Tutorial: Central VPN Management
Central VPN Management (CVM) is an easier way to establish and manage VPN connections between several CPEs (VPN clients). It allows Administrator on the CVM Router to:
* Set up VPN connections with just one click
* Backup and restore CPE configurations
* Upgrade firmware for CPE
* Manage multiple CPEs simultaneously
Maximum number of CPE
In the following example, we demonstrate how to use CVM on a VPN server to manage the VPN network with CPEs. There will be three parts of the notes,
A. Configuration of CVM Router and CPEs.
B. VPN network Management
C. CPE Maintenance
Part A. Configuration of CVM Router and CPEs
For CVM to work, it requires settings on both CVM Router (VPN server) and the CPEs, The following are the detailed instructions of the configurations
1. [On CVM Router] Set up CVM: Go to Central VPN Management >> General Setup
a. In General Settings tab, Enable CVM Port, and enter a port number.
b. Copy the URL of ACS server. (This will be used for settings on CPEs)
Note: URL with https and http is for CVM SSL Port and CVM Port respectively.
c. Select a WAN interface for WAN IP for Remote Connection.
d. In IPsec VPN Settings tab, enter Username and Password.
e. Select the Local Subnet to establish VPN connection.
f. Click OK to save.
2. [On CVM Router] Enable CVM Access Control: Go to System Maintenance >> Management, make sure the CVM Port is enabled.
3. [On CPEs] Set up TR-069: Go to System Maintenance >> TR-069
a. Select ACS Server On Internet.
b. Paste the URL of ACS server copied from CVM settings on VPN server.
c. Enter Username and Password as the same as in CVM settings on VPN server.
d. Enable CPE Client.
e. Enable Periodic Inform Settings.
f. Click OK to save.
4. [On CPEs] Enable Internet Access Control: Go to System Maintenance >> Management, enable Allow management from the Internet and make sure TR069 server is enabled.
After the above configuration, the CPE is connected to CVM Router, and we can see the device appears in the Unmanaged Device List of CVM Router.
5. [On CVM Router] Edit the Managed Device List: Go to Central VPN Management >> CPE Management >> Managed Devices List.
a. Select the CPE device in Unmanaged Devices List, enter a Description Name and its Location, then click Add to add it to Managed Devices List.
b. After that, the CPE will appear in Managed Devices List with its name and IP address. Also double click on the item for detailed information.
6. [On CVM Router] Observe the location of CPEs on Google Map: Go to Central Management >> CPE Management, in Google Map tab shows the location of each CPE.
Part B. VPN Network Management
To establish VPN connection: Go to Central VPN Management >> VPN Management.
1. The VPN Management page shows all the devices in Managed Device List and their connection status.
2. Move the cursor to a device to show its detailed information.
3. Click on a device to show the VPN type options, then click on one of the options to establish VPN connection. In both PPTP and IPsec, the system will give a username and password automatically; however, Administrator could change the encryption methods by choosing “Advanced”.
4. Wait a few second and refresh the page, we will see the VPN connection is on and the connection information is in the CPE VPN Connection List below.
5. After that, both CPE and VPN server will create a LAN-to-LAN profile in VPN and Remote Access >> LAN to LAN.
Administrator could also change the VPN type in VPN Management page, and the settings will applied to the LAN-to-LAN profile automatically.
Part C. CPE Maintenance
In this part, we will demonstrate an example of CPE maintenance. Assuming Administrator wants a CPE to backup its configuration and stored in an USB once a day. This can be done from the VPN server with CVM.
1. Create a schedule for the configuration backup: Go to Application >> Schedule, click on an index number to add a schedule profile.
a. Tick Enable Schedule Setup
b. Select the Start Date and Start Time as the time for CPE to backup its configuration.
c. Set Duration Time as 5 minutes.
Note: In case of offline, it is necessary to setup Duration. Longer duration gives router more time to retry connecting once the CPE lose connection with VPN server.
d. Select How Often does the CPE need to backup its configuration.
2. Go to Central VPN Management >> CPE Management >> CPE Maintenance, make sure there is a USB disk connected to the router.
3. Add a CPE Maintenance profile: In the CPE Maintenance page, click on an index number to add a new profile.
a. Enter the Profile Name.
b. Enable this profile.
c. For Device Name, select the MAC address of the CPE.
d. Select Action Type as Config Backup.
e. Enter the Schedule proflie index.
f. Click OK to save.
After the configuration backup, go to USB Application >> File Explorer to check if the configuration files has been saved successfully.