Changes

2,764 bytes added , 2 September

Line 19: Line 19:

The General section is used to set up some of device managerial parameters, such as changing device name. For more information on the General section, refer to figure and table below.

{{#switch:{{{series}}}

−

| TAP100|TAP200=[[File:~~Networking_rutos_manual_administration_general_tap100_v1~~.png|border|class=tlt-border]]

+

| TAP100|TAP200=[[File:Networking_rutos_manual_administration_general_tap100_v2.png|border|class=tlt-border]]

−

| TCR1=[[File:~~Networking_rutos_manual_administration_general_tcr_v2~~.png|border|class=tlt-border]]

+

| TCR1=[[File:Networking_rutos_manual_administration_general_tcr_v3.png|border|class=tlt-border]]

−

+

−

| #default=[[File:~~Networking_rutos_manual_administration_general_rut_v2~~.png|border|class=tlt-border]]

+

| #default=[[File:Networking_rutos_manual_administration_general_rut_v4.png|border|class=tlt-border]]

}}

Line 44: Line 44:

<td>Basic {{!}} Advanced; default: Basic</td>

<td>Mode determines what options and configurations are shown. In Basic mode only the essential configurations are shown. In Advanced mode there is greater freedom to configure and access more options.</td>

−

</tr>}}

+

</tr>

+

<tr>

+

<td>Data Analytics</td>

+

<td>Off {{!}} On; default: Off</td>

+

<td>Enables the collection of data, which is used to improve the quality and user experience of our products. It includes sending information about the device and the usage of the Web interface. The data is collected in compliance with the Privacy policy.</td>

+

</tr>

+

}}

<tr>

<th>Device name and hostname</th>

Line 101: Line 107:

provides information about the fields contained in that section:

−

[[File:Networking_rutos_ntp_general_gps_{{{gps}}}.png|border|class=tlt-border]]

+

[[File:Networking_rutos_ntp_general_gps_{{{gps}}}_v2.png|border|class=tlt-border]]

Line 131: Line 137:

</tr>|}}

</table>

+

===NTP===

----

Line 259: Line 266:

----

The Access Control page is used to manage {{#switch:{{{series}}}|TAP100|TAP200=|#default= remote and}} local access to device.

+

{{#switch:{{{series}}}

+

|TAP100|TAP200 = [[File:Networking rutos manual administration access control general tap v1.png|border|class=tlt-border]]

+

|#default = [[File:Networking rutos manual administration access control general v1.png|border|class=tlt-border]]}}

{{#switch:{{{series}}}|TAP100|TAP200=|#default=Important: turning on remote access leaves your device vulnerable to external attackers. Make sure you use a strong password.

Line 264: Line 275:

SSH

----{{#switch:{{{series}}}

−

|TAP100|TAP200 = [[File:~~Networking_rutos_manual_administration_access_control_general_ssh_tap100_v1~~.png|border|class=tlt-border]]

+

|TAP100|TAP200 = [[File:Networking_rutos_manual_administration_access_control_general_ssh_tap100_v3.png|border|class=tlt-border]]

−

|#default = [[File:~~Networking_rutos_manual_administration_access_control_general_ssh_v1~~.png|border|class=tlt-border]]}}

+

|#default = [[File:Networking_rutos_manual_administration_access_control_general_ssh_v3.png|border|class=tlt-border]]}}

Line 277: Line 288:

<td>off {{!}} on; default: on</td>

<td>Turns SSH access from the local network (LAN) on or off.</td>

−

</tr>{{#switch:{{{series}}}|TAP100|TAP200=|#default

+

</tr>{{#switch:{{{series}}}|TAP100|TAP200=|#default=

<tr>

<td>Remote SSH access</td>

Line 289: Line 300:

</tr>

<tr>

−

<td>~~Enable key-based authentication~~</td>

+

<td>Authentication type</td>

−

<td>~~off~~ {{!}} on; default: ~~off~~</td>

+

<td>Password {{!}} Key-based only {{!}} Use both; default: Password</td>

−

<td>Use public keys for authentication.</td>

+

<td>

+

<li>Password - SSH access with password for root user</li>

+

<li>Key-based only - enables key-based authentication only and disables password authentication for root user</li>

+

<li>Use Both - use both password and public keys for authentication</li>

+

</td>

+

</tr>

+

<tr>

+

<td>Public keys</td>

+

<td>-(input field)</td>

+

<td>Public keys for ssh key-based authentication. Each individual key must be specified on a new line.</td>

</tr>

</table>

−

~~WebUI~~

+

HTTP

----{{#switch:{{{series}}}

−

|TAP100|TAP200 = [[File:~~Networking_rutos_manual_administration_access_control_general_webui_tap100_v1~~.png|border|class=tlt-border]]

+

|TAP100|TAP200 = [[File:Networking rutos manual administration access control general http tap v1.png|border|class=tlt-border]]

−

|#default = [[File:~~Networking_rutos_manual_administration_access_control_general_webui_v1~~.png|border|class=tlt-border]]}}

+

|#default = [[File:Networking rutos manual administration access control general http v1.png|border|class=tlt-border]]}}

Line 310: Line 330:

<td>off {{!}} on; default: on</td>

<td>Turns HTTP access from the local network (LAN) to the device WebUI on or off.</td>

+

</tr>{{#switch:{{{series}}}|TAP100|TAP200=|#default=

+

<tr>

+

<td>Enable remote HTTP access</td>

+

<td>off {{!}} on; default: off</td>

+

<td>Turns HTTP access from remote networks (WAN) to the device WebUI on or off.</td>

+

</tr>}}

+

<tr>

+

+

<td>integer [0..65535]; default: 80</td>

+

<td>Selects which port to use for HTTP access.</td>

+

</tr>{{#switch:{{{series}}}|TAP100|TAP200=|#default=

+

<tr>

+

<td>Ignore private IPs on public interface</td>

+

<td>off {{!}} on; default: on</td>

+

<td>Prevent access from private (RFC1918) IPs on an interface if it has an public IP address.</td>

+

</tr>}}

+

</table>

+

+

HTTPS/b>

+

----{{#switch:{{{series}}}

+

|TAP100|TAP200 = [[File:Networking rutos manual administration access control general https tap v1.png|border|class=tlt-border]]

+

|#default = [[File:Networking rutos manual administration access control general https v1.png|border|class=tlt-border]]}}

+

+

<tr>

+

<th>Field</th>

+

<th>Value</th>

+

<th>Description</th>

</tr>

<tr>

Line 320: Line 369:

<td>off {{!}} on; default: off</td>

<td>Redirects connection attempts from HTTP to HTTPS.</td>

−

~~</tr>{{#switch:{{{series}}}|TAP100|TAP200=|#default=~~

−

~~<tr>~~

−

~~<td>Enable remote HTTP access</td>~~

−

~~<td>off {{!}} on; default: off</td>~~

−

~~<td>Turns HTTP access from remote networks (WAN) to the device WebUI on or off.</td>~~

−

~~</tr>}}~~

−

~~<tr>~~

−

~~<td>Port</td>~~

−

~~<td>integer [0..65535]; default: 80</td>~~

−

~~<td>Selects which port to use for HTTP access.</td>~~

</tr>{{#switch:{{{series}}}|TAP100|TAP200=|#default=

<tr>

Line 337: Line 376:

</tr>}}

<tr>

−

+

<td>HTTPS Port</td>

<td>integer [0..65535]; default: 443</td>

<td>Selects which port to use for HTTPS access.</td>

Line 361: Line 400:

<td>Server key file.</td>

</tr>}}

+

<tr>

+

<td>Certificate file</td>

+

<td>.crt; default: uhttpd.crt</td>

+

<td>Download certificate file from device. Used for browsers to reach HTTPS connection.</td>

+

</tr>

</table>

+

CLI

----{{#switch:{{{series}}}

−

|TAP100|TAP200 = [[File:~~Networking_rutos_manual_administration_access_control_general_cli_tap100~~.png|border|class=tlt-border]]

+

|TAP100|TAP200 = [[File:Networking_rutos_manual_administration_access_control_general_cli_tap100_v2.png|border|class=tlt-border]]

−

|#default = [[File:~~Networking_rutos_manual_administration_access_control_general_cli~~.png|border|class=tlt-border]]}}

+

|#default = [[File:Networking_rutos_manual_administration_access_control_general_cli_v2.png|border|class=tlt-border]]}}

Line 398: Line 443:

Telnet

----

−

[[File:Networking_rutos_manual_administration_access_control_general_telnet.png|border|class=tlt-border]]

+

[[File:Networking_rutos_manual_administration_access_control_general_telnet v2.png|border|class=tlt-border]]

Line 427: Line 472:

Note: PAM is additional software that can be installed from the System → [[{{{name}}} Package Manager|Package Manager]] page.

−

[[File:~~Networking_rutos_manual_administration_access_control_pam_v2~~.png|border|class=tlt-border]]

+

[[File:Networking_rutos_manual_administration_access_control_pam_v3.png|border|class=tlt-border]]

====Modify PAM Auth====

----

−

[[File:~~Networking_rutos_manual_administration_access_control_pam_modify_pam_auth_v1~~.png|border|class=tlt-border]]

+

[[File:Networking_rutos_manual_administration_access_control_pam_modify_pam_auth_v2.png|border|class=tlt-border]]

Line 451: Line 496:

<tr>

−

<td>Required {{!}} Requisite {{!}} Sufficient {{!}} Optional; default: ~~Required~~ </td>

+

<td>Required {{!}} Requisite {{!}} Sufficient {{!}} Optional; default: Optional </td>

<td>Determines the continuation or failure behavior for the module</td>

+

</tr>

+

<tr>

+

<td>Radius: Enable for all users</td>

+

<td>off {{!}} on; default: off</td>

+

<td>Turn on PAM authentication for all users. It will allow login with users that are not created on the device.</td>

+

</tr>

+

<tr>

+

<td>Radius: Require Message-Authenticator</td>

+

<td>off {{!}} on; default: on</td>

+

<td>Require and validate Message-Authenticator RADIUS attribute on Access-Request replies.</td>

</tr>

<tr>

Line 482: Line 537:

IP Block Settings

----

−

[[File:~~Networking_rutos_manual_administration_access_control_security_v4~~.png|border|class=tlt-border]]

+

[[File:Networking rutos manual administration access control security settings v1.png|border|class=tlt-border]]

<tr>

Line 496: Line 551:

<tr>

−

<td>Timed blocking {{!}} Permanent blocking; default: ~~Time~~ blocking</td>

+

<td>Timed blocking {{!}} Permanent blocking; default: Timed blocking</td>

<td>You can choose an option of a blocking type.</td>

</tr>

Line 521: Line 576:

</tr>

<tr>

−

<td>Source ~~address~~</td>

+

<td>Source</td>

<td>IP address</td>

<td>Shows the IP address from which the connection failed.</td>

Line 564: Line 619:

{{#switch:{{{series}}}|TAP100|TAP200= ===Device Pairing===

----

−

[[File:~~Networking_rutos_manual_administration_access_control_pairing_v2~~.png|border|class=tlt-border]]

+

[[File:Networking_rutos_manual_administration_access_control_pairing_v3.png|border|class=tlt-border]]

<tr>

Line 599: Line 654:

After clicking 'Edit' you should be redirected to that phone group's configuration page where you can start adding phone numbers to it.

−

[[File:~~Networking_rutos_manual_administration_recipients_phone_groups_modify_phone_group~~.png|border|class=tlt-border]]

+

[[File:Networking_rutos_manual_administration_recipients_phone_groups_modify_phone_group_v2.png|border|class=tlt-border]]

Line 703: Line 758:

The Certificate Generation tab provides the possibility to generate TLS certificates required for secure authentication and communication encryption used by some of the devices services.

−

There are ~~five~~ distinct generation methods (denoted by the selected 'File Type').

+

There are six distinct generation methods (denoted by the selected 'File Type').

<ol>

Line 718: Line 773:

<li>Client - generates a client certificate and key. A client certificate validates a client's identity to the server that it's connecting to, while a key is responsible for encryption.</li>

<li>DH Parameters - generates a Diffie-Hellman (DH) parameters file. DH parameters are used in symmetric encryption to protect and define how OpenSSL key exchange is performed.</li>

+

<li>Let's encrypt - generates SSL certificate.</li>

</ol>

Line 894: Line 950:

===Root CA===

----

−

The Root CA section is used to add a root CA certificate file to the device. There is a default file already preloaded on the device which will be overwritten by any uploaded file. The certificates must be in .pem format, maximum file size is ~~300~~ KB. These certificates are only needed if you want to use HTTPS for your services and the default file should be sufficient in most cases.

+

The Root CA section is used to add a root CA certificate file to the device. There is a default file already preloaded on the device which will be overwritten by any uploaded file. The certificates must be in .pem format, maximum file size is 10 KB. These certificates are only needed if you want to use HTTPS for your services and the default file should be sufficient in most cases.

−

[[File:~~Networking_rutos_manual_administration_access_control_root_ca_v1~~.png|border|class=tlt-border]]}}

+

[[File:Networking_rutos_manual_administration_access_control_root_ca_v2.png|border|class=tlt-border]]}}

==Profiles==

TomasG

Administrators

1,395

edits

Changes

Template:Networking rutos manual administration (view source)

Revision as of 12:41, 2 September 2024