PermaLINK Firmware Release Notes - Edimax



PermaLINK Application Notes

Change list

20060831 – Making traceroute work

UltraSmartSharing

20060731 – Limit Peer-to-Peer activities

20060320 – DNS relay; have DNS queries go out to DNS Server(s) specific to the WAN lines.

20051215 – Using PermaLINK primarily for VOIP utilizing all the WAN lines.

20051215 – Mail Alert

20050930 – Class B IP address and DHCP Server setting for 499 users

20050928 – VPN settings for PPTP Clients and PPTP Server

20050928 – Revised VPN IPsec

20050927 – Added settings for Vonage & increase DHCP Server client # greater than 253

20050921 – Added Fail-over

20050921 – revised HTTPS

20050921 – revised Basic NAT

20050908 – revised VPN

20050823 – revised HTTPS, SMTP

August 31st, 20066 – Making traceroute work

Traceroute uses ICMP with Packet size more than 32 bytes.

Please go to:

 

Main Page > Access Control > DoS Defense

Under Oversize Ping, change it from 32 to 64 bytes, then, Traceroute will work.

 

[pic]

August 31st, 20066 – UltraSmartSharing

Enhancement – UltraSmartSharing™ (Default is ON): This is a new and exclusive PermaLINK feature! You access it via:

Main Page > Load Balance

It provides you with automatic assignment of each LAN PC represented by an IP to a particular connected WAN line, and it will continue to use that WAN line, until time-out. Fault-tolerance and fail-over is automatically maintained. This is an exclusive mode that permits a group of PCs automatically to work well for games, VOIP, HTTPS, etc. We’ve developed this as a continuous innovation to support Internet Café, Schools, VOIP provider, Wireless ISP…etc

Once used, from the perspective PC LAN users, they are on a virtual single WAN router using the bandwidth that is specific to that WAN line. What in essence is the case that we sub-divided the PC LAN user population, and assigned them to a particular connected WAN line.

Please note: If you are using PermaLINK for a few users like under 5, we recommend that you disable UltraSmartSharing.

As an administrator, you may want to limit Peer-to-Peer activities of your LAN users. We can do this by limiting the number of IP sessions. I assume that Peer-to-Peer sometimes would require up to 200 or more sessions. Goto:



[pic]

I would recommend that you sent “IP Session Limit:” to 60 sessions. In addition, you would need to setup the QOS in order for this Session limit to take effect.

[pic]

Mar. 20th, 20066 – DNS Relay; DNS queries specific to WAN lines

There are ISPs restricting DNS queries to their own WAN lines. Now, DHCP clients get their IP and DNS Server address from the DHCP Server and sometimes, the clients even get their IP and DNS Server address before the WAN lines get connected.) The solution is DNS Relay; they can now use the PermaLINK’s LAN IP address as the DNS Server. Assuming the LAN IP address is 192.168.1.254

Main Page > Configure LAN & DHCP

[pic]

Set the Primary and Secondary DNS to the same IP as the LAN IP address (in this case it is 192.168.1.254)

My PC is a DHCP Client and here is my “ipconfig/all” Default Gateway; DNS Servers are all

192.168.1.254

[pic]

Dec. 15th, 2005 – Using all the WAN lines for VoIP only

We have some customers who purchased the PermaLINK primarily for VoIP usage.

Our standard VoIP configuration described in this application note on Sep. 27th, 2005 is for fault-tolerance. The theory is to bind VoIP traffics (based on PORTs) onto one WAN, and when that WAN line goes down, PermaLINK will automatically transfer the VoIP to another WAN line.

There a way to utilize all your WAN lines and get all the bandwith for your VoIP applications.

The idea is to partition your LAN, and have a portions go on WAN1, another portions go on WAN2...etc

Main Page > Load Balancing > Special IP Assignment

 

[pic]

 

This should give you the right idea.  Of course, I don’t know how many VOIP

NTAs you have, and how to organize and sub-divide them.

This will permit you to use all the WAN lines; basically you are doing manual

and static load balancing.  Please note:  You will lose the Fault Tolerance aspect,

and if one WAN line go down, all the VOIP NTAs binded to that particular WAN line will not

work, until it comes back up again.

Dec. 15th, 2005 – Mail Alert

Here is one way to get Mail Alert.

[pic]

1. Enable Mail Alert

2. Enter Email Receiver (must be a valid Email Address)

3. Enter Email Sender (must be a valid Email Address

4. Select Mail server forward

5. Enter valid SMTP Server’s IP address. You may find it by PINGing

your SMTP Server. Using a SMTP Server’s name would require a DNS query which may make the alarm condition reports too slow.

[pic]

6. Select the Alarm conditions that you wish to be informed.

7. Click on OK, and then finally do a [Save & Reset]

Here is a system log of the power-up sequence. I have the Alarm Condition of WAN UP being selected.

[pic]

And here is my Outlook corresponding to item 17 and item 19.

[pic]

Sept 30th, 2005 –

Class B IP address and DHCP Server for 499 users

You must use 172.16.X.X for Class B IP address with a Subnet Mask of 255.255.0.0.

With Class B address you may have more than 253 DHCP clients. Here is an example for 499 Clients:

172.16.1.2-254 = 253 clients

172.16.2.1-246 = 246 clients

TOTAL = 499 clients maximum

[pic]

Sept 28th, 2005 –

Settings for PPTP VPN

You’ll need to enable PPTP ALG (Application Layer Gateway)

Main Page > Advance > Virtual Server

[pic]

Then you must do the PORT binding (here we set it to AUTO)

Main Page > Load Balancing > Special Application

[pic]

If you only have PPTP VPN Clients on the LAN, then you are finished.

If you have a PPTP VPN Server on the LAN, then you’ll need to assign a Virtual Server Mapping.

Main Page > Advance > Virtual Server

[pic]

Sept 27th, 2005 – Automatically fail-over setting for Vonage. When the WAN line that was used failed, you can just re-dial that phone # and will be able to re-connect. Our competitors’ router will require you to go into the router and reconfigure before you can continue to use Vonage again.

Settings for Vonage

This is a link to Vonage’s documentation:



From our user experience we only need to be concerned with:

Port 5061

Port 10000 – 20000

Main Page > Load Balance > Special Application

[pic]

AUTO is an exclusive feature of PermaLINK. It will select whichever WAN line is connected first and use it for all your Vonage Port usage.

Sept 27th, 2005 - more suitable for PermaLINK PRI-755 & PRI-885

Increase the number of DHCP Server Clients beyond 253

This is an example:

We need to use class B IP addresses (172.16.1.X with Subnet mask of 255.255.0.0). It is more convenient to have a contiguous range of IP address and so we suggest you use 172.16.1.1 as the PermaLINK gateway LAN IP address.

[pic]

Sept 20th, 2005 - more suitable to PermaLINK DualWAN (PRI-582, 682)

Fail-over to another WAN line

Normally, we use all the WAN lines available, but some users wish to have another WAN line being on stand-by. We have to rely on specifying all the ports to go through WAN1

first. (This is Data traffic only, WAN2 may still be connected.)

Main Page > Load Balance > Special Application

[pic]

July 5th, 2005 For PRI-682 & PRI-684 only (not available for PRI-582, PRI-584)

Multiple Internet Servers, i.e. WEB servers, etc…using Multi-NAT & Virtual Server

(for simplicity we will use PRI-682 as an example, it would be the same for PRI-684 by extension.)

Let us assume that we have 2 WEB servers, and that they both use port 80 according to the HTTP Protocol to access their webpages. Now, when there are incoming HTTP request packets using port 80, how can PermaLINK decide which WEB server to route these packets?

The answer is to use Multi-NAT and the Virtual Server functions together.

Here is an example for 2 WEB servers and 2 FTP servers. (Please disregard the fact that

the IP addresses here are non-routable; it would be the same for any real-life IP addresses)

[pic]

Here are the Multi-NAT Definitions:

[pic]

Since the design of PermaLINK is that there should only 1 Internet server of each type (i.e. referenced by a PORT number) in a Subnet. In another word, within any Subnet the port number uniquely defines a type of Internet Server. i.e. PORT 80 is for a WEB server. The intent of Multi-NAT is to create multiple Subnets so that multiple WEB servers of the same type, can co-exist. i.e. you may have PORT 80 for 192.168.123.100 and PORT 80 for 192.168.124.100.

Please note: Whatever entry in the LAN IP address field is the default Gateway IP address for that particular Subnet. So for the first entry, 192.168.123.1 is the default Gateway IP address for the Subnet: 192.168.123.X. Therefore, you should assign a static IP address under the same Subnet to the Internet server as in this example: 192.168.123.100. Similarly for the 2nd entry, 192.168.124.1, is the default Gateway IP Address of the 2nd Subnet: 192.168.124.X and the Internet server corresponding to the 2nd Subnet is: 192.168.124.100.

The WAN IP fields define that 192.168.11.110 is an extra static IP for WAN1 & 192.168.12.110 is an extra static IP for WAN2.

Finally, here are the Virtual Server Definitions which does the main mappings: Given a packet with destination address and a port number, take the port number and look up all the matched entries in the Virtual Server table. Find the destination IP address within its Global IP fields and then send the packet to its corresponding local IP address’s gateway with the local IP address as the new destination.

[pic]

WEB server1: 192.168.124.100 being accessed by: 192.168.11.100 & 192.168.12.100

WEB server2: 192.168.123.100 being accessed by: 192.168.11.110 & 102.168.12.110

Similarly

FTP server1: 192.168.124.100 being accessed by: 192.168.11.100 & 192.168.12.100

FTP server2: 192.168.123.100 being accessed by: 192.168.11.110 & 102.168.12.110

Now for Inbound load balancing you will have to setup the inbound build-in Authoritative DNS Server. Please see you Quick Start PermaLINK 682 & 684 Manual.

June 8th, 2005

Firmware upgrade using TFTP with a binary data file

Please rename the file extension of tftp32.dat to tftp32.exe. (We’ll assume that the binary data file is called update.dat, and it is in the same folder/directory as the tft32.exe) Run it!

[pic]

The program will automatically enter your Server Address. Now please go to the PermaLINK Web Configuration Page:

Main Page > Firmware Update

[pic]

Enter the IP address of the PC that is running the tftp32.exe and also the binary data file name. Click Ok, and it will start the Firmware Update process. When it is finished, you’ll need to reset the PermaLINK.

June 8th, 2005 (No longer needed from version 0662B14 onward because of the new default setting)

Maximum bandwidth Performance

We have discovered a 4 to 5 times increase in throughput by disabling QoS. If you don’t need QoS, then this is highly recommended. Under this mode, we are claiming the fastest MultiWAN router against all competitions.

Assuming your PermaLINK’s IP is the default 192.168.1.254

Enter the following in your IE5 address bar:

http:\\192.168.1.254/debug/qos.htm

(You may need to enter Signon/password)

[pic]

Please make sure that the “Disable QoS” checkbox is checked or selected, as in the above diagram. If it is already checked or selected, then nothing else needed to be done. Otherwise, if you have checked or selected it, then, Click Ok, and it will immediately take effect. No system reset is required.

May 23th, 2005

Peer-2-Peer

There is an IP session limit of 300 per a user; and some P2P softwares require more than that.

(Assuming the PermaLINK is using the default 192.168.1.254) Please go into:

http:\\192.168.1.254/debug/nat.htm

[pic]

Please increase the IP Session Limit field to whatever you deem appropriate.

May 20th, 2005

Bandwidth Aggregration

For Bandwidth aggregation, we suggest that you use Basic NAT (see Application note of April 6th, 2005) and the Group Virtual Server. This would “combine” all the WAN ports and map them to an LAN IP address (your standalone firewall.) The firewall should have a static IP address.

Main Page > Advance > Virtual Server: Scroll down to the bottom of the form.

[pic]

Click on the Group button!

[pic]

Enter data as in the display. Leaving the Global IP blank implies for all the WAN ports (i.e. all the WAN lines.) Finally, click on Apply twice (once for Group Virtual Server and another time for Virtual Server and Reset the PermaLINK.

April 6th, 2005

Basic NAT

Main Page > Work Mode - The default setting is Gateway which is the normal operating mode. Basic NAT mode is for Bandwidth Aggregations and Fault Tolerance without the firewall. You must use NAT in order to send data through MultiWAN lines and for non-stop Internet connections. So if you already have a firewall and/or complex policies requirements, you should use this mode to disable the built-in firewall of the PermaLINK. (This mode is actually what users wrongly termed as “transparent bridge.”)

If you need VPN or PPTP ALG support, then you must use the Gateway mode. However, you can get the same effect of Basic NAT by turning off or “not enabling” all the “Access Control” (firewall) settings.

April 5th, 2005

Healthy-Check

Main Page > WAN Configure – For each WAN the default setting is disabled. Engineering recommends highly that user should enable it for each WAN1-WAN2 (PRI-582 & PRI-682) or WAN1-WAN4 (PRI-584 or PRI-684) port. Once they are enabled and configured, the PermaLINK can truly detect a faulty WAN link. The correct way to configure the DNS is by a well-formed URL string.

[pic]

March 31st, 2005

Multi-NAT

The benefit of Multi-NAT is that you can have up to 11 different subnets on your LAN side.

The default LAN subnet is controlled by your LAN and DHCP server:

Main Page > Configure LAN&DHCP

[pic]

Here we have the default subnet: 192.168.1.X with subnet mask: 255.255.255.0

Now we may also have simultaneously additional Subnets, for instance:

10.10.20.X & 10.10.30.X with subnet mask: 255.255.255.0

You configure them by going to:

Main Page > Advance > Multi-NAT

[pic]

This is arbitrary; whatever you put in the LAN IP field will be the default Gateway IP address for that particular Subnet. i.e. for Entry 1 10.10.20.1 is the default gateway for the subnet 10.10.20.X.

You may leave WAN IP address blank, and keep the WAN as AUTO, and this will provide your subnet with load balancing. Be sure to select Enable and also click on OK at the bottom, and you’ll have to reset the PermaLINK to have the new configuration takes effect.

Please note: in order to use these subnets you will have to use static IP because there is no DHCP server to provide IPs for these subnets.

Here is an example of a working PC using one of these subnet:

[pic]

We have found that you should use an explicit DNS server entry.

March 22nd, 2005 revised for new firmware V0662b6

VPN (IPsec)

It turns out, similar to HTTPS & SMTP, we need to bind the application to a particular port and WAN.

|[pic] | |

| |Step 1. |

| | |

| |Main Page > Advance > Virtual|

| |Server |

| | |

| |Select IPSec Pass |

| |Through(Port 500) |

| | |

| |Enter 500 for Global and |

| |Local Port |

| | |

| |Enter your VPN router’s IP |

| |for Local IP |

| | |

| |Select Enable |

| | |

| |Scroll down & click on Apply |

|[pic] | |

| |Step 2. |

| | |

| |Main Page > Load |

| |Balance > Special |

| |Application |

| | |

| |Enter 500 as the |

| |Start and End Port |

| | |

| |Leave WAN to |

| |AUTO |

| | |

| |Select Enable |

| |Click on OK |

The local IP is for your VPN Router Endpoint and WAN set to AUTO will select the first connected WAN line to bind for all packets using Port 500.

Feb. 4th, 2004

DNS Server under DHCP

Main Page > Configure LAN & DHCP

The factory default DNS Address: 168.95.1.1 is in Taiwan. Please set it to your local ISP provided DNS address for speedier DNS queries for all your DHCP clients.

HTPPS

Main Page > Load Balance > Special Application

 

[pic]

 

Port 443 is for HTTPS; it is recommended to use AUTO. PermaLINK has two exclusive features to support secure HTTPS sessions.

1. Auto-mode – a smart mode that PermaLINK’s load-balancing will automatically select the first connected WAN line (on reset or powered-up) to send through all your HTTPS sessions. If that particular WAN line is disconnected, load-balancing will automatically select another connected WAN line. (Previously we specified i.e. WAN1.) No matter whichever WAN line that you explicitly bind to, if WAN1 goes down, then the HTTPS session(s) will not continue. This is the major deficiency of all our competitors.

2. “Instant Failover” that will maintain your HTTPS sessions, as much as possible. I have tested using stock brokerage accounts and disconnecting the WAN line that was used to access them. After which I was still able to continue my stock trading activities uninterrupted.

Combining the above 2 exclusive PermaLINK features, we have the best solutions for all non-stop, fault-tolerant, failsafe, mission critical applications i.e. stock trading, auction, news monitoring,…etc.

SMTP

Some ISP accepts Email transmission only from their subscribers. So, somewhat similar to HTTPS, you would need to bind Port 25 to whichever WAN line that is associated with that particular ISP.

STEAM Servers

Assuming your PermaLINK is still at 192.168.1.254, access the follow page:



 

Please change the default NAT TCP &  UDP timers’ value from 5 sec to 30 secs.

[pic]

 

PASV FTP Server

Our Technical Engineering team was successful in getting PASV Mode FTP to work.

We downloaded a freeware FTP server, GuildFTPd, and installed it and configured it in a simple

manner.  We were then successful using IE to access it from the WAN side

Into the FTP server in the LAN.

Client PC----

                  |-----PermaLINK----FTP Server

WAN line----

 

We check to make sure IE6 was enabled for Passive FTP:

[pic]

 

Then we turned on the Passive mode in GuildFTPd:

  GuildFTPd > Admin > Options > Advanced Settings.

Please note the port range.

 

[pic]

 

As soon as we turn on the Passive FTP Mode on the FTP server, IE still can get a directory listing

but clicking into the folder under that directory cause an error with a message, something about passive mode.

 

We find a port range configuration page in the PermaLINK and it is in a group mode in Virtual Server.  You’ll have to scroll all-the-way down to see it.

[pic]

 

Click on Group

We inputted the passive mode range that was from GuildFTPd > Admin > Options > Advanced Settings.

 

[pic]

 

We had to either restart the FTP Server or kick the current user out.  Then we login

to the FTP server again with IE6, we were successful accessing the GuildFTPd FTP Server under the PASV mode.

................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download