User Tools

Site Tools


network_connections_setup

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision
Previous revision
network_connections_setup [2018/10/04 16:48] – [Connect to an existing network (Client mode)] emozolyaknetwork_connections_setup [2022/01/14 14:32] (current) – [Connecting to custom VPNs] emozolyak
Line 1: Line 1:
 ====== Setting up network connections ====== ====== Setting up network connections ======
-   +{{ network:net_icon.png?nolink&60|}}  
-===== LAN and WAN interfaces =====+
  
-----+===== Accessing network setup interface =====
  
-**In any** project for WebHMI you have to connect to local network or InternetThere are several options how to do this, and the most reliable is wired Ethernet.+You can access either from login page or setup menu (side bar for 3.5 and below fw, and popup menu for higher versions):
  
-WEBHMI has 2 RJ45 network connectors labeled LAN and WAN. By default, the LAN is configured as [[https://en.wikipedia.org/wiki/DHCP | DHCP]]-server that automatically distributes network settings to the connected devices, and WAN as a DHCP client focused on connecting to a network that already has a A DHCP server, for example, a router distributing the Internet. In addition, WAN Firewall settings forbid all incoming connectoins from WAN network, and therefore access to WebHMI's web-interface is possible only from LAN[1]. You can change the current settings using the **Network setup** section, which you can access via the link on the authorization page or from the //Setup/Network// setup menu after logging in:+{{ network:network-enter_options.png?direct&600 |}}
  
-{{ ::network-setup-enter.png?direct&600 |}}+===== LAN and WAN interfaces ===== 
 + 
 +**In any** project for WebHMI you have to connect to local network or Internet. There are several options how to do this, and the most reliable is wired Ethernet. 
 + 
 +WEBHMI has 2 RJ45 network connectors labeled LAN and WAN. By default, they are configured as follows: 
 +  ***LAN** is configured as [[https://en.wikipedia.org/wiki/DHCP | DHCP]]-server that automatically distributes network settings to the connected devices. LAN ethernet is bridged with the WiFi WebHMI master network 
 +  ***WAN** as a DHCP client focused on connecting to a network that already has a A DHCP server, for example, a router distributing the Internet. In addition, WAN Firewall settings forbid all incoming connectoins from WAN network, and therefore access to WebHMI's web-interface is possible only from LAN. [1]
  
 Login to the network settings section requires authorization. Default requisites are  Login to the network settings section requires authorization. Default requisites are 
  
-**Login:admin/Password:webhmi**+  *Login: //admin/
 +  *Password: //webhmi//
  
   ATTENTION! For security reasons, during the project setup process, please change the default password   ATTENTION! For security reasons, during the project setup process, please change the default password
  
-{{ ::luci_authorization.png?direct&600 |}}+{{ network:luci_authorization.png?direct&600 |}} 
 + 
 +==== Editing interfaces ====
  
 All network settings are grouped in the //'Network'// tab. The submenu //'Interfaces'// allows you to create, configure and manage network connections All network settings are grouped in the //'Network'// tab. The submenu //'Interfaces'// allows you to create, configure and manage network connections
  
-{{ ::luci-interfaces.png?direct&600 |}}+{{ network:luci-interfaces.png?direct&600 |}}
  
 This page displays general information that describes the current status of network connections. To change the interface settings (LAN or WAN), press **Edit**. This page displays general information that describes the current status of network connections. To change the interface settings (LAN or WAN), press **Edit**.
  
-{{ ::luci-network-interfaces-setup.png?direct&600 |}}+{{ network:luci-network-interfaces-setup.png?direct&600 |}}
  
-All settings for convenience are divided into several separate groups of bookmarks: **General, Advanced, Physical и Firewall settings:**+All settings for convenience are divided into several separate groups of bookmarks: **General, Advanced, Physical and Firewall settings:**
  
 **General setup** allows you to set general (basic) settings, which will differ, depending on the selected protocol type (connection method: Static IP, DHCP, PPPoE, L2TP, etc.). In the case of static addressing (the most widely used option), this will be: host IP [[https://en.wikipedia.org/wiki/IP_address | address]], subnet mask, gateway address and [[https://en.wikipedia.org/wiki/Domain_Name_System | DNS]] server address. **General setup** allows you to set general (basic) settings, which will differ, depending on the selected protocol type (connection method: Static IP, DHCP, PPPoE, L2TP, etc.). In the case of static addressing (the most widely used option), this will be: host IP [[https://en.wikipedia.org/wiki/IP_address | address]], subnet mask, gateway address and [[https://en.wikipedia.org/wiki/Domain_Name_System | DNS]] server address.
Line 42: Line 50:
 In the most general case, to connect WEBHMI to the local network it will be enough to configure only a few important parameters. In the most general case, to connect WEBHMI to the local network it will be enough to configure only a few important parameters.
  
-{{ ::luci-lan-setup.png?direct&600 |}}+{{ network:luci-lan-setup.png?direct&600 |}}
  
 **General settings** tab: **General settings** tab:
Line 65: Line 73:
 5. You must specify which zone this interface belongs to. In this case LAN or WAN. For more information, see Firewall. 5. You must specify which zone this interface belongs to. In this case LAN or WAN. For more information, see Firewall.
  
-{{ ::luci-lan-firewal.png?direct&600 |}}+{{ network:luci-lan-firewal.png?direct&600 |}}
  
 __**WARNING! If all incoming connections for all networks are disabled, the WEB interface of the device will be completely lost. In this case, you will have to restore/reset settigs and all data, including the project, will be lost**__ __**WARNING! If all incoming connections for all networks are disabled, the WEB interface of the device will be completely lost. In this case, you will have to restore/reset settigs and all data, including the project, will be lost**__
Line 92: Line 100:
 In the default configuration, there is one Wifi interface configured as access point (master network) with SSID name "WebHMI". It can be seen in the interfaces list. This interface is "bridged" with //eth0// Ethernet interface for LAN network. So clients connected to "WebHMI" WiFi network and to Ethernet LAN connector are in the same network LAN. Bridged interface icons are shown in parenthesis and bridged interface name starts with "br- ... " In the default configuration, there is one Wifi interface configured as access point (master network) with SSID name "WebHMI". It can be seen in the interfaces list. This interface is "bridged" with //eth0// Ethernet interface for LAN network. So clients connected to "WebHMI" WiFi network and to Ethernet LAN connector are in the same network LAN. Bridged interface icons are shown in parenthesis and bridged interface name starts with "br- ... "
  
-{{ bridged_interface.gif }}+{{ network:bridged_interface.gif }}
  
 To add new WiFi network or to modify existing one follow the WiFi link from Network menu. The opened window Wireless Overview shows the main parameters of existing wireless networks. From here you can manage them: add / remove, enable / disable, and change their settings : To add new WiFi network or to modify existing one follow the WiFi link from Network menu. The opened window Wireless Overview shows the main parameters of existing wireless networks. From here you can manage them: add / remove, enable / disable, and change their settings :
Line 99: Line 107:
   communication failure.   communication failure.
  
-{{ ::wifi_network_list.png?direct&700 |}}+{{ network:wifi_network_list.png?direct&700 |}}
  
 To change the settings of an existing network, click "Edit". Here, all the parameters are divided into two groups:  To change the settings of an existing network, click "Edit". Here, all the parameters are divided into two groups: 
Line 105: Line 113:
   *__logical__ (called INTERFACE CONFIGURATION), which determine, in fact, the properties of the wireless network - its identifier, mode of operation and security parameters.   *__logical__ (called INTERFACE CONFIGURATION), which determine, in fact, the properties of the wireless network - its identifier, mode of operation and security parameters.
  
-{{ ::master_wifi_config.png?direct&700 |}}+{{ network:master_wifi_config.png?direct&700 |}}
  
 **Interface configuration, General setup tab**: **Interface configuration, General setup tab**:
  
-{{ ::wifi_interface_general.png?direct&600 |}}+{{ network:wifi_interface_general.png?direct&600 |}}
  
   ***ESSID** – wireless network name    ***ESSID** – wireless network name 
Line 118: Line 126:
  
 The **Wireless Security** tab defines the security settings for the wireless network. The **Wireless Security** tab defines the security settings for the wireless network.
-{{ ::wifi_interface_security.png?direct&600 |}}+{{ network:wifi_interface_security.png?direct&600 |}}
  
   ***Encryption** - Select the type of encryption or leave the network open   ***Encryption** - Select the type of encryption or leave the network open
Line 129: Line 137:
 You can add more WiFi networks from wireless Overview page (e.g. let's create access point "wh2ndWiFi" ): You can add more WiFi networks from wireless Overview page (e.g. let's create access point "wh2ndWiFi" ):
  
-{{ ::wifi_add_network.png?direct&600 |}}+{{ network:wifi_add_network.png?direct&600 |}}
  
 So you should set "wh2ndWiFi" for ESSID, "Access Point" for mode and create new network "WIFI2" bound to this wifi physical adapter: So you should set "wh2ndWiFi" for ESSID, "Access Point" for mode and create new network "WIFI2" bound to this wifi physical adapter:
-{{ ::add_another_wifi_master.png?direct&600 |}}+{{ network:add_another_wifi_master.png?direct&600 |}}
  
 After saving, a new network interface will appear in the list: After saving, a new network interface will appear in the list:
-{{ ::unbound_if_.png?direct&400 |}}+{{ network:unbound_if_.png?direct&400 |}}
  
   However, this is not the end! As a result of the manipulations, only a new network interface has been created so    However, this is not the end! As a result of the manipulations, only a new network interface has been created so 
Line 141: Line 149:
   name in interface's setup page. Now it will still need to be fully configured to work in the IP network (assign    name in interface's setup page. Now it will still need to be fully configured to work in the IP network (assign 
   an address,   gateway, etc.) similarly to described earlier LAN and WAN interface settings    an address,   gateway, etc.) similarly to described earlier LAN and WAN interface settings 
-{{ ::unconfigured_if_2.gif?direct |}}+{{ network:unconfigured_if_2.gif?direct |}}
  
 ==== Connect to an existing network (Client mode)==== ==== Connect to an existing network (Client mode)====
  
 1. Press Scan in Wireless Overview window, Network / Wi-Fi menu  1. Press Scan in Wireless Overview window, Network / Wi-Fi menu 
-{{ add_client_1.png?direct&600 }}+{{ network:add_client_1.png?direct&600 }}
 A list of WiFi networks will be shown. A list of WiFi networks will be shown.
  
 2. Press **Join Network** for the network you're going to connect to. 2. Press **Join Network** for the network you're going to connect to.
-{{ ::join_wifi_nework.png?direct&600 |}}+{{ network:join_wifi_nework.png?direct&600 |}}
    
 In the appeared window: In the appeared window:
Line 161: Line 169:
  
 6.Based on the level of trust in the network, specify the desired network zone that defines the traffic processing rules for this connection. For details, see the Firewall. 6.Based on the level of trust in the network, specify the desired network zone that defines the traffic processing rules for this connection. For details, see the Firewall.
-{{ ::client_wifi_edit.png?direct&600 |}}+{{ network:client_wifi_edit.png?direct&600 |}}
  
 7.In the window that appears, click **Save & Apply**. Most part is finished now. 7.In the window that appears, click **Save & Apply**. Most part is finished now.
Line 167: Line 175:
 In the Wireless Overview window, you will see a new wireless network (in this case there are two of them: one has a WebHMI client and the other has an access point). In the Wireless Overview window, you will see a new wireless network (in this case there are two of them: one has a WebHMI client and the other has an access point).
  
-{{ ::client_wifi_added.png?direct&600 |}}+{{ network:client_wifi_added.png?direct&600 |}}
  
 You can see or change the settings of the network connection in the same place, in the tab ' Network / Interfaces' You can see or change the settings of the network connection in the same place, in the tab ' Network / Interfaces'
  
-{{ :client_wifi_added_2.png?direct&600 |}}+{{ network:client_wifi_added_2.png?direct&600 |}} 
 + 
 +<WRAP center round important 60%> 
 +When you have multiple Wi-Fi networks setup with at least one in the client mode, please be aware that if the client wifi net fail, the master wifi network will fail too. 
 +</WRAP> 
 ===== Connecting WebHMI to the Internet ===== ===== Connecting WebHMI to the Internet =====
  
-A common task is to configure WebHMI with simultaneous access to the Internet for WebHMI, and the computer from which WebHMI is configured. Let's consider several connection scenarios.+A common task is to configure WebHMI with __simultaneous access__ to the Internet for both WebHMI, and the computer from which WebHMI is configured. Let's consider several connection scenarios.
  
 **Option 1.** WebHMI is a **gateway** for the PC.  **Option 1.** WebHMI is a **gateway** for the PC. 
Line 195: Line 208:
 The WebHMI firewall 'maps' one or more networks/interfaces in special zones, which are used to describe the default rules for this interface, the rules for forwarding packets between interfaces, and additional rules that do not fall under the first two types. All traffic for the network interface can be classified as incoming, outgoing, or redirected. In the firewall's network settings menu, for convenience, descriptions and comments to all its fields are provided. The WebHMI firewall 'maps' one or more networks/interfaces in special zones, which are used to describe the default rules for this interface, the rules for forwarding packets between interfaces, and additional rules that do not fall under the first two types. All traffic for the network interface can be classified as incoming, outgoing, or redirected. In the firewall's network settings menu, for convenience, descriptions and comments to all its fields are provided.
  
-{{ ::firewall-zone.png?direct&600 |}}+{{ network:firewall-zone.png?direct&600 |}}
  
 In the operating system configuration file, the default firewall rules goes first, but they take effect last. The filtering system uses sequential processing, in which the packets are processed sequentially, in a chain, by different rules. The first matching rule is executed, but it often performs a transition to another chain of rules that the packet is moving on until it meets ACCEPT (accept) or DROP / REJECT (discard) commands. Rules with such commands are executed last in the chain of rules, so the default rules will come into effect last, and more specific rules will be checked first. Zones are used to configure masquerading, also known as NAT, as well as for configuring port forwarding rules, more commonly known as redirection. In the operating system configuration file, the default firewall rules goes first, but they take effect last. The filtering system uses sequential processing, in which the packets are processed sequentially, in a chain, by different rules. The first matching rule is executed, but it often performs a transition to another chain of rules that the packet is moving on until it meets ACCEPT (accept) or DROP / REJECT (discard) commands. Rules with such commands are executed last in the chain of rules, so the default rules will come into effect last, and more specific rules will be checked first. Zones are used to configure masquerading, also known as NAT, as well as for configuring port forwarding rules, more commonly known as redirection.
  
 Zones should always be assigned to one or more interfaces. You can assign a zone to the interface in the tab of its properties **Firewall settings**. In the factory configuration of WebHMI, two zones are configured with their own rules, which are sufficient for working in 99% of the cases - the wan zone (in which the Internet gateway is usually located) prohibits incoming traffic, but allows redirection from the lan zone to wan. The names of the zones lan (green) and wan (red) by default coincide with the names of the network interfaces LAN and WAN to which they are assigned, however, the zones can be called arbitrary: Zones should always be assigned to one or more interfaces. You can assign a zone to the interface in the tab of its properties **Firewall settings**. In the factory configuration of WebHMI, two zones are configured with their own rules, which are sufficient for working in 99% of the cases - the wan zone (in which the Internet gateway is usually located) prohibits incoming traffic, but allows redirection from the lan zone to wan. The names of the zones lan (green) and wan (red) by default coincide with the names of the network interfaces LAN and WAN to which they are assigned, however, the zones can be called arbitrary:
 +
 +===== VPN connections =====
 +
 +==== Quick Level2 VPN connection method (as of FW 3.5 and higher) ====
 +
 +Please refer to [[level2:how_to_connect_webhmi_to_level2?s[]=vpn#vpn_setup_from_webhmi_level2_menu|this]] page.
 +
 +==== Connecting to custom VPNs ====
 +
 +<WRAP center round info 80%>
 +With this method you can connect WebHMI to Level2 VPN for fw versions below 3.5. 
 +</WRAP>
 +
 +On the network interfaces page, add a new interface:
 +
 +{{ :network:add_inerface_button.png?direct&800 |}}
 +
 +Choose L2TP type:
 +
 +{{ :network:vpn:l2vpn_choice.png?direct |}}
 +
 +Select protocol and input credentials (in the example the Level2 server is given):
 +
 +{{ :network:vpn:old_vpn_general_setup.png?direct |}}
 +
 +On the Advanced tab, input the metric for the interface's gateway (15):
 +
 +{{ :network:vpn:old_vpn_advanced_setup.png?direct |}}
 +
 +Choose green LAN firewall zone:
 +
 +{{ :network:vpn:old_vpn_firewall_settings.png?direct |}}
 +
  
  
network_connections_setup.1538671734.txt.gz · Last modified: 2018/10/04 16:48 by emozolyak

Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki