Viola Systems M2M User manual
Viola M2M Gateway
User's Manual
Version 2.0
Modified Aug 13, 2004
Viola M2M Gateway User's Manual
Copyrig t and Trademark
Copyrig t © 2004, Viola Systems Ltd. All rig ts to t is manual are owned solely by Viola Systems
Ltd. (referred in t is manual as Viola Systems). All rig ts reserved. No part of t e contents of t is
manual may be transmitted or reproduced in any form or by any means wit out t e written
permission of Viola Systems.
Et ernet is a trademark of XEROX Corporation. Windows and Internet Explorer are trademarks of
Microsoft Corporation. Netscape is a trademark of Netscape Communications Corporation. Linux is a
Registered Trademark of Linus Torvalds. All ot er product names used in t is manual are t e
properties of t eir respective owners and are acknowledged.
Viola Systems Ltd.
Lemminkäisenkatu 32
FIN-20520 Turku
Finland
Technical Support
P one: +358 (0)20 1226 226
Fax: +358 (0)20 1226 220
E-mail: support@violasystems.com
On-line: ttp://www.violasystems.com/
Copyrig t © 2004, Viola Systems Ltd. Page 2
Viola M2M Gateway User's Manual
Disclaimer and Revisions
Viola Systems reserves t e rig t to c ange t e tec nical specifications or functions of its products,
or to discontinue t e manufacture of any of its products or to discontinue t e support of any of its
products, wit out any written announcement and urges its customers to ensure, t at t e
information at t eir disposal is valid.
Viola software and programs are delivered “as is”. T e manufacturer does not grant any kind of
warranty including guarantees on suitability and applicability to a certain application. Under no
circumstances is t e manufacturer or t e developer of a program responsible for any possible
damages caused by t e use of a program. T e names of t e programs as well as all copyrig ts
relating to t e programs are sole property of Viola Systems. Any transfer, licensing to a t ird party,
leasing, renting, transportation, copying, editing, translating, modifying into anot er programming
language or reverse engineering for any intent is forbidden wit out t e written consent of Viola
Systems.
Viola Systems as attempted to verify all information in t is manual as of t e publication date. We
assume no responsibility for any errors t at may appear in t is guide. Information in t is manual
may c ange wit out prior notice from Viola Systems.
Revision History:
05/2004 Manual released, version 1.0
08/2004 Version 2.0
Copyrig t © 2004, Viola Systems Ltd. Page 3
Viola M2M Gateway User's Manual
Warranty and Safety Instructions
Read t ese safety instructions carefully before using t e product:
Warranty will be void, if t e product is used in any way, w ic is in contradiction wit t e
instructions given in t is manual, or if t e product as been tampered wit .
T e devices mentioned in t is manual are to be used only according to t e instructions described in
t is manual. Faultless and safe operation of t e devices can be guaranteed only if t e transport,
storage, operation and andling of t e devices is appropriate. T is also applies to t e maintenance
of t e products.
To prevent damage bot t e product and any terminal devices must always be switc ed OFF before
connecting or disconnecting any cables. It s ould be ascertained t at different devices used ave
t e same ground potential. Before connecting any power cables t e output voltage of t e power
supply s ould be c ecked.
T is product is not fault-tolerant and is not designed, manufactured or intended for use or resale as
on-line control equipment in azardous environments requiring fail-safe performance, suc as in t e
operation of nuclear facilities, aircraft navigation or communication systems, air traffic control,
direct life support mac ines, or weapons systems, in w ic t e failure of our ardware or software
could lead directly to deat , personal injury, or severe p ysical or environmental damage.
Copyrig t © 2004, Viola Systems Ltd. Page 4
Viola M2M Gateway User's Manual
Table of Contents
1. Introduction......................................................................................................6
1.1. Features............................................................................................................................7
2. Network Requirements.....................................................................................8
2.1. Connection Principle..........................................................................................................8
2.2. Minimal Requirements for Network....................................................................................8
2.3. Routing Setup...................................................................................................................9
2.4. HTTP Server for SSH key exc ange....................................................................................9
2.5. Ot er Network Services.....................................................................................................9
2.6. Recommended Network Setup.........................................................................................10
2.7. Using t e Second Et ernet Port.......................................................................................11
3. P ysical Interfaces..........................................................................................12
3.1. Front Panel......................................................................................................................12
3.2. Back Panel......................................................................................................................12
3.3. Power Switc and Connector...........................................................................................13
3.4. Product Label..................................................................................................................13
4. Getting started...............................................................................................14
4.1. Configuring t e IP address...............................................................................................14
4.2. Using Webmin.................................................................................................................16
5. VPN Configuration for Arctic...........................................................................17
5.1. VPN Client Settings.........................................................................................................17
5.2. Key Management............................................................................................................18
5.3. Routing mode..................................................................................................................18
5.4. C ecking VPN Status from Arctic.....................................................................................19
6. VPN Configuration for M2M Gateway..............................................................20
6.1. Adding Peer.....................................................................................................................21
6.2. C ecking VPN Status from M2M Gateway........................................................................21
7. VPN Setup Examples.......................................................................................22
7.1. Example 1. Basic VPN Tunnel..........................................................................................22
7.2. Example 2. Tunneling Network........................................................................................26
7.3. Example 3. Proxy ARP.....................................................................................................27
8. Troubles ooting..............................................................................................28
9. Tec nical Specifications..................................................................................29
10. Limited Warranty..........................................................................................30
10.1. Coverage.......................................................................................................................30
10.2. Excluded Products and Problems...................................................................................30
10.3. Remedies......................................................................................................................30
10.4. Obtaining Warranty Service...........................................................................................30
11. Tec nical Support.........................................................................................31
11.1. Contacting Tec nical Support........................................................................................31
11.2. Recording Product Information......................................................................................31
Copyrig t © 2004, Viola Systems Ltd. Page 5
Viola M2M Gateway User's Manual 1. Introduction
1. Introduction
T e Viola M2M Gateway is a network device t at enables VPN connection between company
network and remote Arctic devices. It can also be used to control and monitor Arctic devices in local
or remote networks. Concept of t e Viola M2M Gateway is described in t e following picture.
Only a computer wit network connection and a HTML browser is required to configure t e Viola
M2M Gateway. Using t e Viola M2M Gateway Webmin user interface you can configure and view t e
status of t e remote Arctic devices and configure t e VPN connection between Viola M2M Gateway
and Arctic device. Arctics ave a WWW user interface w ic can be used to configure t em using a
HTML browser.
Note: Before setting up Viola M2M Gateway, read at least c apters 2 and 3.
For t e rest of t is documentation, t e Viola M2M Gateway is referred as M2M Gateway.
Copyrig t © 2004, Viola Systems Ltd. Page 6
Viola M2M Gateway User's Manual 1. Introduction
1.1. Features
T e M2M Gateway offers different advanced features for network usage. In most simple usage only
VPN feature is used, but M2M Gateway makes possible to make complex network configurations.
Routing
M2M Gateway can forward packets to local Et ernet (et 0) w ic it is connected to company
network. Also it is possible to route packets to second Et ernet (et 1) of M2M Gateway. More
complex routing solutions can be made but t ey need consultation of your local network
administrator.
Firewall
T e M2M Gateway as internal firewall wit grap ical user interface. It is possible to connect M2M
Gateway directly to t e Internet and filter unwanted connections wit out external firewall. T e
recommend met od is to use a dedicated firewall and install M2M Gateway be ind it.
VPN
VPN is used to connect remote Arctic devices to local network. Connection is started by Arctic and
t e M2M Gateway decides based on it's configuration does it allow remote Arctic start VPN
connection. VPN connection can be disabled from M2M Gateway. If connection is for some reason
terminated, it comes automatically back up. If routing is not needed, Proxy ARP can be used to
access Arctic devices like in local network.
Remote Management
M2M Gateway offers full remote management. Also traditional console access is available using
SSH.
Copyrig t © 2004, Viola Systems Ltd. Page 7
Viola M2M Gateway User's Manual 2. Network Requirements
2. Network Requirements
To work properly M2M Gateway requires t e parameters described in t is c apter to be configured.
For your network settings contact your local network administrator.
Note: Misconfiguration of t e M2M Gateway can seriously inder your network. Make
sure you verify your network configuration wit local network administrator.
2.1. Connection Principle
Company Intranet is normally connected to Internet via firewall. T e following picture s ows t e
M2M Gateway connected to t e Demilitarized Zone (DMZ) of t e firewall. T is configuration allows
osts from Company Intranet to connect via firewall to t e M2M Gateway. Ot er configurations are
also possible. E.g. subnets and proxy ARP can be used.
Note: It is possible t at internal routing in company intranet may require configuration in
order to integrate M2M Gateway to an existing network.
2.2. Minimal Requirements for Network
At it's minimum t e M2M Gateway requires t ese settings
•One public IP address for M2M Gateway
•SSH port (22) unblocked for incoming connections to M2M Gateway from t e remote network.
Copyrig t © 2004, Viola Systems Ltd. Page 8
Viola M2M Gateway User's Manual 2. Network Requirements
Alt oug t is configuration is minimal it can be used for testing and evaluating more complex
systems. It is always recommended to consult local network administrator w en installing new
servers to public network.
2.3. Routing Setup
W en t e M2M Gateway is installed to existing network some configuration require adding route to
M2M Gateway and devices be ind it. T is means t at for example local firewall to router needs to
be aware of routes going via t e M2M Gateway. Routing can be complex to setup in large networks
and it is recommend to consult local network administrator also about routing.
2.4. HTTP Server for SSH key exc ange
If a server key is needed to be received (default met od is copy&paste) from t e M2M Gateway
HTTP port (80) as to be opened from firewall. By default HTTP server is enabled in t e M2M
Gateway and keys can be received wit Arctic Web Configurator user interface. C apter 5 describes
briefly Arctic configuration.
If HTTP server is not needed, it is recommended to disable it by issuing t e following commands in
t e s ell of M2M Gateway. Server will be disabled after reboot.
[root@m2m-gw]# chkconfig --level 3 httpd off
[root@m2m-gw]# /etc/init.d/httpd stop
Stopping httpd: [ O ]
[root@m2m-gw]#
2.5. Ot er Network Services
M2M Gateway network services are listed in Table 1. T e only mandatory service is Secure S ell
(SSH). SSH server listens for incoming connections from Arctic devices in port 22. T is port must not
be blocked by any firewall ot erwise t e remote Arctic devices are not able to open VPN
connections to t e M2M Gateway.
Arctic uses ICMP ECHO (ping) messages to c eck it's network connection to t e M2M Gateway. By
default t e private IP address of t e VPN peer is used as t e target for t e network connection
status c eck. I.e. t e M2M Gateway is not required to accept ICMP ECHO messages.
T e network connection status c eck can also be made using some public IP address (e.g. t e
public IP address of t e M2M Gateway). In t is case t e target ost of t e network connection c eck
is required to accept ICMP ECHO messages and t at t ey are not blocked by any firewall.
Copyrig t © 2004, Viola Systems Ltd. Page 9
Viola M2M Gateway User's Manual 2. Network Requirements
Service Port Description
SSH 22 VPN aut entication and data transfer mandatory
HTTP 80 Server key exc ange optional
ICMP ECHO - Network connection c ecking optional
Table 1. Network services
2.6. Recommended Network Setup
T e M2M Gateway is recommended to be connected to a DMZ of a firewall. T is way t e M2M
Gateway can ave public or private IP address depending on t e firewall configuration. W en
placed in DMZ t e firewall protects efficiently against any unaut orized access to t e M2M
Gateway. Only incoming SSH connections are required to ave access to DMZ zone. Services ot er
t an SSH are optional.
If t e M2M Gateway is located in t e DMZ and it as a private IP address t e firewall as to support
port forwarding or destination network address translation (DNAT). For firewall configuration please
refer to your firewall documentation or to your local network administrator.
Copyrig t © 2004, Viola Systems Ltd. Page 10
Figure 1. Recommended network setup
Viola M2M Gateway User's Manual 2. Network Requirements
2.7. Using t e Second Et ernet Port
If a firewall or network configuration does not allow t e use of a DMZ or only few ost as to ave
access to t e M2M Gateway, t e second Et ernet can be used. T e second Et ernet of t e M2M
Gateway can be enabled from t e Webmin configuration interface. T e IP address of t e second
Et ernet of t e M2M Gateway is t en used as t e default gateway for t e devices connected to t e
second Et ernet port. T is configuration is relatively easy to setup and it is t e easiest way of
setting up t e M2M Gateway.
Look at Example 2 in C apter 7 for furt er details.
Copyrig t © 2004, Viola Systems Ltd. Page 11
Figure 2 Second Ethernet port in use
Viola M2M Gateway User's Manual 3. P ysical Interfaces
3. P ysical Interfaces
In t is c apter, t e ardware interfaces used wit t e M2M Gateway are described. T e M2M
Gateway needs only Et ernet and power connection for full operation.
3.1. Front Panel
Led Color Name Description
Green Power Lit w en power is on
Yellow HDD Lit w en IDE ard drive is accessed
3.2. Back Panel
T e M2M Gateway as power connector on t e rig t side of t e back panel. Et ernet interfaces are
located in t e left side of t e back panel. See Figure 4 for connector locations. Depending on t e
network configuration only one of t em or bot are used. T e first Et ernet port (et 0) is always
used and it is t e left most Et ernet connector located to rig t from USB connectors.
Copyrig t © 2004, Viola Systems Ltd. Page 12
Figure 4. 2 Gateway back panel
Power
Figure 3. 2 Gateway front panel
et 1
et 0
Viola M2M Gateway User's Manual 3. P ysical Interfaces
3.3. Power Switc and Connector
Power connector is standard 3 pin IEC inlet. Nominal input voltage is 110-230V. Power switc is lit
w en power is on. To turn off t e M2M Gateway, c ange switc position from 1 to 0.
Note: Always remember to s ut down t e operating system before switc ing off t e
power, as data losses or corruption mig t occur if t e system is not s ut down properly.
S utting down t e operating system is done by from Webmin user interface by selecting System-
>Bootup and Shutdown->Shutdown system at t e bottom of t e screen. See C apter 4 for more
information about Webmin.
3.4. Product Label
Product label is found on t e bottom of t e device and it contains t e basic information about t e
unit suc as product name, serial number and MAC addresses of Et ernet ports.
Copyrig t © 2004, Viola Systems Ltd. Page 13
Viola M2M Gateway User's Manual 4. Getting started
4. Getting started
T is c apter aims to give t e necessary information to get t e M2M Gateway device to fully working
condition. It is assumed t at you ave already gat ered up t e necessary networking parameters
for your specific networking environment, suc as IP addressing and firewall issues. Look at t e
c apter 2 for network requirements and C apter 7 for examples ow t e device could be connected
and w at would be t e best configuration for your specific case.
4.1. Configuring t e IP address
Because networks are different, you ave to set a correct IP address for our device in order to get it
work properly. T ere are two ways to do t is, configuring it locally or remotely.
Note: T e default IP address for M2M Gateway is 10.10.10.10
Configuring t e IP address locally
T is means we will connect t e display and keyboard directly to t e device and log on it locally.
After logging on and being in t e s ell, t ere are several ways to c ange t e network settings. One
simple met od is using a specific tool, called netconfig.
[root@m2m-gw root]# netconfig
Configure t e parameters t e way your networking sc eme requires and exit t e program. T en
restart t e network service by issuing t e following command.
[root@m2m-gw root]# /etc/init.d/network restart
Shutting down interface eth0: [ O ]
Shutting down interface eth1: [ O ]
Shutting down loopback interface: [ O ]
Setting network parameters: [ O ]
Bringing up loopback interface: [ O ]
Bringing up interface eth0: [ O ]
Bringing up interface eth1: [ O ]
[root@m2m-gw root]#
Now you s ould be able to log in to Webmin from remote computer using previously configured IP
address and port 10000. Take a look at t e next discussion to find out ow to connect to Webmin
user interface.
Copyrig t © 2004, Viola Systems Ltd. Page 14
Viola M2M Gateway User's Manual 4. Getting started
Configuring t e IP remotely
T e recommended way to do initial remote configuration is to use crossover Et ernet cable
between M2M Gateway and workstation. T is way t e initial configuration of M2M Gateway is done
in isolated network and t ere is no risk to mess up wit any existing network.
T e default IP address for M2M Gateway is 10.10.10.10 so your remote network mac ine s ould
know a working route t ere. You could ping t e address and see if it replies.
[anon@ymous anon]$ ping 10.10.10.10
PING 10.10.10.10 (10.10.10.10) 56(84) bytes of data.
64 bytes from 10.10.10.10: icmp_seq=0 ttl=64 time=0.202 ms
64 bytes from 10.10.10.10: icmp_seq=1 ttl=64 time=0.172 ms
64 bytes from 10.10.10.10: icmp_seq=2 ttl=64 time=0.193 ms
64 bytes from 10.10.10.10: icmp_seq=3 ttl=64 time=0.240 ms
--- 10.10.10.10 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3020ms
rtt min/avg/max/mdev = 0.172/0.201/0.240/0.030 ms, pipe 2
[anon@ymous anon]$
If necessary, adjust your network settings so t at t e address 10.10.10.10 is accessible.
After you ave a working connection to M2M Gateway, use your favorite HTML browser to connect
to Webmin configuration interface by entering address ttp://10.10.10.10:10000 to address bar.
After entering t e address, a login screen s ould appear. Login by entering username and
password. Default login name is root and password is m2m.
Now you s ould be logged to Webmin. Select Networking from t e top navigation bar. T en select
Network Configuration->Network Interfaces and configure t e interfaces properly. T e user
interface is quite clear and it s ould be quite easy task to configure t e settings. If you feel not to
be able to configure t e settings, t en it mig t be elpful to refer to some books about general
TCP/IP networking.
For more information about Webmin, read t e next section.
Copyrig t © 2004, Viola Systems Ltd. Page 15
Viola M2M Gateway User's Manual 4. Getting started
4.2. Using Webmin
By now you s ould ave IP addresses set properly and you s ould be able to log in to Webmin. If
t is is not t e case, please ave a look at t e previous section.
To connect to M2M Gateway, use HTML browser and address ttp://<ip_address>:10000 to log in to
M2M Gateway. Webmin uses port 10000 so it is necessary to include it to t e address w ile
connecting. If port number is omitted, t e browser will try t e default port 80 and won't be able to
connect.
If you cannot access port 10000 please c eck t at firewall allows connections to t e M2M Gateway
port 10000. Also if WWW proxy is used, t is can cause problems. If proxy is used, disable WWW
proxy for M2M Gateway's IP address.
After entering t e proper address, a login screen s ould appear. Login by entering username and
password.After login wit correct username and password you see t e main configuration window
of M2M Gateway.
Note: Default login name is root and password is m2m. Remember to c ange t ese
before connecting t e M2M Gateway to existing network.
Webmin user interface as quite large collection of different web pages t at eac configure
different functionality. In t is manual, only relevant parameters for normal M2M Gateway operation,
are described.
Closing t e Webmin connection is done by clicking t e “Log Out” button on t e top rig t corner of
t e screen.
For more compre ensive documentation about Webmin, please refer to projects web page at
www.webmin.com.
Copyrig t © 2004, Viola Systems Ltd. Page 16
Viola M2M Gateway User's Manual 5. VPN Configuration for Arctic
5. VPN Configuration for Arctic
T is c apter describes t e settings on Arctic side t at are relevant to get t e VPN connection work
properly. Configuration of GPRS connection is described in Arctic User's Manual and t erefore it is
not included in t is document.
5.1. VPN Client Settings
Arctic needs few settings to be configured before VPN will be operational. T ese setting are listed in
Table 2. All settings are located in Network->VPN menu except parameter ostname w ic is
located in Network->Ethernet menu and ICMP Ec o w ic is located in Network->GPRS menu.
Parameter Description Mandatory
Hostname Name used for aut entication, must be unique,
case-sensitive
Yes
ICMP Ec o ICMP ec o No
Use SSH-VPN Enables and disables t e VPN operation of Arctic Yes
Tunnel Server IP T e M2M Gateway public IP Address for et 0
interface w ere Arctic makes t e VPN connection
Yes
Routing Mode Selects t e type of routing
none, network or Proxy ARP
No
Remote Network IP IP address of remote network to be routed If ”Routing Mode” is set
Remote Network
Netmask
Network mask of remote network to be routed If ”Routing Mode” is set
Table 2. VPN Client settings
Copyrig t © 2004, Viola Systems Ltd. Page 17
Viola M2M Gateway User's Manual 5. VPN Configuration for Arctic
W en parameter ”Use SSH-VPN” is enabled, t e Arctic device tries to connect to t e M2M Gateway.
If t e connection fails, Arctic tries it again in an endless loop.
Before VPN connection will be able to establis ed, t e VPN keys as to be exc anged between t e
Arctic and M2M Gateway. Note also t at t e connection as to be enabled from t e M2M Gateway.
5.2. Key Management
T e M2M Gateway uses public keys to control access from Arctic devices to t e M2M Gateway.
Parameter Description Direction
Local SSH Public Key Public key for accessing VPN Server From Arctic to M2M Gateway
Server SSH Key Entry Server key From M2M Gateway to Arctic
Bot of t ese keys can be copy&pasted from WWW user interface. T e ”Server SSH Key Entry” can
also be received via HTTP protocol if t e M2M Gateway HTTP server is not blocked by firewall or it
as not been disabled from t e M2M Gateway.
5.3. Routing mode
T e M2M Gateway supports t ree routing modes. Examples of all t ree modes could be found in
C apter 7.
“None” – T is is used w en only Arctic VPN peer IP pair address is used to access. Et ernet of
Arctic GPRS device and ot er devices connected to it cannot be used. Usually t is is used w en t e
devices connected to remote Arctic are connected via serial port.
“Tunnel the following network” - Used w en Et ernet subnet of remote Arctic GPRS device is
used. T is is used w en t e devices connected to remote Arctic are connected via Et ernet. W en
t is routing mode is used, bot VPN ends need ip_forward set to 1.
“Pro y ARP” - T is option is used if remote Arctic device needs to look like it is connected to local
network. Arctic Et ernet interface is configured wit IP from same network t an M2M Gateway. Wit
t is option, only Arctic device is visible to M2M Gateway side and any network be ind t e Arctic will
not be available for routing.
Copyrig t © 2004, Viola Systems Ltd. Page 18
Viola M2M Gateway User's Manual 5. VPN Configuration for Arctic
5.4. C ecking VPN Status from Arctic
After setting VPN settings and rebooting Arctic t e VPN status can be c ecked from Network
->Summary page. W en VPN is connected, user interface looks like in t e following picture. VPN
connection is up and running if VPN Tunnel device is present in t e network interface listing.
Copyrig t © 2004, Viola Systems Ltd. Page 19
Viola M2M Gateway User's Manual 6. VPN Configuration for M2M
Gateway
6. VPN Configuration for M2M Gateway
After configuration as been made to remote Arctic device t e VPN server (M2M Gateway) as to
configured properly. To access VPN configuration on M2M Gateway, login to Webmin and select
SSH-VPN configuration from t e main Webmin window.
T e VPN configuration screen is like in t e picture above. First t e page lists t e existing peers and
t eir status on t e top of t e page. T e bottom of t e page contains t e SSH key management
section.
T e parameters for VPN tunneling on M2M Gateway side are listed in table below. T ese are visible
on t e peer listing and t ey are asked w en a new peer is added. T ey could be modified by
pressing t e Edit button on appropriate peer.
Parameter Description Mandatory
Peer Name used to aut entication (Arctic ostname) Yes
IP Pair VPN IP pair address Yes
Routing Mode Selects if routing is used No
Remote Network IP IP address of remote network to be routed If ”Routing Mode” is set
Remote Network
Netmask
Network mask of remote network to be routed If ”Routing Mode” is set
Copyrig t © 2004, Viola Systems Ltd. Page 20
Other manuals for M2M
3
Table of contents
Other Viola Systems Gateway manuals
Viola Systems
Viola Systems Arctic Substation Gateway User manual
Viola Systems
Viola Systems M2M User manual
Viola Systems
Viola Systems Arctic 3G User manual
Viola Systems
Viola Systems arctic c-1220 User manual
Viola Systems
Viola Systems arctic c-1230 User manual
Viola Systems
Viola Systems Arctic IEC-104 User manual
Viola Systems
Viola Systems Arctic 3G Gateway 2622 User manual
Viola Systems
Viola Systems Arctic User manual
Viola Systems
Viola Systems M2M User manual
Viola Systems
Viola Systems M2M User manual
