sumelco · contents 1 general...

Ad

d-O

n M

anu

al

MoRoS / MLR

Reference Manual ASCII Configuration File

Nov-10

Copyright © November 10 INSYS MICROELECTRONICS GmbH Any duplication of this manual is prohibited. All rights on this documentation and the devices are with INSYS MICROELECTRONICS GmbH Regensburg. Trademarks The use of a trademark not shown below is not an indication that it is freely available for use. MNP is a registered trademark of Microcom Inc. IBM PC, AT, XT are registered trademarks of International Business Machine Corporation. INSYS ® is a registered trademark of INSYS MICROELECTRONICS GmbH. Windows™ is a registered trademark of Microsoft Corporation. Linux is a registered trademark of Linus Torvalds. Publisher: INSYS MICROELECTRONICS GmbH Waffnergasse 8 D-93047 Regensburg, Germany Phone: +49 (0)941/56 00 61 Fax: +49 (0)941/56 34 71 E-mail: [email protected] Internet: http://www.insys-tec.de Date: Nov-10

Item: 31-22-03.165

Version: 1.1

Language: EN

mailto:[email protected]

http://www.insys-tec.de/

Contents

1 General Information ........................................................................................... 5

2 Version History.................................................................................................... 6

3 ASCII Configuration File ...................................................................................... 7

3.1 Set-Up of the Configuration File ........................................................................................7 3.1.1 Comments............................................................................................................................7 3.1.2 Formatting ...........................................................................................................................8 3.1.3 Strings ...................................................................................................................................8 3.1.4 Endless Lists .........................................................................................................................8 3.1.5 Missing or Double Sections / Objects ...........................................................................9 3.1.6 Mutually Exclusive Settings ............................................................................................9 3.1.7 Restart at the End of the Configuration.................................................................... 10 3.1.8 Reloading the Old Configuration after Configuration Aborts............................. 10 3.1.9 Including Files .................................................................................................................. 11

4 Log File .............................................................................................................. 12

5 Configuration Using ASCII Configuration File .................................................. 13

6 Reference for the ASCII Configuration File....................................................... 14

4 Nov-10

MoRoS / MLR General Information

1 General Information

This add-on manual serves as reference for the configuration file of the MoRoS / MLR in ASCII format and may only be used together with the operator manual of the respective router. Safety instructions, technical data, and functional descriptions must be taken from the operator manual. This add-on manual is valid for all routers of the models MoRoS and MLR of INSYS MI-CROELECTRONICS GmbH with a firmware version of 2.4.x or higher. This reference describes all configuration options of the different variants of the router. The individual variants do not contain all described settings. The actual scope depends on firmware and variant.

5

Version History MoRoS / MLR

2 Version History

Version Description

1.0 Release

1.1 Update for FW 2.5.x

6

MoRoS / MLR ASCII Configuration File

3 ASCII Configuration File

The router allows to export the configuration as ASCII text file. This text file can be modi-fied accordingly and uploaded again to the router to configure it in a convenient way. Moreover, an "empty" configuration file (ASCII template) can be downloaded from the router, i.e. a configuration file that contains no settings, but all setting options available on the respective device. A detailed description of the function for downloading and uploading configuration files can be found in the operator manual of the router.

3.1 Set-Up of the Configuration File The ASCII configuration file is structured in several sections. The section and object sort-ing is based on the web interface. Each section starts with the name of the section in square brackets "[ section ]" followed by further lines with the individual objects of this section. Within the objects, object name and object value are separated by an equals sign "object name = object value". Each line is finished with a carriage return. The end of a section is defined by the start of a new section or the file end. The configuration file is case sensitive, i.e. capitalisation is considered. The following excerpt of an ASCII configuration file shows the section "textconfig" with the two objects "reboot" and "abort_on_error" as well as the section "webinterface" with further objects: [ textconfig ]

reboot = 0

abort_on_error = 0

[ webinterface ]

local_http = 1

remote_http = 1

remote_https = 1

http_port = 80

https_port = 8888

location = 'Location' #This value has to be enclosed in single quotes

3.1.1 Comments

Comments can be introduced by a hash sign " # " at the beginning or also within a line. A semicolon " ; " can only introduce a comment at the beginning of a line (also follow-ing leading blanks or tabs). All other characters in the line will be ignored.

7

ASCII Configuration File MoRoS / MLR

3.1.2 Formatting

Blank lines can be inserted between any lines. Blanks and tabs can be inserted

at the beginning of a line

at the end of a line

between square brackets and section names

between object name and " = "

between " = " and object value

between object name and " ; " for endless list entries

between " ; " and object value for endless list entries

3.1.3 Strings

Strings that are used to enter passwords or user names for example must be placed be-tween single quotes " ’ " (a comment indicates the use of single quotes in each such entry). The strings may also contain single quotes because only the first and last single quote is searched for. Basically, the characters 0x20 through 0x7E are permissible, i.e. 0 through 9, a through z, A through Z, and the special characters! " # $ % & ' ( ) * + , - . / ; < = > ? @ [ ] \ ^ _ { } | ~, as well as the blank. The colon is not permissible. The following ex-ample shows the entry of strings: dialnumber = '*99***1#' #This value has to be enclosed in single quotes

3.1.4 Endless Lists

Some objects can form endless lists (e.g. routes). If further objects are passed with an object (e.g. the source address, net mask, data direction, etc. in case of a firewall rule), these are written into the same line, but separated from each other using a semicolon " ; ". The object "list" defines, whether the endless list contained in this section that is already stored on the router is to be deleted "list = d" (d for delete) before the new ob-jects are entered, or the new objects are appended to the list "list = a" (a for append). If the object "list" is missing, the objects are appended to the list. Generally, there is no more than one endless list per section. The following example shows such an endless list: ....list = d

new_entry = common_name = cname1 ; vpn_ip = 10.1.0.9

new_entry = common_name = cname2 ; vpn_ip = 10.1.0.13

8


3.1.5 Missing or Double Sections / Objects

If sections or objects are missing in an ASCII configuration file, the missing sections or objects will not be uploaded to the router, i.e. the configuration of these objects remains untouched. A single section is already a valid configuration file. Moreover, it must not even contain an object, which can be used to restart a dial-out for example. Processing a section in a configuration file corresponds with pressing the "OK" button on the respec-tive page of the web interface. If an ASCII configuration file contains an object more than once, the successive object overwrites the previous one, because the configuration file is processed sequential. In the following example, the second object overwrites the first, i.e. the object "dns" will be set to "2.2.2.2": [ dns ]

dns = 1.1.1.1

dns = 2.2.2.2

Sections can also occur repeatedly and are also configured repeatedly. This can be used for example to close a dial-up connection, configure the communication device, and set-up the dial-up connection again within one configuration, as shown in the following ex-ample: [ dialout ]

start_dialout = 0

[ isdn ]

msn = 25

[ dialout ]

start_dialout = 1

3.1.6 Mutually Exclusive Settings

If settings are made in an ASCII configuration file that are mutually exclusive, for exam-ple simultaneously activating an OpenVPN client and server, the section configured first is valid (i.e. the one that is earlier in the configuration file). However, the associated set-tings are taken over. A comparable behaviour is also on the web interface: a conflicting setting cannot be made after configuring a certain setting, because it will be faded out.

9

ASCII Configuration File MoRoS / MLR

3.1.7 Restart at the End of the Configuration

The section "textconfig" of the ASCII configuration file contains the object "reboot" to define whether a restart of the router is to be made following the configuration (0 = no restart; 1 = restart). A restart can be used to ensure that all services are started with the new settings (VPN settings are only used following a new dial-out for example). A restart will be made at the end of the configuration in the following example: [ textconfig ]

reboot = 1

abort_on_error = 0

3.1.8 Reloading the Old Configuration after Configuration Aborts

The section "textconfig" of the ASCII configuration file contains the object "abort_on_error" to define whether the old configuration is to be reloaded in case the configuration aborts due to an error (0 = no reload of the old configuration; 1 = reload of the old configuration). The configuration aborts in case of severely faulty configurations that would result a red warning message in the web interface. This function can be used for example to secure "critical" configurations (e.g. the dial-up connection that is cur-rently used for remote configuration), by activating this function before the "critical" sec-tion and deactivating it again behind it, i.e. the old configuration will only be reloaded, if the abort happens in the "critical" section. The old configuration will be reloaded after an abort in the following example: [ textconfig ]

reboot = 0

abort_on_error = 1

10


3.1.9 Including Files

It is also possible to upload the content of other files within the ASCII configuration file. This is required to upload certificates, keys, lists, or e-mail and SSM texts for example. These files are entered in text form as object value with the respective object. Carriage returns may also be contained within the object with this. In order to upload certificates or keys for example, these will be entered as object value following the object name. For this, the certificate or key is opened in a text editor, cop-ied there, and completely pasted behind the " = " in the object. The following (short-ened) example shows the CA certificate in the ASCII configuration file: [ openvpn server dialin ]

...

ca_certificate = -----BEGIN CERTIFICATE-----

MIIC+jCCAmOgAwIBAgIBATANBgkqhkiG9w0BAQUFADCBiDELMAkGA1UEBhMCREUx

...

cNAMClSZ3yDocBkiJuL7sMqAk8uN8XI4uKSBhZ0bZUG1O5dubek/Gkl2Bkymjw==

-----END CERTIFICATE-----

The entry of lists, like the AT answer list, takes place in a similar way and is shown in the following example: [ serial ethernet modem ]

...

at_answer_list = -----BEGIN AT ANSWER LIST-----

i="Serial Ethernet Gateway Version 1.0"

-----END AT ANSWER LIST-----

The configuration of e-mail messages takes place in form of endless lists (see Endless Lists). The object value in form of further objects is entered here behind the object name "new_entry" that are separated by a semicolon " ; " from each other. The message text is then entered in the sub-object "text". This may also contain carriage returns in case for e-mails and is enclosed by the strings "-----BEGIN MESSAGE-----" and "-----END MES-SAGE-----". This may not contain carriage returns for SMS messages and is entered without any further formattings. This is shown in the following example for an e-mail message: [ email ]

start_email = 1

list = d

new_entry = recipient = [email protected] ; cause = 0001 ; attach = 0001 ; status = 1 ; text = -----BEGIN MESSAGE-----

E-Mail-Text

will be sent on system start-----END MESSAGE-----

new_entry = recipient = [email protected] ; cause = 0002 ; attach = 0004 ; text = -----BEGIN MESSAGE-----

E-mail text

Will be sent when setting up an OpenVPN tunnel-----END MESSAGE-----

11

Log File MoRoS / MLR

4 Log File

A log file is written during the configuration file is processed. Besides start and end of the configuration, the following faults are recorded in the log file.

Unknown section

Section not available on this router (e.g. [ dialout ] on MoRoS LAN)

Missing value of an object

Unknown object The log file can be displayed on the web interface of the router in the "System" menu on the "System data" page using the link "Show text config log" and in the "System" menu on the "Download" page using the link "Text Configuration Log". A detailed description of the function for displaying the log file can be found in the op-erator manual of the router.

12

MoRoS / MLR Configuration Using ASCII Configuration File

5 Configuration Using ASCII Configuration File

This section describes how to download an ASCII configuration file from the router, edit it accordingly, and loading it up to the router again.

Your router must be in operation and you must have access to the web interface to per-form the following steps. It is prerequisite that you are familiar with the router and have worked through the associated user manual, especially the sections "Commissioning" and "Operating Principle".

Configuration with the web interface In order to download the actual configuration of the router, right-click in the "System" menu on the "Download" page in the "Configuration" section the link "ASCII". Select "Save target as..." and save the configuration file to an ap-propriate location under a suitable name.

In order to download an empty configuration file of the router, right-click in the "System" menu on the "Download" page in the "Configuration" section the link "ASCII template". Select "Save target as..." and save the configuration file to an appropriate location under a suitable name.

Open the configuration file with a text editor and make the respective modi-fications. Save the edited configuration file again.

Delete unused sections and objects to speed up the subsequent upload.

In order to upload the edited configuration to the router again, select in the "System" menu on the "Update" page in the "Manual update" the "Browse..." button and open the configuration file to be uploaded.

Save your settings by clicking "OK".

Confirm the upload by clicking "Yes".

Note! Change of the time!

The time can be misadjusted by uploading a previously downloaded configuration.

If you load a configuration from the router, the actual time is also stored in the configuration file. If you upload this configu-ration file without deleting or editing the [ settime ] section again later, the time in the router will be overwritten with the time in the configuration file (that is wrong in the meantime).

13

Reference for the ASCII Configuration File MoRoS / MLR

6 Reference for the ASCII Configuration File

You will find a reference of all sections with the associated objects that can appear in the ASCII configuration file in this section. Please note that the available sections, objects, and options depend on the firmware and variant of the router. If you download an actual ASCII configuration file from a router, this contains only the currently configured objects in their respective sections, i.e. objects that exist in the router indeed, but are not config-ured, are not contained. If you download an empty ASCII configuration file as template from a router, this contains all available objects of this router. Sections and objects can be deleted from or added to an ASCII configuration file. It is also possible to create an ASCII configuration file from an empty TXT file. The requirements for the ASCII configuration file that are described in the section "ASCII Configuration File" of this manual must be considered with this. [ textconfig ] reboot 0 = No restart after configuration (default)

1 = Restart after configuration abort_on_error 0 = No reload of the old configuration after abort (default)

1 = Reload of the old configuration after abort [ webinterface ] username User name for web interface access (default: insys)

The object value must be passed in single quotes! password Password for web interface access (default: moros)

The object value must be passed in single quotes! local_http 0 = Local configuration via HTTP disabled

1 = Local configuration via HTTP enabled (default) remote_http 0 = Remote configuration via HTTP disabled

1 = Remote configuration via HTTP enabled (default) remote_https 0 = Remote configuration via HTTPS disabled

1 = Remote configuration via HTTPS enabled (default) http_port HTTP port of the web interface (default: 80) https_port HTTPS port of the web interface (default: 443) location Location of the router

The object value must be passed in single quotes! [ address ] ip IP address of the router (default: 192.168.1.1) netmask Network mask of the router (default: 255.255.255.0)

[ routing local ] list a = New entries are appended to existing list

d = Existing list is deleted (default) new_entry New route entry that passes the following sub-objects: net Network address of the static route netmask Net mask of the static route gateway Gateway of the static route

14

MoRoS / MLR Reference for the ASCII Configuration File

[ com1 ] for UMTS routers pin PIN of SIM card 1 pin2 PIN of SIM card 2 provider_mode auto = Automatic log-in to standard provider of SIM

card 1

preferred = Log-in to preferred provider for SIM card 1, oth-erwise to standard provider

exclusive = Exclusive log-in to exclusive provider for SIM card 1

pref_provider Provider ID of the preferred provider for SIM card 1 excl_provider Provider ID of the exclusive provider for SIM card 1 provider_mode2 auto = Automatic log-in to standard provider of SIM

card 2



pref_provider2 Provider ID of the preferred provider for SIM card 2 excl_provider2 Provider ID of the exclusive provider for SIM card 2 auto_login 0 = Daily log-out and log-in disabled

1 = Daily log-out and log-in enabled (default) hour_out Daily log-out at (hour; 00-23) min_out Daily log-out at (minute; 00-59) hour_in Daily log-in at (hour; 00-23) min_in Daily log-in at (minute; 00-59)

[ com1 ] for ISDN routers msn MSN of the connection to which the router is connected caller1 Permitted caller number 1 caller2 Permitted caller number 2 caller3 Permitted caller number 3 caller4 Permitted caller number 4 caller5 Permitted caller number 5

[ com1 ] for Modem routers country Country-specific settings of the modem (default: FD) wait_for_dialtone 0 = Do not wait for dial tone before dialling (default)

1 = Wait for dial tone before dialling

15


[ com2 ] for redundant UMTS communication device pin PIN of the SIM card of the redundant communication device provider_mode auto = Automatic log-in to standard provider of SIM

card 1



pref_provider Provider ID of the preferred provider for SIM card 1 excl_provider Provider ID of the exclusive provider for SIM card 1 auto_login 0 = Daily log-out and log-in disabled

1 = Daily log-out and log-in enabled (default) hour_out Daily log-out at (hour; 00-23) min_out Daily log-out at (minute; 00-59) hour_in Daily log-in at (hour; 00-23) min_in Daily log-in at (minute; 00-59)

[ com2 ] for redundant ISDN communication device msn MSN of the connection to which the redundant communica-

tion device is connected caller1 Permitted caller number 1 caller2 Permitted caller number 2 caller3 Permitted caller number 3 caller4 Permitted caller number 4 caller5 Permitted caller number 5

[ com2 ] for redundant Modem communication device country Country-specific settings of the modem (default: FD) wait_for_dialtone 0 = Do not wait for dial tone before dialling (default)

1 = Wait for dial tone before dialling [ terminal1 ] not for LAN routers command AT command that is passed to the communication device

[ terminal2 ] for redundant communication device command AT command that is passed to the redundant communication

device

16


[ dialin ] start_dialin 0 = Dial-in disabled (default)

1 = Dial-in using internal communication device

2 = Dial-in using redundant communication device

3 = Dial-in using internal or redundant communication device idletime Idle time in seconds after which a dial-in connection without

data traffic is disconnected (default: 0, no disconnection) dialin_prio 0 = Do not prioritise dial-in over LAN (ext) (default)

1 = Prioritise dial-in over LAN (ext) rings Number of ring tones until call acceptance authentication 0 = Authentication for dial-in disabled

1 = Authentication for dial-in enabled (default) username<x> User name for authentication account <x> (<x> = 0-9)

The object value must be passed in single quotes! password<x> Password for authentication account <x> (<x> = 0-9)

The object value must be passed in single quotes! auth<x> pap = Authentication for authentication account <x> via PAP

chap = Authentication for authentication account <x> via CHAP

callback<x> 0 = Call-back for authentication account <x> disabled (de-fault)

1 = Call-back for authentication account <x> enabled ip_local_intern Own IP address ip_remote_intern IP address of remote terminal ip_local_extern Own IP address of the redundant communication device ip_remote_extern IP address of remote terminal of the red. communication

device callback 0 = Automatic call-back disabled (default)

1 = Automatic call-back enabled for ISDN or Modem routers callback_mode auth = Call-back after PPP authentication

clip = Call-back after call from one of the specified numbers: clip1 Phone number 1 for which a call-back is made clip2 Phone number 2 for which a call-back is made clip3 Phone number 3 for which a call-back is made clip4 Phone number 4 for which a call-back is made clip5 Phone number 5 for which a call-back is made

17


[ routing dialin ] default_route 0 = Set no default route

1 = Set default route (default) nat_incoming 0 = NAT for incoming packets disabled

1 = NAT for incoming packets enabled (default) nat_outgoing 0 = NAT for outgoing packets disabled

1 = NAT for outgoing packets enabled (default) list a = New entries are appended to existing list

d = Existing list is deleted (default) new_entry New route entry that passes the following sub-objects: net Network address of the route netmask Net mask of the route gateway Gateway of the route (only for LAN routers)

[ firewall dialin ] start_firewall 0 = Firewall for dial-in connections disabled (default)

1 = Firewall for dial-in connections enabled list a = New entries are appended to existing list

d = Existing list is deleted (default) new_entry New permitted connection that passes the following sub-

objects: protocol icmp = ICMP protocol is used

udp = UDP protocol is used

tcp = TCP protocol is used direction in = Only incoming connections are permitted

out = Only outgoing connections are permitted

both = Incoming and outgoing connections are permitted source_ip Source IP address source_netmask Source net mask dest_port Destination port dest_ip Destination IP address dest_netmask Destination net mask dialinuser Name of the user that has dialled in

The object value must be passed in single quotes!

18


[ openvpn server dialin ] start_openvpn_server 0 = OpenVPN server for dial-in connections disabled (default)

1 = OpenVPN server for dial-in connections enabled lport Local port of the tunnel (default: 1194) rport Remote port of the tunnel (default: 1194) protocol udp = UDP protocol is used

tcp = TCP protocol is used float 0 = Float (remote terminal may change its IP address) dis-

abled

1 = Float (remote terminal may change its IP address) enabled (default)

comp_lzo 0 = LZO compression disabled

1 = LZO compression enabled (default) masquerade 0 = Do not mask packets before tunnelling

1 = Mask packets before tunnelling (default) cipher BF-CBC = Encryption algorithm Blowfish 128 Bit (de-

fault)

DES-CBC = Encryption algorithm DES 64 Bit

DES-EDE-CBC = Encryption algorithm DES EDE 128 Bit

DES-EDE3-CBC = Encryption algorithm DES EDE3 192 Bit

DESX-CBC = Encryption algorithm DESX 192 Bit

CAST5-CBC = Encryption algorithm CAST5 128 Bit

IDEA-CBC = Encryption algorithm IDEA 128 Bit

RC2-CBC = Encryption algorithm RC2 128 Bit

RC2-40-CBC = Encryption algorithm RC2 40 Bit


AES-128-CBC = Encryption algorithm AES 128 Bit


AES-256-CBC = Encryption algorithm AES 256 Bit verb Verbosity of the messages in connection log (default: 3, 0-9) fragment Maximum size of the tunnel packets (in bytes) reneg Interval for key renegotiation (in seconds, default: 3600) ping Interval for ping dispatch to remote terminal (in seconds,

default: 30) restart Interval for ping restart (in seconds, default: 60) client_to_client 0 = Do not allow communication between clients (default)

1 = Allow communication between clients pool_ip IP address pool for clients pool_netmask Net mask of the IP address pool list a = New entries are appended to existing list

d = Existing list is deleted (default) auth_type static = No authentication or with static key

cert = Authentication with certificates remote_peer IP address or domain name of remote site remote_peer2 IP address or domain name of alternative remote site local_vpn_ip Local IP address of VPN tunnel remote_vpn_ip Remote IP address of VPN tunnel remote_net Address of network behind the VPN tunnel remote_netmask Net mask of network behind the VPN tunnel new_entry New route entry to client network that passes the following

sub-objects:

19


common_name "Common Name" in certificate of the client net Network address of the client netmask Net mask of the client vpn_ip VPN IP address of the client

dh_parameters Diffie-Hellman parameter set crl Certificate Revocation List ca_certificate CA certificate public_certificate Public certificate of the server private_key Private key of the server static_key Static key

[ openvpn client dialin ] start_openvpn_client 0 = OpenVPN client for dial-in connections disabled (default)

1 = OpenVPN client for dial-in connections enabled lport Local port of the tunnel (default: 1194) rport Remote port of the tunnel (default: 1194) protocol udp = UDP protocol is used


abled





fault)













default: 30) restart Interval for ping restart (in seconds, default: 60) bind 0 = No-bind (fix local address and port) disabled

1 = No-bind (fix local address and port) enabled (default) icmp_ping IP address or domain name for additional ICMP ping

20


username User name of the client for log-in at the OpenVPN server

The object value must be passed in single quotes! password Password of the client for log-in at the OpenVPN server

The object value must be passed in single quotes! check_server_cert 0 = Check of certificate type of remote terminal disabled (de-

fault)

1 = Check of certificate type of remote terminal enabled auth_type static = No authentication or with static key

cert = Authentication with certificates remote_peer IP address or domain name of remote site remote_peer2 IP address or domain name of alternative remote site local_vpn_ip Local IP address of VPN tunnel remote_vpn_ip Remote IP address of VPN tunnel remote_net Address of network behind the VPN tunnel remote_netmask Net mask of network behind the VPN tunnel ca_certificate CA certificate public_certificate Public certificate of the client private_key Private key of the client static_key Static key

21


[ ipsec dialin ] FW 2.4.x start_ipsec 0 = IPsec for dial-in connections disabled (default)

1 = IPsec for dial-in connections enabled remote_peer IP address or domain name of remote site remote_net Local subnet of remote terminal remote_netmask Net mask of local subnet of remote terminal remote_id Remote terminal ID

The object value must be passed in single quotes! local_id Own ID

The object value must be passed in single quotes! auth_mode main = Authentication mode Main is used (default)

aggressive = Authentication mode Aggressive is used ike_cipher 3des = IKE encryption algorithm DES EDE3 (default)

aes128 = IKE encryption algorithm AES 128 Bit


aes256 = IKE encryption algorithm AES 256 Bit ike_hash sha1 = IKE hash algorithm SHA1 (default)

md5 = IKE hash algorithm MD5 ike_dh modp768 = Diffie-Hellman group for IKE is DH 768

modp1024 = Diffie-Hellman group for IKE is DH 1024 (de-fault)

modp1536 = Diffie-Hellman group for IKE is DH 1536 ipsec_cipher 3des = IPsec encryption algorithm DES EDE3 (default)

aes128 = IPsec encryption algorithm AES 128 Bit


aes256 = IPsec encryption algorithm AES 256 Bit ipsec_hash sha1 = IPsec hash algorithm SHA1 (default)

md5 = IPsec hash algorithm MD5 key_attempts Maximum connection attempts (0 = infinite) nat_traversal on = NAT traversal is enabled (default)

off = NAT traversal is disabled

forced = NAT traversal is enforced keep_alive Interval of keep alive packets (in seconds, default: 10) pfs 0 = Perfect forward secrecy is disabled

1 = Perfect forward secrecy is enabled (default) dpd_interval Interval for dead peer detection (in seconds, default: 30) dpd_timeout Timeout for dead peer detection (in seconds, default: 120)

22


dpd_action clear = Closing the connection on dead peer detection

hold = Holding the connection on dead peer detection

restart = Restarting the connection on dead peer detection (default)

key_lifetime Interval for key renegotiation (in seconds, default: 3600) icmp_ping IP address or domain name for additional ICMP ping auth_type cert = Authentication with certificates

psk = Authentication with pre-shared key (PSK) psk Pre-shared key (PSK)

The object value must be passed in single quotes! masquerade 0 = Do not mask packets through the tunnel

1 = Mask packets through the tunnel (default) ca_certificate CA certificate public_certificate Public certificate private_key Private key

23


[ ipsec dialin ] from FW 2.5.x; <x> = 1-10 start_ipsec 0 = IPsec for dial-in connections disabled (default)

1 = IPsec for dial-in connections enabled nat_traversal on = NAT traversal is enabled (default)


forced = NAT traversal is enforced keep_alive Interval of keep alive packets (in seconds, default: 10) start_tunnel<x> 0 = IPsec tunnel <x> disabled (default)

1 = IPsec tunnel <x> enabled tunnel_name<x> Name for IPsec tunnel <x> remote_peer<x> IP address or domain name of remote site local_net<x> Local subnet local_netmask<x> Network mask of the local subnet remote_net<x> Local subnet of remote terminal remote_netmask<x> Net mask of local subnet of remote terminal remote_id<x> Remote terminal ID

The object value must be passed in single quotes! local_id<x> Own ID

The object value must be passed in single quotes! auth_mode<x> main = Authentication mode Main is used (default)

aggressive = Authentication mode Aggressive is used ike_cipher<x> 3des = IKE encryption algorithm DES EDE3 (default)



aes256 = IKE encryption algorithm AES 256 Bit ike_hash<x> sha1 = IKE hash algorithm SHA1 (default)

md5 = IKE hash algorithm MD5 ike_dh<x> modp768 = Diffie-Hellman group for IKE is DH 768


modp1536 = Diffie-Hellman group for IKE is DH 1536 ipsec_cipher<x> 3des = IPsec encryption algorithm DES EDE3 (default)



aes256 = IPsec encryption algorithm AES 256 Bit ipsec_hash<x> sha1 = IPsec hash algorithm SHA1 (default)

md5 = IPsec hash algorithm MD5 key_attempts<x> Maximum connection attempts (0 = infinite) masquerade<x> 0 = Do not mask packets through the tunnel

1 = Mask packets through the tunnel (default) dpd_interval<x> Interval for dead peer detection (in seconds, default: 30) dpd_timeout<x> Timeout for dead peer detection (in seconds, default: 120)

24


dpd_action<x> clear = Closing the connection on dead peer detection



pfs<x> 0 = Perfect forward secrecy is disabled

1 = Perfect forward secrecy is enabled (default) key_lifetime<x> Interval for key renegotiation (in seconds, default: 3600) icmp_ping<x> IP address or domain name for additional ICMP ping auth_type<x> cert = Authentication with certificates

psk = Authentication with pre-shared key (PSK) psk<x> Pre-shared key (PSK)

The object value must be passed in single quotes! ca_certificate<x> CA certificate public_certificate<x> Public certificate private_key<x> Private key

25


[ dialout ] start_dialout 0 = Dial-out disabled (default)

1 = Dial-out using internal communication device

2 = Dial-out primarily using internal or secondarily using re-dundant communication device

3 = Dial-out primarily using redundant or secondarily using internal communication device

4 = Dial-out primarily using previously used, working com-munication device

dialnumber Phone number for target A

The object value must be passed in single quotes! dialnumber_b Phone number for target B

The object value must be passed in single quotes! username User name for target A

The object value must be passed in single quotes! username_b User name for target B

The object value must be passed in single quotes! password Password for target A

The object value must be passed in single quotes! password_b Password for target B

The object value must be passed in single quotes! auth both = Authentication for target A via PAP or CHAP

pap = Authentication for target A via PAP

chap = Authentication for target A via CHAP auth_b both = Authentication for target B via PAP or CHAP

pap = Authentication for target B via PAP

chap = Authentication for target B via CHAP apn Access point name for target A

(only for GPRS or UMTS routers) apn_b Access point name for target B

(only for GPRS or UMTS routers) sim 1 = SIM card 1 is used for target B (default)

2 = SIM card 2 is used for target B

(only for GPRS or UMTS routers) fetch_dns 0 = Do not request DNS server address

1 = Request DNS server address (default) idletime Maximum idle time (in seconds, default: 20, 0 = unlimited) maxtime Maximum connection time (in seconds, default: 0, 0 = unlim-

ited) prio target_a = Always try target A first

last = Try last successful target first

26


flat 0 = Leased-line operation disabled (default)

1 = Leased-line operation enabled check_interval Interval of connection check (in minutes, default: 60) check_type dns = Connection check via DNS request (default)

ping = Connection check via ping dns_target Target of connection check via DNS request ping_target Target of connection check via ping auto_daily_start 0 = Daily automatic connection set-up disabled (default)

1 = Daily automatic connection set-up enabled auto_daily_stop 0 = Daily automatic connection clearing disabled (default)

1 = Daily automatic connection clearing enabled auto_hour_start Daily automatic connection set-up at (hour; 00-23) auto_minutes_start Daily automatic connection set-up at (minute; 00-59) auto_hour_stop Daily automatic connection clearing at (hour; 00-23) auto_minutes_stop Daily automatic connection clearing at (minute; 00-59)

[ routing dialout ] default_route 0 = Set no default route

1 = Set default route (default) nat_incoming 0 = NAT for incoming packets disabled



d = Existing list is deleted (default) new_entry New route entry that passes the following sub-objects: net Network address of the route netmask Net mask of the route gateway Gateway of the route (only for LAN routers)

[ dialfilters dialout ] start_dialfilter 0 = Dial filter for dial-out connections disabled (default)

1 = Dial filter for dial-out connections enabled list a = New entries are appended to existing list

d = Existing list is deleted (default) new_entry New dial filter rule that passes the following sub-objects: protocol icmp = ICMP protocol is used


tcp = TCP protocol is used source_ip Source IP address source_netmask Source net mask dest_port Destination port dest_ip Destination IP address dest_netmask Destination net mask dns 0 = DNS requests from source IP address must not initiate a

connection (default)

1 = DNS requests from source IP address may initiate a con-nection

27


[ firewall dialout ] start_firewall 0 = Firewall for dial-out connections disabled (default)

1 = Firewall for dial-out connections enabled list a = New entries are appended to existing list






both = Incoming and outgoing connections are permitted source_ip Source IP address source_netmask Source net mask dest_port Destination port dest_ip Destination IP address dest_netmask Destination net mask

[ portforward dialout ] start_portforwarding 0 = Port forwarding for dial-out connections disabled

1 = Port forwarding for dial-out connections enabled (default) exposed_host IP address of exposed host list a = New entries are appended to existing list




tcp = TCP protocol is used

esp = ESP protocol is used source_port_start Start of port range for forwarding source_port_end End of port range for forwarding dest_ip IP address of forwarding destination dest_port Port of forwarding destination

28


[ openvpn server dialout ] start_openvpn_server 0 = OpenVPN server for dial-out connections disabled (de-

fault)

1 = OpenVPN server for dial-out connections enabled lport Local port of the tunnel (default: 1194) rport Remote port of the tunnel (default: 1194) protocol udp = UDP protocol is used


abled





fault)

















29


sub-objects: common_name "Common Name" in certificate of the client net Network address of the client netmask Net mask of the client vpn_ip VPN IP address of the client


[ openvpn client dialout ] start_openvpn_client 0 = OpenVPN client for dial-out connections disabled (de-

fault)

1 = OpenVPN client for dial-out connections enabled lport Local port of the tunnel (default: 1194) rport Remote port of the tunnel (default: 1194) protocol udp = UDP protocol is used


abled





fault)














1 = No-bind (fix local address and port) enabled (default)

30


icmp_ping IP address or domain name for additional ICMP ping username User name of the client for log-in at the OpenVPN server



fault)



31


[ ipsec dialout ] FW 2.4.x start_ipsec 0 = IPsec for dial-out connections disabled (default)

1 = IPsec for dial-out connections enabled remote_peer IP address or domain name of remote site remote_net Local subnet of remote terminal remote_netmask Net mask of local subnet of remote terminal remote_id Remote terminal ID

















32









33


[ ipsec dialout ] from FW 2.5.x; <x> = 1-10 start_ipsec 0 = IPsec for dial-out connections disabled (default)

1 = IPsec for dial-out connections enabled nat_traversal on = NAT traversal is enabled (default)


















34









[ lanext ] lan_ext_mode off = LAN (ext) interface disabled (default)

bridge = LAN (ext) behaves like another switch port

dsl = DSL connection enabled

dhcp = DHCP client enabled

static = Set static IP address: ip IP address of LAN (ext) interface (default: 192.168.2.1) netmask Net mask of LAN (ext) interface (default: 255.255.255.0)

[ redundant ] not for LAN routers w/o redundant communication device start_redundant 0 = Redundant WAN disabled (default)

1 = Redundant WAN enabled check_interval Interval of connection check (in minutes, default: 5) check_type dns = Connection check via DNS request (default)

ping = Connection check via ping dns_target Target of connection check via DNS request ping_target Target of connection check via ping fallback_interval Interval for fall-back to LAN (ext) (in minutes, default: 5)

35


[ dsl ] username User name for dial-in to DSL provider

The object value must be passed in single quotes! password Password for dial-in to DSL provider

The object value must be passed in single quotes! idletime Maximum idle time (in seconds, default: 20, 0 = unlimited) maxtime Maximum connection time (in seconds, default: 0, 0 = unlim-

ited) mtu MTU (Maximum Transmission Unit) mru MRU (Maximum Receive Unit) check_interval Interval of connection check (in minutes, default: 60) flat 0 = Leased-line operation disabled (default)

1 = Leased-line operation enabled fetch_dns 0 = Do not request DNS server address

1 = Request DNS server address (default) dns_target Target of connection check via DNS request check_type dns = Connection check via DNS request (default)

ping = Connection check via ping ping_target Target of connection check via ping auto_daily_start 0 = Daily automatic connection set-up disabled (default)

1 = Daily automatic connection set-up enabled auto_daily_stop 0 = Daily automatic connection clearing disabled (default)

1 = Daily automatic connection clearing enabled auto_hour_start Daily automatic connection set-up at (hour; 00-23) auto_minutes_start Daily automatic connection set-up at (minute; 00-59) auto_hour_stop Daily automatic connection clearing at (hour; 00-23) auto_minutes_stop Daily automatic connection clearing at (minute; 00-59)

[ routing lan ] default_route 0 = Set no default route

1 = Set default route (default) default_gateway IP address of default gateway nat_incoming 0 = NAT for incoming packets disabled



d = Existing list is deleted (default) new_entry New route entry that passes the following sub-objects: net Network address of the route netmask Net mask of the route gateway Gateway of the route

36


[ dialfilters lan ] start_dialfilter 0 = Dial filter for LAN (ext) interface disabled (default)

1 = Dial filter for LAN (ext) interface enabled list a = New entries are appended to existing list

d = Existing list is deleted (default) new_entry New dial filter rule that passes the following sub-objects: protocol icmp = ICMP protocol is used


tcp = TCP protocol is used source_ip Source IP address source_netmask Source net mask dest_port Destination port dest_ip Destination IP address dest_netmask Destination net mask dns 0 = DNS requests from source IP address must not initiate a

connection (default)

1 = DNS requests from source IP address may initiate a con-nection

[ firewall lan ] start_firewall 0 = Firewall for LAN (ext) interface disabled (default)

1 = Firewall for LAN (ext) interface enabled list a = New entries are appended to existing list






both = Incoming and outgoing connections are permitted source_ip Source IP address source_netmask Source net mask dest_port Destination port dest_ip Destination IP address dest_netmask Destination net mask

37


[ portforward lan ] start_portforwarding 0 = Port forwarding for LAN (ext) interface disabled

1 = Port forwarding for LAN (ext) interface enabled (default) exposed_host IP address of exposed host list a = New entries are appended to existing list




tcp = TCP protocol is used

esp = ESP protocol is used source_port_start Start of port range for forwarding source_port_end End of port range for forwarding dest_ip IP address of forwarding destination dest_port Port of forwarding destination

38


[ openvpn server lan ] start_openvpn_server 0 = OpenVPN server for LAN (ext) interface disabled (default)

1 = OpenVPN server for LAN (ext) interface enabled lport Local port of the tunnel (default: 1194) rport Remote port of the tunnel (default: 1194) protocol udp = UDP protocol is used


abled





fault)

















sub-objects:

39


common_name "Common Name" in certificate of the client net Network address of the client netmask Net mask of the client vpn_ip VPN IP address of the client


[ openvpn client lan ] start_openvpn_client 0 = OpenVPN client for LAN (ext) interface disabled (default)

1 = OpenVPN client for LAN (ext) interface enabled lport Local port of the tunnel (default: 1194) rport Remote port of the tunnel (default: 1194) protocol udp = UDP protocol is used


abled





fault)














1 = No-bind (fix local address and port) enabled (default) icmp_ping IP address or domain name for additional ICMP ping

40


username User name of the client for log-in at the OpenVPN server



fault)



41


[ ipsec lan ] FW 2.4.x start_ipsec 0 = IPsec for LAN (ext) interface disabled (default)

1 = IPsec for LAN (ext) interface enabled remote_peer IP address or domain name of remote site remote_net Local subnet of remote terminal remote_netmask Net mask of local subnet of remote terminal remote_id Remote terminal ID

















42









43


[ ipsec lan ] from FW 2.5.x; <x> = 1-10 start_ipsec 0 = IPsec for LAN (ext) interface disabled (default)

1 = IPsec for LAN (ext) interface enabled nat_traversal on = NAT traversal is enabled (default)


















44









[ inputs ] in2 off = Input 2 has no function (default)

dialout = Set-up dial-out connection with input 2

openvpn = Set-up OpenVPN tunnel with input 2

ipsec = Set-up IPsec tunnel with input 2

serial = Set-up serial Ethernet connection with input 2 in2_dial_exclusive 0 = Do not set-up dial-out connection exclusively (default)

1 = Set-up dial-out connection exclusively in2_dial_stop 0 = Do not close dial-out connection if input is open again

(default)

1 = Close dial-out connection if input is open again in2_openvpn_exclusive 0 = Do not set-up OpenVPN tunnel exclusively (default)

1 = Set-up OpenVPN tunnel exclusively via input in2_openvpn_stop 0 = Do not close OpenVPN tunnel if input is open again (de-

fault)

1 = Close OpenVPN tunnel if input is open again in2_ipsec_exclusive 0 = Do not set-up IPsec tunnel exclusively (default)

1 = Set-up IPsec tunnel exclusively via input in2_ipsec_stop 0 = Do not close IPsec tunnel if input is open again (default)

1 = Close IPsec tunnel if input is open again in2_serial_stop 0 = Do not close serial Ethernet connection if input is open

again (default)

1 = Close serial Ethernet connection if input is open again

45


[ outputs ] out1_set idle = Output 1 in idle condition (default)

operated = Output 1 in operated condition out2_set idle = Output 2 in idle condition (default)

operated = Output 2 in operated condition out1_daily_operated 0 = Do not switch output 1 to operated condition daily (de-

fault)

1 = Switch output 1 to operated condition daily out1_daily_operated_hour Switch output 1 to operated condition daily at (hour, 00-23) out1_daily_operated_min Switch output 1 to operated condition daily at (minute, 00-

59) out1_daily_idle 0 = Do not switch output 1 to idle condition daily (default)

1 = Switch output 1 to idle condition daily out1_daily_idle_hour Switch output 1 to idle condition daily at (hour, 00-23) out1_daily_idle_min Switch output 1 to idle condition daily at (minute, 00-59) out2_daily_operated 0 = Do not switch output 2 to operated condition daily (de-

fault)

1 = Switch output 2 to operated condition daily out2_daily_operated_hour Switch output 2 to operated condition daily at (hour, 00-23) out2_daily_operated_min Switch output 2 to operated condition daily at (minute, 00-

59) out2_daily_idle 0 = Do not switch output 2 to idle condition daily (default)

1 = Switch output 2 to idle condition daily out2_daily_idle_hour Switch output 2 to idle condition daily at (hour, 00-23) out2_daily_idle_min Switch output 2 to idle condition daily at (minute, 00-59) out1 off = Output 1 has no automatic function (default)

ppp = Output 1 switches to operated condition if a PPP con-nection exists

out2 off = Output 2 has no automatic function (default)

openvpn = Output 2 switches to operated condition if an OpenVPN tunnel exists

ipsec = Output 2 switches to operated condition if an IPsec tunnel exists

serial2 = Output 2 switches to operated condition if a serial Ethernet connection exists

46


[ switch port ] active1 0 = Switch port 1 disabled

1 = Switch port 1 enabled (default) active2 0 = Switch port 2 disabled



1 = Switch port 4 enabled (default) autoneg1 0 = Auto negotiation for switch port 1 disabled

1 = Auto negotiation for switch port 1 enabled (default) autoneg2 0 = Auto negotiation for switch port 2 disabled



1 = Auto negotiation for switch port 4 enabled (default) speed1 10 = Fix speed of switch port 1 is 10 MBit/s

100 = Fix speed of switch port 1 is 100 MBit/s speed2 10 = Fix speed of switch port 2 is 10 MBit/s



100 = Fix speed of switch port 4 is 100 MBit/s duplex1 half = Protocol of switch port 1 is half-duplex

full = Protocol of switch port 1 is full-duplex duplex2 half = Protocol of switch port 2 is half-duplex



full = Protocol of switch port 4 is full-duplex

47


[ switch led ] led_green 100 = Green LED displays speed 100 MBit/s (de-

fault)

link = Green LED displays link

full = Green LED displays full-duplex protocol

collision = Green LED displays collision

rxtx = Green LED displays RX/TX activity

duplex_collision = Green LED displays full-duplex / collision

link_activity = Green LED displays link / activity led_red 100 = Red LED displays speed 100 MBit/s (de-

fault)

link = Red LED displays link

full = Red LED displays full-duplex protocol

collision = Red LED displays collision

rxtx = Red LED displays RX/TX activity

duplex_collision = Red LED displays full-duplex / collision

link_activity = Red LED displays link / activity

48


[ switch vlan ] start_vlan 0 = VLAN configuration disabled (default)

1 = VLAN configuration enabled vlana_port1 0 = Port 1 does not belong to VLAN A (default)

1 = Port 1 belongs to VLAN A vlana_port2 0 = Port 2 does not belong to VLAN A (default)



1 = Port 4 belongs to VLAN A vlana_port5 0 = Router does not belong to VLAN A (default)

1 = Router belongs to VLAN A vlanb_port1 0 = Port 1 does not belong to VLAN B (default)

1 = Port 1 belongs to VLAN B vlanb_port2 0 = Port 2 does not belong to VLAN B (default)



1 = Port 4 belongs to VLAN B vlanb_port5 0 = Router does not belong to VLAN B (default)

1 = Router belongs to VLAN B vlanc_port1 0 = Port 1 does not belong to VLAN C (default)

1 = Port 1 belongs to VLAN C vlanc_port2 0 = Port 2 does not belong to VLAN C (default)



1 = Port 4 belongs to VLAN C vlanc_port5 0 = Router does not belong to VLAN C (default)

1 = Router belongs to VLAN C vland_port1 0 = Port 1 does not belong to VLAN D (default)

1 = Port 1 belongs to VLAN D vland_port2 0 = Port 2 does not belong to VLAN D (default)



1 = Port 4 belongs to VLAN D vland_port5 0 = Router does not belong to VLAN D (default)

1 = Router belongs to VLAN D vlan_ida VLAN ID of VLAN A vlan_idb VLAN ID of VLAN B vlan_idc VLAN ID of VLAN C vlan_idd VLAN ID of VLAN D port1_tag insert = Insert VLAN tag for port 1

remove = Remove VLAN tag for port 1 (default) port2_tag insert = Insert VLAN tag for port 2

49




remove = Remove VLAN tag for port 4 (default) [ switch mirror ] sniffer_port off = Sniffer port disabled (default)

1 = Port 1 is sniffer port



4 = Port 4 is sniffer port tx_port off = TX mirroring at sniffer port disabled (default)

1 = Port 1 sends send data to sniffer port



4 = Port 4 sends send data to sniffer port rx_port off = RX mirroring at sniffer port disabled (default)

1 = Port 1 sends receive data to sniffer port




50


[ serial ethernet basic ] start_serial 0 = Serial Ethernet gateway disabled (default)

1 = Serial Ethernet gateway enabled connection_mode demand = Connection enabled on request (default)

flat = Leased-line mode enabled ipt 0 = Do not use IPT (default)

1 = Use IPT

(from FW 2.5.x) incoming 0 = Do not accept incoming connection

1 = Accept incoming connection (default) outgoing off = Outgoing connection not enabled (default)

atd = Outgoing connection triggered by dialling command ATD

char = Outgoing connection triggered by serial charcater

wan = Outgoing connection triggered by WAN connection listen_port Port that is monitored for incoming connections outgoing_server IP address or domain name of primary destination outgoing_port Port of primary destination outgoing_ipt IP dial number of primary destination outgoing_server2 IP address or domain name of secondary destination outgoing_port2 Port of secondary destination outgoing_ipt2 IP dial number of secondary destination auth_outgoing off = No VCom authentication for outgoing connections

(default)

udp = VCom authentication via UDP for outgoing connec-tions

tcp = VCom authentication via TCP for outgoing connections auth_incoming 0 = VCom authentication for accepting incoming connections

not required (default)

1 = VCom authentication for accepting incoming connections required

increase_interval 0 = Do not increase time between connection attempts (de-fault)

1 = Increase time between connection attempts

51


[ serial ethernet interfaces ] speed Speed of serial interface

(110, 300, 600, 1200, 2400, 4800, 9600, 19200, 38400, 57600, 115200 Bit/s; default: 115200)

databits Data bits on serial interface (7, 8; default: 8) parity Parity of serial interface (O, E, N; default: N) stopbits Stop bits on serial interface (1, 2; default: 1) flowctrl hard = Hardware data flow control enabled (default)

soft = Software data flow control enabled

none = No data flow control enabled ctl 0 = Do not use control lines

1 = Use control lines (default) reset_ctl 0 = Do not reset control lines after connection termination

1 = Reset control lines after connection termination (default) blocksize Maximum TCP block size (in bytes, default: 512) aggregationtime Aggregation timeout (in milliseconds, default: 100) idletime Maximum idle time (in seconds, default: 20, 0 = unlimited) keepalive_interval Interval of keep alive packets (in seconds, default: 0) telnet 0 = Telnet protocol is not used

1 = Telnet protocol is used (default) [ serial ethernet modem ] modem_emulation 0 = Modem emulator disabled

1 = Modem emulator enabled (default) ate 0 = Echo (ATE) disabled

1 = Echo (ATE) enabled (default) atq 0 = Answers (ATQ) disabled (default)

1 = Answers (ATQ) enabled atv 0 = Verbose answers (ATV) disabled

1 = Verbose answers (ATV) enabled (default) ats0 Number of ring tones until call acceptance (default: 1) default_at_answer Default answer for unknown commands

The object value must be passed in single quotes! at_answer_list AT answer list

52


[ message ] email_address E-mail address of e-mail account real_name Name of e-mail account owner

The object value must be passed in single quotes! server SMTP server address port SMTP port (default: 25) username User name of e-mail account

The object value must be passed in single quotes! password Password of e-mail account

The object value must be passed in single quotes! scn SCN for SIM card (not for LAN routers) scn2 SCN for SIM card 2 (only for GPRS or UMTS routers) sms_protocol 0 = Remote terminal is modem (only for Modem routers)

1 = Remote terminal is mobile phone (PET/IXO/TAP 8N1) (only for Modem routers)

1 = TAP protocol (only for ISDN routers)

2 = Remote terminal is mobile phone (EMI/UCP 7E1) (only for Modem routers)

2 = UGP protocol (only for ISDN routers)

3 = Remote terminal is mobile phone (PET/IXO/TAP 7E1) (only for Modem routers)

4 = Remote terminal is mobile phone (EMI/UCP 8N1) (only for Modem routers)

5 = Remote terminal is fax (only for Modem routers)

6 = Remote terminal is SMS to landline (only for Modem routers)

[ email ] start_email 0 = Dispatch of e-mail messages disabled

1 = Dispatch of e-mail messages enabled (default) list a = New entries are appended to existing list

d = Existing list is deleted (default) new_entry New e-mail dispatch rule that passes the following sub-

objects: recipient E-mail address of recipient cause 1 = Message dispatch on system start

2 = Message dispatch on OpenVPN tunnel set-up

3 = Message dispatch on IPsec tunnel set-up

4 = Message dispatch on simple alarm on input 1

5 = Message dispatch on one pulse on input 1

6 = Message dispatch on two pulses on input 1

7 = Message dispatch on three pulses on input 1

8 = Message dispatch on four pulses on input 1

9 = Message dispatch on five pulses on input 1

10 = Message dispatch on six pulses on input 1

11 = Message dispatch on seven pulses on input 1

12 = Message dispatch on eight pulses on input 1

13 = Message dispatch on nine pulses on input 1

14 = Message dispatch on ten pulses on input 1

15 = Message dispatch on dial-out connection set-up

16 = Message dispatch on dial-in connection set-up

53


17 = Message dispatch on switching the SIM cards

18 = Message dispatch on DSL connection set-up

19 = Message dispatch on receiving IP address via DCHP

20 = Message dispatch on switching to integrated communi-cation device

attach 0 = No attachment attached to e-mail

1 = System messages attached to e-mail

2 = System log attached to e-mail

3 = Wireless network log attached to e-mail

4 = OpenVPN dial-in client log attached to e-mail

5 = OpenVPN dial-in server log attached to e-mail

6 = OpenVPN dial-out client log attached to e-mail

7 = OpenVPN dial-out server log attached to e-mail

8 = OpenVPN LAN (ext) client log attached to e-mail

9 = OpenVPN LAN (ext) server log attached to e-mail

10 = IPsec dial-in log attached to e-mail

11 = IPsec dial-out log attached to e-mail

12 = IPsec LAN (ext) log attached to e-mail

13 = Serial Ethernet gateway log attached to e-mail

14 = Auto update log attached to e-mail status 0 = Do not attach status page to e-mail message (default)

1 = Attach status page to e-mail message text Text of e-mail message

54


[ sms ] start_sms 0 = Dispatch of SMS messages disabled

1 = Dispatch of SMS messages enabled (default) list a = New entries are appended to existing list

d = Existing list is deleted (default) new_entry New SMS dispatch rule that passes the following sub-objects: recipient Phone number of recipient cause 1 = Message dispatch on system start

2 = Message dispatch on OpenVPN tunnel set-up

3 = Message dispatch on IPsec tunnel set-up

4 = Message dispatch on simple alarm on input 1

5 = Message dispatch on one pulse on input 1

6 = Message dispatch on two pulses on input 1

7 = Message dispatch on three pulses on input 1

8 = Message dispatch on four pulses on input 1

9 = Message dispatch on five pulses on input 1

10 = Message dispatch on six pulses on input 1

11 = Message dispatch on seven pulses on input 1

12 = Message dispatch on eight pulses on input 1

13 = Message dispatch on nine pulses on input 1

14 = Message dispatch on ten pulses on input 1

15 = Message dispatch on dial-out connection set-up

16 = Message dispatch on dial-in connection set-up

17 = Message dispatch on switching the SIM cards

18 = Message dispatch on DSL connection set-up

19 = Message dispatch on receiving IP address via DCHP

20 = Message dispatch on switching to integrated communi-cation device

text Text of SMS message [ dns ] dns IP address of first DNS server dns2 IP address of second DNS server

55


[ dyndns ] start_dyndns 0 = Dynamic DNS update disabled (default)

1 = Dynamic DNS update enabled provider dyndns = DynDNS as DynDNS provider (default)

dyndns-custom = DynDNS custom as DynDNS provider

dyndns-static = DynDNS static as DynDNS provider

dhs = DHS as DynDNS provider

ods = ODS as DynDNS provider

tzo = TZO as DynDNS provider

easydns = easyDNS as DynDNS provider

dyns = DyNS as DynDNS provider

zoneedit = zoneedit as DynDNS provider

own = User-defined DynDNS provider domain Domain name at DynDNS provider username User name at DynDNS provider

The object value must be passed in single quotes! password Password at DynDNS provider

The object value must be passed in single quotes! server User-defined DynDNS server

No server must be entered if a provider is selected from the list!

[ dhcp ] start_dhcpserver 0 = DHCP server disabled (default)

1 = DHCP server enabled dhcp_ip_start First IP address of address pool dhcp_ip_end Last IP address of address pool leasetime Validity of IP addresses (in seconds, default: 3600) alternate_dns IP address of alternative DNS servers for DHCP clients list a = New entries are appended to existing list

d = Existing list is deleted (default) new_entry New assignment of MAC address and IP address that passes

the following sub-objects: mac MAC address (without colons) ip IP address

[ proxy ] start_proxy 0 = Proxy server disabled (default)

1 = Proxy server enabled port Port of proxy server (default: 8888) timeout Timeout for inactive connections (in seconds, default: 600) max_clients Maximum number of permitted clients (default: 10) min_spare Minimum number of free proxy servers (default: 1) max_spare Maximum number of free proxy servers (default: 5) filter 0 = Proxy filter disabled (default)

1 = Proxy filter enabled list a = New entries are appended to existing list

d = Existing list is deleted (default) new_entry New entry in list of permitted URLs or IP addresses of proxy

filter

56


[ ipt ] from FW 2.5.x start_ipt 0 = IPT slave disabled (default)

1 = IPT slave enabled master IP address or domain name of primary IPT master port Port of primary IPT master username User name for access to primary IPT master password Password for access to primary IPT master master2 IP address or domain name of secondary IPT master port2 Port of secondary IPT master username2 User name for access to secondary IPT master password2 Password for access to secondary IPT master device_identifier IPT device identifier (default: INS_<MAC address>) increase_interval 0 = Do not increase time between connection attempts (de-

fault)

1 = Increase time between connection attempts response_timeout Timeout for IPT response (in seconds, default: 30) receive_timeout Timeout for IPT character (in seconds, default: 15) scrambled 0 = Do not use IPT scrambling (default)

1 = Use IPT scrambling challenge_key IPT challenge scramble key fix_key IPT fix scramble key

57


[ settime ] day Set system time to day (01-31) mon Set system time to month (01-12) year Set system time to year (01-31) hour Set system time to hour (00-23) min Set system time to minute (00-59)

58


timezone UTC = Time zone UTC

GMT = Time zone GMT

GMT-1 = Time zone GMT -1

GMT+1 = Time zone GMT +1

























Europe/Amsterdam = Time zone Europe/Amsterdam

Europe/Andorra = Time zone Europe/Andorra

Europe/Athens = Time zone Europe/Athens

Europe/Belfast = Time zone Europe/Belfast

Europe/Belgrade = Time zone Europe/Belgrade

Europe/Berlin = Time zone Europe/Berlin

Europe/Bratislava = Time zone Europe/Bratislava

Europe/Brussels = Time zone Europe/Brussels

Europe/Bucharest = Time zone Europe/Bucharest

Europe/Budapest = Time zone Europe/Budapest

Europe/Chisinau = Time zone Europe/Chisinau

Europe/Copenhagen = Time zone Europe/Copenhagen

Europe/Dublin = Time zone Europe/Dublin

Europe/Eire = Time zone Europe/Eire

Europe/Gibraltar = Time zone Europe/Gibraltar

Europe/Helsinki = Time zone Europe/Helsinki

Europe/Iceland = Time zone Europe/Iceland

Europe/Istanbul = Time zone Europe/Istanbul

Europe/Kaliningrad = Time zone Europe/Kaliningrad

Europe/Kiev = Time zone Europe/Kiev

Europe/Lisbon = Time zone Europe/Lisbon

Europe/Ljubljana = Time zone Europe/Ljubljana

59


Europe/London = Time zone Europe/London

Europe/Luxembourg = Time zone Europe/Luxembourg

Europe/Madrid = Time zone Europe/Madrid

Europe/Malta = Time zone Europe/Malta

Europe/Minsk = Time zone Europe/Minsk

Europe/Monaco = Time zone Europe/Monaco

Europe/Moscow = Time zone Europe/Moscow

Europe/Nicosia = Time zone Europe/Nicosia

Europe/Oslo = Time zone Europe/Oslo

Europe/Paris = Time zone Europe/Paris

Europe/Poland = Time zone Europe/Poland

Europe/Portugal = Time zone Europe/Portugal

Europe/Prague = Time zone Europe/Prague

Europe/Regensburg = Time zone Europe/Ratisbon (default)

Europe/Riga = Time zone Europe/Riga

Europe/Rome Time zone Europe/Rome

Europe/Samara = Time zone Europe/Samara

Europe/San_Marino = Time zone Europe/San Marino

Europe/Sarajevo = Time zone Europe/Sarajevo

Europe/Simferopol = Time zone Europe/Simferopol

Europe/Skopje = Time zone Europe/Skopje

Europe/Sofia = Time zone Europe/Sofia

Europe/Stockholm = Time zone Europe/Stockholm

Europe/Tallinn = Time zone Europe/Tallinn

Europe/Tirane = Time zone Europe/Tirane

Europe/Tiraspol = Time zone Europe/Tiraspol

Europe/Turkey = Time zone Europe/Turkey

Europe/Uzhgorod = Time zone Europe/Uzhgorod

Europe/Vaduz = Time zone Europe/Vaduz

Europe/Vatican = Time zone Europe/Vatican

Europe/Vienna = Time zone Europe/Vienna

Europe/Vilnius = Time zone Europe/Vilnius

Europe/Warsaw = Time zone Europe/Warsaw

Europe/Zagreb = Time zone Europe/Zagreb

Europe/Zaporozhye = Time zone Europe/Zaporozhye

Europe/Zurich = Time zone Europe/Zurich ntp_server Address of used NTP time server start_ntp_client 0 = No clock synchronisation via NTP time server

1 = Clock synchronisation via NTP time server (default) daily_sync_hour Hour of daily time synchronisation (00-24) daily_sync_min Minute of daily time synchronisation (00-59) daily_sync 0 = No daily time synchronisation (default)

1 = Daily time synchronisation at specified time [ reset daily ] reset_daily 0 = Daily restart disabled (default)

1 = Daily restart enabled hour Daily restart at (hour; 00-23) min Daily restart at (minute; 00-59)

60


61

[ update ] start_update 0 = Automatic daily update disabled (default)

1 = Automatic daily update enabled timing_type mac = Update time depending on MAC (default)

manual = Update at user-defined time time_hour Update at (hour; 00-23) time_min Update at (minute; 00-59) protocol http = Download via HTTP protocol (default)

ftp = Download via FTP protocol uri IP address or domain name of download server port Port of download server (default: 80) username User name for download server access

The object value must be passed in single quotes! password Password for download server access

The object value must be passed in single quotes! [ sandbox ] start_sandbox 0 = Sandbox disabled (default)

1 = Sandbox enabled serial 0 = RS232 interface not reserved for sandbox (default)

1 = RS232 interface reserved for sandbox install 0 = Do not install stored sandbox image (default)

1 = Install stored sandbox image password Password for the sandbox user "user"

The object value must be passed in single quotes!

sumelco · contents 1 general...

Documents