Viola Systems Ltd. Lemminkäisenkatu 14-18 A FIN-20520, Turku Finland tel +358-(0)201-226 226 fax +358-(0)201-226 220 e-mail support@violasystems.com APPLICATION NOTE VA-09-1-4 CONFIGURING M2M GATEWAY WITH ARCTIC GPRS/EDGE ROUTER/GATEWAY Version history: 4.0 Clarification on connection parameters 3.0 Minor corrections 2.0 Minor corrections 1.0 Released for review Date: Jun-03-2010 Version: 4.0 Author: LaH © 2010 VIOLA SYSTEMS LTD. WWW.VIOLASYSTEMS.COM VA-09-1-4_CONFIGURATION_GUIDE.
Copyright and Trademarks Copyright 2009, Viola Systems Ltd. All rights to this document are owned solely by Viola Systems Ltd. All rights reserved. No part of this document may be transmitted or reproduced in any form or by any means without a prior written permission from Viola Systems. Ethernet™ is a trademark of Xerox Corporation. Windows™, Windows XP™ and Internet Explorer™ are trademarks of Microsoft Corporation. Netscape™ is a trademark of Netscape Communications Corporation.
Table of contents 1. GENERAL ..............................................................................................................................................................4 2. PRE-REQUISITES ...............................................................................................................................................4 3. CAUTION .....................................................................................................................................................
1. General 1.1. Purpose This document addresses to challenges encountered within the initial configuration of Viola M2M Gateway, Viola Systems Product Code 2500 (later on abbreviated as M2M GW) and Viola Arctic devices with Product Codes 22XX, operating in 2G cellular network (later on abbreviated as Arctic). Because the IP addressing is case specific, this document uses some examples for demonstrating on how the IP addressing and routing would be configured. 1.2.
3. Caution The initial setup of the devices should be done in one centralized location; performing the initial setup in a geographically distributed system may cause unnecessary remote site visits. While configuring the firewall in M2M GW and Arctic, it is possible to lock oneself out of the system. Therefore, in the initial setup phase, it is a good practice to test the console login procedure for both devices. See page 64, chapter 16.1 Testing the console login for more information. 4.
• Figure 1: Installation workflow 4.1. Quick reference to the installation procedures Field engineers having previous experience with products of Viola Systems Ltd. may whish to follow the checklist below, while doing the installation. However, it is recommended that one should read this document thoroughly before starting installation activities. 1) Make sure that the checklist at page 13, chapter 8. Before starting is checked through.
□ □ □ □ □ □ □ IT department for assistance, if present Manuals for every device related to the installation Cables; network, power, serial, etc. Antennas for Arctics, external antennas and antenna cables, if needed Power supplies and cables for each device DIN rail mounting kits, if needed A computer for installation, a laptop with Windows XP recommended 2) Gather the arrived equipment into one central place Gather the Arctics and M2M GW to a central place for testing.
5. Choosing a correct product for the solution 5.1. Choosing the Arctic product There are several Arctic products, each designed for providing the same elemental functionality, i.e. connecting the remote devices to the central site. However, there are differences in other supported features. The following table describes a typical use case for different Arctic products.
• Figure 3: Viola GPRS or EDGE Gateway 5.2. Choosing the M2M GW product There are two models of M2M GW, both 19” rack mounted, 1 unit high. • • The standard edition is targeted for solutions where the number of Arctics is less than 300. The Enterprise Edition is targeted for solutions where the number of Arctics exceeds the number of 300 or for use cases where the added resilience is needed.
6. Choosing the type of the VPN The communication between Arctic and M2M GW is implemented with establishing a VPN tunnel (see page 71 Appendix B: Connection establishment for more details). The Arctics are supporting two commonly used VPN solutions, L2TP-VPN and SSH-VPN. Only one VPN should be active at any time. A scenario where some Arctics connect via L2TP-VPN, some with SSH-VPN and M2M GW administrator with OpenVPN is supported (i.e.
The private IP addresses are typically used in M2M GW's LAN, in VPN peer IPs and in Arctic's LAN. To avoid overlapping the network address space (thus causing possible routing problems), it is a good practice to use different class of private IP addresses for each set of addresses. In this example (see Figure 6: Scenario 1, M2M GW connected with public IP address) the M2M GW LAN network’s IP address is 192.168.0.0 and netmask is 255.255.255.0. This is also represented as 192.168.0.0/24, since the 255.255.
• Table 2: Scenario 1, example IP addresses 7.2. Scenario 2, M2M GW behind the company firewall Again, only one public IP address is needed in this scenario, for company firewall/router. The M2M GW is behind the firewall in a de-militarized zone (DMZ). Since the M2M GW has now a private IP address, there must be a way for connecting to it from Internet. The connection from Internet to M2M GW is implemented with D-NAT and port forwarding, (see page 71, chapter 17.
• Figure 8: Scenario 3, Arctics with operator's private access point 8. Before starting Before starting the installation and configuration of Arctics and M2M GW, make sure that the following aspects are covered. 8.1. Selecting a cellular operator Select the cellular operator, which SIM card is used in Arctic if the GPRS/EDGE connection is used as primary or backup VPN connection.
9. Tools needed for initial setup 9.1. Place for making the initial setup It is assumed that the M2M GW and Arctic are locally accessible, while performing the initial configuration. Installing and configuring a distributed environment may cause unnecessary site visits. It is a good practice to configure the Arctic’s locally and first test the connection with the end application. If a serial device is connected, test the serial to TCP/UDP connectivity by connecting the Arctic to local area network.
10. Connecting and cabling the units 10.1. Unpacking Save the packages and boxes of the received equipment for possible later use. Follow the local regulations, while disposing of any wrapping materials. 10.2. Environmental specifications While the temperature and humidity are specified in details (see below) there are other aspects that should be also taken into consideration. The M2M GW should be positioned to reasonably dust free environment.
locked him/herself out from the Ethernet ports by firewall), but it is not usually needed, while initially configuring the M2M GW. The power supply of M2M GW is rated for input voltages between 100-240 Volts AC. The connector in M2M GW is standard IEC 60320, type C14 that accepts the C13 plug, the wall socket connector type varies country by country.
part nr. 3220 (power supply, null modem cable, cross connected Ethernet cable). • Serial cable for console port When connecting a computer to Arctic’s console port, a cross-connected (null modem cable) is used. • Serial cable for RS1 application port (Gateways) The RS1 application port is always RS-232 and switchable between console and application (plain data) port. Power off Arctic before changing the switch state.
• Figure 10: Arctic's connectors 12. Configuring the installation environment This chapter describes the actions needed before the M2M GW and Arctic can be set up. The main task is to prepare the computer that is used in configuring the M2M GW and Arctic. 12.1. Configuring the installation computer The computer that is used for installing and configuring the Viola Systems M2M solution is called the field engineer's laptop even though a desktop computer can be used as well.
• Figure 12: XP Control Panel, Category view • Figure 13: XP Control Panel, Classic view 3. Click "Network connections" icon, which looks like one of the following: • Figure 14: XP Network connections, classic view • Figure 15: XP Network connections, category view 4. The Network Connections window opens and the correct network interface will be rightclicked with a mouse: Choose the LAN interface where the LAN cable is connected to. • Figure 16: XP LAN connections 5.
• Figure 17: XP LAN properties 6. Scroll down the "This connection uses the following items" list to see the "Internet Protocol (TCP/IP)". Click the "Internet Protocol (TCP/IP)" in order to make it active and click "Properties". 7. You will see the following screen (Figure 18: XP TCP/IP properties). Set the values according to the picture, i.e. IP address as 10.10.10.11 and netmask 255.0.0.0. This way your computer is belonging to the same network as the M2M GW.
• Figure 18: XP TCP/IP properties 8. Click "OK" button to apply the changes. 13. Configuring the M2M Gateway Once the cables are connected and the installation computer that is used for configuring the M2M GW is set to belong to the same network as M2M GW, the M2M GW can be configured. Follow the next steps for configuring the M2M GW. 13.1. Regarding logging in to the M2M GW The default URL for accessing the M2M GW is https://10.10.10.
• Figure 19: Secure connection failed The reason for such an error message is that M2M GW's certificate is not in the list of trusted certificates in Firefox. You can safely add an exception for M2M GW's certificate. 2. Click the text "Or you can add an exception..." and you will see the similar page than the following (See Figure 20: Adding an exception). • Figure 20: Adding an exception 3. Click the "Add Exception..." button.
• Figure 21: Get certificate 4. Click the "Get Certificate" button to load the certificate. Once loaded, you can confirm the security exception (see Figure 22: Confirm security exception). • Figure 22: Confirm security exception 5. Now the "Confirm Security Exception" button is active. Click the button in order to confirm the security exception. Keep the "Permanently store this exception" tick box ticked.
or connect via different network interface (and thus to different IP address of M2M GW). You will need to repeat the same procedure with other computers that you're using for connecting the M2M GW's graphical user interface. After confirming the security exception, the Firefox web browser allows you to connect to the login screen of the M2M GW (See Figure 23: M2M GW's login screen).
• Figure 24: Continuing to the web site 2. Click the text "Continue to this website (not recommended)". The reason for the Internet Explorer is not recommending continuing is that typically the self-signed certificates are not trusted in Internet. However, you can safely accept the certificate that is signed by Viola Systems Ltd. When you ignore the warning page and continue to the M2M GW's user interface the Internet Explorer will remember the certificate.
• Figure 25: Phishing filter 4. You can ignore the message and click "Ask me later" radio button, then click "OK" button. (See more details for phishing filter from the following link: http://www.microsoft.com/mscorp/safety/technologies/antiphishing/at_glance.mspx) 5. After clicking "Continue to this website", the Internet Explorer web browser allows you to connect to the login screen of the M2M GW (See Figure 26: M2M GW's login screen with Internet Explorer).
• Figure 26: M2M GW's login screen with Internet Explorer 6. Log in with the following default user credentials: Username: viola-adm Password: violam2m 7. You may wish to change the default password later, see page 68, chapter 16.3: Changing passwords for the reference. 13.4.
1. Click the icon "Network Configuration": • Figure 28: Network configuration icon The following screen opens: • Figure 29: M2M GW, network configuration screen 2.
• Figure 31: M2M GW, network interfaces screen 3. As you are now connected to M2M GW via eth0, which is the future WAN port, it is recommended first to change the eth1, the LAN port. In this example, the IP addresses are set as defined in page 11, chapter 7.1: Scenario 1, M2M GW connected with public IP address. 4. Click the “eth1” text to configure the eth1 interface’s settings as in Figure 32. • Figure 32: Configuring eth1 interface in M2M GW 5.
• Figure 33: M2M GW eth1 settings Note: In general, do not enable “Proxy ARP”. See page 49, chapter 14.7: Configuring the routing settings of the Arctic for more information regarding proxy ARP. 6. Click “save and apply” to make the changes permanent. Note: The next step will manipulate the interface, which is used for your current connection to the M2M GW. After you have changed the IP address of eth0, your browser will not be able to connect to the M2M GW with URL https://10.10.10.
IP Address: , static Broadcast: Activate at boot: Yes Enable proxy ARP: No • Figure 35: M2M GW eth0 settings, obtain the correct values from your ISP Note: In general, do not enable the “Proxy ARP”. See page 49, chapter 14.7: Configuring the routing settings of the Arctic for more information on proxy ARP. 9. Click “save and apply” to make the changes permanent. Now the browser seems to loose connection, because the eth0 port is now set as WAN port. 10.
• Figure 36: Routing and Gateways icon 2. The following screen opens (Figure 37: M2M GW, routing and gateways configuration screen). • Figure 37: M2M GW, routing and gateways configuration screen 3. Fill the “Default routes” field with only one route, the gateway of the public IP of M2M GW or the gateway to your border router in DMZ case. Usually you will receive the value for this parameter from the ISP or from IT department.
• Figure 38: Hostname and DNS icon 2. The following screen will open: • Figure 39: M2M GW, hostname and DNS client settings 3. Configure the following options, leave the hostname as m2mgw and search domains as m2mgw. • • Resolution order When a host address or e.g. web address is given as a name, the M2M GW will search the respective IP address for the name from the /etc/hosts file or from naming services. Most usually the M2M GW is configured so that only the local hosts file is searched.
• OpenVPN The Arctics referred to in this document do not support OpenVPN. Instead, the OpenVPN is typically used for connecting the M2M GW’s user interface from a field engineer’s laptop. 13.7.1. Global L2TP settings 1. For configuring the L2TP-VPN, click the “L2TP-VPN Configuration” icon at main screen of M2M GW’s graphical user interface. • Figure 40: L2TP configuration icon The following screen will open (see Figure 41: M2M GW, L2TP configuration). • Figure 41: M2M GW, L2TP configuration 2.
• Figure 42: L2TP-VPN configuration Settings: • Port The port where the M2M GW listens to L2TP client connections. You can leave the port as 1701. If you wish to use some other port, configure the Arctic and M2M GW’s firewall accordingly. • Link test interval The time in seconds between the link test probes. You can leave the value as default. • Reply timeout After sending a link test probe the M2M GW assumes the connection disrupted if no response has come in for the given time in seconds.
• Figure 43: Configuring L2TP peer 3. In the example configuration, fill the values as in Figure 43: Configuring L2TP peer: Peer name: arctic1 IP pair: 172.16.0.1:172.16.0.2 Routing mode: Tunnel the following network Remote network IP: 10.10.10.0 Remote network mask: 255.255.255.0 Username: arctic1 Password: password Find the description on the L2TP peer’s parameters below. • Peer name The hostname of the Arctic (case sensitive!) In this example configuration, fill with value arctic1.
o Tunnel the following network If there are TCP/IP connected devices in Arctic’s LAN (on contrary to the setup, where there are only serial connected devices in Arctic side), the Arctic’s LAN needs to be tunneled over the VPN in order to provide the end-to-end connectivity with M2M GW LAN and Arctic LAN. In this example, there is an Ethernet-connected device, let’s say a computer (with IP address 10.10.10.2), in Arctic’s LAN, which must have a route to M2M GW’s LAN.
• Figure 45: M2M GW's SSH-VPN configuration 3. Click “Add Peer” button. For the example configuration in Figure 6: Scenario 1, M2M GW connected with public IP address, configure the settings as follows: Peer name: arctic1 Peer SSH key: IP pair (M2M IP : Peer IP): 172.16.0.1:172.16.0.2 Routing Mode: Tunnel the following network Remote Network IP: 10.10.10.0 Remote Network Mask: 255.255.255.0 Peer Enabled: Yes 4. Click “Confirm” button to apply the changes. 5.
10. Repeat the procedure for all Arctic’s if there is more than one. 11. Click “Lock keys” in order to prevent accidental erasing of the keys. 12. In this example, the “SSH listens on port” field is left as default value 22. Note: If you wish to change the port where the SSH sever is listening the incoming connections, be aware that you must also make respective changes to the M2M GW’s firewall.
• Figure 46: Arctic's Ethernet settings • Override Ethernet configuration by DHCP? Enable only if the Arctic should fetch the Ethernet configuration from DHCP server on Arctic’s LAN. • Host name The Host name of the Arctic. Host name also identifies the Arctic on SSH-VPN and L2TP Tunnels. Each Arctic must have unique hostname in one solution. In M2M GW, the VPN peer names must also be unique; there cannot be same peer name in e.g. SSH-VPN setup and L2TP-VPN setup.
empty if local hosts do not need DNS services for accessing the Internet through Arctic. • MAC address Displays Arctic's MAC/HW address, for informational purposes only. 14.2. Configuring the GPRS settings of the Arctic Find below a description of the menu items in the Arctic’s “GPRS settings” menu. • Figure 47: Arctic's GPRS settings • GPRS enabled Set Yes to allow GPRS communication. • Access point name The access point name is mandatory parameter if the GPRS is used.
avoid blocking the SIM card if the entered PIN code is not matching the PIN code of the SIM card. • o If a wrong PIN number is entered and Arctic is rebooted, the Arctic will only try once. After that, the SIM card must be placed to a cellular phone and a correct PIN code must be entered. After a correct PIN code is also entered to the Arctic, the SIM card can be inserted to the Arctic again.
As opposite to the picture above, you may want to set the “Use GPRS as default route” to “Disabled” in order to follow the example setup. Note: Arctic should have only one default route (Ethernet, GPRS, or VPN-Tunnel) enabled at any time. Disable the LAN and VPN-tunnel default gateways if you enable the GPRS as default gateway. 14.3. Configuring the Dial-in settings of the Arctic The Dial-in is designed for accessing the Arctic via circuit-switched data connection (PSTN/GSM data) with a modem.
• Required password The password required for dialing-in user. • Idle timeout Timeout in seconds if the connection is idle. • Local IP address Arctic’s IP address in PPP connection. • Peer’s IP address The IP address given to dialing-in user in PPP connection. • Maximum MTU value The maximum size of PPP packet in bytes. 14.4. Configuring the SSH-VPN settings of the Arctic This step is an alternative to the chapter 14.5: Configuring the L2TP settings of the Arctic.
• Figure 49: Arctic's SSH-VPN settings 45 / 80
• Use SSH-VPN Set to “Yes” to allow SSH-VPN operation • Interface Defines the interface (GPRS or Ethernet) to be used when establishing the SSH-VPN tunnel. In this example, the GPRS will be used. • Primary server IP The public IP address of the M2M Gateway, where the Arctic connects to. This is the IP address obtained from Internet service provider.
• Figure 50: Arctic's L2TP-VPN settings • Interface Defines the interface (GPRS or Ethernet) to be used when establishing the L2TP-VPN tunnel. In this example, the GPRS will be used. • Primary server IP The public IP address of the M2M Gateway, where the Arctic connects to. This is the IP address obtained from Internet service provider.
o o o Set as "None" if there is no need for accessing other devices than the M2M GW. Set as "Tunnel the following network" for informing the Arctic which network is reachable behind the VPN tunnel at M2M side. This is used e.g. for accessing devices in M2M’s LAN, e.g. SCADA server. Set as “Default route” if the SSH-VPN tunnel is the primary communication channel for all hosts in Arctic’s LAN. Set as "Tunnel the following network" in this example.
• Figure 51: Arctic's Monitor settings 14.7. Configuring the routing settings of the Arctic Usually there is no need for adding other routes than the network tunneling in VPN settings of the Arctic. If other routes are needed, they can be added with “Routing” menu in Arctic router. Verify the settings: • • The “Act as router” should be enabled. The “Proxy ARP” should be disabled.
• Figure 52: Arctic's routing settings 14.8. Configuring the S-NAT settings of the Arctic In this example configuration, there is no need for S-NAT since the M2M GW’s and Arctic’s LANs are tunneled over VPN. Note: In a private access point case, it is usually needed to enable S-NAT. The typical use case for S-NAT would be that computers in Arctic LAN need to access Internet via GPRS/EDGE connection. As the computers have private IP addresses (10.10.10.
• Figure 53: Arctic's S-NAT settings 14.9. Configuring the D-NAT settings of the Arctic In this example configuration, there is no need for D-NAT since the M2M GW’s and Arctic’s LANs are tunneled over VPN. A typical example of D-NAT would be when there are many Arctic’s with overlapping LAN addressing. In such scenario, there may be hosts with the same private class IP address behind different Arctics. It is not possible to arrange routing with same IP address space for several Arctic’s.
• Figure 54: Arctic's D-NAT settings 14.10. Configuring the DynDNS settings of the Arctic The M2M solution provides static VPN peer IP addresses for Arctics. However, in a solution where there is no M2M GW, the Arctics will need either to use a private access point from cellular operator or have some mechanism in order to achieve a static IP in Internet. Dynamic DNS allows you to create a hostname that points to your dynamic IP or static IP address or URL. See http://www.dyndns.com for more information.
• Figure 55: Arctic's DynDNS settings 14.11. Configuring the NTP settings of the Arctic The NTP is an abbreviation for Network Time Protocol. It is used for synchronizing the clocks of computer systems over packet-switched networks. Note: The Linux systems’ internal clock counts seconds from the epoch time (00:00:00 UTC on January 1, 1970). Any time/date representation is calculated from Linux internal epoch clock, e.g. the date command will show a representation, which may be any offset from UTC time.
• Figure 56: Arctic's NTP settings NTP Settings: • NTP server The IP address of the NTP server. • Query interval The interval after the Arctic will query the time synchronization from NTP server. • Minimum time difference (seconds) If the time difference is larger than the minimum, a synchronization query is sent. • Maximum time difference If the time difference is larger than the maximum, no synchronization is tried.
14.12. Configuring the SMS Config settings of the Arctic The SMS config allows controlling the Arctic via SMS messages. The used command set varies between the Arctic versions. See Arctic SMS config command set application note available from Viola Systems Ltd. • Figure 57: Arctic's SMS settings 14.13. Configuring the Firewall of the Arctic Typically at least the “GPRS to Arctic” firewall should be enabled.
• Figure 58: Arctic's firewall 14.14. Enabling/disabling the services of the Arctic Arctic provides some services by default. See the details below. 14.14.1. WWW server The Arctic has an embedded web server for implementing the Arctic configurator user interface. Note: In general, it is not recommended to disable the web server or deny the web configuration access.
• Figure 59: Arctic's services 14.14.2. Telnet server The Arctic’s Telnet server offers a method for connecting to the Arctic’s command line interface. The Telnet server listens by default on port 23. Note: Regarding the Telnet connection to Arctic’s command line: It is not recommended to change any configuration file directly from Arctic’s command line. Instead, the graphical user interface is the primary method for configuring the Arctic.
• Figure 60: Telnet server 14.14.3. DHCP server The Arctic has an embedded DHCP server. It can offer IP addresses, netmasks and other optional parameters to DHCP clients. It is left as “Disabled” in this example configuration. Refer to RFC2131 for more details on DHCP.
• Figure 61: Arctic's DHCP server 14.14.4. DNS proxy The DNS, domain name server, responds to naming service queries for mapping the resource name with respective IP address. Typically the name servers are needed for providing the IP addresses for www-names. For example, when a user enters an URL, e.g. www.violasystems.com to the browser’s address field, the computer will need to know the IP address of the server providing the content of Viola Systems’ web pages.
• Figure 62: Arctic's DNS proxy 14.14.5. SNMP agent Certain Arctics support a subset of SNMP, simple network management protocol. The SNMP “GET” and “SET” for MIB-II tree (RFC 1213) are partially supported. Refer to RFC 1157 for more details on SNMP.
15. Connecting a serial device The serial application device connectivity is only available at Arctic Gateway products, not Routers. In the example configuration scenario (Figure 6: Scenario 1, M2M GW connected with public IP address), there is no serial connected device. However, if there is one in your setup, connect it as follows: Do as follows: 1. Switch off the Arctic’s power 2. Connect the serial cable 3.
The Figure 64: Arctic serial GW RS1 settings shows the Serial GW RS1 settings. Note the RS1 status indicator line that shows whether the console/RS1 switch is set to console position or application RS-port (RS1) position. As the RS1 port is in console mode, the RS2 port is used for connection to serial device in this example configuration. • Figure 64: Arctic serial GW RS1 settings 15.1. Serial framing settings The following settings can be used for fine-tuning the serial gateway.
• Network reply timeout (ms) If the "Request-reply communication" is set to "yes", the time of waiting the answer from IP device • Max packet from serial (bytes) The max. amount of bytes received from serial device, after which the packet is sent • Max packet from network (bytes) The max.
• • Only one device can command the bus, slaves can’t speak with each other A device can transmit and receive simultaneously (full duplex) 15.7. Grounding Although data transmission is balanced in RS-485, a proper grounding may be required if the distance between devices is long and/or they don’t otherwise share the common ground. The most common reason for RS-485/422 circuit damages is the excessive potential difference between the devices.
16.1.2. Testing the M2M GW’s console connection Connect a keyboard and a display to M2M GW. If you’re using PS/2 keyboard, it may be needed to switch off the M2M GW prior to connecting the keyboard. Log in to M2M GW via console. Test 2: Test the M2M GW login with steps above in order to verify the connection procedure. 16.2. Checking the VPN tunnels When the peers are all set up, you may wish to check that they’re available.
It is always best first to check the Network Æ Summary for existence of GPRS and VPN interfaces in Arctics, if the Arctic GUIs are accessible. 16.2.3. Pinging the VPN peer on the other side of the tunnel A good method of knowing that the VPN tunnel is established and the VPN peer is alive is to ping the other end of the VPN tunnel. Use VPN peer IPs for testing. Note: In Arctic, the ping command with only IP address as an argument will cause the Arctic to endlessly ping the target.
Test 8: Test the SCADA server’s connection to eth1 interface of M2M GW. 16.2.7. End-to-end connectivity Last, test the SCADA server’s ability to connect to the Ethernet (or serial) device in Arctic’s LAN. There are two options, a) Ethernet end device or b) Serial end device. Test the one that matches your setup. Ethernet device • Ping the Ethernet device (10.10.10.2) from SCADA server. • Test the SCADA control software’s ability to connect to the device (RTU, remote terminal unit) that is controlled.
Mar 24 03:34:19 m2mgw sudo: vvpn : TTY=unknown ; PWD=/home/vvpn ; USER=root ; COMMAND=/usr/sbin/pppd noauth nodetach notty call 16.3. Changing passwords After the installation and testing, it is recommended to change the default passwords. The passwords can be changed from graphical user interfaces of M2M GW and Arctic. Follow the instructions below. 16.3.1. Changing the passwords in M2M GW In M2M GW’s Webmin GUI, navigate to “System” Æ “Change Passwords”.
See RFCs 1918 and 4193 for further information regarding private IP networks. 17.3. Introduction to IP address classes In the modern IP-addressing, especially in public IP addresses, the classful addresses are not very common. The lack of addresses in IP v.4 are causing the Internet service providers to switch to classless addressing, where the netmasks are not fitting to the A, B or C classes, but instead used to divide the classful addresses into smaller networks. 17.4.
• Figure 66: Classless Arctic LAN As we look closer to Arctic’s LAN, we can see that the IP addresses are from class A private network, but the netmask, 255.255.255.248 is not. The class A has been subnetted to smaller networks having 8 IP addresses per network. The number of IP addresses in class A private network is 16777216. It would be a waste of IP addresses to use all 16777216 addresses, when there is only a need for 8 IP addresses.
17.7. CIDR, classless inter-domain routing When there are several classless networks, it may be a tedious task to maintain routing table entries for each individual network. In CIDR routing, a contiguous address space part of several smaller networks is referenced with one routing entry having netmask of a larger network. An example would be networks 10.10.10.0/29, 10.10.10.8/29, 10.10.10.16/29 and 10.10.10.24/29.
18.1. Scenario 1, public access point with M2M GW 1. Arctic receives an IP address from cellular network. Typically this IP address is a dynamic, private IP address that is S-NATed, while going to the Internet 2. Arctic connects to M2M GW via operator's public access point using the IP address received from cellular network. 3. A VPN tunnel is conformed between the Arctic and M2M GW. 4. Subsequent communication is going through the VPN tunnel. 18.2. Scenario 2, private access point with M2M GW 1.
PUK PS/2 RX SCP SIM SSH SSL Sub-D TCP TCPDUMP TP TUN TX UDP URL USB UTP Webmin VPN WAN Personal unblocking key In this context: a mini DIN plug containing 6 pins, for connecting a keyboard Received data, receiver Secure copy Subscriber identity module Secure shell Secure Sockets layer Subminiature D-type connector (typically for connecting analogue VGA monitor) Transmission Control Protocol A program that captures data packets for concurrent or later analysis Twisted pair Tunnel, specifically an OpenVPN tu
When configuring the IEC-104 for GPRS connection, one can start with the following values: • • • • • • • IEC t0 (connection establishment timeout, SCADA only) > 30 secs IEC t1 (ack rx timeout) = 60 secs IEC t2 (ack tx timeout) = 20 secs IEC t3 (link test interval) = 200…600 secs, SCADA should have approx. 30sec less than arctic IEC k (tx window size) = 12 IEC w (rx window size) = 8 Any completion/control/GI timeout > 60 secs See Arctic IEC-104 Gateway’s User’s manual for more settings. 20.2.
• Document the solution – store the work for later use Follow good documentation practices 21.2.
21.4. Contacting Viola Systems Technical support The Viola Systems Technical Support is able to help with technical problems related to the Viola M2M solution.
within three seconds from Arctic device start, then re-enter the values without equal sign, e.g. as with following commands: setenv ipaddr 10.10.10.10 setenv netmask 255.0.0.0 saveenv boot Question 2 How to restore the Arctic to the factory defaults? Answer There are two methods: • From the Arctic GUI Æ Tools Æ Default settings • In command line: sh /etc/defaults/setdef.sh Note that the IP address and netmask are not reverted back to defaults.
In Arctic GPRS gateway, there is a switch that controls the RS1 serial port’s mode. There are two operating modes; • Console for connecting to Arctic’s command line interface • RS1 for using the port with RS-232 applications When toggling the console switch, the power of the Arctic must be switched off. The Arctic reads the switch position only at boot. Question 7 Why I’m seeing this error at Arctic boot: JFFS: Failed to build tree. JFFS: Failed to mount device 2a:02.
Serial line to connect to: COM1 (or the respective COM-port in your PC) Speed (baud): 19200 Data bits: 8 Stop bits: 1 Parity: None Flow control: None 3. Once you've had the login prompt of the Arctic, enter the username and password. By default, the username is root and password is empty. Next, type "boa &" to the command line as follows: # boa & The operating system will then show a number, which is the process ID number of boa web server that you have just started. 4.
• • • • • • RFC-4008 RFC-778, 891, 956 , 1305 RFC-2131 RFC-1213 RFC-1157 RFC-1519 Ethernet specifications: http://www.ieee802.