your local network administrator.

Figure 1. Recommended network setup

Other manuals for M2M

Table of contents

Other Viola Systems Gateway manuals

Viola Systems

Viola Systems arctic c-1220 User manual

Viola Systems

Viola Systems M2M User manual

Viola Systems

Viola Systems Arctic IEC-104 User manual

Viola Systems

Viola Systems Arctic 3G User manual

Viola Systems

Viola Systems Arctic 3G Gateway 2622 User manual

Viola Systems

Viola Systems M2M User manual

Viola Systems

Viola Systems Arctic User manual

Viola Systems

Viola Systems M2M User manual

Viola Systems

Viola Systems arctic c-1230 User manual

Viola Systems

Viola Systems Arctic Substation Gateway User manual

Popular Gateway manuals by other brands

Telecom FM

Telecom FM onestream gfx Programming guide

UfiSpace

UfiSpace LoRa GPE810U Quick setup guide

Merak

Merak MMk-736F Quick setup guide

Robustel

Robustel R3010 user guide

turck

turck BL20-PG-EN-V3 user manual

IBM

IBM Security Web Gateway Appliance quick start guide

SSS Siedle

SSS Siedle Smart Gateway Commissioning instructions

ADTRAN

ADTRAN 424RG Installation

Chorus

Chorus Hyperfibre XGS-250WX-A user guide

Dragino

Dragino G308 user manual

Data Domain

Data Domain DD690g Installation and setup guide

Raritan

Raritan Laptop Release notes

Haivision

Haivision Torpedo quick start guide

ATCOM

ATCOM AG-268 user manual

LST

LST M500RFE-AS Specification sheet

Vega

Vega VEGA BS-3 user manual

Kinnex

Kinnex Media Gateway quick start guide

2N Telekomunikace

2N Telekomunikace 2N StarGate user manual