Žemiau pateiktos GSM maršrutizatorių savybės bei pagrindiniai saugumo mechanizmai:

Feature

Details / Description

HTTP

Protocol for communication over a computer network (does not establish an encrypted connection).

HTTPS

Protocol for secure communication over a computer network. HTTPS consists of communication over Hypertext Transfer Protocol (HTTP) within a connection encrypted by Transport Layer Security or its predecessor, Secure Sockets Layer.

Web server

Accepts and supervises the HTTP requests.

SSH

Network protocol for secure data communication and remote command execution.

Telnet

Session layer protocol.

FTP

The File Transfer Protocol (FTP) is a standard network protocol used to transfer files from one host to another host over a TCP-based network.

SFTP

A network protocol used for secure file transfer over secure shell.

DHCP Server

The DHCP server provides automatic configuration of the client devices connected to the router. The DHCP server assigns each device an IP address, subnet mask, default gateway (IP address of router) and DNS server (IP address of router).

VRRP

VRRP protocol (Virtual Router Redundancy Protocol) allows you to transfer packet routing from the main router to a backup router in case the main router fails. (This can be used to provide a wireless cellular backup to a primary wired router in critical applications.)

Mobile WAN

Connection to mobile network – contains many options for configuring switching SIM cards.

PPPoE

PPPoE (Point-to-Point over Ethernet) is a network protocol where PPP frames are encapsulated in Ethernet frames. It is used to set the PPPoE connection over Ethernet. The router will connect to a PPPoE server or a PPPoE bridge device such as an ADSL router. It is possible to specify MRU and MTU.

Backup Routes

Allows user to back up the primary connection with alternative connections to the Internet/mobile network. Each backup connection can have assigned a priority. Switching between connections is done based upon set priorities and the state of the connections.

Firewall

Incoming packets must first pass a check of enabled source IP address and destination ports. User may specify the IP address from which you will remotely access the router and the internal network behind the router. It is possible to define the rules for up to eight remote accesses. The router also allows user to define the forwarding policy. Either packets are accepted automatically or packets are forwarded according defined rules (if they are addressed to another network interface). Then a protection against DoS attacks is included.

NAT

NAT (Network Address Translation) is a method of sharing a single external IP address among many internal hosts. It also helps prevent unauthorized access to the internal network.

OpenVPN

OpenVPN implements virtual private network (VPN) techniques for creating secure point-to-point or site-to-site connections. It is possible to create two different tunnels.

IPsec

Internet Protocol Security (IPsec) is a protocol suite for securing Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a communication session. The router allows user to select encapsulation mode (tunnel or transport), IKE mode (main or aggresive), IKE Algorithm, IKE Encryption, ESP Algorithm, ESP Encryption and much more.  It is possible to create four different tunnels.

GRE

Generic Routing Encapsulation (GRE) is a tunneling protocol that can encapsulate a wide variety of network layer protocols inside virtual point-to-point links over an Internet Protocol network. It is possible to create four different tunnels.

L2TP

L2TP (Layer 2 Tunneling Protocol) is used to create a password-protected connection between two LANs.

PPTP

The Point-to-Point Tunneling Protocol (PPTP) is a method for implementing virtual private networks.

DynDNS client

DynDNS service lets you access the router remotely using an easy to remember custom hostname. This client monitors the router’s IP address and updates it whenever it changes.

NTP

NTP (Network Time Protocol) allows the router to set its internal clock using a network time server.

SNMP v1/v2/v3

SNMP (Simple Network Management Protocol) provides status information about network elements such as routers or end computers.

SMTP

The SMTP (Simple Mail Transfer Protocol) client is used to send emails.

SMTPS

SMTPS (Simple Mail Transfer Protocol Secure) refers to a method for securing SMTP with transport layer security.

SMS control

The router can automatically send SMS messages to a cell phone or SMS message server when certain events occur.

Startup Script

Scripts which will be executed after all of the initialization scripts are run.

Up/Down script

Scripts which will run when the PPP connection is started or goes down.

Automatic update

The router can be configured to automatically check for firmware updates from an FTP site or a web server and update its firmware or configuration information.

User modules

Additional SW modules and ability to create your own SW module.

Python

Scripting language (for sending longer messages, special user module must be installed).

Profiles

Four different configurations can be stored in router non-volatile
memory.

Use of a SIM card with               a PIN number

The PIN code must be entered each time that the SIM card is powered up. Access to the SIM card is blocked if the PIN code is incorrectly entered three times.

Sending SMS messages

The maximum length of the SMS is 160 characters.

Backup Configuration

Allows user to save the current router configuration to a file.

Restore Configuration

Allows user to restore the router configuration from a file.

Dial-in

The dial-in server is a peer device that receives the call over the PPP link from the dial-out machine.

System Log

The system log contains helpful information about the operation of the router. Only the most recent information is shown on the screen, but older log entries can be viewed by saving the system log to a file and opening it with a text editor.

One CLICK report

Current configuration / factory identification / system log / kernel
log / eboot log / routing table

Statuses

Network Status, Mobile Status, DHCP Status, IPSec Status, Statistics for
two previous months

UM

Advanced security

Advanced Security module extends configuration of Conel router of ability to set the number of additional security features.
These include for example disabling (or enabling) sending error messages within the ICMP protocol, disabling (or enabling) the ICMP protocol as a whole, disabling (or enabling) access to the router via Telnet or SSH etc.

AT Modem Emulator

The AT Modem Emulator user module to emulate telephone modem behavior. The modem can receive a dial-up request via the serial port and convert it to a TCP/IP connection. A device connected to the Conel router serial interface sees the router as a HAYES-compatible modem.

Band Select

Band Select module allows user to adjust the portfolio of frequency bands which Conel router supports.

Please note – this user module is intended only for routers with GSM modules:
• PHS8 (i.e. UR5i v2 and UR5i v2 Libratum)
• MC7710 (i.e. LR77 v2)
• MC7304 (i.e. LR77 v2 and Bivias v2 LL/LH/LC)

CURL

                                                                                           

Captive Portal

This module is designed to provide a service called captive portal on routers functioning as a standard Wi-Fi hotspot. It means that every customer using this Wi-Fi network is redirected to a special web page before a common use of the Internet. It is possible to insert a form for
authentication or any information notice.

Please note that this module is compatible only with firmware 4.0.0 or later in v2 routers!

Cumulocity

Cumulocity is a cloud-based subscription service designed for creating Internet of Things (IoT) solutions.
It gives you very fast visibility and control over your remote devices.

DF1-CSPv4

 

DNP3 Outstation

DNP3 Outstation module allows the router to use DNP3 protocol (Distributed Network Protocol v3), which is intended for reading data from the router. It follows that the primary purpose of this protocol is the mutual communication between devices in a network.

Daily Reboot

Daily Reboot user module allows to do scheduled daily router reboot at the specified time.

EasyVPN Client

User module Easy VPN client provides secure (encrypted) connection LAN under our router and LAN under Cisco router.

Ethernet Port Detector

This module allows router to detect physical disconnection of an Ethernet cable and drop eth0 interface so that after the cable is reconnected, it is not possible to communicate via the Ethernet interface.

File Uploader

This module is designed for synchronizing files between the router and a remote device (FTP server).

GPRS Configuration

This module allows user to set the same GPRS/UMTS parameters for each profile in the router at the same time.

GPS

The user module GPS (Global Positioning System) allows your router to provide location and time information in all weather, anywhere on or near the Earth, where there is an unobstructed line of sight to four or more GPS satellites.

Guest

This module restricts configuration via the web interface of the router for normal users.
Configuration in standard form is accessible only to users who have administration permission (i.e. know username and password).

HTTP Authentication

With this module you can add the process of authentication to a server that does not provide this service.
After clicking the HTTP Authentication module in the web interface, you can find the form, which allows you to activate this module, set necessary information about the server and required login data.

HTTP Banner

This module allows user to embed information banner ahead of the login form.

Mini Captive Portal

This module is designed to provide a service called captive portal on routers functioning as a standard Wi-Fi hotspot.

Please note: User module is compatible with v2 routers, firmware lower than 4.0.0 only!
For firmware 4.0.0 and higher, use Captive Portal user module.

Modem Bonding

This user module allows you to induce a communication model between the several Conel routers (max. 20) in which the bonded connectivity of all routers in the chain is available on one router (master).
The first device (router) in the chain has the role of master and bonded connectivity is available on its ETH port. Following routers are slaves. Master and slaves are wired together from PORT1 to ETH, so that the last Slave has only ETH connected.

NMAP

This module allows user to perform TCP and UDP scan.
It can also be used for sending pings (i.e. IP datagrams, which are intended to verify the functionality of a connection between two network interfaces).

NTRIP Client

This module is used to gain a more accurate location via NTRIP protocol (it’s a general stateless protocol based on the protocol HTTP/1.1.). Each router which has enabled the user module can be considered as Ntrip Client.

Packet Splitter

Packet Splitter module allows duplication of data flow to more targets (up to 7 different connections).
It is suitable for applications where duplication of data flow is needed – e. g. data collecting for statistic reasons, or sending data from bar code reader to more targets, etc.

Pinger

This module allows your router to manually or automatically verify the functionallity of the connection between two network interfaces. Pinger periodically sends IP datagrams and waits for a response from a counterpart. If the response is successfully received, the module prints latency and the statistical summary in conclusion.

PoSConf

This module allows your router to send the content of memory card to a remote FTP server.
The data is sent once a day at the hour that you set in advance. At this point, the memory card is disconnected from the USB. After the module sends all of the data, the memory card is connected to the USB again and is accessible like all other USB flash memory for the storage of data. Each subsequent day this process will be repeated.

Protocol ALPHA-MODBUS

ALPHA-MODBUS protocol is binary transparent serial communications protocol with Mitsubishi ALPHA.
Direction to/from the control room uses MODBUS-TCP protocol, on the serial line protocol there is the proprietary machine ALPHA (Dedicated Protocol). The router performs a real-time two-way conversion transparent scroll via the data.

Protocol BGP

Due to this module the routing between autonomous systems can be used.
These systems are basically collections of IP networks and routers under the control of one or more network operators that presents a common clearly defined routing policy (only one of the interior gateway protocols). The routing information is exchanged between autonomous systems via a border gateway.
The BGP user module is based on software called Quagga. It is a routing software package that provides TCP/IP based routing services with routing protocols support RIP, OSPF and BGP.

Protocol IS-IS

This module allows your router to use the IS-IS (Intermediate System – Intermediate System) routing protocol, which is designed for the exchange of routing information between routers.
This protocol belongs to a family of IGP (Interior Gateway Protocol) protocols, which are designed to distribute routing information within a single autonomous system (AS). It is a link-state protocol, which means that information about the topology is exchanged between the nearest neighbours in a “flood way“ (flooding).

Protocol MODBUS-RTUMAP

Using this module stored values from the buffer can be periodically read.
These values are obtained from connected meters. Each meter is assigned a certain number of registers (or coils). The ranges follow each other, so the rtuMap module reads the data from a total number of assigned registers (or coils) from the specified start address.

Protocol MODBUS-TCP2RTU

User module provides convert protocol MODBUS TCP to protocol MODBUS RTU, which is possibly run on the serial line.
Serial port can be used for the expansion port RS232 or expansion port RS485/422 fitted in PORT1 or PORT2.

Protocol MODBUS-RTU2TCP

 

Protocol NHRP

A dynamic Multipoint VPN (DMVPN) is a concept of a secure network that exchanges data between remote routers (so called spokes) without needing to pass traffic through a headquarter virtual private network (VPN) router (so called hub).
Each spoke is permanently connected to the headquarter using VPN tunnel. If two spokes need to communicate to each other, temporary VPN tunnel is created between them (headquarter has a role of NHRP server). Tunnels are canceled after finishing of communication. The DMVPN allows to establish VPN tunnels between routers for which port address are assigned dynamically (this is not possible when using “classical” site-to-site VPN). The DMVPN essentially creates a topology that could be called (full) mesh VPN. This means that each remote router (spoke) can connect directly with all other remote routers, no matter where they are located.

Protocol OSPF

Due to this module the OSPF routing protocol is available.
This protocol is designed for exchanging routing information within an autonomous system. The OSPF is a link state protocol, which means that routers maintain a map of the network (link state database) that is updated after any change to the network topology. To compute the shortest (least cost) path between the router and all the networks the Dijkstra’s algorithm is used. Then this data are filled in the routing table. The OSPF user module is based on software called Quagga. It is a routing software package that provides TCP/IP based routing services with routing protocols support RIP, OSPF and BGP.

Protocol PIM-SM

Due to this module the PIM-SM (Protocol Independent Multicast – Sparse Mode) protocol is available.
The most commonly used is the multicast routing protocol that is designed with the assumption that the recipients for any particular multicast group will be sparsely distributed throughout the network. In order to receive multicast data, routers must explicitly tell their upstream neighbors about their interest in the particular groups and sources. PIM-SM by default uses shared trees, which are multicast distribution trees rooted in some selected node (this router is called the Rendezvous Point, RP) and used by all sources sending to the multicast group.

Protocol RIP

Due to this module the RIP routing protocol is available.
It is a standard for the exchange of routing information among routers and respond to changes in network topology. The RIP is a distance-vector protocol, which means that routers transmit updated routing tables. To compute the shortest (least cost) path between the router and all the networks the Bellman-Ford algorithm is used. The deciding factor is the number of routers through which data must pass between source and destination. The maximum number allowed for the RIP protocol is 15. This maximum, however, also limits the size of networks that the RIP can support. The RIP user module is based on the software called Quagga. It is a routing software package that provides the TCP/IP based routing services with routing protocols support RIP, OSPF and BGP.

Protocol SuiteHT

This module allows the router to send queries from the AMR system to a meter through an IP network using the router as a gateway. AMR system will send commands and these commands will not be encoded or encapsulated, but shall be sent “in clear” over a TCP connection. The router, upon receiving this command, will send it to the meter, following the timings and the handshake process. Once router has received the response message from the meter, it sends it back to the AMR system and waits for another command. If AMR has no more commands to send, it will close the TCP session and the router will have to end the communication with the meter.

Protocol TransparentLine

SCEP Client

SCEP (Cisco System’s Simple Certificate Enrollment Protocol) is a PKI communication protocol which leverages existing technology by using PKCS#7 and PKCS#10. SCEP is the evolution of the enrollment protocol developed by Verisign, Inc. for Cisco Systems, Inc. It now enjoys wide support in both client and CA implementations.

SSHClient

This module extends the portfolio of Conel router functions by the ability to use it as an SSH client.
This means that the module allows to establish the SSH connection to the remote router and execute commands on it. Due to the fact the SSH server is a standard part of the firmware, it is possible to connect to any Conel router.

Sierra Wireless Updater

 

TCP SYN Keep-Alive

This module allows your router to check the TCP connection to specified IP address (on the stated TCP port).
Establishing a connection is carried out regularly at the specified interval. Any failed attempts to establish a TCP connection are recorded. If the number of fails exceeds the set limit, the WAN connection will be restarted.

Transparent mode

After loading the user module into any Conel router, this router becomes “invisible” for remote devices. It is available only for a device which is located behind the router. The default IP address of the router is 192.168.1.1 (configuration can be performed only by logged in user – name and password is root by default). All communication with the device which is located behind this router runs directly. This means that if a user enters the IP address of the SIM card in the router, will communicate with the interface of the device behind this router.

WiFi AP

User module “WiFi” allows for the functionality of expansion PORT XC-WiFi.
WiFi module supports the AP (Access Point) function. This module allows you to scan the neighboring networks. Due to the WiFi module it is possible to perform automatic configurations of the connected devices (maximum number is 2007) via DHCP server. More information is in the user manual for XC-WiFi.

WiFi STA

User module “WiFi” allows for the functionality of expansion PORT XC-WiFi.
This module allows your router to behave as a classical WiFi client station, which is a child element of the infrastructure wireless network. Thus the described device (with this function) can be simply called a “reciever“. Quotes of reciever word mean that wifi communication of this device is bidirectional, which means that the router is also able to send data packets. Therefore the basic function is to receive data packets from an available access point and send data from the cable connection via wifi network.
More information is in the user manual for XC-WiFi.

WoLGateway

This module allows your router to eavesdrop on communication in the specified UDP port, receives packets from specified source address (Source IP) and forwards these packets to the appropriate address (Destination IP) as a broadcast.

pduSMS

Module for sending SMS messages in PDU format.

pppGateway

This module allows the router to establish connection via PPP (data link protocol commonly used in establishing a direct connection between two networking nodes) between router and device which is connected to the router over a serial line. For example, this way it is possible to provide Internet access for older devices which do not have this ability, but have the use of connection over a serial line.

python

Scripting language (for sending longer messages, special user module must be installed).

sendReport

This module allows regular sending System log and Report files to the specified email address or FTP server.
System log contains system log statement. This is the same file, which can be obtained by pressing the Save Log button on the page with system log in the web interface of the router.

serial2TCP

Serial2TCP module allows connecting of the serial line device and TCP Server or Servers. Communication in both ways – serial to TCP and TCP to serial – is possible. It can be used in data collecting and measurement applications – sending data from serial line connected meter or sending commands and control data to any meters or serial line devices remotely via TCP.

stunnel

This module allows the router to create an encrypted network tunnel in which it applies that at one end – either the input or output – data is wrapped in SSL.
This means that the data on the input is either encrypted, then it is decrypted on the output, or vice versa. Stunnel is primarily designed for adding SSL encryption to communication channels that can not support it. This results in a significant increase in communication security (within these channels). It can be used as an additional functionality for the commonly used servers, which are running by inetd daemon (Linux daemon which listens to communication on the network interface and if it is necessary, runs servers for handling requirements). These have included POP2, POP3 or IMAP. Thanks to this module it is also possible to add SSL encryption to NNTP, SMTP and HTTP services which are run by standalone daemons or to PPP tunnels.

wM-BUS CONCENTRATOR

This module allows your router to receive messages from wireless M-BUS meters and then saves the contents of these messages to a XML file. The WM-BUS Concentrator only processes messages received from the meters that are included in the list (adding meter to the list is described in section 1.2). The XML file is generated for each meter once per day. Other messages from the same meter on the same day are ignored. The generated files are saved to a temporary folder and then the user module moves these XML files to the FTP server. Files are stored in a temporary folder until they are successfully transferred to the FTP server.

Protocol IEC 101-104 

This user module does a bidirectional conversion between IEC101 and IEC104 protocols specified by the IEC 60870-5 standard.
IEC101 serial communication is converted to the IEC104 TCP/IP communication and vice versa. It is possible to configure some parameters of IEC101 and IEC104.