Let's try zero configuration with VPN router "RTX830"
Last time, I used Yamaha's integrated network management service "Yamaha Network Organizer (YNO)" to build a remote access VPN. Even if the network device to be managed was not there, it was convenient because the settings could be made via the cloud service.
Especially in an organization that does not have a full-time network administrator, you may have felt that it would be possible to reduce the administrator's workload. Even organizations that have been hesitant to introduce a VPN in the past may find it an opportunity to consider the introduction of a VPN.
Now, this time, let's try "Zero Config", which pours the configuration information (CONFIG) of an already running RTX830 into another RTX830. Normally, network devices cannot be used in their factory default state, and need to be set. It is no exaggeration to say that this setting increases the burden on administrators.
Setting work is time-consuming and stressful. Even if you make a mistake in one setting, it will not work properly, and omission of settings may unintentionally create a security hole. If setting information can be copied from equipment that is already in normal operation, it would not lead to a reduction in management work.
The flow of zero configuration performed this time is as follows.
A factory default device is not connected to an internet connection, so it is not possible to connect to YNO. Therefore, we take the method of saving CONFIG to the SD card and reading it automatically. Let's get started.
First, log in to YNO and create a base CONFIG. Let's log in to YNO using the issued operator ID and password and display the dashboard. In addition, select "Device Management" - "Device List" from the menu to display the device list screen. Then, the RTX830 that built the VPN last time is displayed in the list.
In addition, let's refer to the WebGUI of the corresponding device. WebGUI can be displayed by clicking the arrow in the action column displayed to the right of RTX830 in the device list. When the WebGUI is displayed, select "Simple Settings" - "VPN" - "Remote Access" from the menu to display the current remote access VPN status. You can see that the remote access VPN is set up.
Now back to YNO and back up the RTX830 CONFIG. Press the "CONFIG backup" button at the top of the device list screen. Then, the name input screen is displayed, so enter the name.
In addition, only one CONFIG can be backed up for each model. Please note that the CONFIG that was backed up in the past will be discarded. When the backup starts, the job list screen is displayed. The backup will be processed immediately, so it won't take long. Reload the screen and you should see a "1" in the Success column.
In addition, if you display the list screen from "Device Management" - "CONFIG Backup List" in the menu, you can see the CONFIGs that have been backed up. Here, you can view the details of the backup by pressing View details. This detailed CONFIG will be used for initial CONFIG creation later.
Next, create a CONFIG to copy to the SD card. This is done on the initial CONFIG screen. Select "Device Management" - "Zero Config" - "Initial CONFIG List" from the menu, and press the "New Initial CONFIG" button at the top of the screen to display the new creation screen. The following commands are already entered in the initial CONFIG entry field on the new creation screen.
yno use onyno zero-config id text \OPERATOR_NAME\ \PLACE_ID\ \PASSWORD\This is the command "Use YNO". Before this command, enter the necessary commands to create the initial CONFIG. To create the initial CONFIG, you can use the RTX830 CONFIG that you backed up earlier and change only the necessary parts.
Before that, I will briefly explain the meaning of the commands entered in CONFIG section by section.
ip route default gateway pp 1Change as needed. When building a site-to-site VPN, be careful not to duplicate IP addresses on the LAN side.
ip lan1 address 192.168.100.1/24pp disable allConfigure the connection to the provider . pp select 1 pp always-on on pppoe use lan2 pp auth accept pap chap pp auth myname [provider user] [password] …
Configure users who access with remote access VPN.
pp select anonymouspp bind tunnel1pp auth request chap-pappp auth username [PPTP connection user] [password]…pp enable anonymoustunnel select 1tunnel encapsulation l2tpipsec tunnel 1ipsec sa policy 1 1 esp aes-cbc sha-hmac …tunnel enable 1ip filter 200000 reject 10.0.0.0/8 * * * *ip filter 200001 reject 172.16.0.0 /12 * * * *ip filter 200002 reject 192.168.0.0/16 * * * *ip filter 200003 reject 192.168.100.0/24 * * * *…nat descriptor type 1000 masqueradeMust match the LAN side IP address of the device.
dhcp service serverdhcp server rfc2131 compliant except remain-silentdhcp scope 1 192.168.100.2-192.168.100.191/24dns host lan1dns server pp 1dns server select 500001 pp 1 any . restrict pp 1dns private address spoof on
Save when done. The entered initial CONFIG is displayed in the list, and when displayed, it is as follows.
Once you have created the initial CONFIG, download it to your local PC. Return to "Device Management" - "Zero Config" - "CONFIG List" in the menu, and press the download icon on the right end of CONFIG to obtain the initial CONFIG, and it will be downloaded. Copy this config.txt to your micro SD card.
Connect the power cable and the network cable on the WAN side to the new RT830, insert the SD card into the slot, and turn on the power.
When you turn on the power, the POWER lamp flashes, and after a beeping alarm sounds, the STATUS lamp flashes.When CONFIG is replaced, a beeping alarm sounds.
Let's reload YNO's device list screen. It will be displayed in the following manner. "New CPE" is the device that has been set with zero configuration. Succeeded.
Update the firmware to the latest version using the "Firmware update" button at the top of the device list screen. The "GUI Forwarder" that can display the WebGUI of the managed device must be "Rev,15.02.03" or later.
After updating the firmware to the latest version, display the WebGUI and check the remote access VPN. should be set.
This time, we used YNO's Zero Config, a function that automatically sends configuration information (CONFIG) to devices connected to the YNO Manager, to perform initial router settings.
If the router is located in a remote location, simply send the SD card containing the CONFIG to the local person in charge, insert the SD card into the router, and turn on the power to configure. can be installed.
Last time, we used YNO to actually set things up by hand on the cloud service, but this time, the administrator hardly ever touches the actual machine. In particular, when installing multiple routers, setting mistakes can be suppressed and the work of administrators can be reduced.