How To Set Up A Hyline Truecon Router (For A Family Of People)

HY-LINE truecon Router Manual HY-LINE Systems GmbH Inselkammerstr. 10 82008 Unterhaching systems(at)hy-line.de www.hy-line.de/systems Seite 1

HY-LINE truecon Router Manual Copyright 2014 Manual release R1.9.2 English 16. October 2014 All rights reserved for this documentation. Along with that all photographs and electronic media are the sole property of HY- LINE Systems. Technical Modifications The company HY-LINE Systems reserves the right to make changes to the illustrations and information in this documentation without previous announcement. This documentation was created with utmost care and is regularly revised. In spite of all control measures taken it can not be ruled out that technical inaccuracies and typographical errors might have occurred. All errors known to us are eliminated in the next edition. We are always grateful for information regarding errors in this documentation. Support Our technical support pages are on our website www.hy-line.de. New manuals and data sheets are also available there. FAQ pages are also available on our website. If you have further questions please direct them at systems@hy-line.de Care and Maintenance Only clean the case with a dry towel, do not use water or any other cleaning agents. Never use a spray can or bottle on the device. Safety Never open the router while it s connected to a power outlet. Take the power socket out before opening the case. Danger possibility of electric shock. Recycling WEEE IBM PC, AT, XT is trademark from International Business Machine Corporation. Windows is trademark from Microsoft Corporation. Java is trademark from Oracle Corporation. Linux is trademark from Linus Torvalds. Errors and omissions excepted. Service addresses, deliveries and replacements: HY-LINE Systems GmbH Inselkammerstr. 10 82008 Unterhaching Germany Phone +49 (0)89/ 61450381 Fax +49 (0)89/ 61450385 E-Mail systems@hy-line.de Internet: www.hy-line.de/systems M2M-Router: www.hy-line.de/router HY-LINE Systems GmbH Inselkammerstr. 10 82008 Unterhaching systems(at)hy-line.de www.hy-line.de/systems Seite 2

HY-LINE truecon Router Manual Directory Product description 4 Safety & Regulations 5 Router Variations 7 Operating elements 8 Quick start 9 Software reset (factory defaults ) 10 Configuration - Home 11 Base Settings Identification 14 Network 16 Date & Time 18 Connection Settings Phone Settings 19 Internet Settings 20 Dial-In / Call back 22 E-Mail 24 I/O-Settings Input / Output 26 Firewall 28 NAT 29 Services Status 32 DHCP/DNS Server 33 Advanced SShd _ 42 Syslogd 43 FTP Server 43 UDP-Broadcast 44 Webserver 45 VPN 47 VPN-PPTP Server 48 VPN-PPTP Client 49 VPN-OpenVPN Server 53 VPN-OpenVPN Client 56 VPN-IPsec 57 Command line interface 63 System settings / Update 66 Logging 67 Network tracer 68 User Management 70 Technical specifications 71 with integr. Switch 72 Dimensions 73 Analog modem country code 74 DynDNS 34 InetWD + Redundancy 35 NTPd 39 Ser2TCP 40 SNMP 41 HY-LINE Systems GmbH Inselkammerstr. 10 82008 Unterhaching systems(at)hy-line.de www.hy-line.de/systems Seite 3

Product description M2M Industrial Router with modem, VPN and Firewall The M2M-Industrial router is a simple, secure and global communications solution that will connect you to your systems and machines where ever you are! Connections to your systems and machines are made through the integrated firewall, VPN and automated call center. The compact design, with standard European Top Hat Rail connection for easy mounting, as well as the possibility to establish all connections (Analog, ISDN, GSM/GPRS/UMTS, LTE, DSL) in one device, are what make this the leading industrial router on the market. The router has an RS232 port as well as the standard Ethernet connection. On the protocol side the router is capable of SNMP, DynDNS, NTP and DHCP. Configurable alarms can be sent via E-Mail. The digital inputs and outputs offer additional control and alarm possibilities. Every router has an internal HTML web server with complete configuration software. Access, configuration and maintenance are easy and secure with a standard web browser. Installation of 3 rd party software is not necessary or recommended. Order-numbers: see current productlist HY-Lstems GmbH Inselkammerstr. 10 82008 Unterhaching systems(at)hy-line.de www.hy-line.de/systems Seite 4 HY-LINE Systems GmbH Inselkammerstr. 10 82008 Unterhaching systems@hy-line.de www.hy-line.de/systems Seite 4

Qualification of personnel This manual is only for trained personnel familiar with the applicable norms and standards. The specialist must have read and understood this documentation and follow the instructions. Safety regulations The responsible staff must ensure that the application or use of the product described fulfill all safety requirements, including any applicable laws, regulations, guidelines and rules. Delivered The product is delivered according to the application and internal modem in particular hardware and firmware configurations. Changes to hardware or software configurations which are not described in this manual are not allowed and nullify the liability of the HY-LINE Systems GmbH The product is made according to current state of the art technical and reliable in operation and left the factory in safety condition state. To maintain this condition over the period of operation, the information in the manual and applicable product change notification should take care of. Obligation of diligence The operator must ensure that The product is used as intended. the product is operated working condition. Only suitably qualified and authorized personnel operate the product. the personnel is instructed regularly about relevant occupational safety and environmental protection, as well as the manual and especially the safety notes contained herein. The operator must strictly observe the applicable national regulations concerning operation, functional testing, repair and maintenance of electronic equipment note. Intended Use The product is only allowed to use within the specified information from this document and documents referred to. The product must not be used for the following purposes and under these conditions or operated: control of machines and equipment that are not of the Directive 2006/42/EC and Directive 2004/108/EC (EMC - Directive). It is recommended to use the following power supply with the HY-LINE router because all EMC tests were performed with this power supply: - HAP-RUx - UMTS Router Versionen: 12W AC adapter Minwa MC120D050 with ferrite Würth 74270077 - all other router versions: Power supply PHI-CON: PS18A120 12W AC adapter Minwa MC120D050 with ferrite Würth 74270077 Read carefully this documentation before installation and commissioning. Incorrect handling of the product may result in personal injury or property damage. Technical Limits The product is for use only within the specified limits which are in the data sheets determined. Following limiting values are set: The ambient temperature must not be exceeded or below. The specified supply voltage must not be exceeded or below. Humidity must not be exceeded, and condensation should be avoided. The maximum switching voltage, and maximum switching current must not be exceeded. The maximum input voltage, and the maximum input current must not be exceeded. HY-Lstems GmbH Inselkammerstr. 10 82008 Unterhaching systems(at)hy-line.de www.hy-line.de/systems Seite 5 HY-LINE Systems GmbH Inselkammerstr. 10 82008 Unterhaching systems@hy-line.de www.hy-line.de/systems Seite 5

Warranty provision The product is maintenance free. Opening the case will void the warranty. Repairs should be performed only by authorized personnel. An improper use, disregarding of this documentation, the use of insufficiently qualified personnel as well as unauthorized changes exclude the liability of the manufacturer for any resulting damage. Notes for transport and storage Please avoid environmental conditions for storage like: mechanical stress, temperature, moisture, corrosive atmospheres. The product is packaged so that it is protected against shocks during transport and storage. Please check the product for possible damage that might be caused by improper transport or improper handling before installation. Electrical installation safety Installation must be in accordance with appropriate tools and documentation. The assembly of the product may only occur with switched off power supply. When wiring the cabinet must be secured against being switched on again. National accident prevention regulations must be observed. The electrical installation is in accordance with national regulations done (wire colors, cross sections, fuses, PE connection, etc.) Electrical work must made by authorized personnel. Observe the electrical connection information in the documentation, otherwise the electrical protection can be affected. Disposal The product in its delivery consists of different materials: The individual components must be disposed of properly. All components of the delivery can be returned to HY-LINE system for proper disposal. Transport costs will be paid by the sender. Delivery The scope of supply for the HY-LINE router includes the accessories listed below. Please check that all accessories are included in the box. If anything is missing or damaged, please contact your distributor. 1 HY-LINE router (basic types) 1 Quick Installation Guide 1 GSM antenna with magnetic base (optional for different Router package versions) Further documents for the HY-LINE routers are available at: www.hy-line.de/router Licences The software included in this product contains copyrighted software that is licensed under the GPL or other Free Licenses. You may obtain the complete corresponding source code from us at cost price for a period of three years after our last shipment of this product. Please contact under topic: 'Source code for truecon router': HY-LINE Systems GmbH, Inselkammerstr. 10, 82008 Unterhaching, Germany. E-Mail: systems@hy-line.de This offer is valid to anyone in receipt of this information. HY-Lstems GmbH Inselkammerstr. 10 82008 Unterhaching systems(at)hy-line.de www.hy-line.de/systems Seite 6 HY-LINE Systems GmbH Inselkammerstr. 10 82008 Unterhaching systems@hy-line.de www.hy-line.de/systems Seite 6

HY-LINE Router product variations Analog: HAP-RA with integr. Switch (4x LAN): HAP-RAS ISDN: HAP-Ri with integr. Switch (4x LAN): HAP-RiS UMTS : HAP-RU with integr. Switch (4x LAN): HAP-RUS DSL : HAP-RDS / HAP-RDSH with integr. Switch (4x LAN): HAP-R without integr. Modem with integr. Switch (4x LAN): HAP-RS LTE : HAP-RL with integr. Switch (4x LAN): HAP-RLS HY-Lstems GmbH Inselkammerstr. 10 82008 Unterhaching systems(at)hy-line.de www.hy-line.de/systems Seite 7 HY-LINE Systems GmbH Inselkammerstr. 10 82008 Unterhaching systems@hy-line.de www.hy-line.de/systems Seite 7

Operating elements HAP-R HAP-RI HAP-RA HAP-RG HAP-RU HAP-RL HAP-RS HAP-RIS HAP-RAS HAP-RGS HAP-RUS HAP-RLS integr. 4-port Switch HAP-RDS integr. 4-port Switch SIM-Card Slot Power (10-30VDC) Digital I/Os (Screw terminal, removable) Antenna 2 - SMA: GSM/UMTS (optional) Antenna 1 - FME: GSM/UMTS Serial RS232 SUB-D 9 PIN ISDN/DSL RJ45 Analog RJ11 Network RJ45 Mounting: Din Rail Mount -> For better shielding (EMC reason) please connect antenna connector (1 and 2) with connector PE. Connector layout: Router Version Connector ISDN/DSL Connector Analog LTE/UMTS/GPRS - HAP-RU/RUS Not used Not used DSL - HAP-RDS used (Pin 4/5 DSL A/B) Not used Analog - HAP-RA/RAS Not used used (Pin 3/4 TX/RX) used ISDN - HAP-RI/RIS (Pin 3/4/5/6 TX+/TX-/RX+/RX-) Not used Without internal modem - HAP-R/RS Not used Not used HY-Lstems GmbH Inselkammerstr. 10 82008 Unterhaching systems(at)hy-line.de www.hy-line.de/systems Seite 8 HY-LINE Systems GmbH Inselkammerstr. 10 82008 Unterhaching systems@hy-line.de www.hy-line.de/systems Seite 8

Quick start Access to the router through a web browser: http://192.168.101.222/ or https://192.168.101.222/ Administration access: login: manager password: changemetoo (Password can be changed through this account) Visitors access: login: user password: changeme (Password can only be changed through the administrators account) Access to the router through SSH-Secure Shell (TCP/IP): login: root password: changemetoo Settings SSH (TCP/IP): Host-Name or IP-Address: Router-IP Port: 22 Note: After first time power-up the router initializes his SSH-Keys. This process takes about 15 minutes after that the router will be reachable through SSH. Access to router over serial: login: root password: changemetoo Settings for serial connection: 38.400 bps // 8 bits // no parity // 1 Stop bits // no flow control IP-Address changes over SSH or serial console zero modem cable): Login over SSH or serial as described above, Execute the following commands: a. ip address xxx.xxx.xxx.xxx netmask xxx.xxx.xxx.xxx device eth0 b. commit ch c. write disk Installation of the SIM card with a GSM/GPRS/UMTS/LTE-Router: Insert the SIM-Card inside the SIM-card holder with the Chip side (gold) pointing to the printed side of the router case. The SIM card must snap in the SIM card holder. Internet watchdog service: Don t enable this service until router is ready to access internet connections Download Router Handbook & Firmware: www.hy-line.de/router Firmware update: Please contact our support team: systems@hy-line.de Attention: Do not install system.conf files from older firmware version to newer firmware versions or vice versa. HY-Lstems GmbH Inselkammerstr. 10 82008 Unterhaching systems(at)hy-line.de www.hy-line.de/systems Seite 9 HY-LINE Systems GmbH Inselkammerstr. 10 82008 Unterhaching systems@hy-line.de www.hy-line.de/systems Seite 9

Software reset Factory default for all settings 1. Disconnect power from the router 2. Set Jumper 3 (see picture) to on position 3. Power up router, wait for flashing LEDs (approx. 2 Min.) 4. Disconnect power from the router 5. Set Jumper 3 (see picture) to off position 6. Power up router, factory default set Important: Power down Router before changing the jumper positions! HY-LINE Systems GmbH Inselkammerstr. 10 82008 Unterhaching systems(at)hy-line.de www.hy-line.de/systems Seite 10

Configuration - Home: The start page holds a general oversight of the router; Firmware version, System updates, serial number, modem type, band type, gsm signal strength, router uptime, PPP-Data Counter (max. 2GB) as well as the status of the digital inputs and outputs HY-LINE Systems GmbH Inselkammerstr. 10 82008 Unterhaching systems(at)hy-line.de www.hy-line.de/systems Seite 11

Configuration - Home: Internal modem 1: analog, isdn, gsm, umts, dsl, lte, none (without modem) Signal strength: Error Bad Low Good Very good Active band: no signal, check antenna and/or SIM-Card and SIM-PIN -113... -112 dbm -111... 90 dbm - 89... 56 dbm > -55 dbm lte Umts / WCDMA2100 gsm1800 (gprs-1800 MHz Band) gsm900 (gprs-900 MHz Band) no service (no signal, check antenna and/or SIM-Card and SIM-PIN) Connectivity status: While the router is online it will show the assigned IP address form the service provider (WAN interface). In Online mode you will see the status of the internet connection: WAN Traffic Counter: Traffic counter Internet und PPP-Traffic, max. 2.147.483.648 Bytes Reset-Taste: Reset traffic counter HY-LINE Systems GmbH Inselkammerstr. 10 82008 Unterhaching systems(at)hy-line.de www.hy-line.de/systems Seite 12

Konfiguration - Home: DNS Servers: active DNS server Default Gateway: active gateway (further information on page 16 LAN settings) Internet Connectivity: Pressing the button send a ping to a host or ip-address configured in../services/inetwd. On demand router will be triggered to establish an internet connection Refresh-button: resend ping Home-button: back to home menu Reboot-button: Router (software) reboot Redundancy mode: On/Off Active/Inactive HY-LINE Systems GmbH Inselkammerstr. 10 82008 Unterhaching systems(at)hy-line.de www.hy-line.de/systems Seite 13

Base Settings - Identification: Router name: Location: Manager: Name of router, max. 35 letters characters, name is attached to send E-Mails Location of the router (for informational purposes only) E-Mail Address of the system manager (Recipient of the dynamic IP address, once the router is connected to the internet) HY-LINE Systems GmbH Inselkammerstr. 10 82008 Unterhaching systems(at)hy-line.de www.hy-line.de/systems Seite 14

Base Settings - Network: HY-LINE Systems GmbH Inselkammerstr. 10 82008 Unterhaching systems(at)hy-line.de www.hy-line.de/systems Seite 15

Base Settings - Network: Configure LAN network parameter. Interfaces are: eth0, eth0:1 und eth0:2. The :x are virtual interfaces mapped to eth0. With this settings it is possible to have more then one subnet on the physical interface of the router. Subnets on the ethernet interface of the router are not isolated against each other. LAN 0 LAN 2: Local IP-Adresse / Network mask: Parameter for each individual interface (Multirouting) Systemwide Network Settings: DNS Server: Gateway: Activate network changes: Network DNS Server Address (Default is public DNS Server from Arcor) Network Gateway Address check to enable settings after pressing SAVE button immediately Configuration Multi-LAN: - DHCP works only with interface LAN2 (eth0:2) - DHCP Client receives IP address, subnet mask, DNS server and default gateway. External gateway for data communications (Router: no internal modem or not active) - Service: Deactivate Internet-Dial-Up in Service menu../services/ - Apply following settings if HY-LINE Router is using an external gateway on WAN side DHCP-Server inactive in external gateway subnet (WAN): LAN 0: Network/subnet Gateway side (WAN) LAN 2: Network/subnet HY-LINE Router Gateway (systemwide): Network/Subnet Gateway side (WAN) DHCP-Server active in ext. gateway subnet: LAN 0: Network/subnet HY-LINE Router LAN 2: Network/subnet Gateway side (WAN - DHCP active) Gateway (systemwide): Network/subnet Gateway side (WAN) HY-LINE Systems GmbH Inselkammerstr. 10 82008 Unterhaching systems(at)hy-line.de www.hy-line.de/systems Seite 16

Base Settings - Network: continue: external gateway for data communications Allow: In- and outgoing data traffic over external WAN gateway Service Menu Firewall: Masquerade srcnet: Source net: activate to allow TCP/IP packets to send over standard gateway (no modem gateway) network ip-mask of outgoing traffic Example: 172.1.2.0/8-255.0.0.0 172.1.0.0/16-255.255.0.0 172.0.0.0/24-255..255.255.0 Ipv4 network adresses and netmasks (Source: Wikipedia: http://de.wikipedia.org/wiki/netzmaske) Example: HY-LINE Systems GmbH Inselkammerstr. 10 82008 Unterhaching systems(at)hy-line.de www.hy-line.de/systems Seite 17

Base Settings - Date & Time: Date, Time: Timezone: Date and time of the router Timezone in which the router is (Please be aware that the summer and winter time will be automatically switched only in Germany. Settings: Berlin) Time-Server: Manual apply: Time server, standard: ptbtime1.ptb.de: ptbtime1.ptb.de for manual adjustment of the time and date Network sync.: Time and date will be synchronized after pressing SAVE over the internet (The router will dial in to the internet) HY-LINE Systems GmbH Inselkammerstr. 10 82008 Unterhaching systems(at)hy-line.de www.hy-line.de/systems Seite 18

Connectivity Settings Modem Settings: MSN/Mobile number: Telephone number of the router: only important when it is an ISDN connection: the MSN must be included here. Die MSN (Multiple subscriber Number) is either the dialling number without area code or only the extension number. This is dependent on the setup of the telephone system. GSM band: Set GSM Band manually. Option: 0=auto; 5=gprs; 8=umts; 9=lte SIM-PIN: PIN: PIN verify: Enable PIN is only for use with a SIM card in order to log in to the network -> do not enable for use with analog or ISDN connections! PIN number of the GSM/GPRS SIM card Re-enter the SIMS PIN number HY-LINE Systems GmbH Inselkammerstr. 10 82008 Unterhaching systems(at)hy-line.de www.hy-line.de/systems Seite 19

Connectivity Settings Internet Settings: HY-LINE Systems GmbH Inselkammerstr. 10 82008 Unterhaching systems(at)hy-line.de www.hy-line.de/systems Seite 20

Connectivity Settings Internet Settings: Internet Service: Choose an ISP in order to enable Call-by-Call option LTE-UMTS-GPRS: default TELEKOM Analog-ISDN 1: default Arcor Analog-ISDN 2: default Freenet Analog-ISDN 3: default T-Online Analog-ISDN 4: default Schweiz DSL PPPoE external modem/gateway for data connections (Router: no internal modem or inactive) - PPPoE activation: Connectivity Settings\Internet Settings\Internet Service: choose DSL - Connect external PPPoE modem to any Router ethernet port of HY-LINE router - PPPoE with external modem can t be used with HY-LINE Router with internal DSL modem APN / Phone number: APN for LTE/UMTS/GPRS Telephone number of the ISPs Call-by-Call center (2 seconds for every comma, i.e. 0,,0625112345) Username: Username for internet service Password: Password for internet service -> Username and password fields mus t be blank. If no data is required by ISP, leave fields at default settings. Password verify: Timeout: IP reporting mode: Re-enter password for internet service Time till router hangs up an connection to the Internet due to lack of traffic. No function if router is set to mode: always online After Internet login: DynDNS activated and/or dynamic IP address of the router sent per email Network time sync (further settings in service men:../services/ntpd): - Once (RFC868): Time sync one time after online connection - NTP (RF1305): permanent time sync after RFC1305 Network connection mode: Internet dial-up: - On-Demand: connects only when needed, timeout active - Always online: permanent online connection (InetWD Service should be activated) Use peer DNS: DNS server is set from provider (recommended) HY-LINE Systems GmbH Inselkammerstr. 10 82008 Unterhaching systems(at)hy-line.de www.hy-line.de/systems Seite 21

Connectivity Settings Dial-In / Call Back: PPP-Dial Dial-In: ISDN/Analog/GSM-PPP-Dial-In: the router will pick up after the number of rings and will build the PPP connection. Please wait 30 seconds after cutting the connection in order to build another connection. Internet by call/ Ringing function: Calling the M2M router from any phone line (don t wait until the router connect the line!) activates the router to log in to the internet. HY-LINE Systems GmbH Inselkammerstr. 10 82008 Unterhaching systems(at)hy-line.de www.hy-line.de/systems Seite 22

Continue: Connectivity Settings Dial-In / Call Back: Port Speed: with bad analog lines (usually overseas) the routers communication speed can be set down for more stable phone lines Dial-In Server/Client IP: IP addresses of the PPP tunnel should be within the same subnet as the gateway (M2M router IP address). Advantage: The router IP address doesn t have to be inputted in to the devices gateway address. Configuring Direct Connection to M2M Router over PPP: There is one PPP-User on the router is a permanent account with user name pppuser. This account is not displayed in the User Management. Additional PPP-Users can be added as system user. PPP-Dial-In: -User name: pppuser (can not be changed) -Password: M2MLogin -DFÜ-Client settings: Windows default settings Important: Please make sure that there are no user names registered with the name pppuser in User Management. If there are delete them. Configuration of Call-by-Call access for ISDN / Analog telephone lines No login needed, costs are over the standard telephone bill. Call costs can be found at the website of your provider. ARCOR User: arcor-ibc Password: internet Tel-no.: 0192075 Arcor-DNS: 145.253.2.11 ARCOR User: arcor Password: internet Tel-no.: 00493412004937 Arcor-DNS: 145.253.2.11 MSN (Microsoft Network) User: msn@easysurfer-eco.de Password: msn Tel-no: 0193670 MSN-DNS: 145.253.2.11 FREENET User: gast Password: internet Tel-no: 019231770 Freenet-DNS: 62.104.191.241 Configuration of Call-by-Call access for ISDN / Analog telephone lines -WORLDWIDE-: No login needed, costs are over the standard telephone bill. Call costs can be found at the website of your provider. Configuration for access to GPRS/UMTS/LTE modem connections with APN: T-MOBILE T-D1 settings with standard APN: Number or APN: internet.t-d1.de User: t-d1 Password: t-d1 HY-LINE Systems GmbH Inselkammerstr. 10 82008 Unterhaching systems(at)hy-line.de www.hy-line.de/systems Seite 23

E-Mail: HY-LINE Systems GmbH Inselkammerstr. 10 82008 Unterhaching systems(at)hy-line.de www.hy-line.de/systems Seite 24

E-Mail: E-Mail address: E-Mail address of the system managers, it can also be set to administrator, in which case copies of all E-Mails would be sent there. SMTP-Server: Address of the SMTP server for the sending of E-Mails (supports DNS addresses as well as IP addresses). Rewrite sender domain: If enabled rewrites the sender domain for outgoing E-Mails. Sender domain: Sender domain for outgoing E-Mails. ESMTP authentication: Whether to use ESTMP Auth for outgoing E-Mails E-Mail address 1-3: E-Mail recipients 1-3 HY-LINE Systems GmbH Inselkammerstr. 10 82008 Unterhaching systems(at)hy-line.de www.hy-line.de/systems Seite 25

I/O-Settings Digital Input / Output: Activate: If checked the I/O port is monitored for input data Signal action: - System reboot: Restart (Softreset) - Internet dial-in: Dial in to the internet - Alarm send E-Mail: Sends an E-Mail with message text to recipient 1-3 - Alarm once (high) send Mail: Sends an E-Mail with message text to recipient 1-3 and system manager after power up the router. The E-Mail is send only if Digital Input 1 is high immediately after power-up the router. In normal use Digital Input 1 can t be triggered - Run user defined script 1/2: Run user defined scripts on Linux. Predefined scripts can be found on../user/sbin with name user1.sh and user2.sh Please set user rights to execute on both scripts after edit HY-LINE Systems GmbH Inselkammerstr. 10 82008 Unterhaching systems(at)hy-line.de www.hy-line.de/systems Seite 26

I/O-Settings Digital Input / Output: Activate: If checked the I/O port is used for data output Map digital output: DigEin1, DigEin2 or Online state is mapped to digital output Turn On / Turn off: manual on and off control of the digital output Technical data Digital I/Os: For EMC reason it is recommended to use a ferrite core, if data lines are longer then 3m. (ferrite core Würth 74270090 with two coils) Thisonly belongs to UMTS router version. Digital Input 1 / 2: Triggering from high to low signal change; Potential-free inputs: Factory default setting, Signal action by simple shortcut (self powered) Active input: Switching voltage: apply max. 24VDC/ min. 5mA DIP-Switch1: configures DigIn1, see picture; DIP-Switch2: configures DigIn2, see picture The jumper position in the picture shows configuration for potential free inputs, factory default. Please switch of router before making any changes to the jumper. The router must be voltage free all the time you set jumper on the router. The router case must not b opened! Digital output: Open Collector: Output voltage 12-30VDC (active) / max. 100mA. The output voltage is similar to the power supply voltage applied to the router. DIP-Schalter 1: Digital In 1 DIP-Schalter 2: Digital In 2 Jumper Block 3/4: DIP-Schalter 3: Reset DIP-Schalter 4: ohne Funktion HY-LINE Systems GmbH Inselkammerstr. 10 82008 Unterhaching systems(at)hy-line.de www.hy-line.de/systems Seite 27

Firewall: HY-LINE Systems GmbH Inselkammerstr. 10 82008 Unterhaching systems(at)hy-line.de www.hy-line.de/systems Seite 28

Fortsetz.: Firewall: The firewall configuration allows the opening and closing of specific services from the internet to the router (arrows left) and from the router to the internet (arrows right). Continue: Firewall: Three standard profiles are available: - Default Standard, applicable for most uses - Custom Custom profile defined by user, must be set for user configuration - Minimum High security Commit rules: Commit the changes immediately to the firewall configuration when saving Masquerading: Set S-NAT routing options: if activated all data packets will be changed coming from the WAN interface to the local ethernet (eth0) router interface. The router will exchange the public ip for forwarded packets with his own local ip address. This will be used to access devices on the router lan subnet without having set a gateway address in this devices. Outgoing traffic over standard gateway (HY-LINE Router LAN -> externe Gateway) : Masquerade srcnet: Source net: activate to allow TCP/IP packets to send over standard gateway (no modem gateway) network ip-mask of outgoing traffic Example: 172.1.2.0/8-255.0.0.0 172.1.0.0/16-255.255.0.0 172.0.0.0/24-255..255.255.0 Proxy-ARP: Proxy-ARP function is enabled by default. Change configuration via Linux Shell in file:../etc/amsel/systems.conf ProxyArp active: "echo 1 > /proc/sys/net/ipv4/conf/eth0/proxy_arp"; ProxyArp inactive: "echo 0 > /proc/sys/net/ipv4/conf/eth0/proxy_arp"; HY-LINE Systems GmbH Inselkammerstr. 10 82008 Unterhaching systems(at)hy-line.de www.hy-line.de/systems Seite 29

NAT (Network Address Translation) NAT (Network Address Translation) is a network procedure where an IP-Address in a data pack is changed in to another. This is usually done to support private IP addresses on to public networks such as the internet. The ports are also translated in the same sense but through a system called PAT (Port Address Translation). Configuration The NAT configuration in the router can be configured through a serial connection over SSH or via the web interface. A maximum of 150 NAT rules can be configured. Following Ports shouldn t be changed: List of unchangeable ports Service Protocoll Port File Transfer Protocol (FTP) TCP 21 SSH Remote Login Protocol (ex. pcanywhere) UDP 22 Telnet TCP 23 Simple Mail Transfer Protocol (SMTP) TCP 25 Domain Name Server (DNS) UDP 53 WWW Server (HTTP) TCP 80 HTTPS TCP 443 Post Office Protocol ver.3 (POP3) TCP 110 Network News Transfer Protocol (NNTP) TCP 119 Point-to-Point Tunnelling Protocol (PPTP) TCP 1723 pcanywheredata TCP 5631 pcanywherestat UDP 5632 WinVNC TCP 5900 HY-LINE Systems GmbH Inselkammerstr. 10 82008 Unterhaching systems(at)hy-line.de www.hy-line.de/systems Seite 30

Konfiguration via webinterface: Protocol Type: Forwarded Port: Dest. Address: Protocol TCP or UDP Incoming port IP-Address of device the packet is send to Dest. Port: Port of device the packet is send to Iface: Interface active for NAT rules: any=all Interfaces; eth0=lan0/1/2; ppp0=wan/internet; tun0=vpn-tunnel -> Several NAT rules are AND connected Commit rules: Immediately activate NAT rules after pressing save button (no restart required) HY-LINE Systems GmbH Inselkammerstr. 10 82008 Unterhaching systems(at)hy-line.de www.hy-line.de/systems Seite 31

Services - Status: The service menu allows to stop, start and pause the services. HY-LINE Systems GmbH Inselkammerstr. 10 82008 Unterhaching systems(at)hy-line.de www.hy-line.de/systems Seite 32

Services - DHCP/DNS Server: HY-LINE Systems GmbH Inselkammerstr. 10 82008 Unterhaching systems(at)hy-line.de www.hy-line.de/systems Seite 33

Services - DynDNS: DynDNS Service Provider: Choose your provider for the DynDNS server. Username: DynDNS account name Password: DynDNS password Password verify: Re-Enter DynDNS password Host alias: DynDNS Hostname Activate DynDNS Service Modemmode: Activate DynDNS service in../connectivity Settings/Internet Settings/ -> IP-Reporting mode! Gateway mode: Activate DynDNS service in Service Menu HY-LINE Systems GmbH Inselkammerstr. 10 82008 Unterhaching systems(at)hy-line.de www.hy-line.de/systems Seite 34

Services - Inetwd + Redundancy: Function: Internet Watchdog (Inetwd): The internet watchdog checks periodically via ping (icmp protocol) the correct access to an ip address or host name on the internet or intranet. If the ip address is not reachable the router will be restart. Important: this function will cause traffic also if there is no other communication over the router Destination host: IP-Address or host name - Layout: www.name.extension Maximum retries: Number of ping trials before router restart Interval: Interval in seconds für ping request Important: Do not activate this service until the router is ready to access the internet. If the service is activated and there is e.g. no sim card installed, the router will reboot every 600seconds by default. Send mail before reboot: before reboot the router sends an email to the system manager HY-LINE Systems GmbH Inselkammerstr. 10 82008 Unterhaching systems(at)hy-line.de www.hy-line.de/systems Seite 35

Function: Redundancy communication a) LAN-Gateway (DHCP) UMTS / PPPoE (intern DSL or external modem) The router is online only on the currently active connection. The primary active communication (after router reboot) is always LAN gateway (DHCP). Once the primary, active communication has failed, the communication is automatically enabled on the redundant communication (UMTS / PPPoE) without a reboot. This function is done by the service InetWD. The active communication is then UMTS / PPPoE. After switching to redundancy mode the router sent an email containing a (definable) information. Switch to the primary communication is done manually through the router web interface, just a reboot or restart of the router (via internet or intranet). b) LAN-Gateway (no DHCP) LAN-Gateway (no DHCP) Function like described in a.) Voraussetzung: es darf kein DHCP Client bei den LAN Einstellungen im Router aktiviert sein, alle LAN-Parameter müssen manuell eingegeben werden. Das Umschalten auf den primären Kommunikationsweg/ Gateway erfolgt manuell über die Router Weboberfläche durch einen Reboot/ Neustart des Routers (übers Internet oder Intranet). Das Umschalten des aktiven Gateways nach erfolglosem Ping des InetWD automatisch auf das redundanten Gateway. Hinweis: Das redundante Gateway wird vom User in den InetWD Dienst eingetragen, dies kann nicht über die Weboberfläche gemacht werden. DHCP must be disabled in the router LAN configuration. All LAN parameters must be entered manually. Switching to the primary communication / Gateway is done manually via the web interface through a router reboot / restart the router (via internet or intranet). Switching to redundancy gateway mode is done after an unsuccessful ping from the InetWD service. HY-LINE Systems GmbH Inselkammerstr. 10 82008 Unterhaching systems(at)hy-line.de www.hy-line.de/systems Seite 36

Continued.: Services - Redundancy Configuration: LAN-Gateway > UMTS/Gateway Fallback Enable redundancy: Fallback gateway: Redundancy mode: mode or LAN gateway LAN fallback gateway Status Mail modem r.: Send mail with redundancy status Mail Message: Mail text Example hot to configure redundancy: - Redundancy activate (modem oder fallback), angeben - Service Menu: - Internet dial in: Always online - Internet-Dial-Up Service deactivate - Internet Watchdog Service aactivate (InetWD) HY-LINE Systems GmbH Inselkammerstr. 10 82008 Unterhaching systems(at)hy-line.de www.hy-line.de/systems Seite 37

Continued.: Redundancy configuration Configuration LAN-Gateway: see chapter: LAN settings Configuration Firewall:: see chapter firewall, Masquerading srcnet must be activated! Reboot router! Active redundancy: LAN-Gateway > UMTS Fallback Home Screen shows redundancy settings/mode: If redundncyis activated, home screens shows: After reboot of router the first communication way is active again. HY-LINE Systems GmbH Inselkammerstr. 10 82008 Unterhaching systems(at)hy-line.de www.hy-line.de/systems Seite 38

Services NTPd Timeserver: Protocoll of the timeserver is NTP RFC1305. NTP Timeserver 1/2: IP address or hostname. Timeserver 2 is automatically used if connection to timeserver 1 failed. NTP Server (RFC 1305): Activate the NTP Server Mode for the local network. Any ip device can update their time over the router via NTP. HY-LINE Systems GmbH Inselkammerstr. 10 82008 Unterhaching systems(at)hy-line.de www.hy-line.de/systems Seite 39

Services - Ser2TCP: The Ser2TCP Service is able to stream data from the serial RS232 Router interface to any ip based device over the ethernet network. Further administration under Linux OS is needed. Please contact HY- LINE technical support for assistance. HY-LINE Systems GmbH Inselkammerstr. 10 82008 Unterhaching systems(at)hy-line.de www.hy-line.de/systems Seite 40

Services - SNMP: Please contact HY-LINE technical support to receive the MIB (Management Information Base). HY-LINE Systems GmbH Inselkammerstr. 10 82008 Unterhaching systems(at)hy-line.de www.hy-line.de/systems Seite 41

Services - SSHd: Configuration for access to the router over SSH (Secure Shell TCP/IP Terminal) Secure Shell secured communication over unsecured networks : Secure Shell (SSH) is a program that allows the communication of computers over unsecured networks through a secure means. It closes many security risks, this is done through the encryption of data. Access to the router through SSH-Secure Shell (TCP/IP): Windows Editor, for example: Winscp login: root password: can be set under User Management Settings SSH (TCP/IP): Host-Name or IP-Address: Router-IP Port: 22 Note: First time power-up (after firmware update) the router initializes his SSH-Keys. This process takes about 15 minutes after that the router will be reachable through SSH. HY-LINE Systems GmbH Inselkammerstr. 10 82008 Unterhaching systems(at)hy-line.de www.hy-line.de/systems Seite 42

Services - Syslogd: Configuration of the log files size, number of logs and remote logins. Services - FTP-Server: approx.. 3MB Flash-Memory (persistent, root directory) approx. 8MB RAM-Memory (..\tmp) HY-LINE Systems GmbH Inselkammerstr. 10 82008 Unterhaching systems(at)hy-line.de www.hy-line.de/systems Seite 43

Services - UDP Broadcast Proxy: The UDP-Broadcast function is used for discover ip devices on the HY-LINE Router lan subnet. Incoming tcp-ip packets with configured broadcast port will be send automatically to each device in the router network. Each reply will be send back to the sender from the internet. Destination IP range: Destination the broadcast will be send to (usually the HY-LINE Router lan subnet) Destination Netmask: Subnet of destination network Destination Port: Identification of broadcast function and destination port to send to HY-LINE Systems GmbH Inselkammerstr. 10 82008 Unterhaching systems(at)hy-line.de www.hy-line.de/systems Seite 44

Services - Webserver: Use also Port 80 active: Router is accessible via Port 80 and Port 443 over the internet and intranet Attention: Due to security reason it is recommended to disable Port 80 access from the internet Certificate warning: The HY-LINE Router has a standard https certificate installed (common version). This will cause in a browser alert after trying to access the routers web interface. It is possible to use a customer specific certificate to prevent this. This is not a security issue. HY-LINE Systems GmbH Inselkammerstr. 10 82008 Unterhaching systems(at)hy-line.de www.hy-line.de/systems Seite 45

VPN: A Virtual Private Network (VPN) is a computer network that communicates private data through a big open network such as the internet. Members of the VPN that are logged in can exchange data as if they were part of a private LAN. The meaning private implies that the connection is established much like a local LAN but does not imply that the connection is encrypted. A tunnel is established between Client and Server, this connection is the tunnel but VPN tunnels do not have to be encrypted. Secure VPNs use cryptographic tunnelling protocols to provide the intended confidentiality (blocking snooping and thus Packet sniffing), sender authentication (blocking identity spoofing), and message integrity (blocking message alteration) to achieve privacy. When properly chosen, implemented, and used, such techniques can provide secure communications over unsecured networks. This has been the usually intended purpose for VPN for some years. Secure VPN technologies may also be used to enhance security as a "security overlay" within dedicated networking infrastructures. Secure VPN protocols included in the M2M Router are following: IPsec (IP security) Pre-shared-keys or X.509 certificates PPTP Client and Server (point-to-point tunnelling protocol), Username and password security OpenVPN Client and Server: Certificate authentication, NO username and password possible HY-LINE Systems GmbH Inselkammerstr. 10 82008 Unterhaching systems(at)hy-line.de www.hy-line.de/systems Seite 46

Services - VPN Use IPsec: Use PPTP server: Use PPTP client: Enables IPSec server when connected to the internet aktiviert (Pre-shared key, Zertifikate x.509) Enables PPTP server (Username and password authentication) Enables PPTP Client (Certificate authentication) HY-LINE Systems GmbH Inselkammerstr. 10 82008 Unterhaching systems(at)hy-line.de www.hy-line.de/systems Seite 47

VPN PPTP Server Configuration: Gateway IP / Client IPv4 range: VPN-Tunnel IP-Subnet must be different from HY-LINE Router LAN subnet HY-LINE Systems GmbH Inselkammerstr. 10 82008 Unterhaching systems(at)hy-line.de www.hy-line.de/systems Seite 48

VPN PPTP Client Konfiguration: Server address: IP-address or host name of VPN-PPTP server User name: vpn pptp user name, add/edit in..\advanced\user management Enable network mode: activate routing to remote network (server subnet) Network address: network ip range on server side (for routing), syntax: xxx.xxx.xxx.0 Route netmask: subnet for routing, syntax: 255.255.255.0 Route manuell setzen auf linux shell: -sys sh -ip route add 192.168.3/24 add ppp1 HY-LINE Systems GmbH Inselkammerstr. 10 82008 Unterhaching systems(at)hy-line.de www.hy-line.de/systems Seite 49

VPN-PPTP SERVER Set up connections example M2M Router settings for us a VPN-PPTP-CLIENT: Authentication method: o CHAP or MS-CHAP V2 authentication available o Edit: \\etc\runit\pptp\run (File with extension script) CHAP: name +mppe-40 persist maxfail 0 debug \ -> if CHAP not possible, MS-CHAP V2 is used MS-Chap V2: name +mppe-40 refuse-chap persist maxfail 0 debug \ -> only MS-Chap V2 is used Encryption MPPE: o Edit: \\etc\runit\pptp\run (File with extension script) +mppe-40 +mppe-128 De-activate mppe: remove string (+mppe-40 or +mppe-128) HY-LINE Systems GmbH Inselkammerstr. 10 82008 Unterhaching systems(at)hy-line.de www.hy-line.de/systems Seite 50

Continue: VPN-PPTP SERVER Set up connections example Web interface settings VPN Services: Use PPTP client VPN \ PPTP \ Client : Set PN server Set user name; user must be add in user management, see next page Enable Network Mode, routing is active Network address: subnet on other side of VPN Tunnel, Syntax: x.x.x.0 All other settings like shown in the picture. HY-LINE Systems GmbH Inselkammerstr. 10 82008 Unterhaching systems(at)hy-line.de www.hy-line.de/systems Seite 51

User management: VPN-PPTP Add user via web interface../advanced/user Management: User subsystem: PPP/PPTP User Important: if connectionist not working please change following: o Edit: \etc\ppp\chap-secrets o Change username PPP password to username * password * # PPP t-d1 * t-d1 # PPTP vpn ppp 123 * # PPTP username ppp password * change to username * password * Important: this change must be made every time a new user is added/changed or deleted! HY-LINE Systems GmbH Inselkammerstr. 10 82008 Unterhaching systems(at)hy-line.de www.hy-line.de/systems Seite 52

VPN OpenVPN Server Configuration: Range ip Address: IP-Address range of established OpenVPN tunnels (Format: x.x.x.0) Range ip netmask: IP-Netmask of established OpenVPN tunnels Push route 1-3: IP-Address range, set as route in OpenVPN Client (Format: x.x.x.0) Route 1-3 netmask: IP-Subnet, set as subnet in OpenVPN Client HY-LINE Systems GmbH Inselkammerstr. 10 82008 Unterhaching systems(at)hy-line.de www.hy-line.de/systems Seite 53

VPN OpenVPN Server Configuration: Duplicate cn: allow multiple clients with same common name to connect to router at the same time Authentication: only with certificate, Username and password not possible Encryption: SHA1 - HMAC and BF-CBC (Blowfish - Cyper-Block-Chaining Mode) Default-Keysize: SHA1: 160 bit ; BF-CBC: 128 bit. (not editable) OpenVPN Client: example for use with windows: http://openvpn.net/index.php/open-source/downloads.html HY-LINE Systems GmbH Inselkammerstr. 10 82008 Unterhaching systems(at)hy-line.de www.hy-line.de/systems Seite 54

VPN OpenVPN Server Configuration: EXAMPLE OpenVPN Client Configuration on remote side (e.g. PC-System / Hardware-Router): - Store certificate + keys in HY-LINE Router, Format: > ca.crt > ca.key > client.crt > client.key > server.crt > server.key - Copy certificate + keys on the PC (e.g...\programme\openvpn\config - Configure OpenVPN Client Software Config File (e.g. client.ovpn) Successful connection between HY-LINE Router and Windows PC running OPenVPN.org software client. HY-LINE Systems GmbH Inselkammerstr. 10 82008 Unterhaching systems(at)hy-line.de www.hy-line.de/systems Seite 55

VPN OpenVPN Client configuration: Attention: the router internal clock must be set to correct date and time. Activate OpenVPN Client via Service menu: Server FQHN: openvpn Server IP-Address or Domain-Name Server port: openvpn Server Port Client certificate: Authentication certificate Client key: Keys for Authentication CA certificate: Setup CA-Certificate for authentication in OpenVPN SERVER Menu CA key: Setup CA-Key for authentication in OpenVPN SERVER Menu HY-LINE Systems GmbH Inselkammerstr. 10 82008 Unterhaching systems(at)hy-line.de www.hy-line.de/systems Seite 56

VPN IPsec Server Configuration: VPN-ipsec Preshared Key Network example: Server room Router-IP WAN: 201.202.203.204 Network : 192.168.180.0/24 255.255.255.0 Remote Network (HY-LINE Router) Router-IP WAN: dynamic Router-IP LAN: 192.168.3.254 Network : 192.168.3.0/24 255.255.255.0 ipsec PHASE 1 PARAMETER (management connection) Encryption : 3DES Authentication (Hash) : SHA1 Preshared Key : 12345 Lifetime : 86400 ipsec PHASE 2 PARAMETER (data connection) Security protocol : ESP (nicht AH) Conection Mode : Tunnel Mode (nicht Transport Mode) Encryption : 3DES Authentication (Hash) : SHA1 Perfect Forward Secrecy (pfs-group) : 2 (enabled) DH2: Diffie Hellmann Group 2 ipsec activate: HY-LINE Systems GmbH Inselkammerstr. 10 82008 Unterhaching systems(at)hy-line.de www.hy-line.de/systems Seite 57

VPN IPsec Server Configuration: ipsec configuration: Keep not used values in the default settings (e.g. identifier value, type, etc) ipsec algorithm (encryption/authentication) fill in manually, pay attention to syntax HY-LINE Systems GmbH Inselkammerstr. 10 82008 Unterhaching systems(at)hy-line.de www.hy-line.de/systems Seite 58

VPN IPsec Server Configuration: ipsec Policies (Routing): RECHENZENTRUM Router-IP WAN: 201.202.203.204 Netz : 192.168.180.0/24 255.255.255.0 Remote Netz (HY-LINE Router) Router-IP WAN: dynamisch Router-IP LAN: 192.168.3.254 Netz : 192.168.3.0/24 255.255.255.0 Hier müssen im HY-LINE Router 2 Routen konfiguriert werden, eine für ausgehenden Traffic (out) und eine für eingehenden Traffic (in). ipsec Policies OUT: HY-LINE Systems GmbH Inselkammerstr. 10 82008 Unterhaching systems(at)hy-line.de www.hy-line.de/systems Seite 59

VPN IPsec Server Configuration: ipsec Policies IN: HY-LINE Systems GmbH Inselkammerstr. 10 82008 Unterhaching systems(at)hy-line.de www.hy-line.de/systems Seite 60

VPN IPsec Server Configuration: ipsec Policies summary: Add user: Menu..\Advanced\User Management : User subsystem: VPN ipsec user Username: public IP-address (WAN) of Server room Password: preshared key HY-LINE Systems GmbH Inselkammerstr. 10 82008 Unterhaching systems(at)hy-line.de www.hy-line.de/systems Seite 61

VPN-ipsec certificate connections Base settings: see VPN with preshared Keys. The HY-LINE router is based on x.509 certificates. The router uses 2 files: the certificate file with extension.crt and the private key file with extension: e.g. p12 for pkcs 12 Files. For x.509 certificates in one file you have to split it into two files. For example with the software: XCA. IMPORTANT: The Private Key File must not be protected by a password. (remove with OpenSSL). Use the software XCA to split the certificate in two files(http://xca.hohnstaedt.de/?page_id=3) Remove password in the Public Key File with OpenSSL (http://www.openssl.org/): Start OpenSSL prompt Check if password protected, you won t see any information: pkcs12 -in Name_des_Zertifikats.p12 -info Clear password in the private Key File: pkcs12 -in Name_des_Zertifikats.p12 -info -nodes -nocerts -out Name_des_Zertifikats _neu.pem HY-LINE Systems GmbH Inselkammerstr. 10 82008 Unterhaching systems(at)hy-line.de www.hy-line.de/systems Seite 62

Advanced - System: System management: Advanced command line: Command Line Interface HY-LINE Systems GmbH Inselkammerstr. 10 82008 Unterhaching systems(at)hy-line.de www.hy-line.de/systems Seite 63

Advanced - System: Amcli command line: The amcli is a simple command line interface running on the routers linux system OS. Example commands: -c Execute command and exit -D Dump configuration and exit -d Write configuration and exit -f file Specify configuration file -R file Read commands from file -h Show help -V Verify configuration file and exit -v Be more verbose -g Run in CGI mode -q Quiet mode -i Run init jobs and exit -s Shutdown mode for init -F Forced init (abort on error) -r runlevel Set init runlevel -m Modify configuration data and exit -p Purge nodes HY-LINE Systems GmbH Inselkammerstr. 10 82008 Unterhaching systems(at)hy-line.de www.hy-line.de/systems Seite 64

Amcli command line interface Output for command: ping 192.168.101.222 HY-LINE Systems GmbH Inselkammerstr. 10 82008 Unterhaching systems(at)hy-line.de www.hy-line.de/systems Seite 65

Advanced - System: System management: Reboot system: Router reset (Softreset) System configuration management: Download: loads the current configuration of the router to a file (system.conf) Upload: uploads a system.conf file in to the router, restart required configuration file must be from same firmware version Incremental Update Support: Firmware update without the need for a full firmware download HY-LINE Systems GmbH Inselkammerstr. 10 82008 Unterhaching systems(at)hy-line.de www.hy-line.de/systems Seite 66

Advanced - Logging: System Log: The system log will show details about the routers functions, e.g. dial in the internet, sending mails, using DynDNS, etc. Example of logfile: 09:55:46: Internet dial-up und public ip address: 80.187.16.115 09:55:50: DynDNS Alias name update 09:55:53: E-Mail send (ip-address) HY-LINE Systems GmbH Inselkammerstr. 10 82008 Unterhaching systems(at)hy-line.de www.hy-line.de/systems Seite 67

Advanced Network Tracer: The Network tracer tool logs all network traffic over all interfaces ecxept following traffic: Port 22 (ssh), 80 (http), 443. Enable tracer: check box this box and press save Clear traces: clear all saved logs Trace log: show save logs Example: Tracelog HY-LINE Systems GmbH Inselkammerstr. 10 82008 Unterhaching systems(at)hy-line.de www.hy-line.de/systems Seite 68

Advanced - User Management: User Management: To add, change and delete user on the HY-LINE Router. HY-LINE Systems GmbH Inselkammerstr. 10 82008 Unterhaching systems(at)hy-line.de www.hy-line.de/systems Seite 69

Advanced - User Management: Webserver user have fixed names and belongs to a right system with limited access to router functions - Username: manager Password: changemetoo - Username: service Password: changemetoo - Username: installer Password: changemetoo - Username: user Password: changemetoo Passwords can be changed. Menu List users shows only user with same or lower rights. User rights HY-LINE Systems GmbH Inselkammerstr. 10 82008 Unterhaching systems(at)hy-line.de www.hy-line.de/systems Seite 70

Specification HY-LINE Systems GmbH Inselkammerstr. 10 82008 Unterhaching systems(at)hy-line.de www.hy-line.de/systems Seite 71

Specification: Router with integrated 4-port switch HY-LINE Systems GmbH Inselkammerstr. 10 82008 Unterhaching systems(at)hy-line.de www.hy-line.de/systems Seite 72

Empty page HY-LINE Systems GmbH Inselkammerstr. 10 82008 Unterhaching systems(at)hy-line.de www.hy-line.de/systems Seite 73

120mm 101mm HY-LINE truecon Router Handbuch Dimensions Din Rail Mount (EN 60715), IP20, synthetic material HAP-R HAP-RI HAP-RA HAP-RG HAP-RU HAP-RL HAP-RS HAP-RIS HAP-RAS HAP-RGS HAP-RUS HAP-RLS HAP-RDS 35mm 60mm 83mm HY-LINE Systems GmbH Inselkammerstr. 10 82008 Unterhaching systems(at)hy-line.de www.hy-line.de/systems Seite 74

Analog modem country code settings - Log on to the Router via SSH or serial: - Type in following commands (case sensitive) sys sh svactivate stop mgetty-s0 svactivate stop pppd microcom /dev/ttys0 at+gci=42 (=Germany for example) at&w check country code: at+gci? - please reboot Router HY-LINE Systems GmbH Inselkammerstr. 10 82008 Unterhaching systems(at)hy-line.de www.hy-line.de/systems Seite 75