RC44 User Manual: Difference between revisions

From Silbo Networks
No edit summary
No edit summary
Line 1,825: Line 1,825:
Once the user selects the type of tunnel then click in the save button.
Once the user selects the type of tunnel then click in the save button.


'''GRE Tunnel'''


In this page the user needs to add all the details of GRE tunnels.
'''GRE Tunnel:'''


Once the user configured all the required fields then it needs to click on the save.  
A GRE (Generic Routing Encapsulation) tunnel configuration involves setting up a virtual point-to-point connection between two endpoints over an IP network.
 
Here the user can add/edit/delete the details of the tunnel.
[[File:GRE Tunnel 1.png|thumb|633x633px]]
 
 
 
 
 
 
 
 
Once the required update is done then click on update to save the changes.
 
'''EDIT:'''


[[File:GRE Tunnel.png|frameless|624x624px]]
[[File:GRE Tunnel.png|frameless|624x624px]]

Revision as of 05:09, 3 September 2024

This page contains the user manual for RC44.

Connecting with the device to the System (Laptop/Desktop).

To log in to SILBO_RC44 by connecting the router to your laptop or desktop via LAN or using Wi-Fi, please follow the steps below.


Connecting via LAN:

Connect your laptop's LAN port to one of the router's LAN interfaces. Ensure that you select any LAN interface (there are two available) while making sure the WAN interface is not used.

                                                                                                                                                         

How to connect with the SILBO_RC44 application

Once the LAN connection is established between the device and the laptop or the desktop

Please open the command prompt and ping go get the ip config of that device.

Type the command Ipconfig

How to connect with the SILBO RB44 application

It will provide the Ip address/url of that device through which the application can be accessed.

Log In

Open the web browser and type the IP address in the URL.

It will show the log in page of the application.

Give the valid credentials for the username and password to login to the application page.

Once the user credentials are provided it will direct to the landing page of the application.



The “Status” landing page shows all the detailed specification of the device like system, memory storage and connection tracking etc.

The application is divided in to 6 Modules.

  • Info
  • Settings
  • Maintenance
  • Status
  • Features
  • Logout

1.Info

The “Info” module provides the information about the devices to the user.

It provides all the specification related to the hardware, firmware, Networks and the Connection uptimes.

It has 3 submodules.

  • Overview
  • System Log
  • Kernel Log

1.1 Overview

In overview module it displays all the specification categorically of a device like System, Memory, storage, Connection tracking, DHCP Lease.

System

In this section it displays the hardware configured specification of the device.


The specifications details are as follows,

SN Field name Sample value Description
1 Hostname 22B09230239 This field displays the router serial number of the device
2 Model Silbo_RC44- EC200A This field displays the model number of the device
3 Firmware Version and IPK Version 1.16_1.13_RC3 This field displays the firmware version and IPK version
4 Kernel Version 4.14.180 This field displays the kernel version of the device
5 Local Time Monday, July 1, 2024, at 05:43:58 PM This field displays the local time
6 Uptime 0h 7m 29s This field displays the uptime of the device
7 Load Average 1.73 1.87 1.04 This field displays the average load

Memory

In this section it displays the memory configured specification of the device.


The specifications details are as follows.

SN Field name Sample value Description
1 Total Available 68676 kB / 124208 kB (55%) This field displays the total availability of memory space in the device
2 Free 59344 kB / 124208 kB (47%) This field displays the Free memory space in the device
3 Cached 312 kB / 124208 kB (0%) This field displays the Cached memory space in the device
4 Buffered 9332 kB / 124208 kB (7%) This field displays the Buffered memory space in the device


Storage

In this section it displays the status of storage as root and temporary usage specification of the device.


The specifications details are as follows.

SN Field name Sample value Description
1 Root Usage

796 kB / 15488 kB (5%)

This field displays the total root usage of the device
2 Temporary Usage

312 kB / 62104 kB (0%)

This field displays the total temporary usage of the device

Connection Tracking

In this section it displays the status of connection tracking for the device.


The specifications details are as follows.

SN Field name Sample value Description
1 Active Connection 48 / 16384 (0%) This field displays the active connection of the device.


DHCP Leases

In this section, it displays the DHCP lease of the temporary assignment of an IP address to a device on the network.

The specifications details are as follows.

SN Field name Sample value Description
1 Host Name KermaniK-LT This field displays the configured Host Name/User Name for that device.
2 IPv4-Address 192.168.10.147 This field displays the IP address of the device.
3 MAC-Address 34:73:5a:bb: ab:7a This field displays the MAC-Address of the device.
4 Lease time remaining 11h 53m 49s This field displays the lease time remaining for the device.

1.2 System Log

This page provides on screen System logging information.

In this page the user gets to view the system logs

1.3 Kernel Log

This page provides on-screen Kernel logging information.

In this page, the user gets to view the Kernel logs

2. Setting

In this “Setting” module the user can Configure/update all the required parameters related to Network, SIM Switch, Internet, VPN, Firewall, Loopback Rule, Remote monitoring, Tunnel as per requirement.

IT consist of 8 submodules.

  • Network
  • Sim Switch
  • Internet
  • VPN
  • Firewall
  • Loopback Rule
  • Remote Monitoring
  • Tunnel

2.1 Network

In this section the user does all the setting related configuration with reference to network like Ethernet Setting, Cellular Setting, Band lock and Operator Lock, Wi-Fi, Guest Wi-Fi, Wireless Schedule, SMS Setting, Loopback IP.


Ethernet Setting

In this page it will display all the configured port that is attached with the device.

For this device 3 ports are configured. Ethernet mode can be configured as WAN and as LAN as well. Ethernet LAN Connection settings can be configured as DHCP server or Static.


For port 3 setting

Kindly select the option LAN4 for Port 3 mode LAN/WAN. Based on the option selected the filed will also changes the user needs to configure all the required field and click on the save to save the required fields.

SN Field name Sample value Description
1 Port 3 mode LAN/WAN LAN This field displays the port mode selection
2 Port 3 Ethernet Protocol [LAN Eth0.1] DHCP Server This field displays the Ethernet mode selection
3 Port 3 DHCP Server IP 192.168.10.1 This field displays DHCP server IP configured.
4 Port 3 DHCP Netmask 255.255.255.0 This field displays DHCP server Netmask address configured
5 Port 3 DHCP Start Address 100 This field displays DHCP server start address configured
6 Port 3 DHCP Limit 50 This field displays DHCP server limit


Kindly select the option EWAN for Port 3 mode LAN/WAN. Based on the option selected the filed will also changes the user needs to configure all the required field and click on the save to save the required fields.

SN Field name Sample value Description
1 Port 3 mode LAN/WAN EWAN This field displays the port mode selection
2 Ethernet Protocol Port 3 WAN DHCP client This field displays the client
3 Gateway 192.168.1.1 This field displays gateway address configured


Click on the save once all the configuration is done and click on the update button to update all the information.

SW_LAN settings

In this part the user can configure the setting for SW_LAN

SN Field name Sample value Description
1 SW_LAN Ethernet Protocol DHCP Server This field displays the Ethernet mode selection
2 SW_LAN DHCP Server IP 192.168.10.1 This field displays DHCP server IP configured.
3 SW_LAN DHCP Netmask 255.255.255.0 This field displays DHCP server Netmask address configured
4 SW_LAN DHCP Start Address 100 This field displays DHCP server start address configured
5 SW_LAN DHCP Limit 50 This field displays DHCP server limit
6 DNS Server 1 This filed display number of DSN server availability
7 DNS Server Address 8.8.8.8 This filed display the DSN server address.


After configuring all the required information, the user should click on the save and then click on the update to update the all the required information.

Static option for SW_LAN Ethernet Protocol

Select the option of static from the drop-down menu for SW_LAN Ethernet Protocol.

SN Field name Sample value Description
1 SW_LAN Ethernet Protocol Static This field displays the Ethernet mode selection
2 SW_LAN static IP 192.168.5.1 This field displays static server IP configured.
3 SW_LAN Netmask 255.255.255.0 This field displays static server Netmask address configured
4 DNS Server 1 This filed display number of DSN server availability
5 DSN Server Address 8.8.8.8 This filed display the DSN server address.

After configuring all the required information, the user should click on the save and then click on the update to update the all the required information.


Cellular Setting

In this page, the user needs to configure the various details with respect to the SIM.

select single cellular single sim where the user must configure the APN details of the sim used for the router device. The Configurations can be done based on the SIM usage, with respect to IPV4 or IPV.


SN Field name Sample value Description
1 Cellular Operation Mode Single Cellular with Dual Sim This field displays the cellular operation mode.
2 Cellular Modem 1 QuectelEC200A This field displays the modem name.
3 Network Mode Automatic This field displays the Network mode selection
4 SIM 1 Access Point Name airtelgprs.com This field displays the name of the Sim 1 access point configured.
5 SIM 1 PDP Type IPV4 This field displays the type of SIM 1
6 SIM 1 Username This field is optional, and the user can configure the name of the SIM 1
7 SIM 1 Password This field is optional, and the user can configure the password for the SIM 1
8 SIM 1 Authentication Protocol None This field displays the type of protocol is being used for SIM 1
9 SIM 2 Access Point Name airtelgprs.com This field displays the name of the Sim 2 access point configured.
10 SIM 2 PDP Type IPV4 This field displays the type of SIM 2
11 SIM 2 Username This field is optional, and the user can configure the name of the SIM 2
12 SIM 2 Password This field is optional, and the user can configure the password for the SIM 2
13 SIM 2 Authentication Protocol None This field displays the type of protocol is being used for SIM 2
14 Primary SIM Switchback Time (In Minutes) 10 This field displays the time given for sim to swich in between.

After configuring all the required information, the user should click on the save and then click on the update to update the all the required information.

Band lock and Operator Lock

In this page, the user needs to configure the lock band and operator based on the service provider.

Bands available in the drop-down list.



2G/3G option

2G/3G: - 3G allows additional features such as mobile internet access, video calls and mobile TV. While the main function of 2G technology is the transmission of information through voice calls.


The user should select the band check box  available for 2g/3g  from the given list.

Bands available for selection under LTE for the bands available that zone.


Operator Selection Mode

The user needs to click on the check box of the “operator select enable” to select the operator.

Once the check box is clicked there will be a dropdown list of the operator modes from which the user needs to select the mode. The user needs to select the operator mode from the given dropdown list.


If the user selects the mode “Manual” or “Manual-Automatic” then one more text box will appear where the user must provide the operator code.



After configuring all the required information, the user should click on the save and then click on the update to update the all the required information.


Wi-Fi Setting

Wi-Fi is a family of wireless network protocols based on the IEEE 802.11 family of standards, which are commonly used for local area network of devices and internet access, allowing nearby digital devices to exchanges data by radio waves. These are the most widely used computer network, used globally in home and small office networks to link devices and to provided internet access with wireless router and wireless access point in public places. In this router has the general setting and change country code, channel, radio mode, radio passphrase as per the requirement after clicking on enable Radio button.



The user needs to select the respective radio mode based on its need. Basically, it has 3 radio mode.



Access Point mode: In Access Point mode, router connects to a wireless router through an Ethernet cable to extend the coverage of wireless signal to other network client.


Client point:  In client mode, the access point connects your wired devices to a wireless network. This mode is suitable when you have a wired device with an Ethernet port and no wireless capability, for example, a smart TV, Media Player, or Game console and you want to connect it to the internet wirelessly, select the Client Mode and give the Radio SSID & client passphrase


Access point and client point: select this option for both type connection, give both SSID and passphrase.

After configuring all the required information, the user should click on the save and then click on the update to update the all the required information.

SN Field name Sample value Description
1 Radio 0 Protocol IEEE 802.11 b/g/n In this dropdown the user should select which protocol is being used
2 Country Code INDIA In this dropdown the user should select which county it belongs to.
3 Channel Auto In this dropdown the user should select the proper channel to be used.
4 TX Power 100 In this text box the user should specify the power.
5 Channel Width 20 MHz In this dropdown the user should select the channel width
6 Radio Mode Access point In this drop down the user should select the mode.
7 Radio SSID APClient_22B09230239 In this text box the user should specify the SSID number
8 Radio Authentication WPA2 Personal (PSK) In this dropdown the user should select the type of authentication.
9 Radio Encryption AES In this dropdown the user should select the type of encryption required.
10 Radio Passphrase In this text box the user should specify the password.
11 Radio DHCP server IP 192.168.100.1 In this text box the user should specify the IP address of DHCP server.
12 Radio DHCP start address 100 In this text box the user should specify the start address of the DHCP.
13 Radio DHCP limit 50 In this text box the user should specify the limit for the DHCP.


Wireless Schedule

Wi-Fi can be automatically withdrawn based on the configuration done in this section.

The user can schedule the Wi-Fi’s accessibility time during a particular period.

After configuring all the required information, the user should click on the save and then click on the update to update the all the required information.

The user can select more than one “day of the week” for scheduling the wifi working hours.


Loop back IP settings

The loopback IP address, often referred to as “localhost”. it’s used to establish network connections within the same device for testing and troubleshooting purpose.


After configuring all the required information, the user should click on the save and then click on the update to update the all the required information.

The loopback IP address, commonly represented as 127.0.0.1, is a special address used for testing network connectivity on a local machine. It allows a device to send network messages to itself without involving external networks, making it useful for troubleshooting and diagnostics.

However, this IP can be changed as per requirement and to do that, Navigating to Setting>>Network configuration>> Loopback IP settings can be changed/updated.

Above screenshot shows the configuration window from GUI/WebUI

SMS Settings

User needs to enable SMS option in SMS settings page. This option is to validate the mobile numbers using which controlling commands could be sent to the router device. 1 to 5 mobile numbers can be authenticated by choosing from “Select Valid SMS user numbers” and adding the mobile numbers below respectively. API key is the pass key used in the commands while sending SMS. Displayed in the below screen is the default API key which can be edited and changed as per choice.   After addition of the mobile numbers user needs to click on save button for changes to take place.



Select valid user number max. 5 and add authorized phone number in the main menu where want to find the alert and click on SMS Response Enable, save and update button, now send SMS commands from the configured mobile number. Once the commands are received from the user phone number the board send acknowledgement as per the commands after that it will send the router’s status once it has rebooted and is operational again.

Mentioned below are a few commands which can be sent from the configured mobile number to the router device. Below two commands are One for rebooting the router device and another to get the uptime.

1) {"device":["passkey","API key"],"command":"reboot","arguments":"hardware"}

2) {"device":["passkey ","API key"],"command":"uptime"}

After configuring all the required information, the user should click on the save and then click on the update to update the all the required information.


2.2 SIM

In this page the user needs to configure the Sim for the given device.

The user needs to select from the drop-down menu on which basis the sim needs to be switched.

Once the user selects on “signal strength” then the parameters related to signal strength will pop up and the user needs to configure the parameters based on the requirement

Threshold RSRP

This Needs to be set appropriately. Incorrect setting may cause unnecessary SIM switching. ( In General a BAD RSRP value range is -140 to -115 and FAIR RSRP value range is -115 to -105).

Threshold SINR

This Needs to be set appropriately. Incorrect setting may cause unnecessary SIM switching. ( In General a BAD SNR value range is -20 to 0 and FAIR SNR value range is 0 to 13)

Once the user selects on “Data Limit” then the parameters related to Data Limit will pop up and the user needs to configure the parameters based on the requirement.

SN Field name Sample value Description
1 SIM Switch Based on Data Limit The user needs to select from the drop-down menu on what basis the sim needs to be switched.
2 SIM 1 Data Usage Limit (In MB) 1000 The user needs to set the limit for the data usage for SIM 1.
3 SIM 2 Data Usage Limit (In MB) 1000 The user needs to set the limit for the data usage for SIM 2.
4 Periodicity Daily The user needs to set the pattern/frequency to switch the sims.
5 Day Of Month 16 The user needs to set the day for switching the sim.

After configuring all the required information, the user should click on the save.

2.3 Internet

In this page the user needs to configure the internet connection to set the priority from the various options. The user should decide what kind of connection it needs to provide to the device like LAN, WAN etc. Once the connections are configured then click on save option and then on update.


If the user needs to edit on the existing configuration, then the user should click on the “EDIT” button.

SN Field name Sample value Description
1 Name EWAN2 This field displays the name of the WAN connection
2 Priority 1 In this dropdown box the user need to select the priority.
3 Select Track IP Numbers 2 In this dropdown the user needs to select the track number for the Ips.
4 TrackIP1 8.8.8.8 In this text field the user needs to set the IP address for the track 1
5 TrackIP2 8.8.4.4 In this text field the user needs to set the IP address for the track 1
6 Reliability 1 Not sure what needs to be written
7 Count 1 Not sure what needs to be written
8 Up 1 Not sure what needs to be written
9 Down 1 Not sure what needs to be written

Once the user is done with modification click on the save button to save all the changes and then click on the update button.

2.4 VPN

VPN stands for Virtual Private Network, it establishes a connection between the system and a remote server, which is owned by a VPN provider.

Creating a point-to-point tunnel that encrypts the personal data, masks the IP address, and allows to block the required website to blocks via firewalls on the internet.


There are 5 types of setting available under VPN configuration.

  • General Settings
  • IPSEC
  • Open VPN
  • Wireguard
  • Zerotier

General Settings

In this page the user must choose which type of VPN connection is required for the device.

The user must select from IPSEC or Open VPN based on its requirement. If required, the user can select for both the options.


The user needs to click on the save after selecting the option based on its requirement.

IPSEC

IPSEC VPN is used to create a VPN connection between local and remote networks. To use IPSEC VPN, the user should check that both local and remote routers support IPSEC VPN feature.

In this page the user can add/edit/delete the IPSEC VPN connection for the device.


The user needs to click on the update button once the required configuration is completed.

In IPSEC the user needs to click on edit button to edit the configuration of an existing VPN connection.


Click on the save button after the required configuration.

The tunnel will show established, showing the connection has been made.

SN Field name Sample value Description
1 IPSEC Site to Site VPN In this dropdown the user should select the IPSEC connection type.
2 IPSEC Role Client/Server In this dropdown box the user needs to select the IPSEC role.
3 Connection Type Tunnel In this dropdown the user needs to select the connection type. The user should select on the connection enable check box.
4 Connection mode start In this drop down list the user should select the mode for the connection. it will have route/add/start/trap mode
5 Remote Server IP 1.1.1.1 In this text field the user needs to set the IP address for the remote server.
6 Local ID g300 The user needs to set the local id.
7 No. of local subnets 1 In this dropdown the user needs to select how many subnets it will be connected.
8 Local Subnet 1 192.168.11.1/24 In this text box the user needs to put the address of the local subnet.
9 Remote id sophos In this text box the user needs to put the id of the remote connection.
10 No of remote subnet 1 In this dropdown the user needs to select how many subnets it will be connected remotely.
11 Remote subnet 192.168.10.0/24 In this text box the user needs to put the address of the remote subnet.
12 Key exchange Ikev1 In this dropdown the user should select the which key exchange version to be selected.
13 Aggressive Yes/No In this dropdown the user should select either yes or no .
14 IKE lifetime 8 Fill according to user’s requirements.
15 Lifetime in seconds 1 Fill according to user’s requirements.
16 Enable DPD Detection 1

0

Indicates whether Dead Peer Detection is enabled to detect a lost connection. Enable this option as per server-side settings.
17 Time Interval (In Seconds) 60 This option is available only if DPD Detection is enabled. The time interval is the interval for DPD checks.
18 Action Restart/clear/hold/

trap/start

Restart: Action to take when DPD detects a lost connection (restart the connection). Select as per server-side setting.
19 Authentication Method PSK PSK: Pre-shared key is used for authentication. Select this option for authentication as per sever side setting.
20 Multiple Secrets 1/0 Indicates whether multiple PSK secrets are used. Enable only if required.
21 PSK Value ****** Pre-shared key value (masked for security).

*Below are Phase I and Phase II settings details*

Proposal settings Phase I
22 Encryption Algorithm AES 128

AES 192

AES 256

3DES

AES 256: Encryption algorithm for Phase I. Select as per server-side configuration. Both server and client should have same configuration.
23 Authentication Phase I SHA1

MD5

SHA 256

SHA 384

SHA 512

SHA 512: Authentication algorithm for Phase I.

Select as per server-side configuration. Both server and client should have same configuration.

24 DH Group MODP768(group1)

MODP1024(group2)

MODP1536(group5)

MODP2048(group14)

MODP3072(group15)

MODP4096(group16)

MODP2048 (group14): Diffie-Hellman group for key exchange.

Select as per server-side configuration. Both server and client should have same configuration.

Proposal settings Phase II
25 Hash Algorithm AES 128

AES 192

AES 256

3DES

AES 256: Encryption algorithm for Phase II. Select as per server-side configuration. Both server and client should have same configuration.
26 Authentication Phase II SHA1

MD5

SHA 256

SHA 384

SHA 512

SHA 512: Authentication algorithm for Phase II.

Select as per server-side configuration. Both server and client should have same configuration.

27 PFS Group MODP768(group1)

MODP1024(group2)

MODP1536(group5)

MODP2048(group14)

MODP3072(group15)

MODP4096(group16)

MODP2048 (group14): Perfect Forward Secrecy group.

Select as per server-side configuration. Both server and client should have same configuration.

Open VPN

In the OpenVPN connection, the home network can act as a server, and the remote device can access the server through the router which acts as an OpenVPN Server gateway. To use the VPN feature, the user should enable OpenVPN Server on the router, and install and run VPN client software on the remote device.


The user needs to “upload” the respective certificate from a valid path and then click on the “Update.”

Once the OpenVPN connection starts the user will get an option to enable/disable the VPN connection as and when required.

By clicking on the enable/disable button, the user can start/stop the VPN connection.

VPN has been established.


WireGuard:

WireGuard is simple, fast, lean, and modern VPN that utilizes secure and trusted cryptography.

Click on “Edit” to start configurations as needed.



EDIT:


Click on the save button after the required configuration.

SN Field name Sample Value Description
1 Wireguard Role Client/Server In this dropdown box the user needs to select the wireguard role.
2 Listen Port 51820 The UDP port on which the WireGuard client listens for incoming connections.
3 IP Addresses 10.0.0.1/24 The IP address and subnet mask assigned to the WireGuard client's interface. This address is used within the VPN.
4 Allowed PeerIPs 10.1.1.1 The IP address of the allowed peer(s) that can connect to this WireGuard client. This might need adjustment based on the actual peer IPs used in the network.
5 Endpoint HostIP 10.1.1.1 The IP address of the WireGuard server (the endpoint to which the client connects).
6 Endpoint HostPort 51820 The port on the WireGuard server to which the client connects.
7 PeerPublicKey ***** The public key of the peer (the server) the client is connecting to. This key is part of the public-private key pair used in WireGuard for encryption and authentication.
8 Enable Preshared key Yes/No This option indicates that a pre-shared key (PSK) is used in addition to the public-private key pair for an extra layer of security.
9 Preshared key ***** The actual pre-shared key value shared between the client and the server. This option appears only if you have enabled preshared key.

Zerotier:

ZeroTier is a tool that lets you create your own private network over the internet.

Go to ZeroTier Central and sign up for a free account. In ZeroTier Central, click on "Create a Network". This will generate a unique 16-digit network ID for your new network.

Go to settings => VPN, in general settings, enable ZeroTier and save.


Copy and paste the unique 16-digit network ID in the edit section.



Click on the save button after the required configuration.

SN Field Name Sample Value Description
1 NetworkID Ad2769hfkw2345f4 In this dropdown box the user needs to paste the unique 16-digit network id.
2 Listen Port 9993 Default

2.5 Firewall

A firewall is a layer of security between the network and the Internet. Since a router is the main connection from a network to the Internet, the firewall function is merged into this device. Every network should have a firewall to protect its privacy.


There are 6 types of setting available under firewall.

  • General Settings
  • Port forwards
  • Traffic Rules
  • SNAT traffic Rules
  • Parental Control
  • Zone Forwarding


General Setting

General settings are subdivided into 2 parts,

1.) General settings

In general settings, the settings that are made are default settings and can be changed according to user’s preference.


Specification details are below:

SN Field Name Sample Value Description
1 Enable SYN-flood protection Enabled This is enabled by default; setting can be changed if required.
2 Disable IPV6 Disabled This is enabled by default; setting can be changed if required.
3 Drop invalid packets Disabled This is enabled by default; setting can be changed if required.
4 TCP SYN Cookies Disabled This is enabled by default; setting can be changed if required.
5 Input Reject/Accept By default, the setting is ‘Reject’ but this needs to be changed to ‘Accept’ compulsory.
6 Output Reject/Accept By default, the setting is ‘Reject’ but this needs to be changed to ‘Accept’ compulsory.
7 Forward Reject/Accept By default, the setting is ‘Reject’ but this needs to be changed to ‘Accept’ compulsory.

2.) Zone settings

In zone settings, there’s an option to add “New Zone”, according to user’s requirement.


Port Forwards:

Port forwarding is a feature in a router or gateway that allows external devices to access services on a private network.

It maps an external port on the router to an internal IP address and port on the local network, enabling applications such as gaming servers, web servers, or remote desktop connections to be accessed from outside the network.

This helps in directing incoming traffic to the correct device within a local network based on the port number, enhancing connectivity and accessibility.


EDIT

Click on the save button after the required configuration.

SN Field name Sample value Description
1 Name Example: Web_Server_Forward Field must not be empty. Provide a name for the rule to easily identify it.
2 Protocol Example: TCP+UDP Select the protocol for the rule.

Options typically include TCP+UDP, TCP, UDP, ICMP, Custom.

3 Source zone Example: SW_LAN Select the source zone where the traffic is originating from. Options typically include EWAN2,SW_LAN,CWAN1,CWAN1_0,CWAN1_1,VPN
4 Source MAC address [optional] Example: any any: Leave as any if you don't want to specify a MAC address.
5 Source IP address[optional] Example: Leave blank if not needed. Optionally specify an IP address or range.
6 Source port Example: 80, 443 (if matching traffic for web server ports) Specify the source port or port range.
7 Destination zone Example: SW_LAN Select the destination zone where the traffic is heading to.
8 Destination IP address Leave blank if not needed. Optionally specify the destination IP address or range.
9 Destination port Example: 80 (if redirecting to a web server port) Specify the destination port or port range.


Traffic Rule:

"Traffic rules" refer to the policies and regulations that govern the flow of data packets within a network.

To allow new traffic, click on “Add and Edit” in “New Traffic Rule”.


EDIT

Specification details are below:

SN Field name Sample Value Description
1 Name Example: Allow_HTTP_and_HTTPS Field must not be empty: Provide a descriptive name for the traffic rule.
2 Restrict to Address Family 1.       Options: IPv4, IPv6

2.       Example: IPv4 if dealing with typical internet traffic.

Select the address family to generate iptables rules for.
3 Protocol Example: TCP+UDP TCP+UDP: Match incoming traffic using the given protocol.
4 Match ICMP Type Example: any Match all ICMP types if set to any. Specific types can be chosen if needed.
5 Source Zone Example: LAN Specifies the traffic source zone.
6 Enable DDoS Prevention Example: ‘Checked’ if you want to enable DDoS prevention measures Enable or disable Distributed Denial of Service (DDoS) prevention.
7 Source MAC Address Example: any any: Match traffic from any MAC address or specify a particular MAC address.
8 Source Address Example: 192.168.1.0/24 Match incoming traffic from the specified source IP address or range.
9 Source Port Example: any if all source ports should be matched any: Match incoming traffic from the specified source port or port range.
10 Destination Zone Example: WAN Specifies the traffic destination zone.
11 Action Example: ACCEPT Options: ACCEPT, DROP, REJECT. Specify the action to take for matched traffic.
12 Limit Example: 10/minute to limit matches to 10 times per minute. Maximum average matching rate; specified as a number, with an optional /second, /minute, /hour, or /day suffix.
13 Extra arguments Example: --log-prefix "Blocked: " to add a log prefix to log messages for this rule. Passes additional arguments to iptables. Use with care as it can significantly alter rule behaviour.

Click on save once configured.


SNAT Traffic Rule:

For configuring SNAT (Source Network Address Translation) traffic rules, you can control how outbound traffic from your local network is translated to a different IP address as it exits the network.

To add new source NAT,

Click on “ADD” in “New Source NAT:”


Edit

Specification details are below:

SN Field name Sample value Description
1 Name Example: SNAT_WAN_to_LAN Field must not be empty: Provide a unique and descriptive name for the SNAT rule.
2 Protocol Example: TCP+UDP TCP+UDP: Select the protocols that the SNAT rule will apply to.
3 Source Zone Example: wan wan: Specifies the source zone from which the traffic originates.
4 Source IP Address Example: any or a specific range like 192.168.1.0/24 -- please choose --: Specify the source IP address or range. Leave empty if the rule applies to any source IP.
5 Source Port Example: any any: Specify the source port or port range from which the traffic originates.
6 Destination Zone Example: lan lan: Specifies the destination zone to which the traffic is directed.
7 Destination IP Address Example: any or a specific IP like 192.168.1.100 -- please choose --: Specify the destination IP address or range. Leave empty if the rule applies to any destination IP.
8 Destination port Example: any any: Specify the destination port or port range to which the traffic is directed.
9 SNAT IP Address Example: 203.0.113.5 (an external IP address) -- please choose --: Specify the IP address to which the source IP should be translated.
10 SNAT Port Example: Leave empty if not needed, or specify a port like ‘12345’ Optionally, rewrite matched traffic to a specific source port. Leave empty to only rewrite the IP address.
11 Extra Arguments Example: --log-prefix "SNAT_traffic: " (to add a log prefix to log messages for this rule) Pass additional arguments to iptables. Use with care as it can significantly alter rule behaviour.

Click on save once configured.


Parental Control:

For configuring parental control rules, you want to set restrictions based on time, source, and destination zones, as well as specific devices.

To add parental control in firewall,

Click on “Add and Edit” in “New parental control:” field.


Edit


Specification details are given below:

SN Field Name Sample Value Description
1 Name Example: Parental_Control_Sunday Field must not be empty: Provide a unique and descriptive name for the parental control rule.
2 Proto all all: This specifies that the rule will apply to all protocols.
3 Source Zone Example: lan Field must not be empty: Please look at Firewall->Zone Settings to find zone names.
4 Destination Zone Example: wan Field must not be empty: Please look at Firewall->Zone Settings to find zone names.
5 Source MAC Address Example: 00:1A:2B:3C:4D:5E Field: Enter the MAC address of the device you want to apply the parental control rule to. This is useful for restricting specific devices.
6 Target Example: Reject Accept: This specifies the action to take. For parental controls, you might want to use ‘Reject’ or ‘Drop’ to block traffic.
7 Weekdays Example: Sunday Sunday: Specify the days of the week when the rule should be active.
8 Month Days Example: All All: Specify the days of the month when the rule should be active.
9 Start Time (hh:mm:ss) Example: 18:00:00 (6:00 PM) Field must not be empty: Specify the start time when the rule should begin to apply.
10 Stop Time (hh:mm:ss) Example: 22:00:00 (10:00 PM) Field must not be empty: Specify the stop time when the rule should end.

Click on save once configured.


Zone Forwarding:

Zone forwarding in network configuration allows traffic to be directed from one zone to another.

To ADD new zone,

Click on “Add” in “New Zone Forward:” field.


EDIT


Specification details are below:

SN Field Name Sample Value Description
1 Source Zone Example options: lan, wan, etc. --please choose--: Select the source zone from which the traffic originates.
2 Destination Zone Example options: lan, wan, etc. --please choose--: Select the destination zone to which the traffic is directed.

Click on save once configured.

2.6 Loopback Rule

In this page the user can configure the port where he want to forward the traffic to. Here the user can add/edit/delete different port ports as per the requirement.

The user should click on ‘add’ and then ‘edit’ to do the required changes in the port and enter the valid information in each section to configure the port for forwarding.


Specification details are given below:

SN Field Name Sample Value Description
1 Name Example: loopback Provide a descriptive name for the rule.
2 Protocol Example: TCP+UDP TCP+UDP: Select the protocols that the rule will apply to.
3 Source IP Address [Optional] Example: any or a specific IP range like 192.168.1.0/24 Optionally specify the source IP address or range. Leave empty if the rule should apply to any source IP.
4 Source Port [Optional] Example: any any: Specify the source port or port range from which the traffic originates. any allows traffic from all ports.
5 Loopback IP Address Example: 127.0.0.1 Specify the loopback IP address. Typically, this is 127.0.0.1.
6 Port Example: any any: Specify the destination port or port range to which the traffic is directed. any allows traffic to all ports.
7 Action Example: DNAT This specifies the action to take either DNAT or SNAT.
8 Internal IP Address Example: 192.168.1.100 Field must not be empty: Specify the internal IP address to which the traffic should be redirected.
9 Internal Port Example: any Redirect matched incoming traffic to the given port on the internal host.

Once the user is done with the required configurations, user should click save button and then click on the update to save the changes.

2.7 Remote Monitoring

In this page the user can select which equipment needs to be monitored remotely.

Once the user selects the type of RMS click on save.


NMS:

In this page the user should type the server IP or domain name in the URL then click on save.

Click on upload and start (Once key is uploaded and this option is clicked, NMS automatically starts, and this router device gets registered with the NMS server provided).


TR069

To enable the TR069 the user needs to click on the enable check box.


Once the user clicks on the check box of enable it will display all the required filed to configured.

Specification details are given below:

SN Field Name Sample Value Description
1 Serving Interval 300 A value of 300 seconds means the device will check in with the ACS (auto-configuration servers) every 5 minutes.
2 Interface This can be something like eth0 or wan. This specifies the network interface used for TR-069 communication.
3 Username Example: User The username used to authenticate with the ACS.
4 Password •••• The password used to authenticate with the ACS.
5 URL http://example.com The URL of the ACS. This is where the CPE (customer-premises equipment) will send its requests and where it will receive configurations and updates from.

The user should fill all the required fields and click on the save button.

2.8 Tunnel

Tunnels are a method of transporting data across a network using protocols which are not supported by that network.

It is further categorised into 3 sections,

1.) General Settings

2.) GRE Tunnel

3.) IPIP Tunnel


General Settings

In this page the user needs to select under which type of tunnel it needs to send the data.

Once the user selects the type of tunnel then click in the save button.


GRE Tunnel:

A GRE (Generic Routing Encapsulation) tunnel configuration involves setting up a virtual point-to-point connection between two endpoints over an IP network.

Here the user can add/edit/delete the details of the tunnel.





Once the required update is done then click on update to save the changes.

EDIT:


Here the user can add/edit/delete the details of the tunnel. Once the required update is done then it needs to click on update to save the changes.


IPIP Tunnel

In this page the user needs to add all the details of IPIP tunnels.

Once the user configured all the required fields then it needs to click on the save.


Here the user can add/edit/delete the details of the tunnel. Once the required update is done then it needs to click on update to save the changes.


3 Maintenance

In this module the user can configure/upgrade/modify the settings related to system, password, firmware and monitoring.


It includes below submodules.

  • General
  • Password
  • Reboot
  • Import and Export config
  • Firmware upgrade
  • Monitor Application

3.1 General

In this section the user can configure the details related to time zone and host name

SN Field name Sample value Description
1 Local Time 2023/12/13 12:24:11 It displays the system current date and time.
2 HostName 31B30230298 It displays the host name.
3 Timezone Asia/Kolkata It displays in which time zone its configured.

Once the user configures the required details then click on the save button to save all the details.


Logging

Here the user can configure the basic aspects of your device related to system.

SN Field name Sample value Description
1 System log buffer size 32 This displays the log size of system buffer
2 External system log server 0.0.0.0 This displays the ip add of the external system log
3 External system log server port 514 This displays the port number of the external system log
4 Log output level debug In this drop down the user selects the level of the log output.
5 Cron Log level debug In this drop down the user selects the level of the corn log .

Once the user configures the required details then click on the save button to save all the details.

Language and Style

Here the user can configure the basic aspects of your device related to language.

Once the user configures the required details then click on the save button to save all the details.

3.2 Password

In this module the user can set the password for the admin credentials.


Specifies the password for the guest account. If the user enter a plaintext password here, it will get replaced with a crypted password on save. The new password will be effective once the user logs out and log in again.

The user needs to write the password in the text box and click on the save button to save the password.

3.3 Reboot

In this module the user can reboot the device remotely.

To start the reboot process first the user needs to fill all the required fields.

Need to select the type of reboot for the device whether it needs to be Hardware or Software reboot.

SN Field name Sample value Description
1 Type Maintenance Reboot In this dropdown list the user needs to select the type of reboot is required to configure.
2 Reboot Type Hardware In this dropdown list the user needs to select the hardware or software reboot is required.
3 Minutes 59 In this dropdown the user needs to configure the min to start the reboot activity
4 Hours 22 In this dropdown the user needs to configure the hours to start the reboot activity
5 Day of Month All In this dropdown the user needs to configure the day of the month to start the reboot activity
6 Month All In this dropdown the user needs to configure the month to start the reboot activity
7 Day of the week All In this dropdown the user needs to configure the week to start the reboot activity

Once the user fills all the required given parameters click on the save.

To start the reboot process, click on the “Reboot Now” button.

3.4 Import and Export

In this section, User can Import & Export Configuration files of the Device.

click “Export Config” to export device configuration & settings to a text file,

click “Import Config” to import device configuration & settings from a previously exported text file.

The user need to select on the choose file to and click on the apply.

3.5 Firmware Upgrade

The user can upgrade with the latest software for the existing firmware.


Click on the flash image and chose the path where the sys-upgrade file is kept and then click on flash image, it will upgrade to the latest software once the reboot is done.


Click on the Retain Config and flash and chose the path where the sys-upgrade file is kept and then click on Retain Config and flash, it will upgrade to the latest software once the reboot is done.

Click on the Factory Reset for the complete retest of the device.

3.6 Monitor Application


4 Status

In this module the user can view the status of the router device with respect to the network, Wan, modem etc.


It has 4 submodules.

  • Interfaces
  • Internet
  • Modem
  • Route

4.1 Interfaces

In this page the user can see the traffic status for all the network through which the device works.

Looking on the network status the user can check if the cellular or the ethernet is up.

4.2 Internet

In this submodule the user can view the status of the internet connections.

  To see the latest status of the internet connection the user needs to click on the refresh button.

4.3 Modem

In this sub module the user will get to know the status of the cellular interface which is installed inside the modem. The user can view all the details related to the sim in terms of Operator, Network technology, Mobile country code, Upload bandwidth, Download Bandwidth, Frequency band, RSRP, RSRQ, RSSI & SNR under this page.

4.4 Route

In this page the user can check the status of the route for the device. The ARP status can be visible in under this page.

5 Features

In this module the user can see all the features that the router device has.

This module includes the below features.

  • Mac Address Binding
  • URL Filtering
  • Web Server
  • Wi-Fi MacID Filtering
  • Routing
  • Others

5.1 Mac Address Binding

Under this submodule the user can configure/update/edit the IP Address for MAC


The user should write MAC address and then click on the add button. Once the address is added then click on the update button to save the modification.

The user needs to click on the Edit button to modify the preexisting configuration.


Once the user modifies the MAC address /IP Address then click on the save button to save the changes done.

The user can click on the deleted button to delete an existing configured device.

Post all the changes the user needs to click on the update to reflect all the changes in the application.

5.2 URL Filtering

In this submodule the user should provide the URL which needs to be blocked for the device.

To add the new URL for blocking, click on the Add New button.

Once the user clicks on the Add New button a new pop will appear in that page write the URL and click on the save. The user can select the status of that URL while defining the URL.


To edit / delete the existing URL the user needs to click on the edit /deleted button respectively.

Click on the save after the changes are done as per the need.

5.3 Web Server

In this submodule the user can configure webserver related parameters.

To configure the HTTP, click on the enable HTTP. Once the user clicks on the check box the HTTP Port text box will appear where the user needs to configure the port id.

Click on save buttons to save the changes.

To configure the 2nd HTTP, click on the enable HTTP. Once the user clicks on the check box the HTTP Port text box will appear where the user needs to configure the port id.

Click on save buttons to save the changes.

Click on the “Redirect https” and “RFC1918 Filter” check box to respectively and click on the save button to save the changes.

To configure the NTP sync, click on the enable NTP sync. Once the user clicks on the check box the respective text boxes will appear to configure the parameters.

Once the user configures the parameters click on the save button to save the given values.

5.4 Wi-Fi MacID Filtering

In this module the user can filter the Macids. Mac address filtering allows users to block traffic coming from certain known machines or devices.

Before adding the MacIDs the user needs to select the mode from the dropdown menu.

To Add the MacID the user needs to click on Add New option select the mac id and network name Wi-Fi 2.4G AP OR Wi-Fi 2.4G AP Guest, select enable/disable option and save it and update.             


Once the required MACID and Network Name is configured the user needs to click on the save button to add the details.

The user needs to click on the edit button to do modifications on the pre-existing configuration.


Once the required MACID / Network Name is modified the user needs to click on the save button to reflect the changed value in the application.

WIFI 2.4G AP Guest

To Add the MacID the user needs to click on Add New option select the mac id and network name Wi-Fi 2.4G AP Guest, select enable/disable option and save it and update. 

     

Once the required MACID and Network Name is configured the user needs to click on the save button to add the details.

The user needs to click on the edit button to do modifications on the pre-existing configuration.

Once the required MACID / Network Name is modified the user needs to click on the save button to reflect the changed value in the application.

5.5 Routing

In this submodule the user can configure the parameters related to routing of the device. like Target address, Networks address etc.

To add a new device the user needs to fill all the required information and click on the add button.

SN Field name Sample value Description
1 Interface eth0.1 In this drop down list the user should configure the interface name.
2 Target 192.168.10.1 In this text box the user needs to insert the target IP address
3 IPV4 Netmask 255.255.255.0 In this text box the user should give the address for the IPV4Netmask
4 Metric 5 In this text box the user should insert the number of the metric.
5 IPV4 Gateway 192.168.100.1 In this text box the user should configured the address for the IPV4 Gateway.
6 Route Type Unicast In this drop down box the user should select the type of route needed for the device.

To edit the existing device the user needs to click on the edit option.


Once the changes are done click on the save button to save all the changes.

Click on the deleted button to delete the existing device detail.

Advanced Static IPV4 Routes:


To add a new device the user needs to fill all the required information and click on the add button.

SN Field name Sample value Description
1 Interface eth0.1 In this drop down list the user should configure the interface name.
2 To 192.168.10.1 In this text box the user needs to insert the target IP address
3 IPV4 Netmask 255.255.255.0 In this text box the user should give the address for the IPV4Netmask
4 Table local
5 From 192.168.100.1 In this text box the user should configured the from address for the routes
6 Priority 230

To edit the existing device the user needs to click on the edit option.


Once the changes are done click on the save button to save all the changes.

Click on the deleted button to delete the existing device detail.

Once all the configurations are done click on the update button to reflect the changes made.

5.6 Others

In this page the user will get to do all the other miscellaneous configuration with respect to the device based on the required parameters.

SN Utility Action Description
1 Set Date SET Need to set the date and time and after click command get the Date and time
2 Gate Date GET Needs to get the system date and time
3 IPsec status all GET Needs to get the IPsec details
4 Wi-Fi Scan GET Needs to get the Wi-Fi status
5 ipref3 client RUN Needs to click on the RUN to execute the command
7 ipref3 server RUN Needs to click on the RUN to execute the command
8 Ping PING Needs to click on the ping status
9 Traceroute RUN Needs to click on the ping Traceroute status
10 NTP Sync SYNC Click to Sync the NTP
11 Download Files DOWNLOAD Click to Download the files /Database
12 Restart Power RESTART Click Restart the power
13 Restart Modem RESTART Click to Restart the modem
14 Run at command RUN Click to Run the command
15 Show board configuration SHOW To Show the board configuration
16 Show VPN Certificate Name SHOW To Show VPN Certificate Name
17 Switch SIM to Secondary RUN Click to switch the SIM to secondary mode
18 Send Test SMS SEND To Send the SMS Confirmation
19 Readlatest SMS READ Click to Read the latest SMS
20 Data Usage SHOW Click to show the data usage.
21 Monthly Data Usage SHOW Click to show the monthly data usage
22 Modem debug Info READ Click to read the information about the modem debug
23 Scan Network operators (take>3mins) SHOW Click to show the Network operator
24 Network operators (first perform scan network operator SHOW Click to show the Network operator
25 ReadLogFiles READ Click to read the log files
26 Enable ssh RUN Click to Run the command
27 Disable ssh RUN Click to Run the command
28 Clear SIM1 Data CLEAR Click to clear the SIM1 data
29 Clear SIM2 Data CLEAR Click to clear the SIM data

6 Logout

The user should click on log out option to logged out from the router application.


The user needs to click on the ok to come out of the router application.