N

Reasonable product solutions

 

 

N

Fast delivery times

 

 

N

Programmable platforms

 

 

N

Made in Europe

 

 

N

2 years warranty

 

 

N

Reasonable product solutions

 

 

N

Fast delivery times

 

 

N

Programmable platforms

 

 

N

Made in Europe

 

 

N

2 years warranty

 

 

Safe VPN Connectivity with Easy Router!

VPN Connectivity

Why do you need this kind of secure data transfer? Usually, companies transfer their data over the public data network. Often there is a need for a secure connection to be made. This can be ensured by a VPN tunnel, which can be realized with different protocols. These protocols can also be combined and thus result in a higher degree of security. However, when combined, it must be taken into account that this information is encrypted by such a tunnel. This means that by decrypting the data, the process takes longer and thus more data is transmitted via your SIM card, which can lead to higher costs.

The Geneko routers essentially support all common VPN protocols. So if you have an application that needs to be encrypted via OpenVPN, IPsec, GRE, L2TP or PPTP, the routers have an easy way to set up these security protocols.

OpenVPN

OpenVPN site-to-site enables the connection of two remote networks through a point-to-point encrypted tunnel. The OpenVPN implementation provides a cost-effective, easily configurable alternative to other VPN technologies. OpenVPN allows peers to authenticate each other by requesting a pre-shared secret key, certificate or username and password. When used in a multiclient server configuration, the server can share one authentication certificate for each client using the signature and the certification authority. It uses the OpenSSL encryption library as well as the SSLv3/TLSv1 protocol and includes many security and control features. The server and the client have almost the same configuration. The difference in client configuration is the Remote Endpoint IP or Hostname field. In addition, the client can set up the keepalive settings. When successfully creating a tunnel, a static key must be generated on one side and the opposite key must be uploaded on the other side.

There are two modes of OpenVPN tunnels, routed and bridged mode. For routed mode you can select option TUN, and for bridged TAP. The difference between these two modes is basically the interconnection of independent and seperate “sub-networks” for routed mode and the interconnection between separate physical networks that are carrying the same range of IP adresses for the bridged mode.

You are able to select between 4 modes. The options are: NONE, Pre-Shared secret (PSK), Username/Password, X.509 client/server mode. The authentication method determines how the peers are authenticated to each other and later to exchange cipher and HMAC keys to protect the data channel. Use NONE if you do not want authentication at all. Pre-Shared secret is a simple and easy way to authenticate your hosts. Username/Password can be used only in client mode where your server needs this kind of authentication. X.509 mode is full Transport Layer Security protocol with use of certificate/key pairs. Note that the designation of X.509 client or X.509 server is only for the purpose of negotiating the TLS control channel. Make sure both ends of the OpenVPN tunnel use the same authentication method.

Encrypt packets with cipher algorithm. The default is BF-CBC, an abbreviation for Blowfish in Cipher Block Chaining mode. Blowfish has the advantages of being fast, very secure, and allowing key sizes of up to 448 bits. Blowfish is designed to be used in situations where keys are changed infrequently. OpenVPN supports the CBC cipher mode.

Authenticate packets with HMAC using message digest algorithm. The default is SHA1. HMAC is a commonly used message authentication algorithm (MAC) that uses a data string, a secure hash algorithm, and a key, to produce a digital signature. OpenVPN’s usage of HMAC is to first encrypt a packet, then HMAC the resulting ciphertext. In TLS mode, the HMAC key is dynamically generated and shared between peers via the TLS control channel. If OpenVPN receives a packet with a bad HMAC it will drop the packet. HMAC usually adds 16 or 20 bytes per packet. Set none to disable authentication.

Here you can see a representation of the user interface to change the OpenVPN settings in our router.

Wer einen robusten, mobilen Industrie Router mit großer Ausfallsicherheit und einer Vielzahl an Schnittstellen benötigt, der ist beim GWR-I352 Modell genau richtig. Er besitzt 2 SIM-Kartensteckplätze für eine bessere Konnektivität. Zudem ist er durch sein robustes Gehäuse bei einer Temperatur von -25° C bis +70° C arbeitsfähig und ist vor Staub und Spritzwasser geschützt. Somit also eine ideale Lösung für die Anwendung unter rauen Arbeitsbedingungen. Um die Vielfalt an M2M Applikationen zu ermöglichen, besitzt er einige Schnittstellen wie: 1/1 Digitaler Ein- und Ausgang, RS-232/RS-485(RS422) und Ethernet.

IPsec

In order to establish an encrypted tunnel, the two ends of an IPSec tunnel must agree on the methods of encryption, ecryption and authentication. This is done by sharing a key to the encryption code. For key management, the Router uses only IKE with Preshared Key mode.

IKE with Preshared Key IKE is an Internet Key Exchange protocol used to negotiate key material for Security Association (SA). IKE uses the Preshared Key to authenticate the remote IKE peer. Both ends of IPSec tunnel must use the same mode of key management. You can choose between “Main” and “Aggressive” mode.
To build up the IPSec, you have to pass several steps. We seperated as you can see in the following:

Phase 1 DH Group, Phase 1 Encryption, Phase 1 Authentication, Phase 1 SA Life Time, Perfect Forward Secrecy

Phase 2 DH Group, Phase 2 Encryption, Phase 2 Authentication, Phase 2 SA Life Time, Preshared Key.

You can find more informations about how to set up the IPSec in the User Manual in the Download section.

This picture visualizes how we solved the possibility to set up a new tunnel in our User Interface:

Here you can see the general User Interface for setting up IPSec:

IPsec

IPSec (Internet Protocol Security) is a protocol suite for securing Internet Protocol communication by authenticating and encrypting each IP packet of a data stream. In order establish an encrypted tunnel, the two ends of an IPsec tunnel must agree on the methods of encryption, decryption and authentication. It is, in comparison to OpenVPN, a little bit slower, due to its doubled encapsulation. In case of security it is based on the same level, since it is also secured in 256-bit. To have a nice comparison between the different VPN protocols, that our routers can provide, scroll down to the bottom of the site.

In order to establish an encrypted tunnel, the two ends of an IPSec tunnel must agree on the methods of encryption, ecryption and authentication. This is done by sharing a key to the encryption code. For key management, the Router uses only IKE with Preshared Key mode.

IKE with Preshared Key IKE is an Internet Key Exchange protocol used to negotiate key material for Security Association (SA). IKE uses the Preshared Key to authenticate the remote IKE peer. Both ends of IPSec tunnel must use the same mode of key  management.
You can choose between “Main” and “Aggressive” mode.

To build up the IPSec, you have to pass several steps. We seperated as you can see in the following:
Phase 1 DH Group, Phase 1 Encryption, Phase 1 Authentication, Phase 1 SA Life Time, Perfect Forward Secrecy
Phase 2 DH Group, Phase 2 Encryption, Phase 2 Authentication, Phase 2 SA Life Time, Preshared Key.

You can find more informations about how to set up the IPSec in the User Manual in the “Download” section.

 

Authenticate packets with HMAC using message digest algorithm. The default is SHA1. HMAC is a commonly used message authentication algorithm (MAC) that uses a data string, a secure hash algorithm, and a key, to produce a digital signature. OpenVPN’s usage of HMAC is to first encrypt a packet, then HMAC the resulting ciphertext. In TLS mode, the HMAC key is dynamically generated and shared between peers via the TLS control channel. If OpenVPN receives a packet with a bad HMAC it will drop the packet. HMAC usually adds 16 or 20 bytes per packet. Set none to disable authentication.

GRE

Ursprünglich von Cisco entwickelt, ist die generische Routing-Kapselung (GRE) nun ein Standard, der in RFC 1701, RFC 1702 und RFC 2784 definiert ist. GRE ist ein Tunneling-Protokoll, das zum Transport von Paketen von einem Netzwerk durch ein anderes verwendet wird. Wenn dies für Sie wie ein virtuelles privates Netzwerk (VPN) klingt, liegt das daran, dass es theoretisch so ist: Technisch gesehen ist ein GRE-Tunnel eine Art von VPN – aber keine sichere Tunneling-Methode. Sie können GRE jedoch mit einem Verschlüsselungsprotokoll wie IPSec verschlüsseln, um ein sicheres VPN zu bilden. Tatsächlich verwendet das Punkt-zu-Punkt-Tunnelprotokoll (PPTP) tatsächlich GRE, um VPN-Tunnel zu erstellen. Wenn Sie beispielsweise Microsoft VPN-Tunnel konfigurieren, verwenden Sie standardmäßig PPTP, das GRE verwendet.

You need to encrypt multicast traffic. GRE tunnels can carry multicast packets — just like real network interfaces — as opposed to using IPSec by itself, which can’t encrypt multicast traffic. Someexamples of multicast traffic are OSPF, EIGRP. Also, a number of video, VoIP, and streaming musicapplications use multicast.

You have a protocol that isn’t routable, such as NetBIOS or non–IP traffic over an IP network. Youcould use GRE to tunnel IPX/AppleTalk through an IP network.

You need to connect two similar networks connected by a different network with different IP addressing.

GRE tunnels can use periodic status messages, known as keepalives, to verify the integrity of the tunnel from end to end. By default, GRE tunnel keepalives are disabled. Use the keepalive check box to enable this feature. Keepalives do not have to be configured on both ends of the tunnel in order to work; a tunnel is not aware of incoming keepalive packets. You should define the time interval (in seconds) between transmitted keepalive packets. Enter a number from 1 to 60 seconds, and the number of times to retry after failed keepalives before determining that the tunnel endpoint is down. Enter a number from 1 to 10 times.

Here you can see a representation of the user interface of GRE:

The GRE tunnel is a type of VPN tunnel, but not a very secure tunneling method. A simple network with two GWG Gateways is shown in the following picture. The idea is to create a GRE tunnel for LAN-to-LAN (site-to-site) connectivity.

 

FAQ – VPN

What is the safest protocol?

If there is the possibility, we would always recommend the OpenVPN protocol, since it is the safest and fastest of the standard protocols we provide. With OpenVPN you are on the safe side and You have an easy integration due to our clear user interface.

VPN also managable via SIM card?

With an M2M SIM card, which allows you a fixed IP address, the construction of an OpenVPN tunnel is even possible via the SIM card. M2M SIM cards are highly recommended in case you are sending small amounts of data and are aware of the need for adequate security. The M2M SIM cards usually offer a private APN, which makes it impossible to get access from the public network on your SIM card and therefore your data. Please contact us if you need it.

Which router can provide which protocol?

Our routers support the following VPN connections: OpenVPN, IPSec, GRE, PPTP, L2TP. It does not matter which model. The routers are all able to easily set up these tunneling protocols with their clear user intrface.

You wish for contact person?

 PPTP

 L2TP/IPsec

 OpenVPN

VPN Encryption

128 Bit

256 Bit

160 Bit
256 Bit

VPN Security

Simple encryption

With 256 Bit, the L2TP and IPsec protocol have the highest level of encryption. Data is double-backed in one procedure.

By authenticating the data, through digital certificates, it is a protocol with the highest level of security.

VPN Speed

Lower encryption, relatively fast.

Compared to other protocols rather slowly, because the double encryption needs more computing capacity to be decrypted.

Even at long distances, high latencies and its high security, it reaches high speeds.

Reliability

Mostly reliable.

On devices that have NAT support, very reliable.

It is highly reliable in routers, WiFi hotspots and non-reliable networks.

Conclusion

PPTP is a fast and easy-to-use protocol. We recommend it only, if your application does not allow it to use OpenVPN.

If OpenVPN is not possible, L2TP/IPsec is the best choice as soon as the security of data transfer has top priority.

The protocol OpenVPN is highly recommended, because it is a fast and secure protocol. In the context of our routers, this is our recommended protocol.