HY-LINE truecon Router Manual HY-LINE Systems GmbH Seite 1

Transcription

HY-LINE truecon Router Manual HY-LINE Systems GmbH Seite 1
HY-LINE truecon Router Manual
HY-LINE Systems GmbH
Inselkammerstr. 10
82008 Unterhaching
systems(at)hy-line.de
www.hy-line.de/systems
Seite 1
HY-LINE truecon Router Manual
th
Copyright 2012 Manual release R1.8.8 English – 29. July 2013 (Update: 7 April 2014)
All rights reserved for this documentation. Along with that all photographs and electronic media are the sole property of HYLINE Systems.
Technical Modifications
The company HY-LINE Systems reserves the right to make changes to the illustrations and information in this documentation
without previous announcement. This documentation was created with utmost care and is regularly revised. In spite of all
control measures taken it can not be ruled out that technical inaccuracies and typographical errors might have occurred. All
errors known to us are eliminated in the next edition. We are always grateful for information regarding errors in this
documentation.
Support
Our technical support pages are on our website www.hy-line.de. New manuals and data sheets are also available there. FAQ
pages are also available on our website. If you have further questions please direct them at [email protected]
Care and Maintenance
Only clean the case with a dry towel, do not use water or any other cleaning agents. Never use a spray can or bottle on the
device.
Safety
Never open the router while it’s connected to a power outlet. Take the power socket out before opening the case. Danger
possibility of electric shock.
Recycling WEEE
IBM PC, AT, XT is trademark from International Business Machine Corporation.
Windows™ is trademark from Microsoft Corporation.
Java is trademark from Oracle Corporation.
Linux is trademark from Linus Torvalds.
Errors and omissions excepted.
Service addresses, deliveries and replacements:
HY-LINE Systems GmbH
Inselkammerstr. 10
82008 Unterhaching
Germany
Phone +49 (0)89/ 61450381
Fax +49 (0)89/ 61450385
E-Mail [email protected]
Internet: www.hy-line.de/systems
M2M-Router: www.hy-line.de/router
HY-LINE Systems GmbH
Inselkammerstr. 10
82008 Unterhaching
systems(at)hy-line.de
www.hy-line.de/systems
Seite 2
HY-LINE truecon Router Manual
Directory Seitenzahlen koorigieren!
Product description
4
SShd
Safety & Regulations
5
Syslogd
40
Router Variations
7
FTP Server
40
Operating elements
8
UDP-Broadcast
41
Quick start
9
Webserver
42
Software reset (factory defaults )
10
VPN
43
Configuration - Home
11
Base Settings
39
VPN-PPTP Server
45
VPN-PPTP Client
46
Identification
14
VPN-OpenVPN Server
50
Network
16
VPN-OpenVPN Client
53
Date & Time
18
VPN-IPsec
55
Connection Settings
Advanced
Phone Settings
19
Command line interface
61
Internet Settings
20
System settings / Update
64
Dial-In / Call back
22
Logging
65
E-Mail
24
Network tracer
66
I/O-Settings Input / Output
26
User Management
68
Firewall
28
NAT
29
Technical specifications
with integr. Switch
69
70
Services – Status
32
Dimensions
71
DHCP/DNS Server
33
Analog modem country code
72
DynDNS
34
InetWD
35
NTPd
36
Ser2TCP
37
SNMP
38
HY-LINE Systems GmbH
Inselkammerstr. 10
82008 Unterhaching
systems(at)hy-line.de
www.hy-line.de/systems
Seite 3
HY-LINE truecon Router Handbuch
Product description
M2M Industrial Router with modem, VPN and Firewall
The M2M-Industrial router is a simple, secure and global communications solution that will
connect you to your systems and machines where ever you are! Connections to your systems
and machines are made through the integrated firewall, VPN and automated call center. The
compact design, with standard European Top Hat Rail connection for easy mounting, as well
as the possibility to establish all connections (Analog, ISDN, GSM/GPRS/UMTS, LTE, DSL) in
one device, are what make this the leading industrial router on the market.
The router has an RS232 port as well as the standard Ethernet connection. On the protocol
side the router is capable of SNMP, DynDNS, NTP and DHCP. Configurable alarms can be
sent via E-Mail. The digital inputs and outputs offer additional control and alarm possibilities.
Every router has an internal HTML web server with complete configuration software. Access,
configuration and maintenance are easy and secure with a standard web browser. Installation
rd
of 3 party software is not necessary or recommended.
Order-numbers: see current pricelist
HY-Lstems GmbH
Inselkammerstr. 10
82008 Unterhaching
systems(at)hy-line.de
www.hy-line.de/systems
HY-LINE Systems GmbH
Inselkammerstr. 10
82008 Unterhaching
[email protected]
www.hy-line.de/systems
Seite 4
Seite 4
HY-LINE truecon Router Handbuch
Qualification of personnel
This manual is only for trained personnel familiar with the applicable norms and standards. The specialist must have read and
understood this documentation and follow the instructions.
Safety regulations
The responsible staff must ensure that the application or use of the product described fulfill all safety requirements, including
any applicable laws, regulations, guidelines and rules.
Delivered
The product is delivered according to the application and internal modem in particular hardware and firmware
configurations. Changes to hardware or software configurations which are not described in this manual are not allowed and
nullify the liability of the HY-LINE Systems GmbH
The product is made according to current state of the art technical and reliable in operation and left the factory in
safety condition state.
To maintain this condition over the period of operation, the information in the manual and applicable product change
notification should take care of.
Obligation of diligence
The operator must ensure that
• The product is used as intended.
• the product is operated working condition.
• Only suitably qualified and authorized personnel operate the product.
• the personnel is instructed regularly about relevant occupational safety and environmental protection,
as well as the manual and especially the safety notes contained herein.
The operator must strictly observe the applicable national regulations concerning operation, functional testing,
repair and maintenance of electronic equipment note.
Intended Use
The product is only allowed to use within the specified information from this document and documents referred to. The product
must not be used for the following purposes and under these conditions or operated: control of machines and equipment that
are not of the Directive 2006/42/EC and Directive 2004/108/EC (EMC - Directive).
It is recommended to use the following power supply with the HY-LINE router because all EMC tests were performed with this
power supply: 12W AC adapter Minwa MC120D050 with ferrite Würth 74270077
Read carefully this documentation before installation and commissioning. Incorrect handling of the product
may result in personal injury or property damage.
Technical Limits
The product is for use only within the specified limits which are in the data sheets determined.
Following limiting values are set:
• The ambient temperature must not be exceeded or below.
• The specified supply voltage must not be exceeded or below.
• Humidity must not be exceeded, and condensation should be avoided.
• The maximum switching voltage, and maximum switching current must not be exceeded.
• The maximum input voltage, and the maximum input current must not be exceeded.
HY-Lstems GmbH
Inselkammerstr. 10
82008 Unterhaching
systems(at)hy-line.de
www.hy-line.de/systems
HY-LINE Systems GmbH
Inselkammerstr. 10
82008 Unterhaching
[email protected]
www.hy-line.de/systems
Seite 5
Seite 5
HY-LINE truecon Router Handbuch
Warranty provision
The product is maintenance free. Opening the case will void the warranty. Repairs should be performed only by authorized
personnel.
An improper use, disregarding of this documentation, the use of insufficiently qualified personnel as well as unauthorized
changes exclude the liability of the manufacturer for any resulting damage.
Notes for transport and storage
Please avoid environmental conditions for storage like: mechanical stress, temperature, moisture, corrosive atmospheres.
The product is packaged so that it is protected against shocks during transport and storage.
Please check the product for possible damage that might be caused by improper transport or improper handling before
installation.
Electrical installation safety
Installation must be in accordance with appropriate tools and documentation. The assembly of the product may only occur with
switched off power supply. When wiring the cabinet must be secured against being switched on again. National accident
prevention regulations must be observed. The electrical installation is in accordance with national regulations done (wire
colors, cross sections, fuses, PE connection, etc.) Electrical work must made by authorized personnel. Observe the electrical
connection information in the documentation, otherwise the electrical protection can be affected.
Disposal
The product in its delivery consists of different materials:
The individual components must be disposed of properly. All components of the delivery can be returned to
HY-LINE system for proper disposal. Transport costs will be paid by the sender.
Delivery
The scope of supply for the HY-LINE router includes the accessories listed below. Please check that all accessories are
included in the box. If anything is missing or damaged, please contact your distributor.
1 HY-LINE router (basic types)
1 Quick Installation Guide
1 GSM antenna with magnetic base (optional for different Router package versions)
Further documents for the HY-LINE routers are available at: www.hy-line.de/router
HY-Lstems GmbH
Inselkammerstr. 10
82008 Unterhaching
systems(at)hy-line.de
www.hy-line.de/systems
HY-LINE Systems GmbH
Inselkammerstr. 10
82008 Unterhaching
[email protected]
www.hy-line.de/systems
Seite 6
Seite 6
HY-LINE truecon Router Handbuch
HY-LINE Router product variations
•
•
Analog: HAP-RA
with integr. Switch (4x LAN): HAP-RAS
•
•
DSL : HAP-RDS
with integr. Switch (4x LAN):
•
•
ISDN: HAP-Ri
with integr. Switch (4x LAN): HAP-RiS
•
•
HAP-R – without integr. Modem
with integr. Switch (4x LAN): HAP-RS
•
•
UMTS : HAP-RU
with integr. Switch (4x LAN): HAP-RUS
•
•
LTE : HAP-RL
with integr. Switch (4x LAN): HAP-RLS
HY-Lstems GmbH
Inselkammerstr. 10
82008 Unterhaching
systems(at)hy-line.de
www.hy-line.de/systems
HY-LINE Systems GmbH
Inselkammerstr. 10
82008 Unterhaching
[email protected]
www.hy-line.de/systems
Seite 7
Seite 7
HY-LINE truecon Router Handbuch
Operating elements
HAP-R
HAP-RI
HAP-RA
HAP-RG
HAP-RU
HAP-RL
HAP-RS
HAP-RIS
HAP-RAS
HAP-RGS
HAP-RUS
HAP-RLS
HAP-RDS
integr. 4--port Switch
integr. 4--port Switch
SIM-Card Slot
Power (10-30VDC)
Digital I/Os
(Screw terminal,
removable)
Serial RS232 –
SUB-D 9 PIN
Antenna 2 - SMA:
GSM/UMTS
(optional)
ISDN/DSL RJ45
Analog RJ11
Antenna 1 - FME:
GSM/UMTS
Network RJ45
Mounting: Din Rail Mount
-> For better shielding (EMC reason) please connect antenna connector (1 and 2) with connector PE.
Connector layout:
Router Version
Connector – ISDN/DSL
Connector – Analog
UMTS/GPRS - HAP-RU/RUS
Not used
Not used
DSL - HAP-RDS
used (Pin 4/5 – DSL A/B)
Not used
Analog - HAP-RA/RAS
used (Pin 3/4 – TX/RX)
ISDN - HAP-RI/RIS
Not used
used
(Pin 3/4/5/6 – TX+/TX-/RX+/RX-)
Without internal modem - HAP-R/RS
Not used
Not used
Not used
HY-Lstems GmbH
Inselkammerstr. 10
82008 Unterhaching
systems(at)hy-line.de
www.hy-line.de/systems
HY-LINE Systems GmbH
Inselkammerstr. 10
82008 Unterhaching
[email protected]
www.hy-line.de/systems
Seite 8
Seite 8
HY-LINE truecon Router Handbuch
Quick start
Access to the router through a web browser:
http://192.168.101.222/ or https://192.168.101.222/
Administration access:
login: manager password: changemetoo (Password can be changed through this account)
Visitors access:
login: user password: changeme
(Password can only be changed through the administrators account)
Access to the router through SSH-Secure Shell (TCP/IP):
login: root password: changemetoo
Settings SSH (TCP/IP): Host-Name or IP-Address: Router-IP
Port: 22
Note: After first time power-up the router initializes his SSH-Keys. This process takes about 15 minutes after that the router
will be reachable through SSH.
Access to router over serial:
login: root password: changemetoo
no flow control
Settings for serial connection: 38.400 bps // 8 bits // no parity // 1 Stop bits //
IP-Address changes over SSH or serial console zero modem cable):
Login over SSH or serial as described above, Execute the following commands:
a. ip address xxx.xxx.xxx.xxx netmask xxx.xxx.xxx.xxx device eth0
b. commit ch
c. write disk
Installation of the SIM card with a GSM/GPRS/UMTS/LTE-Router:
Insert the SIM-Card inside the SIM-card holder with the Chip side (gold) pointing to the printed side of the router case. The
SIM card must snap in the SIM card holder.
Internet watchdog service: Don’t enable this service until router is ready to access internet connections
Download Router Handbook & Firmware: www.hy-line.de/router
Firmware update: Please contact our support team: [email protected]
Attention: Do not install system.conf files from older firmware version to newer firmware versions or vice versa.
HY-Lstems GmbH
Inselkammerstr. 10
82008 Unterhaching
systems(at)hy-line.de
www.hy-line.de/systems
HY-LINE Systems GmbH
Inselkammerstr. 10
82008 Unterhaching
[email protected]
www.hy-line.de/systems
Seite 9
Seite 9
HY-LINE truecon Router Handbuch
Software reset
Factory default for all settings
1. Disconnect power from the router
2. Set Jumper 3 (see picture) to on position
3. Power up router, wait for flashing LEDs (approx. 2 Min.)
4. Disconnect power from the router
5. Set Jumper 3 (see picture) to off position
6. Power up router, factory default set
Important: Power down Router before changing the jumper positions!
HY-LINE Systems GmbH
Inselkammerstr. 10
82008 Unterhaching
systems(at)hy-line.de
www.hy-line.de/systems
Seite 10
HY-LINE truecon Router Handbuch
Configuration - Home:
The start page holds a general oversight of the router; Firmware version, System updates, serial
number, modem type, band type, gsm signal strength, router uptime, PPP-Data Counter (max. 2GB)
as well as the status of the digital inputs and outputs
Configuration - Home:
HY-LINE Systems GmbH
Inselkammerstr. 10
82008 Unterhaching
systems(at)hy-line.de
www.hy-line.de/systems
Seite 11
HY-LINE truecon Router Handbuch
 Internal modem 1: analog,

 Signal strength: Error
Bad
Low
Good
Very good

 Active
band:
isdn, gsm, umts, dsl, lte, none (without modem)
no signal, check antenna and/or SIM-Card and SIM-PIN
-113 ... -112 dBm
-111 ... – 90 dBm
- 89 ... – 56 dBm
> -55 dBm
lte
Umts / WCDMA2100
gsm1800 (gprs-1800 MHz Band)
gsm900 (gprs-900 MHz Band)
no service (no signal, check antenna and/or SIM-Card and SIM-PIN)




 Connectivity
status: While the router is online it will show the assigned IP address form the service
provider (WAN interface). In Online mode you will see the status of the internet connection:







 WAN

Traffic Counter: Traffic counter Internet und PPP-Traffic, max. 2.147.483.648 Bytes
Reset-Taste: Reset traffic counter


















HY-LINE Systems GmbH
Inselkammerstr. 10
82008 Unterhaching
systems(at)hy-line.de
www.hy-line.de/systems
Seite 12
HY-LINE truecon Router Handbuch
Konfiguration - Home:


 DNS

Servers: active DNS server
Default Gateway: active gateway (further information on page 16 – LAN settings)

Internet Connectivity: Pressing the button send a ping to a host or ip-address configured in
../Services/InetWD. On demand router will be triggered to establish an internet connection
 Refresh-button:


 Home-button:

resend ping
back to home menu
Reboot-button: Router (software) reboot

HY-LINE Systems GmbH
Inselkammerstr. 10
82008 Unterhaching
systems(at)hy-line.de
www.hy-line.de/systems
Seite 13
HY-LINE truecon Router Handbuch
Base Settings - Identification:

Router name:
Name of router, max. 35 letters characters, name is attached to send E-Mails

Location:
Location of the router (for informational purposes only)

Manager:
E-Mail Address of the system manager (Recipient of the dynamic IP address, once
the router is connected to the internet)
HY-LINE Systems GmbH
Inselkammerstr. 10
82008 Unterhaching
systems(at)hy-line.de
www.hy-line.de/systems
Seite 14
HY-LINE truecon Router Handbuch
Base Settings - Network:




HY-LINE Systems GmbH
Inselkammerstr. 10
82008 Unterhaching
systems(at)hy-line.de
www.hy-line.de/systems
Seite 15
HY-LINE truecon Router Handbuch
Base Settings - Network:
Configure LAN network parameter. Interfaces are: eth0, eth0:1 und eth0:2. The :x are virtual
interfaces mapped to eth0. With this settings it is possible to have more then one subnet on the
physical interface of the router. Subnets on the ethernet interface of the router are not isolated against
each other.

 LAN

0 – LAN 2:
Local IP-Adresse / Network mask: Parameter for each individual interface (Multirouting)


 Systemwide
Network Settings:
DNS Server:
Network DNS Server Address (Default is public DNS Server from Arcor)
Gateway:
Network Gateway Address
Activate network changes:
Configuration
check to enable settings after pressing SAVE button immediately
Multi-LAN:
- DHCP works only with interface LAN2 (eth0:2)
- DHCP Client receives IP address, subnet mask, DNS server and default gateway.

External gateway for data communications (Router: no internal modem or not active)
- Service: Deactivate Internet-Dial-Up in Service menu ../Services/
- Apply following settings if HY-LINE Router is using an external gateway on WAN side
DHCP-Server inactive in external gateway subnet (WAN):
LAN 0: Network/subnet Gateway side (WAN)
LAN 2: Network/subnet HY-LINE Router
Gateway (systemwide): Network/Subnet Gateway side (WAN)
DHCP-Server active in ext. gateway subnet:
LAN 0: Network/subnet HY-LINE Router
LAN 2: Network/subnet Gateway side (WAN - DHCP active)
Gateway (systemwide): Network/subnet Gateway side (WAN)







HY-LINE Systems GmbH
Inselkammerstr. 10
82008 Unterhaching
systems(at)hy-line.de
www.hy-line.de/systems
Seite 16
HY-LINE truecon Router Handbuch
Base Settings - Network:

continue: external gateway for data communications
Allow: In- and outgoing data traffic over external WAN gateway
Service Menü Firewall:

Masquerade srcnet:
Aktivieren: erlaubt ausgehende TCP-Pakete über ein
Standard Gateway (keine Modemgateway)

Source net:
Netzmaske/IP-Bereich des zu ausgehenden Traffics
Format: 192.168.102.0/24 (Beispiel)
Darstellung Ipv4 Netzadressen und Netzmasken
(Quelle: Wikipedia: http://de.wikipedia.org/wiki/Netzmaske)
Bits
Eine Netzmaske ist genau so lang wie eine IPv4-Adresse, also 32 Bit. Alle Bits des Netzwerkteils sind
auf 1 gesetzt, alle Bits des Geräteteils haben den Wert 0. Der Netzwerkteil einer IPv4-Adresse ergibt
sich aus ihrer bitweisen logischen AND-Verknüpfung mit der Netzmaske. Nach der bitweisen Negation
der Netzmaske wird der Geräteteil ebenso abgetrennt.
Beispiel
HY-LINE Systems GmbH
Inselkammerstr. 10
82008 Unterhaching
systems(at)hy-line.de
www.hy-line.de/systems
Seite 17
HY-LINE truecon Router Handbuch
Fortsetz.
Darstellung Ipv4 Netzadressen und Netzmasken
(Quelle: Wikipedia: http://de.wikipedia.org/wiki/Netzmaske)
Bei einer solchen Netzmaske mit 24 gesetzten Bits verbleiben 8 Bits und damit 28=256 Adressen für
Geräteteile. Man spricht von einem 24-Bit-Netz. Weil die kleinste Adresse (alle Bits im Geräteteil sind
null) das Netz selbst beschreibt und die größte Adresse (alle Bits im Geräteteil sind eins) für den
Broadcast reserviert ist, zählen sie nicht zu den Adressen, die an Geräte verteilt werden. Es stehen
also 254 Adressen für Geräte zur Verfügung.
Die Notation von Netzmasken wie IPv4-Adressen erfolgt in der Regel im Dezimalsystem. Dann lautet
die IP-Adresse des obigen Beispiels 192.168.1.129 und die Netzmaske 255.255.255.0 oder kurz /24.
Somit ist der Netzwerkteil 192.168.1 und der Geräteteil 129. Das IP-Netz kann man auch als
192.168.1.0/24 beschreiben.
Während die CIDR-Notation /24 die Anzahl der in der Netzmaske gesetzten Bits angibt, wird die
Netzmaske bei der dotted decimal notation in vier Oktette zerlegt, die durch Dezimalzahlen dargestellt
werden. Die Dezimalzahl 255 hat den gleichen Wert wie die Dualzahl 11111111, die 8 gesetzten Bits
entspricht. So ergeben sich im Beispiel 8+8+8+0=24 gesetzte Bits. Eine Übersicht über alle IPv4
Netzmasken größer als /8 in verschiedenen Notationen befindet sich im Artikel CIDR.
Beispiel 1: Untersucht werden soll die IP-Adresse 192.168.1.188/27, in anderer Schreibweise
192.168.1.188/255.255.255.224. Die Netzwerkmaske ist eine 27-Bit-Maske. Zuerst soll die Frage
geklärt werden, wie viele IP-Adressen zu einem 27-Bit-Netz gehören. Antwort: Eine IPv4-Adresse
besteht aus 32 Bits. 32 minus 27 ist 5. Die 27-Bit-Maske lässt also 2 hoch 5 Adressen zur freien
Verfügung, d. h. 32. Zu einem 27-Bit-Netz gehören somit 32 Adressen. Nun soll die Frage geklärt
werden, wie das Netz heißt, zu dem die Adresse gehört. Antwort: Die kleinste Adresse aus dem
vorbestimmten Umfang gibt dem Netz seinen Namen. Man findet sie, indem man von 188 ausgehend
die nächste kleinere Zahl sucht, die durch 32 teilbar ist. Es ergibt sich 160. Das Netz heißt also
192.168.1.160/27. Zu ihm gehören die 32 Adressen von 192.168.1.160 bis einschließlich
192.168.1.191. Die Adresse 192.168.1.160 bezeichnet das Netz selbst, 192.168.1.191 ist die
Broadcast-Adresse. Für Geräte nutzbar bleiben die 30 IP-Adressen von 192.168.1.161 bis
einschließlich 192.168.1.190.
Beispiel 2: 172.16.0.0/16 und 172.16.0.0/24 unterscheiden sich dadurch, dass das erste Netz die IPAdressen 172.16.0.1 bis 172.16.255.254 umfasst, während das zweite nur den Bereich 172.16.0.1 bis
172.16.0.254 beinhaltet.
HY-LINE Systems GmbH
Inselkammerstr. 10
82008 Unterhaching
systems(at)hy-line.de
www.hy-line.de/systems
Seite 18
HY-LINE truecon Router Handbuch
Base Settings - Date & Time:

Date, Time:
Date and time of the router

Timezone:
Timezone in which the router is (Please be aware that the summer and winter time
will be automatically switched only in Germany. Settings: Berlin)

Time-Server:
Time server, standard: ptbtime1.ptb.de: ptbtime1.ptb.de

Manual apply:
for manual adjustment of the time and date

Network sync.: Time and date will be synchronized after pressing SAVE over
the internet (The router will dial in to the internet)
Connectivity Settings – Modem Settings:
HY-LINE Systems GmbH
Inselkammerstr. 10
82008 Unterhaching
systems(at)hy-line.de
www.hy-line.de/systems
Seite 19
HY-LINE truecon Router Handbuch

MSN/Mobile number:
Telephone number of the router: only important when it is an ISDN connection: the
MSN must be included here. Die MSN (Multiple subscriber Number) is either the
dialling number without area code or only the extension number. This is
dependent on the setup of the telephone system.

 GSM
band:
Set GSM Band manually. Option: 0=auto; 5=gprs; 8=umts; 9=lte

SIM-PIN:
Enable PIN is only for use with a SIM card in order to log in to the network -> do
not enable for use with analog or ISDN connections!

PIN:
PIN number of the GSM/GPRS SIM card

PIN verify:
Re-enter the SIMS PIN number
Connectivity Settings – Internet Settings:
HY-LINE Systems GmbH
Inselkammerstr. 10
82008 Unterhaching
systems(at)hy-line.de
www.hy-line.de/systems
Seite 20
HY-LINE truecon Router Handbuch
Connectivity Settings – Internet Settings:
HY-LINE Systems GmbH
Inselkammerstr. 10
82008 Unterhaching
systems(at)hy-line.de
www.hy-line.de/systems
Seite 21
HY-LINE truecon Router Handbuch

Internet Service: Choose an ISP in order to enable Call-by-Call option







 PPPoE
LTE-UMTS-GPRS: default TELEKOM
Analog-ISDN 1: default Arcor
Analog-ISDN 2: default Freenet
Analog-ISDN 3: default T-Online
Analog-ISDN 4: default Schweiz
DSL
– external modem/gateway for data connections (Router: no internal modem or
inactive)
- PPPoE activation: Connectivity Settings\Internet Settings\Internet Service: choose DSL
- Connect external PPPoE modem to any Router ethernet port of HY-LINE router
- PPPoE with external modem can’t be used with HY-LINE Router with internal DSL modem

APN / Phone number:
APN for LTE/UMTS/GPRS
Telephone number of the ISPs Call-by-Call center (2 seconds for
every comma, i.e. 0,,0625112345)

Username:
Username for internet service

Password:
Password for internet service

Password verify:
Re-enter password for internet service

Timeout:
Time till router hangs up an connection to the Internet due to lack of
traffic. No function if router is set to mode: always online

IP reporting mode:
After Internet login: DynDNS activated and/or dynamic IP address of
the router sent per email

Network time sync (further settings in service men: ../services/ntpd):
-

Once (RFC868): Time sync one time after online connection
NTP (RF1305): permanent time sync after RFC1305
Network connection mode:
 Use


peer DNS:
Internet dial-up:
- On-Demand: connects only when needed, timeout active
- Always online: permanent online connection (InetWD Service
should be activated)
DNS server is set from provider (recommended)
Connectivity Settings – Dial-In / Call Back:
HY-LINE Systems GmbH
Inselkammerstr. 10
82008 Unterhaching
systems(at)hy-line.de
www.hy-line.de/systems
Seite 22
HY-LINE truecon Router Handbuch

PPP-Dial Dial-In:

Internet by call/ Ringing function:
Calling the M2M router from any phone line (don’t wait until the router
connect the line!) activates the router to log in to the internet.
ISDN/Analog/GSM-PPP-Dial-In: the router will pick up after the number of
rings and will build the PPP connection. Please wait 30 seconds after
cutting the connection in order to build another connection.
Continue: Connectivity Settings – Dial-In / Call Back:
HY-LINE Systems GmbH
Inselkammerstr. 10
82008 Unterhaching
systems(at)hy-line.de
www.hy-line.de/systems
Seite 23
HY-LINE truecon Router Handbuch

Port Speed: with bad analog lines (usually overseas) the routers communication speed can be set
down for more stable phone lines

Dial-In Server/Client IP: IP addresses of the PPP tunnel should be within the same subnet as the
gateway (M2M router IP address). Advantage: The router IP address doesn’t have to be inputted in to
the devices gateway address.
Configuring Direct Connection to M2M Router over PPP:
There is one PPP-User on the router is a permanent account with user name pppuser. This account is
not displayed in the User Management. Additional PPP-Users can be added as system user.
PPP-Dial-In:
-User name: pppuser (can not be changed)
-Password: M2MLogin
-DFÜ-Client settings: Windows default settings
Important: Please make sure that there are no user names registered with the name pppuser in User
Management. If there are delete them.
Configuration of Call-by-Call access for ISDN / Analog telephone lines
No login needed, costs are over the standard telephone bill. Call costs can be found at the website of
your provider.
ARCOR
User: arcor-ibc
Password: internet
Tel-no.: 0192075
Arcor-DNS: 145.253.2.11
MSN (Microsoft Network)
User: [email protected]
Password: msn
Tel-no: 0193670
MSN-DNS: 145.253.2.11
ARCOR
User: arcor
Password: internet
Tel-no.: 00493412004937
Arcor-DNS: 145.253.2.11
FREENET
User: gast
Password: internet
Tel-no: 019231770
Freenet-DNS: 62.104.191.241
Configuration of Call-by-Call access for ISDN / Analog telephone lines -WORLDWIDE-:
No login needed, costs are over the standard telephone bill. Call costs can be found at the website of
your provider.
Configuration for access to GPRS/UMTS/LTE modem connections with APN:
T-MOBILE T-D1 settings with standard APN:
Number or APN: internet.t-d1.de
User: t-d1
Password: t-d1
E-Mail:
HY-LINE Systems GmbH
Inselkammerstr. 10
82008 Unterhaching
systems(at)hy-line.de
www.hy-line.de/systems
Seite 24
HY-LINE truecon Router Handbuch
E-Mail:
HY-LINE Systems GmbH
Inselkammerstr. 10
82008 Unterhaching
systems(at)hy-line.de
www.hy-line.de/systems
Seite 25
HY-LINE truecon Router Handbuch

E-Mail address: E-Mail address of the system managers, it can also be set to administrator, in which
case copies of all E-Mails would be sent there.

SMTP-Server: Address of the SMTP server for the sending of E-Mails (supports DNS addresses as
well as IP addresses).

Rewrite sender domain: If enabled rewrites the sender domain for outgoing E-Mails.

Sender domain: Sender domain for outgoing E-Mails.

ESMTP authentication: Whether to use ESTMP Auth for outgoing E-Mails

E-Mail address 1-3: E-Mail recipients 1-3

I/O-Settings – Digital Input / Output:
HY-LINE Systems GmbH
Inselkammerstr. 10
82008 Unterhaching
systems(at)hy-line.de
www.hy-line.de/systems
Seite 26
HY-LINE truecon Router Handbuch

Activate: If checked the I/O port is monitored for input data

Signal action:
-
System reboot: Restart (Softreset)
-
Internet dial-in: Dial in to the internet
-
Alarm send E-Mail: Sends an E-Mail with message text to recipient 1-3
-
Alarm once (high) – send Mail: Sends an E-Mail with message text to recipient 1-3 and system
manager after power up the router. The E-Mail is send only if Digital Input 1 is high immediately
after power-up the router. In normal use Digital Input 1 can’t be triggered
-
Run user defined script 1/2: Run user defined scripts on Linux. Predefined scripts can be found on
../user/sbin with name user1.sh and user2.sh Please set user rights to execute on both scripts after
edit
HY-LINE Systems GmbH
Inselkammerstr. 10
82008 Unterhaching
systems(at)hy-line.de
www.hy-line.de/systems
Seite 27
HY-LINE truecon Router Handbuch
I/O-Settings – Digital Input / Output:

Activate: If checked the I/O port is used for data output

Map digital output: DigEin1, DigEin2 or Online state is mapped to digital output

Turn On / Turn off: manual on and off control of the digital output
Technical data Digital I/Os:
For EMC reason it is recommended to use a ferrite core, if data lines are longer then 3m.
(ferrite core Würth 74270090 with two coils)


 Digital
Input 1 / 2: Triggering from high to low signal change;
Potential-free inputs: Factory default setting, Signal action by simple shortcut (self powered)
Active input: Switching voltage: apply max. 24VDC/ min. 5mA
DIP-Switch1: configures DigIn1, see picture; DIP-Switch2: configures DigIn2, see picture
The jumper position in the picture shows
configuration for potential free inputs, factory
default.

Please switch of router before making
changes to the jumper. The router must
voltage free all the time you set jumper
router. The router case must not b opened!
any
be
on the
DIP-Schalter 1:
Digital In 1


 Digital
DIP-Schalter 2:
Digital In 2
Jumper Block 3/4:
DIP-Schalter 3: Reset
DIP-Schalter 4: ohne Funktion
output: Open Collector: Output voltage 12-30VDC (active) /
max. 100mA. The output voltage is similar to the power supply voltage applied to the router.




HY-LINE Systems GmbH
Inselkammerstr. 10
82008 Unterhaching
systems(at)hy-line.de
www.hy-line.de/systems
Seite 28
HY-LINE truecon Router Handbuch
Firewall:
HY-LINE Systems GmbH
Inselkammerstr. 10
82008 Unterhaching
systems(at)hy-line.de
www.hy-line.de/systems
Seite 29
HY-LINE truecon Router Handbuch
Fortsetz.: Firewall:
The firewall configuration allows the opening and closing of specific services from the internet to the
router (arrows left) and from the router to the internet (arrows right).
Continue: Firewall:

Three standard profiles are available:
-

Default – Standard, applicable for most uses
Custom – Custom profile defined by user, must be set for user configuration
Minimum – High security
Commit rules: Commit the changes immediately to the firewall configuration when saving

Masquerading: Set S-NAT routing options: if activated all data packets will be changed coming
from the WAN interface to the local ethernet (eth0) router interface. The router will exchange the public ip
for forwarded packets with his own local ip address. This will be used to access devices on the router lan
subnet without having set a gateway address in this devices.
Ausgehende Verbindungen (HY-LINE Router LAN -> externe Gateway) :

Masquerade srcnet:
Aktivieren: erlaubt ausgehende TCP-Pakete über ein
Standard Gateway (keine Modemgateway)

Source net:
Netzmaske/IP-Bereich des zu ausgehenden Traffic
Format: 192.168.102.0/24 (Beispiel) Siehe Seite 17.
HY-LINE Systems GmbH
Inselkammerstr. 10
82008 Unterhaching
systems(at)hy-line.de
www.hy-line.de/systems
Seite 30
HY-LINE truecon Router Handbuch
NAT (Network Address Translation)
NAT (Network Address Translation) is a network procedure where an IP-Address in a data pack is
changed in to another. This is usually done to support private IP addresses on to public networks such
as the internet. The ports are also translated in the same sense but through a system called PAT (Port
Address Translation).
Configuration
The NAT configuration in the router can be configured through a serial connection over SSH or via the
web interface. A maximum of 150 NAT rules can be configured. Following Ports shouldn’t be changed:
List of unchangeable ports
Service
File Transfer Protocol (FTP)
SSH Remote Login Protocol (ex. pcAnyWhere)
Telnet
Simple Mail Transfer Protocol (SMTP)
Domain Name Server (DNS)
WWW Server (HTTP)
HTTPS
Post Office Protocol ver.3 (POP3)
Network News Transfer Protocol (NNTP)
Point-to-Point Tunnelling Protocol (PPTP)
pcANYWHEREdata
pcANYWHEREstat
WinVNC
Protocoll
TCP
UDP
TCP
TCP
UDP
TCP
TCP
TCP
TCP
TCP
TCP
UDP
TCP
Port
21
22
23
25
53
80
443
110
119
1723
5631
5632
5900
Konfiguration über Website:
HY-LINE Systems GmbH
Inselkammerstr. 10
82008 Unterhaching
systems(at)hy-line.de
www.hy-line.de/systems
Seite 31
HY-LINE truecon Router Handbuch

Protocol Type:
Protocol TCP or UDP

Forwarded Port:
Incoming port

Dest. Address:
IP-Address of device the packet is send to

Dest. Port:
Port of device the packet is send to

Commit rules:
Immediately activate NAT rules after pressing save button (no restart required)
HY-LINE Systems GmbH
Inselkammerstr. 10
82008 Unterhaching
systems(at)hy-line.de
www.hy-line.de/systems
Seite 32
HY-LINE truecon Router Handbuch
Services - Status:
The service menu allows to stop, start and pause the services.
HY-LINE Systems GmbH
Inselkammerstr. 10
82008 Unterhaching
systems(at)hy-line.de
www.hy-line.de/systems
Seite 33
HY-LINE truecon Router Handbuch
Services - DHCP/DNS Server:
HY-LINE Systems GmbH
Inselkammerstr. 10
82008 Unterhaching
systems(at)hy-line.de
www.hy-line.de/systems
Seite 34
HY-LINE truecon Router Handbuch
Services - DynDNS:

DynDNS Service Provider: Choose your provider for the DynDNS server.

Username: DynDNS account name

Password: DynDNS password

Password verify: Re-Enter DynDNS password

Host alias: DynDNS Hostname
Activate DynDNS Service
Modemmode:
Activate DynDNS service in ../Connectivity Settings/Internet Settings/ -> IP-Reporting mode!
Gateway mode:
Activate DynDNS service in Service Menu
HY-LINE Systems GmbH
Inselkammerstr. 10
82008 Unterhaching
systems(at)hy-line.de
www.hy-line.de/systems
Seite 35
HY-LINE truecon Router Handbuch
Services - Inetwd + Redundancy:
HY-LINE Systems GmbH
Inselkammerstr. 10
82008 Unterhaching
systems(at)hy-line.de
www.hy-line.de/systems
Seite 36
HY-LINE truecon Router Handbuch
Services - Inetwd + Redundancy:
Funktionsweise Internet Watchdog (Inetwd):
The internet watchdog checks periodically via ping (icmp protocol) the correct access to an ip address
or host name on the internet or intranet. If the ip address is not reachable the router will be restart.

Important: this function will cause traffic also if there is no other communication over the router

Destination host: IP-Address or host name - Layout: www.name.extension

Maximum retries: Number of ping trials before router restart

Interval: Interval in seconds für ping request
Important: Do not activate this service until the router is ready to access the internet. If the
service is activated and there is e.g. no sim card installed, the router will reboot every 600seconds
by default.
Funktionsweise Redundancy: redundanter Kommunikationsweg
a)
LAN-Gateway (DHCP)
 UMTS / PPPoE (intern DSL oder externes Modem)
Der Router ist nur über die aktuell aktive Verbindung online. Aktivierung der redundanten Funktion über die system.conf.
(Setzen einer Variablen). Der primäre, aktive Kommunikationsweg (nach Router Reboot) ist immer LAN-Gateway (DHCP).
Sobald der primäre, aktive Kommunikationsweg ausgefallen ist, wird die Kommunikation automatisch auf den redundanten
Kommunikationsweg (UMTS/PPPoE) aktiviert. Diese Funktion wird durch den Dienst InetWD aktiviert. Anschließend wird
der DHCP Dienst (falls aktiviert) beendet und der Router neu gestartet. Nach dem Neustart ist der aktive
Kommunikationsweg UMTS/PPPoE. Es wird eine E-Mail abgesetzt, die eine (definierbare) Information enthält.
Umschalten auf den primären Kommunikationsweg erfolgt manuell über die Router Weboberfläche, einfach durch einen
Reboot/ Neustart des Routers (übers Internet oder Intranet).
b)
LAN-Gateway (kein DHCP)  LAN-Gateway (kein DHCP)
Funktionsweise redundanter Kommunikationsweg, wie unter a).
Voraussetzung: es darf kein DHCP Client bei den LAN Einstellungen im Router aktiviert sein,
alle LAN-Parameter müssen manuell eingegeben werden.
Das Umschalten auf den primären Kommunikationsweg/ Gateway erfolgt manuell über die Router Weboberfläche durch
einen Reboot/ Neustart des Routers (übers Internet oder Intranet).
Das Umschalten des aktiven Gateways nach erfolglosem Ping des InetWD automatisch auf das redundanten Gateway.
Hinweis: Das redundante Gateway wird vom User in den InetWD Dienst eingetragen, dies kann nicht über die
Weboberfläche gemacht werden.
HY-LINE Systems GmbH
Inselkammerstr. 10
82008 Unterhaching
systems(at)hy-line.de
www.hy-line.de/systems
Seite 37
HY-LINE truecon Router Handbuch
Fortsetz.: Services - Redundancy
Konfiguration: LAN-Gateway –> UMTS/Gateway Fallback

Enable redundancy:
Redundanz aktivieren, Optionen: Redundanzweg modem oder Gateway

Fallback gateway:
Hier das Gateway im Redundanzfall angeben, das zum Default Gateway wird

Status Mail modem r.: Aktiviert Mail Benachrichtigung im Falle eines umschalten auf den
Redundanzweg. Die Mail wird an den system manager verschickt.

Mail Message:
Inhalt der Benachrichtgungsmail
Beispiel Redunanz konfigurieren:
- Redundancy
aktivieren (modem oder fallback), Mail Benachrichtigung aktiverieren und Mail Text
angeben
- Service Menü:
- Internet Einwahl auf: Always online
- Internet-Dial-Up Service deaktivieren
- Internet Watchdog Service aktivieren (InetWD)
Fortsetz.: Beispiel Redunanz konfigurieren:
HY-LINE Systems GmbH
Inselkammerstr. 10
82008 Unterhaching
systems(at)hy-line.de
www.hy-line.de/systems
Seite 38
HY-LINE truecon Router Handbuch
- Konfiguration LAN-Gateway: wie im Kapitel Base Settings / LAN beschrieben vornehmen
DHCP-Server inaktiv im ext. Gateway Subnetz:
LAN 0: Netzwerk/Subnetz auf der der Gateway Seite
LAN 2: Netzwerk/Subnetz des HY-LINE Routers
Gateway (systemwide): Netzwerk/Subnetz auf der der Gateway Seite
DHCP-Server aktiv im ext. Gateway Subnetz:
LAN 0: Netzwerk/Subnetz des HY-LINE Routers
LAN 2: Netzwerk/Subnetz auf der der Gateway Seite (DHCP aktivieren)
Gateway (systemwide): Netzwerk/Subnetz auf der der Gateway Seite (wird autom. vergeben)
Konfiguration Firewall:: wie im Kapitel Firewall beschrieben, Masquerading srcnet aktivieren und
konfigurieren
Router Neustart!
 AKTIVE Redundanz: LAN-Gateway –> UMTS Fallback
Nach dem Neustart erweitert sich die Anzeige auf
der Home Startseite des Routers: es wird eine
eingeschaltete Redundanz Funktion angezeigt:
Wir die Redundanz aktiv, d.h. der 2. Kommunikationsweg wird aktiviert, ändert sich die Statusanzeige wie
folgt:
Die erste Zeile zeigt den gewählten
Redundanzmodus an, die zweite Zeile zeigt dann denselben Wert an, wenn der inetwd in den Fallback
gewechselt hat.
Der inetwd Serive läuft nun regulär weiter und versucht (jetzt über den Fallback-Weg) seinen Ping ins
Internet abzusetzen. Gelingt das weiterhin nicht, hakt wieder der Reboot ein und das System startet neu
(und schaltet damit auf die primäre Funktion zurück).
Nach einem manuellen Reboot des Router über die Webberfläche ist der 1. Kommunikationsweg aktiv.
HY-LINE Systems GmbH
Inselkammerstr. 10
82008 Unterhaching
systems(at)hy-line.de
www.hy-line.de/systems
Seite 39
HY-LINE truecon Router Handbuch
Services – NTPd Timeserver:
Protocoll of the timeserver is NTP RFC1305.

NTP Timeserver 1/2:

NTP Server (RFC 1305):
HY-LINE Systems GmbH
IP address or hostname. Timeserver 2 is automatically used if connection to
timeserver 1 failed.
Activate the NTP Server Mode for the local network. Any ip device
can update their time over the router via NTP.
Inselkammerstr. 10
82008 Unterhaching
systems(at)hy-line.de
www.hy-line.de/systems
Seite 40
HY-LINE truecon Router Handbuch
Services - Ser2TCP:

The Ser2TCP Service is able to stream data from the serial RS232 Router interface to any ip based
device over the ethernet network. Further administration under Linux OS is needed. Please contact HYLINE technical support for assistance.
HY-LINE Systems GmbH
Inselkammerstr. 10
82008 Unterhaching
systems(at)hy-line.de
www.hy-line.de/systems
Seite 41
HY-LINE truecon Router Handbuch
Services - SNMP:

Please contact HY-LINE technical support to receive the MIB (Management Information Base).
HY-LINE Systems GmbH
Inselkammerstr. 10
82008 Unterhaching
systems(at)hy-line.de
www.hy-line.de/systems
Seite 42
HY-LINE truecon Router Handbuch
Services - SSHd:
Configuration for access to the router over SSH (Secure Shell TCP/IP Terminal)
Secure Shell – secured communication over unsecured networks : Secure Shell (SSH) is a program
that allows the communication of computers over unsecured networks through a secure means. It closes
many security risks, this is done through the encryption of data.
Access to the router through SSH-Secure Shell (TCP/IP):
Windows Editor, for example: Winscp
login: root password: can be set under User Management
Settings SSH (TCP/IP): Host-Name or IP-Address: Router-IP
Port: 22
Note: First time power-up (after firmware update) the router initializes his SSH-Keys. This process takes
about 15 minutes after that the router will be reachable through SSH.
HY-LINE Systems GmbH
Inselkammerstr. 10
82008 Unterhaching
systems(at)hy-line.de
www.hy-line.de/systems
Seite 43
HY-LINE truecon Router Handbuch
Services - Syslogd:
Configuration of the log files size, number of logs and remote logins.
Services - FTP-Server:


approx.. 3MB Flash-Memory (persistent, root directory)
approx. 8MB RAM-Memory ( ..\tmp)
HY-LINE Systems GmbH
Inselkammerstr. 10
82008 Unterhaching
systems(at)hy-line.de
www.hy-line.de/systems
Seite 44
HY-LINE truecon Router Handbuch
Services - UDP Broadcast Proxy:
The UDP-Broadcast function is used for discover ip devices on the HY-LINE Router lan subnet. Incoming
tcp-ip packets with configured broadcast port will be send automatically to each device in the router
network. Each reply will be send back to the sender from the internet.

 Destination
IP range: Destination the broadcast will be send to (usually the HY-LINE Router lan
subnet)

Destination Netmask: Subnet of destination network

Destination Port:
HY-LINE Systems GmbH
Identification of broadcast function and destination port to send to
Inselkammerstr. 10
82008 Unterhaching
systems(at)hy-line.de
www.hy-line.de/systems
Seite 45
HY-LINE truecon Router Handbuch
Services - Webserver:

Use also Port 80 active: Router is accessible via Port 80 and Port 443 over the internet and intranet

Attention: Due to security reason it is recommended to disable Port 80 access from the internet

Certificate warning: The HY-LINE Router has a standard https certificate installed (common version).
This will cause in a browser alert after trying to access the routers web interface. It is possible to use a
customer specific certificate to prevent this. This is not a security issue.
HY-LINE Systems GmbH
Inselkammerstr. 10
82008 Unterhaching
systems(at)hy-line.de
www.hy-line.de/systems
Seite 46
HY-LINE truecon Router Handbuch
VPN:
A Virtual Private Network (VPN) is a computer network that communicates private data through a big
open network such as the internet. Members of the VPN that are logged in can exchange data as if they
were part of a private LAN. The meaning private implies that the connection is established much like a
local LAN but does not imply that the connection is encrypted. A tunnel is established between Client
and Server, this connection is the tunnel but VPN tunnels do not have to be encrypted.
Secure VPNs use cryptographic tunnelling protocols to provide the intended confidentiality (blocking
snooping and thus Packet sniffing), sender authentication (blocking identity spoofing), and message
integrity (blocking message alteration) to achieve privacy. When properly chosen, implemented, and
used, such techniques can provide secure communications over unsecured networks. This has been the
usually intended purpose for VPN for some years.
Secure VPN technologies may also be used to enhance security as a "security overlay" within dedicated
networking infrastructures.

Secure VPN protocols included in the M2M Router are following:

IPsec (IP security) – Pre-shared-keys or X.509 certificates

PPTP Client and Server (point-to-point tunnelling protocol), Username and password security

OpenVPN Client and Server: Certificate authentication, NO username and password possible
HY-LINE Systems GmbH
Inselkammerstr. 10
82008 Unterhaching
systems(at)hy-line.de
www.hy-line.de/systems
Seite 47
HY-LINE truecon Router Handbuch
Services - VPN

Use IPsec:
Enables IPSec server when connected to the internet aktiviert
(Pre-shared key, Zertifikate x.509)

Use PPTP server:
Enables PPTP server (Username and password authentication)

Use PPTP client:
Enables PPTP Client (Certificate authentication)
HY-LINE Systems GmbH
Inselkammerstr. 10
82008 Unterhaching
systems(at)hy-line.de
www.hy-line.de/systems
Seite 48
HY-LINE truecon Router Handbuch
VPN – PPTP Server Configuration:

Gateway IP / Client IPv4 range: VPN-Tunnel IP-Subnet must be different from HY-LINE Router LAN
subnet
HY-LINE Systems GmbH
Inselkammerstr. 10
82008 Unterhaching
systems(at)hy-line.de
www.hy-line.de/systems
Seite 49
HY-LINE truecon Router Handbuch
VPN – PPTP Client Konfiguration:

Server address: IP-address or host name of VPN-PPTP server

User name: vpn pptp user name, add/edit in ..\Advanced\user management

Enable network mode: activate routing to remote network (server subnet)

Network address: network ip range on server side (for routing), syntax: xxx.xxx.xxx.0

Route netmask: subnet for routing, syntax: 255.255.255.0

Route manuell setzen auf linux shell: -sys sh -ip route add 192.168.3/24 add ppp1
HY-LINE Systems GmbH
Inselkammerstr. 10
82008 Unterhaching
systems(at)hy-line.de
www.hy-line.de/systems
Seite 50
HY-LINE truecon Router Handbuch
VPN-PPTP SERVER Set up connections example
M2M Router settings for us a VPN-PPTP-CLIENT:


Authentication method:
o CHAP or MS-CHAP V2 authentication available
o Edit: \\etc\runit\pptp\run (File with extension script)

CHAP:
name +mppe-40 persist maxfail 0 debug \
-> if CHAP not possible, MS-CHAP V2 is used

MS-Chap V2: name +mppe-40 refuse-chap persist maxfail 0 debug \
-> only MS-Chap V2 is used
Encryption MPPE:
o Edit: \\etc\runit\pptp\run (File with extension script)



HY-LINE Systems GmbH
+mppe-40
+mppe-128
De-activate mppe: remove string (+mppe-40 or +mppe-128)
Inselkammerstr. 10
82008 Unterhaching
systems(at)hy-line.de
www.hy-line.de/systems
Seite 51
HY-LINE truecon Router Handbuch
Continue: VPN-PPTP SERVER Set up connections example
Web interface settings
VPN Services: Use PPTP client
 VPN \ PPTP \ Client :
 Set PN server
 Set user name; user must be add in user management, see next page
 Enable Network Mode, routing is active
 Network address: subnet on other side of VPN Tunnel, Syntax: x.x.x.0
All other settings like shown in the picture.
HY-LINE Systems GmbH
Inselkammerstr. 10
82008 Unterhaching
systems(at)hy-line.de
www.hy-line.de/systems
Seite 52
HY-LINE truecon Router Handbuch
User management: VPN-PPTP
 Add user via web interface ../Advanced/User Management:
 User subsystem: PPP/PPTP User
Important: if connectionist not working please change following:
o Edit: \etc\ppp\chap-secrets
o Change username PPP password to username * password *
# PPP
t-d1 * t-d1
# PPTP
vpn ppp 123 *
# PPTP
username ppp password *
change to
username * password *
Important: this change must be made every time a new user is added/changed or deleted!
HY-LINE Systems GmbH
Inselkammerstr. 10
82008 Unterhaching
systems(at)hy-line.de
www.hy-line.de/systems
Seite 53
HY-LINE truecon Router Handbuch
VPN – OpenVPN Server Configuration:
 Range ip Address: IP-Address range of established OpenVPN tunnels (Format: x.x.x.0)
 Range ip netmask: IP-Netmask of established OpenVPN tunnels
 Push route 1-3: IP-Address range, set as route in OpenVPN Client (Format: x.x.x.0)
 Route 1-3 netmask: IP-Subnet, set as subnet in OpenVPN Client
HY-LINE Systems GmbH
Inselkammerstr. 10
82008 Unterhaching
systems(at)hy-line.de
www.hy-line.de/systems
Seite 54
HY-LINE truecon Router Handbuch
VPN – OpenVPN Server Configuration:





 Duplicate cn: allow multiple clients with same common name to connect to router at the same time
 Authentication: only with certificate, Username and password not possible

 Encryption: SHA1 - HMAC and BF-CBC (Blowfish - Cyper-Block-Chaining Mode)
Default-Keysize: SHA1: 160 bit ; BF-CBC: 128 bit. (not editable)
 OpenVPN Client: example for use with windows:
http://openvpn.net/index.php/open-source/downloads.html
HY-LINE Systems GmbH
Inselkammerstr. 10
82008 Unterhaching
systems(at)hy-line.de
www.hy-line.de/systems
Seite 55
HY-LINE truecon Router Handbuch
VPN – OpenVPN Server Configuration: EXAMPLE
 OpenVPN Client Configuration on remote side (e.g. PC-System / Hardware-Router):
- Store certificate + keys in HY-LINE Router, Format:
> ca.crt
> ca.key
> client.crt
> client.key
> server.crt
> server.key
- Copy certificate + keys on the PC (e.g. ..\Programme\OpenVPN\Config
- Configure OpenVPN Client Software Config File (e.g. client.ovpn)
 Successful connection between HY-LINE Router and Windows PC running OPenVPN.org
software client.
HY-LINE Systems GmbH
Inselkammerstr. 10
82008 Unterhaching
systems(at)hy-line.de
www.hy-line.de/systems
Seite 56
HY-LINE truecon Router Handbuch
VPN – OpenVPN Client configuration:
 Attention: the router internal clock must be set to correct date and time.
 Activate OpenVPN Client via Service menu:
 Server FQHN: openVPN Server IP-Address or Domain-Name
 Server port: openVPN Server Port
 Client certificate: Authentication certificate
 Client key: Keys for Authentication
 CA certificate: Setup CA-Certificate for authentication in OpenVPN SERVER Menu
 CA key: Setup CA-Key for authentication in OpenVPN SERVER Menu
HY-LINE Systems GmbH
Inselkammerstr. 10
82008 Unterhaching
systems(at)hy-line.de
www.hy-line.de/systems
Seite 57
HY-LINE truecon Router Handbuch
VPN –IPsec Server Configuration:
VPN-ipsec Preshared Key
Network example:
Server room
Router-IP WAN: 201.202.203.204
Network
: 192.168.180.0/24
Remote Network (HY-LINE Router)
Router-IP WAN: dynamic
Router-IP LAN: 192.168.3.254
Network
: 192.168.3.0/24
255.255.255.0
255.255.255.0
ipsec PHASE 1 PARAMETER (management connection)
Encryption
: 3DES
Authentication (Hash)
: SHA1
Preshared Key
: 12345
Lifetime
: 86400
ipsec PHASE 2 PARAMETER (data connection)
Security protocol
: ESP (nicht AH)
Conection Mode
: Tunnel Mode (nicht Transport Mode)
Encryption
: 3DES
Authentication (Hash)
: SHA1
Perfect Forward Secrecy (pfs-Group) : 2 (enabled) – DH2: Diffie Hellmann Group 2
ipsec activate:
HY-LINE Systems GmbH
Inselkammerstr. 10
82008 Unterhaching
systems(at)hy-line.de
www.hy-line.de/systems
Seite 58
HY-LINE truecon Router Handbuch
VPN –IPsec Server Configuration:
ipsec configuration:


Keep not used values in the default settings (e.g. identifier value, type, etc)
ipsec algorithm (encryption/authentication) fill in manually, pay attention to syntax
HY-LINE Systems GmbH
Inselkammerstr. 10
82008 Unterhaching
systems(at)hy-line.de
www.hy-line.de/systems
Seite 59
HY-LINE truecon Router Handbuch
VPN –IPsec Server Configuration:
ipsec Policies (Routing):
RECHENZENTRUM
Router-IP WAN: 201.202.203.204
Netz
: 192.168.180.0/24
255.255.255.0
Remote Netz (HY-LINE Router)
Router-IP WAN: dynamisch
Router-IP LAN: 192.168.3.254
Netz
: 192.168.3.0/24
255.255.255.0
Hier müssen im HY-LINE Router 2 Routen konfiguriert werden, eine für ausgehenden Traffic (out) und eine
für eingehenden Traffic (in).
ipsec Policies OUT:
HY-LINE Systems GmbH
Inselkammerstr. 10
82008 Unterhaching
systems(at)hy-line.de
www.hy-line.de/systems
Seite 60
HY-LINE truecon Router Handbuch
VPN –IPsec Server Configuration:
ipsec Policies IN:
HY-LINE Systems GmbH
Inselkammerstr. 10
82008 Unterhaching
systems(at)hy-line.de
www.hy-line.de/systems
Seite 61
HY-LINE truecon Router Handbuch
VPN –IPsec Server Configuration:
ipsec Policies summary:
Add user:
Menu ..\Advanced\User Management :
User subsystem: VPN ipsec user
Username: public IP-address (WAN) of Server room
Password: preshared key
HY-LINE Systems GmbH
Inselkammerstr. 10
82008 Unterhaching
systems(at)hy-line.de
www.hy-line.de/systems
Seite 62
HY-LINE truecon Router Handbuch
VPN-ipsec certificate connections
Base settings: see VPN with preshared Keys.
The HY-LINE router is based on x.509 certificates. The router uses 2 files: the certificate file with extension .crt and
the private key file with extension: e.g. p12 for pkcs 12 Files. For x.509 certificates in one file you have to split it into two
files. For example with the software: XCA . IMPORTANT: The Private Key File must not be protected by a password.
(remove with OpenSSL).
Use the software XCA to split the certificate in two files(http://xca.hohnstaedt.de/?page_id=3)
Remove password in the Public Key File with OpenSSL (http://www.openssl.org/):
Start OpenSSL prompt
Check if password protected, you won’t see any information:
pkcs12 -in Name_des_Zertifikats.p12 -info
Clear password in the private Key File:
pkcs12 -in Name_des_Zertifikats.p12 -info -nodes -nocerts -out Name_des_Zertifikats _neu.pem
HY-LINE Systems GmbH
Inselkammerstr. 10
82008 Unterhaching
systems(at)hy-line.de
www.hy-line.de/systems
Seite 63
HY-LINE truecon Router Handbuch
Advanced - System:
System management:
 Advanced


command line: Command Line Interface
HY-LINE Systems GmbH
Inselkammerstr. 10
82008 Unterhaching
systems(at)hy-line.de
www.hy-line.de/systems
Seite 64
HY-LINE truecon Router Handbuch
Advanced - System:

Amcli command line: The amcli is a simple command line interface running on the routers linux
system OS.
Example commands:
-c
-D
-d
-f file
-R file
-h
-V
-v
-g
-q
-i
-s
-F
-r runlevel
-m
-p
Execute command and exit
Dump configuration and exit
Write configuration and exit
Specify configuration file
Read commands from file
Show help
Verify configuration file and exit
Be more verbose
Run in CGI mode
Quiet mode
Run init jobs and exit
Shutdown mode for init
Forced init (abort on error)
Set init runlevel
Modify configuration data and exit
Purge nodes
HY-LINE Systems GmbH
Inselkammerstr. 10
82008 Unterhaching
systems(at)hy-line.de
www.hy-line.de/systems
Seite 65
HY-LINE truecon Router Handbuch

Amcli command line interface
Output for command: ping 192.168.101.222
HY-LINE Systems GmbH
Inselkammerstr. 10
82008 Unterhaching
systems(at)hy-line.de
www.hy-line.de/systems
Seite 66
HY-LINE truecon Router Handbuch
Advanced - System:
System management:

Reboot system: Router reset (Softreset)
System configuration management:

Download: loads the current configuration of the router to a file (system.conf)

Upload: uploads a system.conf file in to the router, restart required
 configuration file must be from same firmware version

Incremental Update Support: Firmware update without the need for a full firmware download
HY-LINE Systems GmbH
Inselkammerstr. 10
82008 Unterhaching
systems(at)hy-line.de
www.hy-line.de/systems
Seite 67
HY-LINE truecon Router Handbuch
Advanced - Logging:

System Log: The system log will show details about the routers functions, e.g. dial in the internet,
sending mails, using DynDNS, etc.
Example of logfile:
09:55:46: Internet dial-up und public ip address: 80.187.16.115
09:55:50: DynDNS Alias name update
09:55:53: E-Mail send (ip-address)
HY-LINE Systems GmbH
Inselkammerstr. 10
82008 Unterhaching
systems(at)hy-line.de
www.hy-line.de/systems
Seite 68
HY-LINE truecon Router Handbuch
Advanced – Network Tracer:
The Network tracer tool logs all network traffic over all interfaces ecxept following traffic: Port 22 (ssh),
80 (http), 443.

Enable tracer: check box this box and press save

Clear traces: clear all saved logs

Trace log: show save logs
Example: Tracelog
HY-LINE Systems GmbH
Inselkammerstr. 10
82008 Unterhaching
systems(at)hy-line.de
www.hy-line.de/systems
Seite 69
HY-LINE truecon Router Handbuch
Advanced - User Management:
User Management:
To add, change and delete user on the HY-LINE Router.
HY-LINE Systems GmbH
Inselkammerstr. 10
82008 Unterhaching
systems(at)hy-line.de
www.hy-line.de/systems
Seite 70
HY-LINE truecon Router Handbuch
Advanced - User Management:

Webserver user have fixed names and belongs to a right system with limited access to router
functions
- Username: manager
Password: changemetoo
- Username: service
Password: changemetoo
- Username: installer
Password: changemetoo
- Username: user
Password: changemetoo
Passwords can be changed.
Menu ‚List users’ shows only user with same or lower rights.

User rights
HY-LINE Systems GmbH
Inselkammerstr. 10
82008 Unterhaching
systems(at)hy-line.de
www.hy-line.de/systems
Seite 71
HY-LINE truecon Router Handbuch
Specification
Function
M2M Industrial router with free modem choice, VPN and Firewall for easy, secure and
worldwide access to machines and facilities.
Router-Versions
Analog 56 KBit/s, ISDN 64 KBit/s (Euro-ISDN), GSM/GPRS/EDGE/UMTS/LTE (HSPA)
Quad-band; DSL – Annex B, (optional Annex A), ADSL, ADSL2 and ADSL2+ (Annex
A/M/L or Annex B); LAN-Router – without Modem
VPN
Virtual Private Network, Protocols: OpenVPN Client and Server, IPSec (Pre-Shared Key /
X.509 Certificates); PPTP (PAP, CHAP, MS-CHAP V2)
PPP
PPPoE
Point to Point Protocoll, analog, ISDN and GSM-Modems support, PPP-Callback
functionality
Point to Point over Ethernet Protocoll, supports external modems via Ethernet/PPPoE
Firewall
Packet-Inspection, NAT, Port Forwarding
Services
DynDNS, DHCP/DNS Server, SNMP, NTP, SMTP, FTP
Configuration / Management
HTML-Webserver, SSH, Serial, HTTP, HTTPS, SSH, Seriell
Alarm management
E-Mail, SMS, trigger able by Digital Input
Digital Inputs
2 x 5-30 VDC / VAC, current min. 5 mA, switchable to floating inputs
Digital Output
24 VDC / max. 100 mA
Interfaces
Ethernet RJ 45, 10/100 Mbit/s; RS232-DSUB-9; analog RJ 11; DSL RJ45;
ISDN RJ 45, Antenna: FME (male), optional: SMA (female)
Status LEDs
Power On, Network, Online, Digital I/Os
Environment
Analog-Router, ISDN-Router: Operation 0°C bis +70°C
GSM/GPRS/UMTS/LTE-Router: Operation -20°C bis +70°C
DSL-Router: Operation 0°C bis +60°C (optional: -20°C bis +60°C)
LAN-Router, without internal Modem: Operation -20°C bis +70°C
Power
For all Router versions: Humidity: 0-95%, not condensing
12-30 VDC, power requirement: max. 3-5 Watt, depends on Router-Version
Approvals
CE, EMV EN61000-4-3, ENV50204, ENV55022-B
Dimension
120 x 101 x 35 mm, approx. 250 g, DIN rail mount, IP 20
HY-LINE Systems GmbH
Inselkammerstr. 10
82008 Unterhaching
systems(at)hy-line.de
www.hy-line.de/systems
Seite 72
HY-LINE truecon Router Handbuch
Specification: Router with integrated 4-port switch
Ethernet-Interfaces
Power
Integrated 4-port 10/100 Mbit/s, Ethernet RJ45 Switch on the Front
Panel
Auto Negotiation, Auto Crossing, Auto Polarity
Status-LEDs: Function, Link, Speed
Isolation: 1000 VAC Ethernet and Power Supply
IEEE 802.3 (CSMA/CD), IEEE 802.3ux (Fast Ethernet, Full Duplex
Mode)
12-30 VDC, power requirement: max. 4-6 Watt, depends on
Router-Version
CE, EMV EN61000-4-3, ENV50204, ENV55022-B
Approvals
Dimension
HY-LINE Systems GmbH
120 x 101 x 60 mm, approx. 450g, DIN rail mount, IP 20
Inselkammerstr. 10
82008 Unterhaching
systems(at)hy-line.de
www.hy-line.de/systems
Seite 73
HY-LINE truecon Router Handbuch
Empty page
HY-LINE Systems GmbH
Inselkammerstr. 10
82008 Unterhaching
systems(at)hy-line.de
www.hy-line.de/systems
Seite 74
HY-LINE truecon Router Handbuch
Dimensions
Din Rail Mount (EN 60715), IP20, synthetic material
HAP-RS
HAP-RIS
HAP-RAS
HAP-RGS
HAP-RUS
HAP-RLS
HAP-RDS
101mm
HAP-R
HAP-RI
HAP-RA
HAP-RG
HAP-RU
HAP-RL
60mm
83mm
120mm
35mm
HY-LINE Systems GmbH
Inselkammerstr. 10
82008 Unterhaching
systems(at)hy-line.de
www.hy-line.de/systems
Seite 75
HY-LINE truecon Router Handbuch
Analog modem country code settings
- Log on to the Router via SSH or serial:
- Type in following commands (case sensitive)
sys sh
svactivate stop mgetty-s0
svactivate stop pppd
microcom /dev/ttyS0
at+gci=42 (=Germany for example)
at&w
check country code:
at+gci?
- please reboot Router
HY-LINE Systems GmbH
Inselkammerstr. 10
82008 Unterhaching
systems(at)hy-line.de
www.hy-line.de/systems
Seite 76