Skip to content

H685WRT User Manual

Industrial Grade 2G 3G 4G Cellular Router
User Manual

 

H685 Series

ProRoute, Limited

Contents Page

2 Hardware Installation·······································································································································

2.1 Overall Dimension··········································································································································

2.2 The Ports························································································································································

2.3 Installment····················································································································································

2.4 SIM/UIM card installed································································································································

2.5 The installation of terminal blocks················································································································

2.6 Grounding····················································································································································

2.7 Power Supply················································································································································

2.8 LED and Check Network Status····················································································································

3 Software configuration···································································································································

3.1 Overview·······················································································································································

3.2 How to log into the Router··························································································································

3.3 Router status················································································································································

3.3.1 Status overview·········································································································································

3.3.2 Network status·········································································································································

3.3.3 Firewall status·········································································································································

3.3.4 Routes·····················································································································································

3.3.5 System log···············································································································································

3.3.6 Kernel log················································································································································

3.3.7 Realtime graphs······································································································································

3.4 System Configuration·································································································································

3.4.1 Setup wizard············································································································································

3.4.2 System····················································································································································

3.4.3 Password················································································································································

3.4.4 NTP·························································································································································

3.4.5 Backup/Restore·······································································································································

3.4.6 Upgrade··················································································································································

3.4.7 Reset·······················································································································································

3.4.8 Reboot·····················································································································································

3.5 Services configuration································································································································

3.5.1 ICMP check·············································································································································

3.5.2 VRRP·······················································································································································

3.5.3 Failover (link backup)······························································································································

3.5.4 DTU·························································································································································

3.5.5 SNMP······················································································································································

3.5.6 GPS·························································································································································

3.5.7 SMS··························································································································································

3.5.8 VPN··························································································································································

3.5.8.1 IPSEC·····················································································································································

3.5.8.2 PPTP······················································································································································

3.5.8.3 L2TP·······················································································································································

3.5.8.4 OpenVPN················································································································································

3.5.8.5 GRE tunnel·············································································································································

3.5.9 DDNS·························································································································································

3.5.10 Connect Radio Module······························································································································

3.6 Network Configuration··································································································································

3.6.1 Operation Mode··········································································································································

3.6.1.1 Gets two LAN Ethernet Port for H685·······································································································

3.6.2 Mobile configuration····································································································································

3.6.3 Cell mobile data limitation···························································································································

3.6.4 LAN settings················································································································································

3.6.5 wired-WAN··················································································································································

3.6.6 WiFi Settings···············································································································································

3.6.6.1 Wifi General configuration·························································································································

3.6.6.2 WiFi Advanced Configuration····················································································································

3.6.6.3 WiFi Interface Configuration······················································································································

3.6.6.4 WiFi AP client···········································································································································

3.6.7 Interfaces Overview·····································································································································

3.6.8 Firewall························································································································································

3.6.8.1 General Settings·······································································································································

3.6.8.2 Port Forwards···········································································································································

3.6.8.3 traffic rules················································································································································

3.6.8.4 DMZ·························································································································································

3.6.8.5 Security····················································································································································

3.6.9 Static Routes···············································································································································

3.6.10 Switch························································································································································

3.6.11 DHCP and DNS·········································································································································

3.6.12 Diagnostics················································································································································

3.6.13 Loopback Interface····································································································································

3.6.14 Dynamic Routing·······································································································································

3.6.15 QoS···························································································································································

Chapter 2

2 Hardware Installation

This chapter mainly describes the appearance, model and function of H685 series and how to install and set the configurations.

  1. Overall Dimension
  2. Accessories Description
  3. Installment

 

2.1 Overall Dimension

 

 

2.2 The Ports

  • LAN: LAN RJ45 Ethernet ports.
  • WAN: WAN RJ45 Ethernet ports.
  • RST: Sys reset button
  • PWR: DC power socket. DC5~40V, DC5~50V option depends on the router version
  • VCC: DC wire positive pole. DC5~40V, DC5~50V option depends on the router version
  • GND: DC wire ground
  • GND: Serial ground
  • RX: Serial receiving
  • TX: Serial transmission
  • RST: Reset router
  • DIO0: Digit I/O port 0
  • IDO1: Digit I/O port 1
  • NC: Not connection
  • GND: DC wire ground
  • VCC: DC wire positive pole. DC5~40V, DC5~50V option depends on the router version
  • WPS: WPS button

 

Antenna Connection Table

Antenna Connector Marks
Cell for main cell antenna
Aux for auxiliary cell antenna
WiFi / WLAN for WiFi antenna
GPS for GPS antenna

 

2.3 Installment

H685 series should be installed and configured properly before putting in service. The installation and configuration should be done or supervise by qualified engineer.

 

Attention:

Do not install H685 series or connect/disconnect its cable when it is power on.

 

2.4 SIM/UIM card installed

If your router has SIM/UIM card protector, please remove it, insert the sim card correctly, and fix the protector.

If your router has no SIM/UIM card protector, please insert the sim card correctly.

 

Attention: SIM/UIM card does not reach the designated position, the equipment cannot find a card, can’t work normally, therefore inserted a try to check again for a SIM card is stuck fast.

 

2.5 The installation of terminal blocks

This chapter is for version with terminal blocks only. Default, the H685 is with DB9 connector. Please use DB9 cable to connect H685 and the equipment directly.

 

The following is for version with terminal blocks only:

H685 uses pluggable terminals to connect the user’s data and the power supply. Spacing: 3.81mm,10 Pin; User data and power supply suggestion: 14~24AWG. Please refer to the table 2-4 for the interface definition of the power cable and connection sequence. Specific interface definition of the power cable and connection sequence you can read on the labels of H685 products. Using 14~24AWG cable and referring to H685 products labels or the bellowed interface definition and connection sequence, you need to use the oblate screw driver to fix the cable to the connecting jacks of the pluggable terminal. After successfully connection, you need to insert the terminal into the corresponding position in the bottom of the H685 products.

 

Notes: Connection sequence should be accurateCable’s insulating striping length is about 7mm. (For safety, insulating striping length should be too long). Please refer to the picture.

 

Attention:

  1. The power cable should be connected correctly. We “suggestion double check before switch it on. Wrong connections may destroy the equipment.
  2. Power terminals: Pin 1 and Pin 2;
  3. HerePin 2 is “GND”, PIN 1 is power input “Vin” (DC5~40V, or DV5~50V).
PIN Signal Description Note
1 VCC +5-40V DC Input, +5~50V option Current: 12V/1A
2 GND Ground
3 TX Transmit Data
4 RX Receive Data
5 PGND Ground
6 RST Reset
7 DIO0 General Purpose I/O
8 DIO1 General Purpose I/O
9 NC Not connect

 

I/O Terminal on router Serial port (RS485 or RS232)
Port 3 (GND) Pin 5
Port 4 (RX) Pin 2
Port 5 (TX) Pin 3


Notes
: If not through, can switch Port4 and Port5.

 

2.6 Grounding

To ensure a safe, stable and reliable H685 series operation, Router cabinet should be grounded properly.

 

2.7 Power Supply

H685 series can be applied to complicated external environment and usually the power range is very large. So, in order to fit the complicated application environment and improve the stability of the system, H685 series is designed with advanced power management technology. The DC power supply electronic to the device via the pluggable terminal PIN 2(GND) and PIN 1(Vin). Please refer to the above table for the detail definition of the terminal.

Normally, H685 series input powers supply is +5~+40V (if your H685 support 50V, the option is +5~+50V). In most cases, the standard configuration is 12V/1A.

 

2.8 LED and Check Network Status

Please connect the antenna after you successfully connect to the cable. And then insert the valid SIM/UIM card and provide the power to the H685 series via the cable. After provide the power to H685, if the SYS LED starts to blink in a few seconds, that means the system start-up is normal; if the CELL LED works, that means the network is online; if the VPN light works, that means VPN tunnel has been set up. Please refer to the below table for the situation of the indication lights.

 

SYS On for 25 seconds On for 25 seconds after power supply
blink System set-up normally
Off or still on after 25 seconds System set-up failure
LAN blink Data transmission in Ethernet
Off Ethernet connection abnormal
On Ethernet is connected
VPN On VPN tunnel set-up
Off VPN tunnel set-up failure or unactuated
CELL On Access to the Internet
WIFI On Enable
Off Disable
WAN blink Data transmission in Ethernet
Off Ethernet connection abnormal
On Ethernet is connected
Signal Off No signal, or signal checking is not ready
4s blink 1 time Signal bar is 1
3s blink 1 time Signal bar is 2
2s blink 1 time Signal bar is 3
1s blink 1 time Signal bar is 4
1s blink 2 times Signal bar is 5

 

Chapter 3

3 Software configuration

  1. Overview
  2. How to log into the Router
  3. How to config web

 

3.1 Overview

H685 series routers with built-in WEB interface configuration, management and debugging tools, user should configuration the parameters first; and it could be altered the parameters flexibility and software upgrades and simple testing. User can set up and manage the parameters of the router on its interface, detail step are below:

 

3.2 How to log into the Router

3.2.1 Network Configuration of the Computer.

The router default parameters as follow

_Default IP: 192.168.1.1, sub mask: 255.255.255.0.

 

There are two ways to set the PC’s IP address.

Way 1) Manual setting

Set the PC IP as 192.168.1.xxx (xxx = 2~254), subnet mask: 255.255.255.0, default gateway: 192.168.1.1, primary DNS: 192.168.1.1.

Way 2) DHCP

Choose “Obtain an IP address automatically” and “Obtain DNS server address automatically”.

After IP setting, check it by ping. Click Windows start menu, run, execute “cmd” command. Input “ping 192.168.1.1” in the DOS window.

This information means the connection is work.

This information means the connection is failure. If so, please check the network cable connection and IP address setting, and can refer to Chapter 4.9.

 

3.2.2 Log into Router

  • Open the Web Browser, and type http://192.168.1.1 into the address field and press Enter bottom in your computer keyboard.
  • Type User Name “admin” and Password “admin” in the Login page, and then press the “Login” button

  • If you type into the correct User Name and Password, you will get the access into the Router’s status overview page

 

3.3 Router status

 

3.3.1 Status overview

Click “Status” in the navigation bar, and then click “Overview”.

 

3.3.2 Network status

Network status pages show detail information of cell mobile interface, WAN and LAN.

 

Cell mobile interface page:

WAN status page:

LAN status page:

 

3.3.3 Firewall status

Firewall status page shows IPv4 and IPv6 rules and counters. The final user can reset counters and restart firewall functionality here.

 

3.3.4 Routes

Routes page shows rules which are currently active on this router. And ARP table is displayed as well.

 

3.3.5 System log

This page shows system log from system boot up. System log is not saved when router restarts. It can be exported by click button “Export syslog”.

 

3.3.6 Kernel log

This page shows Kernel log from system boot up. This log is not saved when router restarts. It can be exported by click button “Export syslog”.

 

3.3.7 Realtime graphs

Real time Graphs page shows real time system load,interfaces traffic, etc…

 

3.4 System Configuration

3.4.1 Setup wizard

When login in router at the first time, setup wizard pages show

Note: pressing button “Save & Next” will save configuration and jump to the next page. All configurations will be applied after click button “Finish” at the final step (Step-WiFi).

 

3.4.2  System

General Settings

  • Local Time

It displays system time, and the final user can Sync this time with browser by clicking button “Sync with browser”.

  • Hostname

It is the router’s name; the default name is Cell_Router.

  • Time zone

Select a suitable time zone. The default value is UTC

 

Logging settings

 

  • System log buffer size

The unit is KB, default value is 64 KB. If the real log size is bigger than the value configured, the oldest log will be dropped.

  • External system log server

The IP address of external log server. The final user can setup a Linux machine with syslogd run as log server.

  • External system log server port

The UDP port of external log server.

  • Log output level

Log level, the default is debug with highest level, Emergency is the lowest level.

  • Cron log level

It is log level for process Crond.

  • Language

The default language is “Auto”. The final user can choose English or Chinese.

 

3.4.3 Password

Change the administrator’ password for accessing the device. Click “eye button” can show the new password you entered.

 

3.4.4 NTP

NTP is network timing protocol.

  • Enable NTP client

The default value is enabled. Router acts as a NTP client.

  • Provide NTP server

The default value is unchecked. Router acts as a NTP server.

  • NTP server candidates

It is NTP server list, multiple NTP server is accepted. The final user can click the button  to delete an entry, or click button  to add a new entry.

 

3.4.5 Backup/Restore

It is used for configuration files backup and restore.

For backup configuration files, click button “Download”, an archive file will be generated and be downloaded to your PC automatically.

For restore configuration files, you can click button “Choose File”, then select an archived configuration file, and finally click button “Upload”, then system will load this file and apply it, and then restart router.

 

3.4.6 Upgrade

Upload a system compatible firmware to replace the running firmware. The default value for “Keep settings” is checked, that means current configuration will be kept after system upgrade, otherwise router will be reset to factory setting. But we highly recommend uncheck “Keep settings”, otherwise it may bring uncertain parameters conflicting after updating.

Click button “Choose File” to select a compatible firmware then click button “Upload image…”. Router will do a basic checking for the uploaded file. If it is not compatible file, an error will be generated like this:

If the firmware file is OK, it will go to the verify page, then click button “Proceed”, and system will restart soon.

 

3.4.7 Reset

Reset all configurations to factory default, after click button “Reset”, there is pop dialog to ask it’s really to reset, click button “cancel” will do nothing, click button “OK” will reset all configuration to default and restart system.

 

3.4.8 Reboot

Click button “Reboot”, the system will restart in several seconds.

 

3.5 Services configuration

3.5.1 ICMP check

For router working with best stability, we highly suggest activate and use this feature. With this feature, the Router will automatically detect its working status and fix the problem.

 

  • Enable: Enable ICMP check feature
  • Host1 to ping / Host2 to ping: The domain name or IP address for checking the network connection.
  • Ping timeout: If ping packet is sent, the response packet is not received before timeout, then this ping is failed.
  • Max retries: If the ping is failed, the failed counter will add one. If the failed counter is bigger or equal to the Max retries, then system will say the ICMP check is failed, an action configured in item “Action when failed” will be triggered.
  • If the ping is succeeding, failed counter will be reset to 0 at anytime.
  • Interval between ping: The time between twice ping. The unit is minute.
  • Action when failed: there are “Restart module” and “Restart router”. “Restart module” will fix the problem from radio module, and “Restart router” will fix the problem from the whole system including radio module.

3.5.2 VRRP

  • Enable: Enable VRRP (Virtual Router Redundancy Protocol) for LAN.
  • IP address: Virtual IP address(es) for LAN’s VRRP cluster. IP address entry can be deleted by click button  , or added by click button .
  • Virtual ID: Routers with same IDs will be grouped in the same VRRP cluster. The legal number is from 1 to 255.
  • Priority: Router with highest priority in the same VRRP cluster will act as master. The legal number is from 1 to 255.

 

3.5.3 Failover (link backup)

  • Enable: Enable failover feature
  • Back to high priority: If back to high priority is checked, when the high priority interface is available, using the high priority interface as WAN port.
  • If back to high priority is unchecked, even if the high priority interface is available, router will keep current interface as WAN port, it won’t switch to high priority interface.
  • Primary/Secondary/Third: interface which can be treat as WAN port. There are 4 options, Wired-WAN, Wifi_client, Cell_mobile, and None.
  • Host 1 to ping / Host 2 to ping: It is external IP address or domain name for checking the connection is
  • Ping timeout: If ping packet is sent, the response packet is not received before timeout, then this ping is failed.
  • Max retries: If the ping is failed, the failed counter will add one. If the failed counter is bigger or equal to the Max retries, then system will say this interface is unavailable.
  • If the ping is succeeding, failed counter will be reset to 0 at anytime.
  • Interval between ping: The time between twice ping. The unit is second.

 

3.5.4 DTU

Notes:
1) This feature is for H685 with DTU option only.
2) This feature is conflict with “Connect Radio module” and “GPS send to serial”. Please disable the “DTU” feature if use “Connect Radio Module” or “GPS send to serial” feature.

 

 

  • Enable: Enable DTU feature. 
  • Send DTU ID: Send DTU ID at the front of packet.
  • DTU ID: The default DTU ID is the SN of router, the final user can re-write it if necessary.
  • Forward delay: The unit is millisecond. It is delay time that forward data between serial port and
  • serial baudrate: support 300/1200/2400/4800/9600/19200/38400/57600/115200bps
  • serial parity: support none/odd/even
  • serial databits: support 7 bits and 8 bits
  • serial stopbit: support 1 bits and 2 bits

  • Protocol: TCP and UDP is supported
  • Service mode: Client and Server is supported.
  • Enable heartbeat: The heartbeat is used for connection keep alive.
  • Heartbeat interval: The time between two heartbeat packet.
  • Heartbeat content: The content of heartbeat packet.
  • DTU center Configuration: DTU center is the DTU server, the final user can input the center name and click button “Add” to add a new center here.
  • If the center is not needed, the final user can click button “Delete” to delete it, or set it to disabled.

Notes:
The maximum number of DTU center is 32.

 

3.5.5 SNMP

  • Enable SNMP: Enable SNMP feature
  • Remote Access: Allow remote access SNMP. If it is unchecked, only LAN subnet can access SNMP.
  • Contact: Set the contact information here
  • Location: set router’s installation address.
  • Name: Set the router’s in SNMP
  • Port: SNMP service port, the default value is 161.

 

  • Get Community: The username for SNMP get. The default value is public. SNMP get is read-only.
  • Get Host/Lan: The network range to get the router via SNMP, default we set all as 0.0.0.0./0
  • Set Community: The username for SNMP set. The default value is private. SNMP set is read-write.
  • Set Host/Lan: The network range to set the router via SNMP, default we set all as 0.0.0.0./0

 

  • User: SNMPv3 username
  • Security Mode: three options: None, private and Authorized. If it is set to None, there is no password required. If it is set to Authorized, only Authentication method and password required.
  • Authentication: Authentication method, two options: MD5 and SHA.
  • Encryption: Encryption method, DES and AES supported.
  • Authentication password: SNMPv3 authentication password, at least 8 characters is required.
  • Encryption password: SNMPv3 encryption password, at least 8 characters is required.

 

After all items is setup, click button “Save & Apply” to enable SNMP functionality.

 

3.5.6 GPS

  • Enable: please check it once you need use GPS feature.
  • Only GPRMC: if check it, only send GPRMC data info (Longitude Latitude altitude)
  • Prefix SN No.: if check it, add the router SN to the data packet
  • Send interval: configure the frequency time of updated GPS data packet sending
  • GPS Send to: Choose “Serial” or “TCP/IP” method. The router only receives the GPS signal, will not process it. It will just send the received GPS signal to your GPS processor devices or servers. If the GPS processor device is connected to the H685 Router via Serial Port, please choose “Serial”. If the GPS processor device is a remote server, please choose “Serial”.

 

GPS to TCP/UDP Settings

  • Server IP: fill in the correct destination server IP or domain name
  • Server port: fill in the correct destination server port
  • Serial baudrate: 9600/19200/38400/57600/115200bps for choice
  • Serial parity: none/odd/even for choice
  • Serial databits: 7/8 for choice
  • Serial stopbits: 1/2 for choice
  • Serial flow control: none/hardware/software for choice

 

3.5.7 SMS

  • Enable: check it to enable SMS command feature.
  • SMS ACK: If checked, the router will send command feedback to sender’s phone number. If unchecked, the router will not send command feedback to sender’s phone number.
  • Reboot Router Command: input the command for “reboot” operation, default is “reboot”.
  • Get Cell Status Command: input the command for “router cell status checking” operation, default is “cellstatus”. For example, if we send “cellstatus” to router, router will feedback the status to sender such as “Router SN: 086412090002 cell_link_up”, which indicated the router SN number and Cell Working Status.
  • Set cell link-up Command: input the command for “router cell link up” operation, default is “cellup”. If router gets this command, the Router Cell will be online.
  • Set cell link-down Command: input the command for “router cell link down” operation, default is “celldown”. If router gets this command, the Router Cell will be offline.
  • DIO_0 Set Command: input the command for I/O port 0. For SMS feature, please keep the parameter default.
  • DIO_0 Reset Command: input the command for I/O port 0. For SMS feature, please keep the parameter default.
  • DIO_1 Set Command: input the command for I/O port 1. For SMS feature, please keep the parameter default.
  • DIO_1 Reset Command: input the command for I/O port 1. For SMS feature, please keep the parameter default.
  • DIO Status Command: input the command for I/O port status. For SMS feature, please keep the parameter default.
  • Wifi on Command: input the command for turning on Wifi. For SMS feature, please keep the parameter default.
  • Wifi off Command: input the command for turning off Wifi. For SMS feature, please keep the parameter default.

 

SMS alarm

 

  • SMS Alarm: enable SMS alarm feature
  • Enable Signal Quality Alarm: enable Signal Quality Alarm feature
  • Signal Quality Threshold: When signal alarm is generated, if realtime signal strength is lower than Signal Quality Threshold, reset success counter to 0. If realtime signal strength is bigger than this threshold, success counter will add one.
    • When signal alarm is not generated, if realtime signal strength is lower than Signal Quality Threshold, failed counter will add one. If realtime signal strength is bigger than this threshold, reset failed counter to 0.
  • Failed Times Threshold: if failed counter is more than this threshold, a signal alarm will be generated.
  • Success Times Threshold: if a signal alarm is generated, and the success counter is bigger or equal to Success Times Threshold, clear signal alarm.

 

  Phone Number

  • Add Phone number: input a name and click button “Add” to add a new Phone number.
  • Delete Phone number: click button “Delete”.
  • SMS command: enable SMS command feature on this phone number.
  • SMS alarm: this phone number can receive SMS Alarm.

 

Send SMS

 

  • Receiver Phone Number: The Phone number that receive message.
  • Message: the content of message
  • Submit: click button “Submit” to send message immediately.

 

3.5.8 VPN

3.5.8.1 IPSEC

  • Enable: enable IPSEC feature
  • Exchange mode: IKEv1-Main, IKEv1-Aggressive, and IKEv2-Main mode are supported.
  • Authentication method: Client and Server. Client is the machine which start the IPSEC connection.
  • Remote VPN endpoint: domain name or IP address of the remote endpoint. It can be visited from internet.
  • Preshared Keys: it is known as PSK, the length is 16 to 32.
  • Local subnet: the subnet of local which connects to IPSEC VPN.
  • Remote subnet: the subnet of remote which connects to IPSEC VPN.

 

Note: The entire configuration in Phase 1 Proposal and Phase 2 Proposal must match with the remote endpoint to establish IPSEC connection.

 

3.5.8.2 PPTP

This page is a list of configured PPTP instance and their state. The final user can click button “Edit” to modify it, or click button “Delete” to delete an instance.

 

PPTP Client configuration

  • Enable: enable this instance.
  • Server: domain name or IP address of PPTP server.
  • Username: server authentication user name.
  • Password: server authentication password.
  • MTU: maximum transmission unit.
  • Keep Alive: Number of unanswered echo requests before considering the peer dead. The interval between echo requests is 5 seconds.
  • Use default gateway: If unchecked, no default route is configured.
  • Use DNS servers advertised by peer: If unchecked, the advertised DNS server addresses are ignored.

 

PPTP Server Configuration

  • Local IP: indicate server’s IP address.
  • Remote IP: the remote IP address leases start
  • Remote IP end: the remote IP address lease end.
  • ARP Proxy: if the remote IP has the same subnet with LAN, check it for connecting each other.
  • Debug: for PPTP server debug, the log can be monitored in system log.
  • Username: server authentication username
  • Password: server authentication password.

 

3.5.8.3 L2TP

This page is a list of configured L2TP instance and their state. The final user can click button “Edit” to modify it, or click button “Delete” to delete an instance.

 

 

L2TP Client configuration

 

  • Enable: enable this L2TP instance.
  • Server: domain name or IP address of L2TP server.
  • Username: server authentication user name.
  • Password: server authentication password.
  • MTU: maximum transmission unit.
  • Keep Alive: Number of unanswered echo requests before considering the peer dead. The interval between echo requests is 5 seconds.
  • Checkup Interval: Number of seconds to pass before checking if the interface is not up since the last setup attempt and retry the connection otherwise. Set it to a value sufficient for a successful L2TP connection for you. It’s mainly for the case that netifd sent the connect request yet xl2tpd failed to complete it without the notice of netifd.

 

L2TP Server configuration

 

  • Local IP: indicate server’s IP address.
  • Remote IP range begin: the remote IP address leases start
  • Remote IP range end: the remote IP address lease end.
  • Remote LAN IP: L2TP client IP.
  • Remote LAN netmask: the mask of L2TP client IP, the default value is 255.255.255.0
  • Username: server authentication username
  • Password: server authentication password.

 

3.5.8.4 Open VPN

This page is a list of configured Open VPN instance and their state. You can click button “Edit” to modify it, or click button “Delete” to delete an instance.

And you can click button “Start” or “Stop” to start or stop a specific instance.

 

Note: for Open VPN detail configuration page, you can put mouse on the title on item to get more help information.

 If the item you needed is not show in the main page, please check the “Additional Field” dropdown list at bottom of page.

 

3.5.8.5 GRE tunnel

  • Enable: enable GRE tunnel feature
  • TTL: Time-to-live
  • MTU: Maximum transmission unit.
  • Peer IP address: Remote WAN IP address.
  • Remote Network IP: remote LAN subnet address
  • Remote Netmask: remote LAN subnet mask
  • Local Tunnel IP: Virtual IP address. cannot be in same subnet as LAN network.
  • Local Tunnel Mask: Virtual IP mask.
  • Local Gateway:

 

3.5.9 DDNS

DDNS allows that router can be reached with a fixed domain name while have a dynamically changing IP address.

  • Enabled: enable this instance.
  • IP address version: IPv4 and IPv6 supported
  • DDNS Service provider: select a suitable provider.
  • Hostname/Domain: The Domain name that you can access router.

 

  • IP address source: Defines the source to read systems IPv4-Address from, that will be sending to the DDNS provider. The recommend option is network.
  • Network: Defines the network to read systems IPv4-Address from.
  • DNS-server: OPTIONAL: Use non-default DNS-Server to detect ‘Registered IP’. IP address and domain name is required.
  • Log to syslog: Writes log messages to syslog. Critical Errors will always be written to syslog.
  • Log to file: Writes detailed messages to log file. File will be truncated automatically.

 

  • Check Interval: the minimum check interval is 1 minute=60seconds.
  • Force interval: the minimum check interval is 1 minute=60seconds.
  • Error Retry Counter: On Error the script will stop execution after given number of retries. The default setting of ‘0’ will retry infinite.

 

Read the log file of DDNS.

 

Note: If use DDNS server no-ip.com, please check the ” Use HTTP Secure” and put “8.8.8.8” for the DNS-Server referring to following picture

 

 

3.5.10 Connect Radio Module

Connect Radio Module feature is used for exchanging data between Radio module and serial.

 

Note: This feature is conflict with DTU and GPS sent to serial. Please make sure the other two features are disabled before enable Connect Radio Module. Otherwise this error will occur.

  • Connect Mode: Serial only

Modem to Serial Setting

  • Serial baudrate: support 9600/19200/38400/57600/115200bps
  • Serial parity: support none/odd/even
  • Serial databits: support 7 bits and 8 bits
  • Serial stopbit: support 1 bits and 2 bits
  • Serial Flow Control: support none/hardware/software

 

3.6 Network Configuration

3.6.1 Operation Mode

Operation mode

  • Bridge: All Ethernet and wireless interfaces are bridged into a single bridge interface.
  • Gateway: The first Ethernet port is treated as WAN port. The other Ethernet ports and the wireless interface are bridged together and are treated as LAN ports.
  • AP Client: The wireless apcli interface is treated as WAN port and the wireless AP interface and the Ethernet ports are LAN ports.

NAT Enabled

  • Network Address Translation. Default is Enabling

Ethernet wan port role:

  • Wired-WAN port acts as WAN

The Ethernet wan port is used as for WAN. Default is Checked

  • Wired-WAN port acts as LAN

The Ethernet wan port is used as for lan port to get 2 LAN Ethernet ports. If is WAN RJ45 Ethernet port is used for WAN, please do not check this feature.

Normally and default we select “Gateway mode”, and keep all other parameters as default.

 

3.6.1.1 Gets two LAN Ethernet Port for H685

Check the “Wired-WAN port acts as LAN “.

Notes:
1) If checked the ” Wired-WAN port acts as LAN “, the H685 does not have WAN RJ45 port.
2) Please do not use any features for WAN RJ45 if check the ” Wired-WAN port acts as LAN “

 

3.6.2 Mobile configuration

System supports different cell modems. Default, the router is with right Cell Modem name before shipment. If you replace with other different Cell Modem, if it is supported, the router will automatically detect the Cell Modem.
Notes:

The Cell Modem Type was marked on the back of the router.

For example, it shows the following picture. H685 is the router series name, H685w-W-RS232 is the part number name. And the EM820w Cell Modem is the Cell Modem name.

  • Enable: Enable mobile network;
  • Mobile connection: Select a suitable mode for mobile to connect, for the cell modem only supports 3G, the default mode is pppd mode, otherwise the default value is DHCP mode;
  • APN: Fill in the related parameters. Get this parameter from the Sim Card Provider or Carrier;
  • PIN number: If necessary, fill in the related parameters. Most of sim card has no PIN code, and then keep it as blank;
  • Dialing number: Fill in the related parameters. Get this parameter from the Sim Card Provider or Carrier;
  • Authentication method: Three options (None, PAP, CHAP). Please confirm your carrier provide the types of authentication. Normally select None. If not work, try to use PAP or CHAP;
  • Username: Fill in the related parameters. Get this parameter from the Sim Card Provider or Carrier.
    Notes: If your SIM card has no user name, please input out default value, otherwise the router may not dialup. Note: if the authentication method is None, this parameter will not be displayed.
  • Password: Fill in the related parameters. Get this parameter from the Sim Card Provider or Carrier.

Note: If your SIM card has no user name, please input out default value, otherwise the router may not dialup.

– If the authentication method is None, this parameter will not be displayed.

  • Network Type: Select the type. Different Cell Modem supports different types. The default value is Automatic.
  • MTU: Maximum Transmission Unit. It is the max size of packet transmitted on network. The default value is 1500. Please configure it to optimize your own network.
  • Online Mode
  • Keep Alive: means always online. The router will keep online whatever there is data for transmission or not.
  • On Demand: The router will dialup when there is data for transmission.
  • Idle time (minutes): fill in the time. For example, fill in 5, the router will offline after 5 minutes if there is no data for transmission.
  • Scheduled: router dialup or offline with schedule. One group is supported.

 

3.6.3  Cell mobile data limitation

  • Enable data limitation:
  • Period: support period are Month, Week and Day.
  • Start day: the beginning day of period.
  • SIM data limit(MB): the maximum data can be used during this period. If it exceeds,router will disable cell mobile network during this period.
  • Enable alarm: enable data limitation alarm.
  • Phone number: the phone number receives data limitation alarm SMS.
  • Warning percent of data used: if the used data arrives this setting, a data limitation alarm SMS will be sent.
  • Used(MB): the data has been consumed during this period.

 

3.6.4 LAN settings

  • Protocol: only static address is supported for LAN
  • Use custom DNS servers: multiple DNS server supported.
  • IPv6 assignment length: Assign a part of given length of every public IPv6-prefix to LAN interface
  • IPv6 assignment hint: Assign prefix parts using this hexadecimal subprefix ID for LAN

 

  • Bring up on boot: if checked, LAN interface will be set to up when system bootup. If unchecked, LAN interface will be down. Don’t set it to unchecked if don’t have special purpose.
  • Use builtin IPv6-management: the default is checked. If IPv6 is not needed, it can be set to unchecked.
  • Override MAC address: override LAN MAC address.
  • Override MTU: Maximum Transmission Unit.
  • Use gateway metric: the LAN subnet’s metric to gateway.

 

  • Bridge interfaces: LAN bridges wired-LAN and WiFi in a same LAN subnet.
  • Enable STP: enable Spanning Tree Protocol on LAN. The default value is unchecked.

 

 

  • Ignore interface: if it is unchecked, Disable DHCP on LAN.
  • Start: Lowest leased address as offset from the network address.
  • Limit: Maximum number of leased addresses.
  • Leasetime: Expiry time of leased addresses, minimum is 2 minutes(2m). 12H means 12 hours.

 

  • Dynamic DHCP: Dynamically allocate DHCP addresses for clients. If disabled, only clients having static leases will be served.
  • Force: Force DHCP on this network even if another server is detected.
  • IPv4-Netmask: Override the netmask sent to clients. Normally it is calculated from the subnet that is served.
  • DHCP-Options: Define additional DHCP options, for example ‘6,192.168.2.1,192.168.2.2’ which advertises different DNS servers to clients.

 

  • Router Advertisement-Service: four options: disabled, server mode, relay mode and hybrid
  • DHCPv6-Service: Have same options with Router Advertisement-Service.
  • NDP-Proxy: three options: disabled, relay mode and hybrid
  • Always announce default router: Announce as default router even if no public prefix is available.

 

3.6.5 wired-WAN

  • Protocol: the default protocol is DHCP client. If it should be changed to other protocol, such as PPPoE, select protocol PPPoE, then click button “Switch protocol”.

 

 

After click button “Switch protocol”, the below is shown:

 

Note: for different protocol, the Advanced Settings is different, please put mouse on title to get help information, the recommend web browser is Google Chrome.

 

3.6.6 WiFi Settings

  • Wifi Restart: turn off Wifi firstly, and then turn on.
  • AP Client: Scan all frequency to get Wifi network information.
  • Add: add a new Wireless network.
  • Disable: set a wireless network to down.
  • Edit: modify detail information of wireless network.
  • Remove: delete a wireless network.
  • Associated Stations: it is a list of connected wireless stations.

 

3.6.6.1 Wifi General configuration

  • Status: show the WiFi signal strength, mode, SSID and so on.
  • Operating frequency Mode: supports 802.11b/g/n. the Legacy means 802.11b/g. “N” means 802.11n.
  • Channel: channel 1-11 supported.
  • Width: 20MHz and 40MHz.
  • Transmit Power: from 0dBm to 20dBm supported.

 

3.6.6.2 WiFi Advanced Configuration

  • Country Code: Use ISO/IEC 3166 alpha2 country codes.
  • Distance Optimization: Distance to farthest network member in meters.
  • Fragmentation Threshold
  • RTS/CTS Threshold

 

3.6.6.3 WiFi Interface Configuration

  • ESSID: Extended Service Set Identifier. It is the broadcast name.
  • Mode: supported options.

  • Network: Choose the network(s) you want to attach to this wireless interface or fill out the create field to define a new network.
  • Hide Extended Service Set Identifier: hide SSID means this WiFi cannot be scanned by others.
  • WMM Mode:

  • Encryption:

  • Key: it is the password to Join wireless network. If Encryption set to “No Encryption”, no password is needed.

 

  • MAC-Address Filter: MAC address access policy. Disabled: disable MAC-address filter functionality. Allow list: only the MAC address in the list is allowed to forward. Deny list: all packet is allowed to forward except MAC address in the list.
  • MAC-List: click button  to delete MAC address from list, click button  to add a new MAC address into list.

3.6.6.4 WiFi AP client

  • Step 1) click button “AP Client” on wireless overview page, then system start to scan all WiFi signals.

  • Step 2) If the WiFi you want to join in the list, click button “Join Network” If it is not, click “Repeat Scan” until to find the WiFi that you want to join.

  • Step 3) Join Network Settings. Replace wireless configuration: An additional wireless network will be created if it is unchecked. Otherwise it will replace the old configuration. WPA passphrase: specify the secret encryption key here. Name of the new network: the default value is wwan. If it conflicts with other interface, please change it.  Otherwise don’t change it.
  • Step 4) Click Submit if everything is configured. The below is Wi-Fi configuration page. Don’t change Operating frequency, make sure the ESSID and BSSID is from the Wi-Fi you want to join.

  • Step 5) Click button “Save & Apply” to start AP client.

 

3.6.7 Interfaces Overview

Interfaces overview shows all interfaces status, including uptime, MAC-address, RX, TX and IP address.

 

3.6.8 Firewall

3.6.8.1 General Settings

 

3.6.8.2 Port Forwards

This page includes port forwards list and add new port forwards rule functionality.

 

  • Name: port forward instance name.
  • Protocol: TCP+UDP, UDP and TCP can be chosen.
  • External zone: the recommend option is wan.
  • External port: match incoming traffic directed at the given destination port on this host.
  • Internal zone: the recommend zone is lan.
  • Internal IP address: redirect matched incoming traffic to the specific host.
  • Internal port: redirect matched incoming traffic to the given port on the internal host.

 

3.6.8.3 Traffic rules

Traffic rules define policies for packets traveling between different zones, for example to reject traffic between certain hosts or to open WAN ports on the router.

The traffic rules overview pages content the follow functionalities.

 

Traffic rules list:

 

Open ports on router and create new forward rules:

 

Source NAT list and create source NAT rule:

 

Traffic rule configuration page:

This page allows you to change advanced properties of the traffic rule entry, such as matched source and destination hosts.

  • Name: traffic rule entry name
  • Restrict to address family: IPv4+IPv6, IPv4 and IPv6 can be selected. Specified the matched IP address family
  • Protocol: specified the protocol matched in this rule. “Any” means any protocol is matched.
  • Source zone: it is the zone that the traffic comes from.
  • Source MAC address: traffic rule check if the incoming packet’s source MAC address is matched.
  • Source address: traffic rule check if the incoming packet’s source IP address is matched.
  • Source port: traffic rule check if the incoming packet’s TCP/UDP port is matched.
  • Destination zone: the zone that the traffic will go to.
  • Destination address: traffic rule check if the incoming packet’s destination IP address is matched.
  • Destination port: traffic rule check if the incoming packet’s TCP/UDP port is matched.
  • Action: if traffic is matched, system will handle traffic according to the Action (accept, drop, reject, don’t track).
  • Extra argument: passes additional argument to iptable, use with care!

3.6.8.4 DMZ

In computer networking, DMZ is a firewall configuration for securing local area networks (LANs).

  • IP Address: Please Enter the IP address of the computer which you want to set as DMZ host
  • Protocol: All protocols, TCP+UDP, TCP, UDP.

 

Note: When DMZ host is settled, the computer is completely exposed to the external network; the firewall will not influence this host.

 

3.6.8.5 Security

  • SSH access from WAN: allow or deny users access H685/H685 router from remote side.
  • Ping from WAN to LAN: allow or deny ping from remote side to internal LAN subnet.
  • HTTPS access from WAN: allow or deny access router web management page from remote side.
  • Remote network: Any IP Address, Single IP address, Subnet.
  • IP address: fill a remote IP address that can access router web management page.
  • Netmask: 24 means net mask 255.255.255.0, 32 means 255.255.255.255, the illegal value is from 1 to 32.

3.6.9 Static Routes

  • Interface: You can choose the corresponding interface type.
  • Target: the destination host IP or network.
  • Gateway: IP address of the next router.

 

Notice:

–  Gateway and LAN IP of this router must belong to the same network segment.

– If the destination IP address is the one of a host, and then the Netmask must be 255.255.255.255.

– If the destination IP address is IP network segment, it must match with the Netmask. For example, if the destination IP is 10.0.0.0, and the Netmask is 255.0.0.0.

 

3.6.10 Switch

Notes:

1. port 4 is Wired-WAN port, port 0, port 1, port 2, port 3 are LAN port.

2. “Untagged” means the Ethernet frame transmits from this port without VLAN tag.

3. “Tagged” means the Ethernet frame transmits from this port is with VLAN tag.

4. “Off” means this port does not belong to VLAN. For default setting, port 0 belongs to VLAN1, but not belong to VLAN 2.

 

3.6.11 DHCP and DNS

  • Domain required: don’t forward DNS-requests without DNS-Name.
  • Authoritative: This is the only DHCP on the local network.
  • Local server: Local domain specification. Names matching this domain are never forwarded and are resolved from DHCP or hosts files only.
  • Local domain: Local domain suffix appended to DHCP names and hosts file entries。
  • Log queries: Write received DNS requests to syslog.
  • DNS forwarding’s: List of DNS servers to forward requests to.
  • Rebind protection: Discard upstream RFC1918 responses。
  • Allow localhost: Allow upstream responses in the 127.0.0.0/8 range, e.g. for RBL services。
  • Domain whitelist: List of domains to allow RFC1918 responses for.

 

  • Suppress logging: Suppress logging of the routine operation of these protocols
  • Allocate IP sequentially: Allocate IP addresses sequentially, starting from the lowest available address.
  • Filter private: Do not forward reverse lookups for local networks.
  • Filter useless: Do not forward requests that cannot be answered by public name servers.
  • Localise queries: Localise hostname depending on the requesting subnet if multiple IPs are available.
  • Expand hosts: Add local domain suffix to names served from hosts files.
  • No negative cache: Do not cache negative replies, e.g. for not existing domains.
  • Strict order: DNS servers will be queried in the order of the resolvfile.
  • Bogus NX Domain Override: List of hosts that supply bogus NX domain results.
  • DNS server port: Listening port for inbound DNS queries
  • DNS query port: Fixed source port for outbound DNS queries
  • Max DHCP leases: Maximum allowed number of active DHCP leases
  • Max edns0 packet size: Maximum allowed size of EDNS.0 UDP packets.
  • Max concurrent queries: Maximum allowed number of concurrent DNS queries.

 

3.6.12 Diagnostics

  • Ping: it is a tool that used to test the reachability of a host on an Internet Protocol (IP) network.
  • Traceroute: it is a network diagnostic tool for displaying the route (path) and measuring transit delays of packets across an Internet Protocol (IP) network.
  • Nslookup: it is a network administration command-line tool for querying the Domain Name System (DNS) to obtain domain name or IP address mapping or for any other specific DNS record.
  • For example, if I want to ping google.com, type the target domain name or IP address, then click button “Ping”. Wait couple of seconds, the result will be shown below.

 

3.6.13 Loopback Interface

The default Loopback interface has IP address 127.0.0.1, the final user can change it here.

 

3.6.14 Dynamic Routing

Dynamic Routing is implemented by quagga-0.99.22.4. Dynamic Routing services can be enabled at here:

  • Zebra: Zebra is an IP routing manager. Telnet port number is 2601.
  • OSPF: Open Shortest Path First. Telnet port number is 2604.
  • OSPF6: Open Shortest Path First for IPv6. Telnet port number is 2606.
  • RIP: Routing Information Protocol. Telnet port number is 2602.
  • RIPng: it is an IPv6 reincarnation of the RIP protocol. Telnet port number is 2603.
  • BGP: Border Gateway Protocol. Telnet port number is 2605.

 

Note:  How to configure these services? For example, the routers LAN IP is 192.168.10.1. If we want to configure OSPF, we need to set OSPF to Enable firstly, then open putty in windows:

Input the password of OSPF. Then press key”?” for help.

 

3.6.15 QoS

QoS (Quality of Service) can prioritize network traffic selected by addresses, ports or services.

  • Enable: enable QoS on this interface.
  • Classification group: Specify class group used for this interface.
  • Calculate overhead: Decrease upload and download ratio to prevent link saturation.
  • Download speed: Download limit in kilobits/second.
  • Upload speed: Upload limit in kilobits/second.

 

Each classify section defines one group of packets and which target (i.e. bucket) this group belongs to. All the packets share the bucket specified.

  • Target: The four defaults are: priority, express, normal, low.
  • Source host: Packets matching this source host(s) (single IP or in CIDR notation) belong to the bucket defined in target.
  • Destination host: Packets matching this destination host(s) (single IP or in CIDR notation) belong to the bucket defined in target。
  • Protocol: Packets matching this protocol belong to the bucket defined in target.
  • Ports: Packets matching this, belong to the bucket defined in target. If more than 1 port required, they must be separated by comma.
  • Number of bytes: Packets matching this, belong to the bucket defined in target.