avatar  

Log out

Recently viewed tickets

SiteManager GUI - VPN & EasyTunnel

Learn more about what EasyTunnel is and how it works.

1. Introduction to EasyTunnel (ET)

This introduction covers the following topics:

  • 1a. When to use EasyTunnel
  • 1b. What EasyTunnel does / how it works
  • 1c. Comprehensive list of configurations that an EasyTunnel Server can make on its counterpart

    1a. When to use EasyTunnel

    The EasyTunnel Client feature is optional to the primary role of the SiteManager, which is to function as gateway between agent controlled devices and LinkManager users.
    In some scenarios it may be preferable to have a more static connection between the SiteManager's device network and a remote network, in which case a VPN infrastructure might be more appropriate. For instance:

    • When a camera is streaming video data to a surveillance center.
    • When a data center wants to monitor remote devices using SNMP directly.
    • When using machine-to-machine (M2M) systems without human interaction.
    The following section will also help you to determine if the EasyTunnel Client feature is relevant to you or not.

    1b. What does EasyTunnel do?

    • The EasyTunnel Client establishes an IPsec based and AES encrypted VPN tunnel from the SiteManager's DEV1 network to an EasyTunnel Server in form of a Secomea TrustGate Appliance. Refer to the Office Network Solutions section on www.secomea.com for more information about compatible TrustGate products.
    • EasyTunnel works completely independent of the GateManager connection to the SiteManager. The VPN tunnel is made directly between the SiteManager and the EasyTunnel Server, and is not dependent of the SiteManager being connected to a GateManager.
    • The EasyTunnel Server must be accessible by a Public IP address. The EasyTunnel Client in the SiteManager does not need to have a public IP address but can be placed behind a NAT firewall. The firewall must allow UDP 500 and UDP 4500 outgoing.
    • Although EasyTunnel is considerably easier to configure than ordinary IPsec based VPN, it requires the same precautions as standard VPN tunnels to be taken, in order to avoid subnet conflicts between the local networks at each end of the tunnel. Any NAT rules to solve subnet conflicts must be made at the EasyTunnel Server end.
    • IMPORTANT: When creating the EasyTunnel Client on the EasyTunnel Server, the defined DEV1 Address will become the IP address of the DEV1 interface of the SiteManager. If you do not intend to override the IP address of the DEV1 interface, you must make sure to state the current DEV1 address as the DEV1 Address for the EasyTunnel Client on the Server.

    1c. Comprehensive list of the parameters that can be set using EasyTunnel:

    • Uniquely assigned settings for each EasyTunnel Client on the EasyTunnel Server's VPN > EasyTunnel page:
      • Device Name, DEV1 interface IP Address, DEV1 Subnet Mask, tunnel compression.
        As soon as the EasyTunnel Server's VPN > EasyTunnel page is saved, the EasyTunnel Server sends the settings to the EasyTunnel Client.
      • DEV1 DHCP pool allocation.
        When the EasyTunnel Client's DEV1 DHCP mode setting is ET-Controlled, settings from the EasyTunnel Server are propagated upon ET-DHCP lease renewal as described below (in Changes to NTP, DHCP and Private Master DNS settings).


    • Settings which are the same for all EasyTunnel Clients on a given EasyTunnel Server
      • Tunnel end-points on the EasyTunnel Server (Local Networks on VPN > EasyTunnel).
        As soon as the EasyTunnel Server's VPN > EasyTunnel page is saved, the EasyTunnel server sends the settings to the EasyTunnel Clients.
      • Changes to NTP, DHCP and Private Master DNS settings

        Changes on the EasyTunnel Server to General > Time: NTP server as well as to settings for General > LAN DHCP and for Master DNS on General > LAN DNS are propagated to its EasyTunnel Clients when they renew their ET-DHCP leases. * Details below.

        ET-DHCP leases are renewed every five minutes. In addition, leases are renewed when any of the following occurs:

        • The Service Tunnel is rekeyed specifically by using the lightning icon on either the EasyTunnel Server or the EasyTunnel Client.
        • Any changes affecting a given EasyTunnel Client are made on the EasyTunnel page of its EasyTunnel Server.
        • Either the EasyTunnel Client or the EasyTunnel Server is rebooted.

        * Details about propagated NTP, DHCP and Private Master DNS settings

        Please note : If the EasyTunnel Client has a DEV1 interface instead of a LAN interface, LAN-related settings on the EasyTunnel Server are propagated to the DEV1-related settings on the EasyTunnel Client.

        • System > Time
          When you give the IP address of an NTP server to the EasyTunnel Server Preparation wizard, this address will be set in the EasyTunnel Server and be sent to the EasyTunnel Clients without delay. If you change the IP address of the NTP server on the EasyTunnel Server it will be propagated upon ET-DCHP lease-renewal as described above.
        • Domain Name and/or WINS server(s) on System > LAN > DHCP
          Values for these settings on the EasyTunnel Server's own System > LAN > DHCP page will be propagated if the DHCP mode for the EasyTunnel Client's DHCP server on DEV1 is set to ET-Controlled . ET-Controlled is the factory default for all models that cannot function as EasyTunnel Server. The EasyTunnel Server keeps the EasyTunnel Clients updated upon ET-DCHP lease-renewal as described above.
        • Cisco CallManager on System > LAN > DHCP
          If you fill in an address of a Cisco CallManager in an EasyTunnel Server, the setting will also be used in its EasyTunnel Clients. Note, however, that some SiteManager models do not include this parameter.
        • Private Master DNS on System > LAN > DNS
          If the EasyTunnel Server has a Private Master DNS registered, the EasyTunnel Server gives the setting to the EasyTunnel Clients and keeps it updated upon ET-DCHP lease-renewal as described above.


      • DNS Server Access routing on System > LAN > DNS.
        The setting on the EasyTunnel Server is sent to the EasyTunnel Clients, and is kept updated upon ET-DCHP lease-renewal as described above.


    2. The EasyTunnel Client configuration

    You can use this EasyTunnel page for the following purposes:

    • Activate the EasyTunnel Client feature
    • display the current EasyTunnel Server identification
    • key/re-key (jump-start) an EasyTunnel using the [Connect icon]
    • change the server identification (for example from an IP address to a DNS host name; or to another EasyTunnel Server entirely).
      Note: before you can connect to another EasyTunnel Server, you must clear the field for the current EasyTunnel Server and press Save .


Creation date: 11/12/2019 13:20 (skr@secomea.com)      Updated: 16/01/2020 10:38 (skr@secomea.com)