RCMS - RobustVPN Setup Guide-help- V3.pdf
dejectd
56 views
15 slides
Aug 18, 2024
Slide 1 of 15
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
About This Presentation
VPN
Slide Content
RobustVPNSetup Guide
Document Version: 3.0
Document Version: 3.0
© Robustel | Commercial in Confidence –This document is for Robustel staff, distributors and approved customers ONLY
RobustVPNSetup Guide –What is RobustVPN?
Cost-effective on demand remote device connectivity
Robust VPN is an innovative application of Cloud Based VPN tunneling technology to provide Robustel routers
with fixed private IP addresses that allow easy remote access from anywhere in the world.
Robustel’sMicrosoft Azure hosted server takes care of the complicated setup issues typically associated with
OpenVPN including certificate exchange and passwords.
RobustVPNis internet connection independent – This means ANY SIM card or broadband service from any
provider can be used and a fixed IP service is effectively overlaid on top of that 4G SIM.
RobustVPNSetup Guide –What is RobustVPN?
Cost-effective on demand remote device connectivity
Robust VPN is an innovative application of Cloud Based VPN tunneling technology to provide Robustel routers
with fixed private IP addresses that allow easy remote access from anywhere in the world.
Robustel’sMicrosoft Azure hosted server takes care of the complicated setup issues typically associated with
OpenVPN including certificate exchange and passwords.
RobustVPNis internet connection independent – This means ANY SIM card or broadband service from any
provider can be used and a fixed IP service is effectively overlaid on top of that 4G SIM.
© Robustel | Commercial in Confidence –This document is for Robustel staff, distributors and approved customers ONLY
RobustVPNSetup Guide –Architecture Overview
One or many PCs running
‘robustvpnmanager.exe’
(10.8.64.2)
RobustVPNcomprises 3 x key components:
1.RobustvpnmanagerWindows (OSX & Linux pending) Application –gets IP address from RVPN Server
2.RobustVPNServer (integrated in RCMS Cloud platform) manages all RVPN instances
3.RCMS APP –installed in Robustel device –gets IP address from RVPN Server
RobustVPNServer
hosted in MS Azure
(10.8.64.1)Internet
Public/Private
Cellular APN
or
Fixed Line
Connection
1
2
RCMS App (Includes RobustVPN)
Installed and running on router
3
Robustel Device(s)Any Ethernet or
Serial Device
(10.8.64.130)
(10.8.64.129)
(10.8.64.128)
= Direction of VPN tunnel establishment (All tunnels terminate at RobustVPNServer)
Internet
Breakout
RobustVPNSetup Guide –Architecture Overview
One or many PCs running
‘robustvpnmanager.exe’
(10.8.64.2)
RobustVPNcomprises 3 x key components:
1.RobustvpnmanagerWindows (OSX & Linux pending) Application –gets IP address from RVPN Server
2.RobustVPNServer (integrated in RCMS Cloud platform) manages all RVPN instances
3.RCMS APP –installed in Robustel device –gets IP address from RVPN Server
RobustVPNServer
hosted in MS Azure
(10.8.64.1)Internet
Public/Private
Cellular APN
or
Fixed Line
Connection
1
2
RCMS App (Includes RobustVPN)
Installed and running on router
3
Robustel Device(s)Any Ethernet or
Serial Device
(10.8.64.130)
(10.8.64.129)
(10.8.64.128)
= Direction of VPN tunnel establishment (All tunnels terminate at RobustVPNServer)
Internet
Breakout
© Robustel | Commercial in Confidence –This document is for Robustel staff, distributors and approved customers ONLY
RobustVPNSetup Guide –RobustVPNmanager.exe
RobustVPNmanageris a Windows (OSX & Linux pending)
application that allows RVPN users to join RVPN networks.
The Status page (opposite) shows the Groups that the User
has access to (e.g. UK_TEST_1) & shows key parameters and
status of the Group.
Users should make sure they have Version 2.1.2 installed as
a minimum. Required credentials to login are exactly the
same as you would use to login to the RCMS Cloud platform.
Please note that RVPN does not currently support
termination on a VPN endpoint (firewall/router) but appears
as a “TAP Adapter” in the host OS & can be run as a service.
More complex requirements can be discussed on a case by
case basis but Robustel will not be able to accommodate
every customization request currently.
RobustVPNmanager.execan be downloaded in “RCMS > Support > Resources”
RobustVPNSetup Guide –RobustVPNmanager.exe
RobustVPNmanageris a Windows (OSX & Linux pending)
application that allows RVPN users to join RVPN networks.
The Status page (opposite) shows the Groups that the User
has access to (e.g. UK_TEST_1) & shows key parameters and
status of the Group.
Users should make sure they have Version 2.1.2 installed as
a minimum. Required credentials to login are exactly the
same as you would use to login to the RCMS Cloud platform.
Please note that RVPN does not currently support
termination on a VPN endpoint (firewall/router) but appears
as a “TAP Adapter” in the host OS & can be run as a service.
More complex requirements can be discussed on a case by
case basis but Robustel will not be able to accommodate
every customization request currently.
RobustVPNmanager.execan be downloaded in “RCMS > Support > Resources”
© Robustel | Commercial in Confidence –This document is for Robustel staff, distributors and approved customers ONLY
RobustVPNSetup Guide –Cloud Hosted RobustVPNServer
At the heart of RobustVPNis a cloud hosted service that manages all of the complex VPN setup and credential sharing that would
normally have to be handled by customers in software but is instead provided “as a service” by Robustel.
IMPORTANT –PLEASE SELECT “VIRTUAL IP ONLY” WHEN CREATING A
NEW VPN GROUP, UNLESS YOU SPECIFICALLY NEED A “PUSHED SUBNET”.
PAGE 12 OF THIS DOCUMENT EXPLAINS HOW TO DO THIS.
Users access this information by logging on to their
RCMS account in the normal way and clicking on the
“RobustVPN” tab at the top of the page.
Once in the RobustVPNsection, click on “Manage
VPN Groups” on the left-hand navigation to setup
your Devices with a logical grouping.
Click on Createand make sure the relevant Devices
ANDUsers are assigned appropriately in each Group
(See the Device & Users tabs example in next slide).
RobustVPNSetup Guide –Cloud Hosted RobustVPNServer
At the heart of RobustVPNis a cloud hosted service that manages all of the complex VPN setup and credential sharing that would
normally have to be handled by customers in software but is instead provided “as a service” by Robustel.
IMPORTANT –PLEASE SELECT “VIRTUAL IP ONLY” WHEN CREATING A
NEW VPN GROUP, UNLESS YOU SPECIFICALLY NEED A “PUSHED SUBNET”.
PAGE 12 OF THIS DOCUMENT EXPLAINS HOW TO DO THIS.
Users access this information by logging on to their
RCMS account in the normal way and clicking on the
“RobustVPN” tab at the top of the page.
Once in the RobustVPNsection, click on “Manage
VPN Groups” on the left-hand navigation to setup
your Devices with a logical grouping.
Click on Createand make sure the relevant Devices
ANDUsers are assigned appropriately in each Group
(See the Device & Users tabs example in next slide).
© Robustel | Commercial in Confidence –This document is for Robustel staff, distributors and approved customers ONLY
RobustVPNSetup Guide –Cloud Hosted RobustVPNServer
Device view in RCMS RobustVPNGroup
User view in RCMS RobustVPNGroup
RobustVPNSetup Guide –Cloud Hosted RobustVPNServer
Device view in RCMS RobustVPNGroup
User view in RCMS RobustVPNGroup
© Robustel | Commercial in Confidence –This document is for Robustel staff, distributors and approved customers ONLY
RobustVPNSetup Guide –Allocating Licenses & VPN Data
RCMS offers users flexible pricing tiers giving each device varying functionality and permissions. In order to the RobustVPNdevices
must have the ‘RCMS Advanced’ License allocated.
Click on “Account” at the top of the page, then
“Licenses” on the left hand navigation pane now
click the “Allocate” button against “RCMS Advanced
License” and choose devices you wish to assign a
license to.
If you do not have any Advanced Licenses, you can
purchase online by clicking “Buy More” or buy
directly from your Robustel Distributor with a
Purchase Order.
Navigate back to the VPN group and
enable the devices under the “Connect
VPN” heading
PLEASE NOTE THAT ROBUSTVPN WILL
NOT WORK WITHOUT THE ACTION
ABOVE BEING TAKEN.
RobustVPNSetup Guide –Allocating Licenses & VPN Data
RCMS offers users flexible pricing tiers giving each device varying functionality and permissions. In order to the RobustVPNdevices
must have the ‘RCMS Advanced’ License allocated.
Click on “Account” at the top of the page, then
“Licenses” on the left hand navigation pane now
click the “Allocate” button against “RCMS Advanced
License” and choose devices you wish to assign a
license to.
If you do not have any Advanced Licenses, you can
purchase online by clicking “Buy More” or buy
directly from your Robustel Distributor with a
Purchase Order.
Navigate back to the VPN group and
enable the devices under the “Connect
VPN” heading
PLEASE NOTE THAT ROBUSTVPN WILL
NOT WORK WITHOUT THE ACTION
ABOVE BEING TAKEN.
© Robustel | Commercial in Confidence –This document is for Robustel staff, distributors and approved customers ONLY
RobustVPNSetup Guide –Installing the RCMS App
Visit “System” >> “App Center” on your Robustel
router to check if RCMS is installed and running.
If RCMS is not installed, or the revision number is “out
of date”* then please install latest version.
This can be done Over-the-Air (OTA) using RCMS or a
copy can be downloaded from the
“Support/Resources” section of RCMS platform.
Once installed, Enable the APP then enable both
Robustlink& RobustVPNas shown opposite. Use
default URL and port settings unless you have been
advised otherwise.
If you have issues installing or configuring the RCMS
App please contact Robustel Tech Support.
*Minimum recommended RCMS APP revision
detailed opposite:
RobustVPNSetup Guide –Installing the RCMS App
Visit “System” >> “App Center” on your Robustel
router to check if RCMS is installed and running.
If RCMS is not installed, or the revision number is “out
of date”* then please install latest version.
This can be done Over-the-Air (OTA) using RCMS or a
copy can be downloaded from the
“Support/Resources” section of RCMS platform.
Once installed, Enable the APP then enable both
Robustlink& RobustVPNas shown opposite. Use
default URL and port settings unless you have been
advised otherwise.
If you have issues installing or configuring the RCMS
App please contact Robustel Tech Support.
*Minimum recommended RCMS APP revision
detailed opposite:
© Robustel | Commercial in Confidence –This document is for Robustel staff, distributors and approved customers ONLY
RobustVPNSetup Guide –Testing the RobustVPNConnection
Once you have connected RobustVPNmanager.exeto appropriate VPN Group, Devices in that Group should
become reachable –in this example, we have proved a connection by pinging 10.11.192.131
PLEASE NOTE THAT THE REMOTE PING CAPABILITY MUST BE ALLOWED IN ROUTER FIREWALL SETTINGS
RobustVPNSetup Guide –Testing the RobustVPNConnection
Once you have connected RobustVPNmanager.exeto appropriate VPN Group, Devices in that Group should
become reachable –in this example, we have proved a connection by pinging 10.11.192.131
PLEASE NOTE THAT THE REMOTE PING CAPABILITY MUST BE ALLOWED IN ROUTER FIREWALL SETTINGS
© Robustel | Commercial in Confidence –This document is for Robustel staff, distributors and approved customers ONLY
RobustVPNSetup Guide –Working with attached Devices
Port-Forwarding to attached Ethernet
Devices
In the “Network” >> ”Firewall” menu, click
the “Port Mapping” tab.
Click the “+” symbol to add a new rule that
will forward inbound connections coming
through the RobustVPNtunnel to attached
Ethernet Devices. Note that all the usual
rules of Port Forwarding / Port Mapping
need to be followed for this to work
correctly.
RobustVPNSetup Guide –Working with attached Devices
Port-Forwarding to attached Ethernet
Devices
In the “Network” >> ”Firewall” menu, click
the “Port Mapping” tab.
Click the “+” symbol to add a new rule that
will forward inbound connections coming
through the RobustVPNtunnel to attached
Ethernet Devices. Note that all the usual
rules of Port Forwarding / Port Mapping
need to be followed for this to work
correctly.
© Robustel | Commercial in Confidence –This document is for Robustel staff, distributors and approved customers ONLY
RobustVPNSetup Guide –Working with attached Devices
Connecting to attached Serial Devices
In the “Interface” >> “Serial Port” settings menu of
Robustel router, enable the relevant COM port and
set its operation mode to TCP Server. Leave “Local
IP” blank and set “Local Port” to your preferred port
number –any port up to 65535 can be used but
would recommend selecting a port from 1024 to
49151 to try to avoid conflicts.
Note that COM ports can also be set to work in TCP
Client mode which does not require the fixed IP
provided by RobustVPNbut will require a TCP Server
listening on a fixed IP at the other end of the
connection. (Local network or Cloud)
RobustVPNSetup Guide –Working with attached Devices
Connecting to attached Serial Devices
In the “Interface” >> “Serial Port” settings menu of
Robustel router, enable the relevant COM port and
set its operation mode to TCP Server. Leave “Local
IP” blank and set “Local Port” to your preferred port
number –any port up to 65535 can be used but
would recommend selecting a port from 1024 to
49151 to try to avoid conflicts.
Note that COM ports can also be set to work in TCP
Client mode which does not require the fixed IP
provided by RobustVPNbut will require a TCP Server
listening on a fixed IP at the other end of the
connection. (Local network or Cloud)
© Robustel | Commercial in Confidence –This document is for Robustel staff, distributors and approved customers ONLY
RobustVPNSetup Guide –Using Pushed Subnet Capability
As referenced on Page 5, Device Groups can be raised as “Virtual IP Only” (recommended) but also with “Virtual IP + Pushed Subnet”
When “Pushed Subnet” is enabled, the RobustVPNServer pushes a /28 subnet to the LAN0 interface of the router starting 192.168.0.0
It is then possible for devices attached on LAN0 to use this subnet (by DHCP or Fixed IP addressing) to be fully exposed behind the
router and as such there is no requirement for “Port Forwarding” or “Port Mapping”. This means an RVPN User can address LAN-side
devices directly using 192.168.10.20 (for example) when the VPN is up on their PC. ie. RobustVPNmnager.exeis up and running and
“Connected”.
This can be useful for applications where Port Forwarding poses a problem for the sending application.
Please note that enabling “pushed subnet” will dynamically change the LAN0 subnet about 20 seconds after a RobustVPNconnection is
established. If this behavior is undesirable, the user can enable Ethernet port 1 as LAN1 then configure LAN1 with desired LAN settings
that will not change. Both Ethernet & LAN setting scan be found from the left-hand menu of Robustel routers called “Interface.”
RobustVPNSetup Guide –Using Pushed Subnet Capability
As referenced on Page 5, Device Groups can be raised as “Virtual IP Only” (recommended) but also with “Virtual IP + Pushed Subnet”
When “Pushed Subnet” is enabled, the RobustVPNServer pushes a /28 subnet to the LAN0 interface of the router starting 192.168.0.0
It is then possible for devices attached on LAN0 to use this subnet (by DHCP or Fixed IP addressing) to be fully exposed behind the
router and as such there is no requirement for “Port Forwarding” or “Port Mapping”. This means an RVPN User can address LAN-side
devices directly using 192.168.10.20 (for example) when the VPN is up on their PC. ie. RobustVPNmnager.exeis up and running and
“Connected”.
This can be useful for applications where Port Forwarding poses a problem for the sending application.
Please note that enabling “pushed subnet” will dynamically change the LAN0 subnet about 20 seconds after a RobustVPNconnection is
established. If this behavior is undesirable, the user can enable Ethernet port 1 as LAN1 then configure LAN1 with desired LAN settings
that will not change. Both Ethernet & LAN setting scan be found from the left-hand menu of Robustel routers called “Interface.”
© Robustel | Commercial in Confidence –This document is for Robustel staff, distributors and approved customers ONLY
RobustVPNSetup Guide –Using Pushed Subnet Capability
The screenshot opposite shows where to look in
a specific VPN Group to find the given Subnet
address.
It is always a /28 address and is given at random
& cannot currently be fixed by the user.
This means up to 14 x LAN-side devices can be
addressed directly.
A neat way to leverage the pushed Subnet is to
use the DHCP Advanced Settings available when
editing LAN Settings in the “Interface” menu of a
Robustel device.
By entering a combination of the MAC address &
required IP Address in the correct format, a
device can be made to always receive the same
IP address when using DHCP. This can help to
simplify configuration. Equally, users are at
liberty to just use assign a static IP so long as it
lies within the correct subnet for the relevant
router.
RobustVPNSetup Guide –Using Pushed Subnet Capability
The screenshot opposite shows where to look in
a specific VPN Group to find the given Subnet
address.
It is always a /28 address and is given at random
& cannot currently be fixed by the user.
This means up to 14 x LAN-side devices can be
addressed directly.
A neat way to leverage the pushed Subnet is to
use the DHCP Advanced Settings available when
editing LAN Settings in the “Interface” menu of a
Robustel device.
By entering a combination of the MAC address &
required IP Address in the correct format, a
device can be made to always receive the same
IP address when using DHCP. This can help to
simplify configuration. Equally, users are at
liberty to just use assign a static IP so long as it
lies within the correct subnet for the relevant
router.
© Robustel | Commercial in Confidence –This document is for Robustel staff, distributors and approved customers ONLY
RobustVPNSetup Guide –4G Wireless Bridge Mode
By virtue of the fact that all routers in a Device Group are in a shared
Subnet it is possible for routers to communicate directly with each other.
As illustrated in diagram opposite, Router A can directly address Router B
with traffic going via the RVPN Server in the cloud.
This can be very useful when it is hard or expensive to install a physical
cable between two points in a building or on a campus but a point to point
TCP/IP link is required quickly.
Please note that for devices behind routers to talk directly to each other it
is necessary to use “Port Forwarding” or “Port Mapping” to facilitate this.
That may impose some limitations meaning this solution cannot work with
100% of applications.
When 4G is used as the backbone of such a solution, uptime is critical. For
this reason, we recommend customers consider the use of “Smart
Roaming” in conjunction with an unsteeredroaming SIM to achieve best
possible reliability, see:
https://www.robustel.com/app/smart-roaming/
RobustVPNServer
hosted in MS Azure
(10.8.64.1)
Router A
(10.8.64.128)
Router B
(10.8.64.129)
4G
4G
NOTE: Additional routing rules may need to be added to routers to facilitate 4G Wireless Bridge Mode.
Please contact Robustel Technical Support for help if required.
RobustVPNSetup Guide –4G Wireless Bridge Mode
By virtue of the fact that all routers in a Device Group are in a shared
Subnet it is possible for routers to communicate directly with each other.
As illustrated in diagram opposite, Router A can directly address Router B
with traffic going via the RVPN Server in the cloud.
This can be very useful when it is hard or expensive to install a physical
cable between two points in a building or on a campus but a point to point
TCP/IP link is required quickly.
Please note that for devices behind routers to talk directly to each other it
is necessary to use “Port Forwarding” or “Port Mapping” to facilitate this.
That may impose some limitations meaning this solution cannot work with
100% of applications.
When 4G is used as the backbone of such a solution, uptime is critical. For
this reason, we recommend customers consider the use of “Smart
Roaming” in conjunction with an unsteeredroaming SIM to achieve best
possible reliability, see:
https://www.robustel.com/app/smart-roaming/
RobustVPNServer
hosted in MS Azure
(10.8.64.1)
Router A
(10.8.64.128)
Router B
(10.8.64.129)
4G
4G
NOTE: Additional routing rules may need to be added to routers to facilitate 4G Wireless Bridge Mode.
Please contact Robustel Technical Support for help if required.
Thank You!
Tags
Categories
GeneralDownload
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 56
- Slides 15
- Age 474 days
Related Slideshows
22
Pray For The Peace Of Jerusalem and You Will Prosper
RodolfoMoralesMarcuc
32 views
26
Don_t_Waste_Your_Life_God.....powerpoint
chalobrido8
35 views
31
VILLASUR_FACTORS_TO_CONSIDER_IN_PLATING_SALAD_10-13.pdf
JaiJai148317
32 views
14
Fertility awareness methods for women in the society
Isaiah47
30 views
35
Chapter 5 Arithmetic Functions Computer Organisation and Architecture
RitikSharma297999
29 views
5
syakira bhasa inggris (1) (1).pptx.......
ourcommunity56
30 views