ePipe VPN and Security Family:
Direct Connection Services (DCS)

Introduction

DCS are a set of features combined into one Feature Set. This Feature Set allows the following features to be enabled:

• PPP Server
• Telnet Listener for Serial Devices
• Dedicated Terminal Connections
• Radius Setup

The DCS Feature Set must be enabled to use these features.

DCS enables an ePipe to be configured as a remote access server using PPP (Point to Point Protocol), to allow branch offices, mobile workers and remote users direct dial access to a LAN (Local Area Network). The PPP server provides the ability to authenticate the dial in client using CHAP (Challenge Handshake Authentication Protocol, including MS-CHAP) or PAP (Password Authentication Protocol).

Multiple PPP connections between ePipes using DCS can be bonded together using ePipe’s patent pending E2B technology (requires the SSV feature set) for more efficient use of bandwidth. E2B is explained in the Key Networking Concepts section.

Back to Top

Point to Point Protocol (PPP) Server

• Network/Server Setup
• User Accounts
• Client Setup
• Status Information

Network / Server Setup

PPP connections using the DCS Feature Set are relatively easy to set up. Simply follow these steps for each port required for incoming PPP connections. If you require help during the setup process, the information button (top right of the form) on each screen will provide an explanation of each option.

1. Navigate to the Setup page in the ePipe Management Assistant.
• Click on the "DCS Setup Wizard".
• Click the "Incoming PPP Connection" option.
  
2. Choose whether to use no authentication, PAP or CHAP authentication.
• A server may choose to use authentication or may choose no authentication, depending on the type of connection and who is connecting. If the connection is over a system that is under complete control (e.g. a direct serial connection), then no authentication may be required. If the connection is over a public system, such as the Public Switched Telephone Network (PSTN), it would be advisable to use either PAP or CHAP authentication. PAP is less secure than CHAP, and should only be used if CHAP is unavailable for some reason (e.g. is not supported by the client). User Accounts must be created to use Authentication.
3. Tick the compression box if you wish to use compression over the link.
4. An appropriate modem initialisation string should be typed into the box provided. A reasonable default which works well with most modems is: at&c1&d2s0=2. An exception to this is the US Robotics modems, which work better with at&f1. Refer to your modem documentation for specific information on modem initialisation.
5. Select a port for the incoming PPP connection.
6. Enter a local address and optionally enter a remote address for the remote PPP connection in the fields provided. When setting up ports for incoming PPP connections, the local & remote addresses are addresses for the point to point link itself, and thus can be addresses on a different IP network to either LAN (although they must be on the same network as each other). One of the local addresses in the above case is 192.168.7.1. The remote address may be specified for a given port, or left blank as the server can learn the address from the packets received from a connection. In the above example, the remote address is 192.168.7.2. When this connection is made, the network will look as above.

NOTE: The ePipe PPP Server does not automatically allocate DNS or WINS Server IP addresses to dial in PPP connections.

User Accounts

A user account is required at the server end if authentication is to be used to authenticate users. To create a user account, simply:

1. Click on the "DCS Setup Wizard"
2. Select "ePipe User Accounts (secrets)". On this screen, all current user accounts can be viewed and edited by clicking on the account name, coloured blue. This screen gives the option to create a new account or use an account that is already present.

NOTE:

Any usernames and passwords used for SIA Connections are automatically added as usernames and passwords for ePipe User Accounts and as such, are valid usernames and passwords when making a PPP connection to the server.

Client Setup

SIA can be used by an ePipe PPP client to connect to the PPP server if an ePipe is present at the client end. Please read the SIA section of the Documentation for information on how to setup SIA.

Alternatively, a standard PPP connection can be used to connect a client PC to the LAN using a modem. In a Windows environment, this is done using ‘Dial Up Networking’.

• Using a Windows 95/98 System, Dial-Up Networking can be found by clicking on Start, Programs, Accessories then Communications. Select " Dial-Up Networking", "Make New Connection" and make the appropriate selections from the options provided.
• Using a Windows 2000 System, Dial-Up Networking can be found by clicking on Start, Programs, Accessories then Communications. Select "Networks & Dial-Up Connections", "Make New Connection" and make the appropriate selections from the options provided.
• For other operating systems, consult your system’s documentation.

Sample Network Using DCS:

The ‘Head Office’ LAN, where the server ePipe is located, is using the IP network address 192.168.5.0 with a subnet mask of 255.255.255.0. The ePipe is using the address 192.168.5.1 on the LAN. The end points of the PPP connection may either be designated as two spare IP addresses within the LAN (the 192.168.5.0 network) or alternately by using addresses from a different subnet to those used by the LAN. A different subnet may be used if no spare IP addresses were available on the LAN. For more information on IP addresses and CIDR (Classless Inter-Domain Routing), please refer to the TCP/IP Networking Primer.

A remote user is connecting to the Head Office ePipe using PPP by dialling from a modem, through the telephone network, to a modem connected to the ePipe. The end points of the PPP connection have been chosen to be the IP addresses 192.168.5.1 and 192.168.5.27. Alternately, if using addresses on a different subnet to the LAN, 192.168.7.1 and 192.168.7.2 may be used by the ePipe.

The diagrams below show the design of the remote access network using IP addresses for the PPP link allocated from the same LAN (diagram 1) and from a separate subnet (diagram 2).

At a later date, multiple users wish to connect to the head office. It is decided to add two more modems to the ePipe to accommodate the additional connections. It is important to note that the server or ePipe end of the PPP links can use the same IP address for multiple separate PPP links as long as each link is used by a different dial-in client.

When using addresses from the LAN, two more IP addresses need to be made available for the connection. In this case, addresses 192.168.5.36 and 192.168.5.37 have been selected as they are not currently in use elsewhere (diagram 3).

When using addresses from a different IP subnet, any numbers not currently being used for PPP connections can be selected. In this case, IP addresses 192.168.7.3 and 192.168.7.4 have been chosen. Note that each PPP connection shares the same head end or ePipe end IP address (192.168.7.1 in diagram 4).

 

Status Information

Status information may be obtained by accessing the Command Line Interface (CLI) either by telneting to the ePipe or via the console port. Once logged on, typing help will bring up the help file if further assistance is required. To view status information for a PPP connection, use the following command:

SHOW PORT x PPP

where x is the PPP connection port number. For example,

SHOW PORT 3 PPP

will show the PPP status of port 3.

To view ongoing status information, type:

MONITOR PORT x PPP

where x is the PPP connection port number. The difference between the SHOW and MONITOR commands is the MONITOR command will refresh every 3 seconds (by default).

It is also possible to logout a PPP connection on a per port basis by typing the following command:

LOGOUT PORT x

where x is the PPP connection port number. For example,

LOGOUT PORT 3

will logout the PPP connection on port 3.

Back to Top

about ePipe | products | solutions | support | information center | contact us

Copyright © 2002 ePipe Pty. Ltd. All rights reserved.

 

Getting started guides for:

2344 (1.4M pdf)

ML-IP Concentrator (1.3M pdf)

2202 (1.4M pdf)

2242 (1.4M pdf)

2148/2188 (350KB pdf)

2181 (1.4M pdf)

ePipe ServerWare (650K pdf)

User Guides for:

ML-IP Family

VPN and Security Family

Utilities for viewing guides:
Get Acrobat Reader (free)