Abstract:
This document provides a step by step procedure for setting up a IPSEC VPN tunnel between two SN or RAM units and how to test the complete setup.
Use Case/Problem Solved:
As the global experts in communication, monitoring and control for Industrial Automation applications, Red Lion has been delivering innovative solutions to customers for a variety of applications. A key product for supporting these applications is the SN & RAM Cellular routers. Many of the targeted systems are in remote, rugged envirments that do not have Internet or WAN access. It is also common for users to wish to get these sites connected to the internet in a secure way. Providing many of these sites are remote, it is also common for users to wish to connect two remote sites to eash other in a secure way. To do this two SN/RAM can provide for an easy to install, site-to-site secure VPN connection.
Procedure:
- Review topology below to see how the network is setup
- Connect via USB, Ethernet (Eth0 LAN) or via the SN/RAM WAN using a browser to configure the each station
Note: I will assume the Cellular network and Eth0/LAN on both units is already configured.
Part 1 – Setting up the first SN/RAM (IPsec server)
- For the first SN/RAM (on the left) I will use the LAN http://192.168.1.10:10000/ (the password is the last 6 digits of the serial number) to access the configuration interface
- This is the IPSEC Server configuration
- Go to the menu Networking -> Tunneling -> IPSEC
- Enable IPSEC & Select Apply
- Click Add to add an IPSec tunnel configuration
Note: Fill in the values matching your network topology into the fields with yellow background
2. Press “Finish” to end the dialog
3. The IPSEC pages will show you the following now
4. Click Apply to apply the settings here.
Part 2 – Setting up the second SN/RAM
- For the second SN/RAM (on the right) I will use the LAN http://192.168.0.43:10000/ (the password is the last 6 digits of the serial number) to access the configuration interface
- This is the IPSEC Client configuration
- Go to the menu Networking -> Tunneling -> IPSEC
- Enable IPSEC & Select Add
Note: Fill in the values matching your network topology into the fields with yellow background
5. Press “Finish” to end the dialog
6. The IPSEC pages will show you the following now
7. Press “Apply” to apply the settings
8. IPSEC on the client side is configured now
Part 3 – VPN tunnel operation
1. Make sure the IP address scheme for the peripheral devices are set accordingly. Again, this is just one IP address combination, MANY are available.
Here are a few key points for a proper operation of the IPsec tunnel configuration:
- It’s critical that the subnets for the Client and Server are not the same.
In this case the client is 192.168.0.x and the server is 192.168.1.x
2. Also, be sure the gateway addresses are configured correctly, even on the LAN clients
3. Besides the addresses in the IPSEC configuration, almost all other parameters should be the same for both client and server (besides being client and server J).
4. Multiple clients can be added to the system
5. Other VPN tunnel types are available
Status of the IPSEC/VPN tunnel:
Go to the menu Networking -> Tunneling -> IPSEC
The current status of the tunnel is shown on the top of the page:
Go to the menu Status -> Syslog
Filter the logs to show only IPsec messages: