Home » Lantronix Manuals » Electronics Accessories » Lantronix G520 » Manual Viewer

Lantronix G520 G520 User Guide - Page 81

: VPN, IPsec (Internet Protocol Security), VPN

Add to My Manuals
Save this manual to your list of manuals

Page 81 highlights

9: VPN A Virtual Private Network (VPN) tunnel carries traffic of a private network from one endpoint system to another over a public network such as the Internet. The traffic of a private network so carried over a public network does not know about the existence of the intermediate hops between the two endpoints. Similarly, the intermediate hops are also not aware that they are carrying the network packets that are traversing the tunnel. The tunnel may optionally compress and/or encrypt the data, providing enhanced performance and some measure of security. Note: The G520 series gateways support additional tunneling protocols. For L2TP, PPtP, or GRE protocol configuration, see Interface Protocols. IPsec (Internet Protocol Security) VPN > IPsec The IP Security (IPsec) suite of protocols are designed for cryptographically secure communication at the IP layer. The gateway uses standard IPsec protocol to protect traffic. The identity of communicating users is checked with the user authentication based on pre-shared keys (PSK) or X.509 certificates. The IPsec VPN instance can be started or stopped from the Web UI or by sending an SMS AT+VPN command. See Table 10-26 SMS AT Command Syntax. You can configure a router-to-router VPN connection. To configure an IPsec instance: 1. Go to VPN > IPsec, and click Add. 2. Under router to router, click Add. 3. Enter the VPN configuration details on the General Settings (Table 9-1) and Advanced Settings (Table 9-2) tabs. Parameters Profile Name Proto Type Enable Remote IPsec router Remote Address Remote ID Table 9-1 IPsec General Settings Description Enter the Profile Name to identify the router-to-router IPsec VPN connection. router to router is the only available option. Check to enable the connection. Enter the remote WAN IP Address or domain name of the remote IPsec router server. Enter the remote LAN IP Address and subnet of the remote IPSEC router server for use on the VPN connection. Enter the ID of the remote network as configured on the remote IPsec router server. G520 Series IoT Cellular Gateway User Guide 81

Section	Page
G520 Series IoT Cellular Gateway User Guide	1
Contents	4
List of Figures	11
List of Tables	12
1: About this Guide	16
Purpose	16
Summary of Chapters	16
Additional Documentation	18
2: Introduction	19
Key Features	19
Hardware Variants	19
InfiniShield™ Security	19
Software Features	19
Lantronix Software Services	20
Applications	20
SKU Information	21
Hardware Components	23
General Specification	23
Model-Dependent Features	24
Front Panel	26
Back Panel	27
LEDs	27
Top Panel LEDs	27
Cellular	28
SIM Slots	29
Antenna Connections	29
Certified Antennas	30
Antenna Selection	30
Ethernet Ports (LAN/WAN)	30
RS-232 Serial Port	32
RS-485 Serial Port	32
RS-485 Wiring diagram	33
Input / Output Connections	33
Power Input	34
Power Consumption	34
Reset Button	34
Power over Ethernet (PSE-PoE+)	35
Product Label	35
3: Installation	36
Package Contents	36
User Supplied Items	36
Statement	36
Accessories	37
Add-ons	38
Preparing to Install	38
Enabling DHCP Client on Your Computer	38
SIM Card Management	39
SIM Card Activation	39
SIM Management Portal	39
Second SIM Card	39
Lantronix Connectivity Services Links	39
Physical Installation	40
Insert the SIM Card	40
Connect the Antennas	41
Connect the AC Power	42
Connect the Gateway to a Computer	42
Connect using Wi-Fi	42
Connect using Ethernet	43
Default Configuration	43
Web Admin Page	43
Wireless Access Point SSID	43
Default Interface Configuration	43
4: Web Administration Interface	45
Logging In	46
Change Passwords After Initial Login	47
Logging Out	48
5: Using Lantronix Provisioning Manager	49
Installing Lantronix Provisioning Manager	49
Accessing the G520 Using Lantronix Provisioning Manager	49
6: Quick Setup	50
Quick Setup	50
7: Status	53
Overview	53
System Status	55
Cellular Status	56
Memory Status	57
Network Status	57
Active DHCP and DHCPv6 Leases Status	58
Wireless Status	58
Digital Input/Output Status	59
Dynamic DNS Status	59
MWAN Interfaces Status	59
Firewall Status	59
Routes	60
System Log	62
Kernel Log	62
Processes	62
Realtime Graphs	63
Load	63
Traffic	64
Wireless	64
Connection	65
Load Balancing	67
Interface	67
Detail	67
Diagnostics	67
Troubleshooting	67
8: System	68
System	68
General Settings	68
Logging	69
Time Synchronization	70
Language and Style	71
Administration	71
Router Password	71
SSH Access	71
SSH-Keys	72
Software	72
Configure OPKG	73
Startup	74
Initscripts	74
Local Startup	75
Scheduled Tasks	75
LED Configuration	76
Backup / Flash Firmware	78
Actions	78
Configuration	79
Custom Commands	79
Write Custom Shell Command	79
Run Custom Shell Command	80
Reboot	80
Schedule a Reboot	80
9: VPN	81
IPsec (Internet Protocol Security)	81
OpenVPN	85
OpenVPN Instances	85
Template-based Configuration	87
Predefined templates	87
Edit the template-based configuration	87
OpenVPN Configuration File	87
Edit the OVPN Configuration File	87
10: Services	88
Industrial Protocols	88
Protocol Conversion	88
Data Send Applications	88
Agents	89
DLMS Client	89
DOTA	91
Lantronix Server	91
Custom Server	91
Dynamic DNS	93
EtherCAT	95
Events	95
External Filesystems	97
GPS	98
Description of NMEA Messages	99
GPGGA Format	100
GPRMC Format	101
GPGSV Format	102
GPGSA Format	103
GPVTG Format	104
IEC 101 to 104	105
Keepalived	107
Keepalived Configuration	107
Last Gasp	110
Logs Information	111
Modbus Master	111
Serial Transmission Mode	111
Ethernet Transmission Mode	111
Modbus Master Configuration	112
Data Window	113
Modbus Download	113
Modbus RTU to DNP3	113
Configure DNP3 Outstation for Modbus RTU to DNP3 conversion	113
Modbus Master Configuration File for DNP3 Outstation	114
Sample CSV with DNP3 Parameters	114
Page Selector	115
Reporting Agent	115
Sending Data	117
Data Format	117
Service Actions	118
SMS	119
SMS Configuration	119
SMS AT Commands	119
Ethernet SMS	122
Live Message	123
SNMPD	124
SNMP Architecture	124
SNMP Versions	124
SNMP Configuration	125
Agent Behavior	125
View-based Access Control Model (VACM)	125
SNMPv3 with User-based Security Model (USM)	126
System Information and Monitoring	126
Active Monitoring	126
Configure SNMPv1 or SNMPv2	127
Configure SNMPv3 with USM	127
SNMPTRAPD	134
SNMP-TRAP Configuration	134
uHTTPd	137
Web Server Configuration	137
Self-Signed SSL Certificate Parameters	139
11: Network	140
Interfaces	140
Interfaces Overview	140
Interface Status	142
Interface Protocols	143
Protocol Descriptions	144
Static Address	144
DHCP Client	146
DHCPv6 Client	148
PPPoE	149
QMI Cellular	150
CELLULAR Interface	152
LAN Interface	153
DHCP Server	153
WAN and WAN6 Interface	155
WWAN and WWAN6 Interface	157
Add Virtual Interface	158
Relay Bridge	160
Wireless	161
Wireless Network Configuration	162
DHCP and DNS	165
General Settings	165
Resolv and Host Files	166
TFTP Settings	166
Advanced Settings	167
Static Leases	168
Hostnames	169
Static Routes	169
Static IPv4 Routes	169
Static IPv6 Routes	170
Diagnostics	172
Firewall	173
General Settings	173
Firewall Global Settings	173
Firewall Zones	174
Port Forwards	175
Add Port Forwarding Rule	176
Traffic Rules	177
Add Traffic Rule	178
Custom Rules	179
QoS	180
Load Balancing	182
How it works	182
Globals	182
Interfaces	183
Members	185
Policies	186
Rules	188
Notification	189
12: Bluetooth	190
Bluetooth Settings	190
Configure Bluetooth settings	190
Scan for and Pair a Device	190
Bluetooth SPP	191
Configure Bluetooth SPP Connection	192
Configure Tunnel SPP Slave	192
Configure Tunnel SPP Master	192
13: ConsoleFlow	194
Client	194
ConsoleFlow Line	195
14: Discovery	197
Query Port	197
15: Serial	198
Serial Line Statistics	198
Serial Line Configuration	198
16: SSL	200
Credentials	200
Trusted Authorities	201
17: Tunnel	203
Tunnel Statistics	203
Tunnel Modbus RTU to Modbus TCP	203
Tunnel Accept	204
Tunnel Connect	207
Hosts	208
Connecting Multiple Hosts	210
Tunnel Disconnect	210
A: Compliance Information	211
FCC Statement	212
Federal Communication Commission Interference Statement	212
ISED Statement	213
EU Declaration of Conformity	214
EU Statements	215
B: Power Cable Schematic	221
Power Cable Schematic	221
C: List of Acronyms and Protocols	222

Match case Limit results 1 per page

G520 Series IoT Cellular Gateway User Guide

VPN

A Virtual Private Network (VPN) tunnel carries traffic of a private network from one endpoint

system to another over a public network such as the Internet. The traffic of a private network so

carried over a public network does not know about the existence of the intermediate hops between

the two endpoints. Similarly, the intermediate hops are also not aware that they are carrying the

network packets that are traversing the tunnel. The tunnel may optionally compress and/or encrypt

the data, providing enhanced performance and some measure of security.

Note:

The G520 series gateways support additional tunneling protocols. For L2TP,

PPtP, or GRE protocol configuration, see

Interface Protocols

IPsec (Internet Protocol Security)

VPN > IPsec

The IP Security (IPsec) suite of protocols are designed for cryptographically secure

communication at the IP layer. The gateway uses standard IPsec protocol to protect traffic. The

identity of communicating users is checked with the user authentication based on pre-shared keys

(PSK) or X.509 certificates.

The IPsec VPN instance can be started or stopped from the Web UI or by sending an SMS

AT+VPN command. See

Table 10-26 SMS AT Command Syntax

You can configure a router-to-router VPN connection.

To configure an IPsec instance:

Go to VPN > IPsec, and click

Add

Under router to router, click

Add

Enter the VPN configuration details on the General Settings (

Table 9-1

) and Advanced

Settings (

Table 9-2

) tabs.

Table 9-1

IPsec General Settings

Parameters

Description

Profile Name

Enter the Profile Name to identify the router–to-router IPsec VPN

connection.

Proto Type

router to router is the only available option.

Enable

Check to enable the connection.

Remote IPsec router

Enter the remote WAN IP Address or domain name of the remote IPsec

router server.

Remote Address

Enter the remote LAN IP Address and subnet of the remote IPSEC

router server for use on the VPN connection.

Remote ID

Enter the ID of the remote network as configured on the remote IPsec

router server.