control the devices The Administrator can also set up new users and specify each user’s individual access and control privileges.
4. To add a console server candidate to the Managed Console Server list: o Select it from the Remote Console Servers drop down list, and click Add
o Enter IP Address and SSH Port (if these fields have not been auto-completed) and enter a Description and unique Name for the Managed Console Server you are adding
o Enter the Remote Root Password (i.e. System Password that has been set on this Managed Console
Server). This password is used by the CMS to propagate auto generated SSH keys and then forgotten. It will
not be stored
o Click Apply. The CMS will now set up secure SSH connections to and from the Managed Console Server and will retrieve its Managed Devices, user account details and configured alerts
4.12.3 Calling Home to a generic central SSH server
If you are connecting to a generic SSH server (not a Lighthouse CMS) you may configure Advanced settings: Enter the SSH Server Port and SSH User to authenticate as
By selecting Listening Server, you may create a Remote port forward from the Server to this unit, or a Local port forward from this unit to the Server:
Specify a Listening Port to forward from, leave this field blank to allocate an unused port Enter the Target Server and Target Port that will be the recipient of forwarded connections
4.13 IP Passthrough
IP Passthrough is used to make a modem connection (e.g. the Opengear’s internal cellular modem) appear like a regular Ethernet connection to a third-party downstream router, allowing the downstream router to use the Opengear’s modem connection as a primary or backup WAN interface.
The Opengear provides the modem IP address and DNS details to the downstream device over DHCP and transparently passes network traffic to and from the modem and router.
While IP Passthrough essentially turns an Opengear into a modem-to-Ethernet half bridge, some specific layer 4 services (HTTP/HTTPS/SSH) may still be terminated at the Opengear (Service Intercepts). Also, services running on the
Opengear can initiate outbound cellular connections independent of the downstream router.
This allows the Opengear to continue to be used for out-of-band management and alerting and also be managed via Lighthouse, while in IP Passthrough mode.
4.13.1 Downstream Router Setup
To use failover connectivity on the downstream router (aka Failover to Cellular or F2C), it must have two or more WAN interfaces.
Note Failover in IP Passthrough context is performed entirely by the downstream router, and the built-in out-of-band
failover logic on the Opengear itself is not available while in IP Passthrough mode.
Connect an Ethernet WAN interface on the downstream router to the Opengear’s Network Interface or Management LAN port with an Ethernet cable.
Configure this interface on the downstream router to receive its network settings via DHCP. If failover is required, configure the downstream router for failover between its primary interface and the Ethernet port connected to the Opengear.
User Manual
101
Data Center and Remote Site Management - User Manual 4.13.1 IP Passthrough Pre-ConfigurationPrerequisite steps to enable IP Passthrough are:
Configure the Network Interface and where applicable Management LAN interfaces with static network settings o Click Serial & Network: IP
o For Network Interface and where applicable Management LAN, select Static for the Configuration
Method and enter the network settings (see the section entitled Network Configuration for detailed
instructions)
o For the interface connected to the downstream router, you may choose any dedicated private network – this network will only exist between the Opengear and downstream router and will not normally be accessible
o For the other interface, configure it as you would per normal on the local network o For both interfaces, leave Gateway blank
Configure the Opengear modem in Always On Out-of-band mode
o For a cellular connection, click System: Dial: Internal Cellular Modem
o Select Enable Dial-Out and enter carrier details such as APN (see the section entitled Cellular
Modem Connection for detailed instructions) 4.13.2 IP Passthrough Configuration
To configure IP Passthrough:
Click Serial & Network: IP Passthrough and check Enable Select the Opengear Modem to use for upstream connectivity
Optionally, enter the MAC Address of downstream router’s connected interface
Note If MAC address is not specified, the Opengear will passthrough to the first downstream device requesting a DHCP address.
Select the Opengear Ethernet Interface to use for connectivity to the downstream router Click Apply
4.13.3 Service Intercepts
These allow the Opengear to continue to provide services for e.g. out-of-band management when in IP Passthrough mode. Connections to the modem address on the specified intercept port(s) will be handled by the Opengear, rather than being passed through to the downstream router.
For the required service of HTTP, HTTPS or SSH, check Enable
Optionally modify the Intercept Port to an alternate port (e.g. 8443 for HTTPS), this is useful if you want to continue to allow the downstream router to remain accessible via its regular port
4.13.4 IP Passthrough Status
Refresh the page to view the Status section. It displays the modem’s External IP Address being passed through, the
Internal MAC Address of the downstream router (only populated when the downstream router accepts the DHCP lease),
and the overall running status of the IP Passthrough service.
Additionally, you may be alerted to the failover status of the downstream router by configuring a Routed Data Usage
Check under Alerts & Logging: Auto-Response. 4.13.5 Caveats
Some downstream routers may be incompatible with the gateway route. This may happen when IP Passthrough is bridging a 3G cellular network where the gateway address is a point-to-point destination address and no subnet information is available. The Opengear sends a DHCP netmask of 255.255.255.255. Devices will normally correctly construe this as a "single host route" on the interface, but as this is an unusual setting for Ethernet, some older downstream devices may have issues.
Intercepts for local services will not work if the Opengear is using a default route other than the modem. As per normal operation, they will also not work unless the service is enabled and access to the service is enabled (see System:
Services: Service Access: Dialout/Cellular).
Outbound connections originating from Opengear to remote services are supported (e.g. sending SMTP email alerts, SNMP traps, getting NTP time, IPSec tunnels), however there is a miniscule risk of connection failure should both the Opengear and the downstream device try to access the same UDP or TCP port on the same remote host at the same time where they have randomly chosen the same originating local port number.