Changes

RMS VPN (view source)

Revision as of 14:51, 28 November 2022

4,677 bytes added ,  14:51, 28 November 2022
no edit summary
Line 4: Line 4:  
RMS VPN is a service designed for remote efficient, low-cost management of large-scale networks. As opposed to point-to-point VPN service, RMS VPN allows creating encrypted VPN tunnels for secure access of multiple endpoints within a matter of seconds. Let's illustrate with some examples.
 
RMS VPN is a service designed for remote efficient, low-cost management of large-scale networks. As opposed to point-to-point VPN service, RMS VPN allows creating encrypted VPN tunnels for secure access of multiple endpoints within a matter of seconds. Let's illustrate with some examples.
   −
[[File:RMS VPN tunnel 1280 v1.png|800px|center]]
+
[[File:RMS VPN tunnel 1280 v1.png|800px|border|class=tlt-border]]
    
Manufacturing facilities or plants use various PLCs and HMIs running on different protocols. The growing automation trends of such entities require enabling remote access due to increasing efficiency, reducing downtime, and optimizing costs. Using RMS VPN allows secure remote access to multiple applications simultaneously regardless of their protocol, checking and changing configurations, and completing other essential tasks.
 
Manufacturing facilities or plants use various PLCs and HMIs running on different protocols. The growing automation trends of such entities require enabling remote access due to increasing efficiency, reducing downtime, and optimizing costs. Using RMS VPN allows secure remote access to multiple applications simultaneously regardless of their protocol, checking and changing configurations, and completing other essential tasks.
Line 20: Line 20:  
==Video - How to set up an RMS VPN Hub ==
 
==Video - How to set up an RMS VPN Hub ==
    +
<br>
 
<youtube>dfAudZR2wPY</youtube>
 
<youtube>dfAudZR2wPY</youtube>
    
<br>
 
<br>
==RMS VPN Hub Tutorial==
+
 
 +
==Tutorial==
    
Follow the steps to create and configure an RMS VPN Hub.
 
Follow the steps to create and configure an RMS VPN Hub.
Line 32: Line 34:  
# To start the configuration, make sure your device is connected to RMS.
 
# To start the configuration, make sure your device is connected to RMS.
 
# Select RMS Hubs on the left sidebar in the RMS VPN section.  
 
# Select RMS Hubs on the left sidebar in the RMS VPN section.  
# To add a new VPN Hub go to Left sidebar panel ('''RMS VPN''' → '''VPN Hubs''') and click on '''VPN Hubs'''.
+
# To add a new VPN Hub go to Left sidebar panel ('''RMS VPN''' → '''VPN Hubs''') and click on '''VPN Hubs'''. <br>
 +
 
 +
[[File:VPN Hubs.png|border|class=tlt-border]]
    
Click on a '''Add new VPN Hub +''' area or move your mouse pointer to the '''VPN Hub''' menu and select '''Add new VPN Hub''' (VPN Hub → Add new VPN Hub).
 
Click on a '''Add new VPN Hub +''' area or move your mouse pointer to the '''VPN Hub''' menu and select '''Add new VPN Hub''' (VPN Hub → Add new VPN Hub).
 +
 +
[[File:Add New Hub.png|border|class=tlt-border]]
    
* Enter the name of the Hub, optionally set the description and tags.
 
* Enter the name of the Hub, optionally set the description and tags.
 +
 +
[[File:Hub details.png|border|class=tlt-border]]
    
===Set up VPN hub===
 
===Set up VPN hub===
 
----
 
----
# Click on Add Client button and select an RMS user from the list.
+
1. Click on Add Client button and select an RMS user from the list.
# Click on Add Client button and select an RMS device from the list.
+
 
 +
[[File:Client RMS user.png|border|class=tlt-border]]
 +
 
 +
2. Click on Add Client button and select an RMS device from the list.
 +
 
 +
[[File:Client RMS device.png|border|class=tlt-border]]
    
===Adding routes===
 
===Adding routes===
 
----
 
----
# Go to the Routes tab.
+
1. Go to the Routes tab. <br>
# Click Add route button to set up a new route.
+
2. Click Add route button to set up a new route.
# From Auto Scan, select your specific device. Or alternatively use the manual tab.
+
 
# To implement the changes, you must Restart the hub.
+
[[File:RMS Add Route.png|border|class=tlt-border]]
 +
 
 +
3. From Auto Scan, select your specific device. Or alternatively use the manual tab.
 +
 
 +
[[File:Auto Scan RMS.png|border|class=tlt-border]]
 +
 
 +
4. To implement the changes, you must Restart the hub.
 +
 
 +
[[File:RMS restart HUB.png|border|class=tlt-border]]
    
===Downloading OVPN configuration file===
 
===Downloading OVPN configuration file===
 
----
 
----
# You will find the RMS VPN configuration file is in the Clients tab.
+
You will find the RMS VPN configuration file is in the Clients tab.
# In the Actions column, click on the Download icon.
+
1. In the Actions column, click on the Download icon.
# Your will download .OVPN configuration file.
+
 
 +
[[File:Download Icon OVPN.png|border|class=tlt-border]]
 +
 
 +
2. Your PC will download .OVPN configuration file.
    
===Connecting to your RMS VPN Hub===
 
===Connecting to your RMS VPN Hub===
 
----
 
----
# To connect, you can use [https://openvpn.net/client-connect-vpn-for-windows/ OpenVPN Connect software]. Or any other alternative OpenVPN software.
+
1. To connect, you can use [https://openvpn.net/client-connect-vpn-for-windows/ OpenVPN Connect software]. Or any other alternative OpenVPN software. <br>
# To establish a connection import your .OVPN file. and click Connect.  
+
2. To establish a connection import your .OVPN file. and click Connect.  
# We have successfully connected to your RMS VPN hub, now you can connect to your remote device.
+
 
 +
[[File:OVPN import.png|border|class=tlt-border]]
 +
 
 +
3. You have successfully connected to your RMS VPN hub, now you can reach your remote device.
 +
 
 +
[[Category:RMS VPN]]
 +
 
 +
== LAN to LAN communication==
 +
 
 +
To set up LAN to LAN communication via RMS VPN Hub, you would need some additional configuration. As shown in the topology below, we are going to set up communication between two end devices connected to Teltonika Networks routers, which are RMS VPN clients.
 +
 
 +
topology.png
 +
 
 +
The topology above contains two Teltonika routers ('''RUT1''' and '''RUT2''') with two end devices ('''END1''' and '''END2'''), each connected to a separate router's LAN. Both routers are added to the same RMS VPN Hub as RMS VPN clients. When this configuration is completed, not only will the two routers be able to communicate with each other, but the end devices will also be reachable to one another and from each router.
 +
=== Adding VPN Clients===
 +
----
 +
To start, you would need to set up a VPN Hub as shown in the previous example. Once the Hub is set up and two RMS devices are added to the Hub, the clients tab should look like this:
 +
 
 +
[[File:RMS Clients tab.png|700px|border|class=tlt-border]]
 +
 
 +
=== Adding Routes===
 +
----
 +
Before adding routes to end devices, we have to enable the LAN forwarding feature. LAN forwarding modifies Firewall Zone covering RMS VPN, to allow VPN traffic to reach end device's LAN network. If you were to enable WAN forwarding, you would be able to reach end point connected to the device's WAN port. To enable forwarding, follow these steps:
 +
* Click on the Hub and navigate to the '''Routes''' section.
 +
* In the '''Clients''' tab, click on the LAN toggle to enable forwarding.
 +
 
 +
Client with enabled LAN forwarding should look like this:
 +
 
 +
[[File:RMS Lan forwarding.png|border|class=tlt-border]]
 +
 
 +
The next step is to add Routes to the end devices. Follow these steps to add routes:
 +
*Navigate to the '''Routes''' section.
 +
*Press '''Add Route''' button to open an additional menu.
 +
*You could choose from either '''Auto Scan''' or '''Manual''' add route method. In this example, we are using '''Auto Scan'''.
 +
*To add a route, select an RMS device from the list and press '''Scan Device'''.
 +
*The procedure scans all devices that are connected to '''RUT1''' LAN.
 +
 
 +
[[File:RMS Route to end device.png|border|class=tlt-border]]
 +
 
 +
Once the scan is completed, follow the steps to continue:
 +
*Select the end device‘s IP address (in this example 192.168.1.211) and press add.
 +
*In this configuration, we are going to need to add routes in both '''RUT1''' and '''RUT2'''.
 +
*To add a route to the '''RUT2''' network end device, just follow the procedure above.
 +
 
 +
Once both routes are added, '''restart the RMS Hub'''. If you have completed the steps correctly, the routes tab should look like this:
 +
 
 +
[[File:RMS both routes.png|border|class=tlt-border]]
 +
 
 +
=== Modifying Firewall Zones===
 +
----
 +
For the end devices to be able to reach each other, we are going to need to modify Firewall zones in both '''RUT1''' and '''RUT2'''. Follow these steps to edit Firewall zones:
 +
*Navigate to '''Network -> Firewall -> General settings'''.
 +
*In the zones section, click the edit button on WAN zone (wan -> REJECT).
 +
 
 +
[[File:FW Zones section.png|900px|border|class=tlt-border]]
 +
 
 +
*In the '''Inter-Zone Forwarding''' section, click on '''Allow forwarding to destination zones''' and select '''rms''' (for example, rms_xzkEgQ: openvpn). This allows traffic originating from WAN side to reach RMS VPN.
 +
 
 +
[[File:RMS Inter zone forwarding.png|900px|border|class=tlt-border]]
 +
 
 +
After Clicking on '''Save & Apply''' for both routers, the setup is completed and the LAN to LAN communication between devices should work.
 +
 
 +
=== Testing the configuration===
 +
----
 +
As with any other configuration, it is always wise to test the setup in order to make sure that it works properly. To test LAN to LAN communication via RMS Hub, we could try to '''ping''' one end device from the other.
 +
 
 +
Pinging '''END2''' from '''END1''':
 +
 
 +
[[File:Ping to END2 device.png|border|class=tlt-border]]
 +
 
 +
Pinging '''END1''' from '''END2''':
 +
 
 +
[[File:Ping to END1 device.jpg|border|class=tlt-border]]
 +
 
 +
If the ping requests are successful, congratulations, your setup works. If not, we suggest that you review all the steps once more.
Retrieved from "https://wiki.teltonika-networks.com/view/Special:MobileDiff/99589"

Navigation menu