Wiki

NeoRouterWiki:ServerSetup

From NeoRouterWiki

(Difference between revisions)
Jump to: navigation, search
(Install NeoRouter server for Tomato firmware)
Current revision (06:00, 6 August 2016) (view source)
(Understand your options)
 
Line 6: Line 6:
Option 1 NeoRouter server for Windows: It requires a PC or a Home/Small Business server that is always powered on,  has stable Internet connection and running Windows XP SP2 or above.
Option 1 NeoRouter server for Windows: It requires a PC or a Home/Small Business server that is always powered on,  has stable Internet connection and running Windows XP SP2 or above.
-
Option 2 NeoRouter server for Linux: We currently support Ubuntu, Fedora and SUSE.
+
Option 2 NeoRouter server for Linux: We currently support all major distros.
-
Option 3 NeoRouter server for Linux-based firmware, like Tomato, OpenWrt, DD-Wrt.
+
Option 3 NeoRouter server for Linux-based firmware, like Tomato, OpenWrt.
= Install NeoRouter server for Windows =
= Install NeoRouter server for Windows =

Current revision

Contents

Setup NeoRouter Server

Note

Please setup NeoRouter server on only one computer within a physical network. On all other computers, please setup the NeoRouter client.

Understand your options

Option 1 NeoRouter server for Windows: It requires a PC or a Home/Small Business server that is always powered on, has stable Internet connection and running Windows XP SP2 or above.

Option 2 NeoRouter server for Linux: We currently support all major distros.

Option 3 NeoRouter server for Linux-based firmware, like Tomato, OpenWrt.

Install NeoRouter server for Windows

1. Visit http://www.neorouter.com/Downloads.html and download NeoRouter Standard Edition for Windows.


2. Run the installation wizard you have just downloaded, choose NeoRouter server, and click the Next button.


3. Setup a domain name that can uniquely identify your virtual LAN. You will need to enter the domain name in the "log on to" box during sign in. ee sign in for details.


4. Setup the administrator account for your domain. You will need to enter the username and password during signin. See sign in for details.


5. For secure purpose, it’s highly recommended to setup your router to enable port forwarding to the NeoRouter server at TCP port 32976 for remote client connections.

NeoRouter server supports Universal Plug and Play (UPnP) as well. On Windows 2000/2003/XP, you can use UPnP instead of port forwarding.If the server PC is behind a residential router, you need to ensure UPnP is enabled on the router.

If your router does not support UPnP, please add a static port forward entry.

 Note: on some hard-to-troubleshoot cases [read:quirky computers & routers], you 
       might wish to perform ALL of the following:
   a. Enable UPnP on your router, AND
   b. Enable port forwarding on your router for BOTH TCP and UDP, AND
   c. Create rules on your personal firewall allowing BOTH TCP and UDP
      on your specific port for NRServer.exe, AND
   d. Manually disable your network connection, stop and then restart your router, 
      and finally re-enable your network connection - AND
   e. Manually stop and restart the "NeoRouter Connection Server" thru the Windows 
      Services applet, instead of using the "Restart Server" option within 
      Configuration Explorer.
   f. If at the end NeoRouter Server works properly and you believe you've overly 
      exposed your security, you might wish to UNDO the possibly redundant steps, by 
      carefully experimenting undoing one by one and re-testing at each step until 
      things break - then redo the last undone step.
      *** by sdrubble, 2009-09-19 ***

6. Finish

Install NeoRouter server for Linux

1. Visit http://www.neorouter.com/Downloads.html and download NeoRouter Server for your Linux distribution.


2. Install

  • Ubuntu & Debian: sudo dpkg -i nrserver-<version>-<release>.i386.deb
  • Fedora & SUSE: sudo rpm -i nrserver-<version>-<release>.i386.rpm


Note - OpenSSL on Fedora: NeoRouter is compiled using openssl 0.9.8g on Fedora 9. If you have an older version of Fedora, please upgrade the openssl package. You may also need to add the following symbol links:

   cd /lib
   ln -s libcrypto.so.0.9.8g libcrypto.so.0.9.8
   ln -s libssl.so.0.9.8g libssl.so.0.9.8


3. Configure firewall:

  • Fedora:

In a terminal, run command "sudo nano /etc/sysconfig/iptables", add "-A INPUT -m state --state NEW -m tcp -p tcp --dport 32976 -j ACCEPT" before "COMMIT".

  • SUSE:
    • a. Launch firewall configuration tool
    • b. Choose "Allowed Services" in the left panel
    • c. Choose "External Zone" in the first drop-down box
    • d. Choose "NeoRouter server" in the second drop-down box
    • e. Click "Add" button
    • f. Click "Next"
    • g. Click "Finish" to save the changes
  • Ubuntu does not support firewall by default.

If you have any firewall enabled then it's best to read its manual how to open the ports. The default port of the NeoRouter server is 32976 TCP.


4. Configure nrserver:

  • a. GUI wizard method: Use NR Configuration Explorer to configure your nrserver. Currently Configuration Explorer is only available on Windows. (NR Web Console is available on other platforms since v2.x)
    • i. Install NeoRouter client for Windows on a Windows PC in the same LAN.
    • ii. Launch NeoRouter Configuration Explorer, enter your Linux user in the username field the IP address of the Linux server in "log on to" field. Proceed to sign in.
    • iii. Now the Configuration Explorer is connected to nrserver on your Linux box so that we can change the settings.
    • iv. Optionally, choose the settings tab, and edit domain. More details
      • NeoRouter domains function like a dynamic DNS server. A NeoRouter client can connect to a registered domain rather than the server's IP. This domain registration is updated once an hour, and helps with servers that change their public IP address on the Internet.
    • v. You can Sign In via NeoRouter Network Explorer or configuration console using the same account you use to sign into Linux.
  • b. Command line method:
    • i. nrserver -showsettings
    • ii. nrserver -setdomain myPrivateNetwork myDomainPassword
    • iii. Optional step to change VPN network IP range: nrserver -dhcp 10.1.1.0 255.255.255.0
    • iv. nrserver -showsettings
    • v. nrserver -showusers
    • vi. nrserver -adduser serverbox password admin
    • vii. nrserver -adduser jdoe password admin
    • viii. nrserver -adduser bsmith password user
    • ix. nrserver -showusers


5. Install the appropriate NeoRouter client package on a workstation and attempt to log into the network via one of the users previously created. More details


6. Optionally, install the NeoRouter client package on the same machine running the NeoRouter server package. This allows VPN users to connect with other services hosted by the same computer as the NeoRouter server.

Install NeoRouter server for OpenWrt

NOTE:

  • NeoRouter server is fully tested on LinkSys WRT54GL and Asus WL-520GU with Kamikaze 8.09.
  • NeoRouter server should work on all broadcom based routers. We will be happy to support other platforms, and you can post your request at our forum.

1. Connect to the router using ssh or telnet

2. Update available install packages using command

   opkg update

3. Install

   opkg install http://www.neorouter.com/Downloads/.../
                      /Kamikaze/nrserver_<version>-<release>_mipsel.ipk

4. Edit firewall setting for the NeoRouter server listening port.

Edit /etc/firewall.user and add the following:

   iptables -t nat -A prerouting_wan -p tcp --dport 32976 -j ACCEPT
   iptables        -A input_wan      -p tcp --dport 32976 -j ACCEPT

5. Install NeoRouter client on any Windows computer, run NeoRouter Configuration Explorer to log on to the router using the router's root account and password, then configure the domain information.

6. Setup Domain and User Accounts: see instructions under "Install NeoRouter server for Linux".

Install NeoRouter server for Tomato firmware

NOTE:

  • NeoRouter server is fully tested on Asus WL-500gp. (Minimum flash 8MB)

1. Flash your router

NeoRouter server for Tomato is provided as a custom build of the full tomato firmware in TRX format. You can download the TRX file from from http://www.neorouter.com/Downloads.html.

Please visit OpenWRT Wiki for instructions on flashing your router with TRX.

2. In tomato UI – Administration – Jffs2, enable jffs and format if needed

3. In tomato UI – Administration – scripts – WAN up,

For v0.9.7 and later, add "/usr/bin/nrserver.sh start"

For v0.9.6 or earlier versions, add "/usr/bin/neorouter.sh start"

4. Reboot router

5. Setup Domain and User Accounts: see instructions under "Install NeoRouter server for Linux".


Troubleshoot:

  • By default, our built-in script can automatically open firewall for the tomato router's LAN IP address. But if you are using v0.9.4.881 or older AND you have changed the default LAN IP address from 192.168.1.1 to a different LAN IP Address, you need to edit firewall setting manually to open up the listening port for NeoRouter.

In tomato UI – Administration – scripts – Firewall, add following lines:

  iptables -t nat -A PREROUTING -p tcp --dport 32976 -j ACCEPT
  iptables        -A INPUT      -p tcp --dport 32976 -j ACCEPT

Note: If your box is not a fresh new router, some other rules may affect the lines above and it may not be able to work. In this case, you may want to use the following rules:

  iptables -t nat -A PREROUTING -p tcp -m tcp -d [vlan1's inet addr] --dport 32976 -j DNAT --to-destination [br0's inet iddr]:32976
  iptables -A INPUT -p tcp -d [br0's inet iddr] --dport 32976 -j ACCEPT


In some cases, the computers behind the Tomato box cannot use the NeoRouter domain name or public IP address of the router to connect to the NeoRouter server. You can use port forwarding to map the listen port (32976) to the local IP address of the router as well. For example, your router has Internet IP (202.xxx.xxx.xxx) and local IP address (192.168.1.1), you can create a port forward record to map 32976 to local 192.168.1.1, so that the computers behind the router can work.

  • If you have trouble signing into NeoRouter Network Explorer from a remote client, please try DISABLE the Inbound Connection Logging.

In tomato UI - Status - Logs - Logging Configuration, disable Inbound Connection

Install NeoRouter server for Fonera firmware

Please see dedicated page here.

Install NeoRouter server for Mac

1. Visit http://www.neorouter.com/Downloads.html and download NeoRouter server for Mac.

2. Uninstall previous version, if needed:

  • sudo /Library/NeoRouter/rmnrserver.sh {userdata}
  • rmnrclient.sh can optionally remove user data. All NeoRouter user data is written to /usr/local/ZebraNetworkSystems/NeoRouter.

3. Install

  • Double-click nrserver-<version>-<release>.tar.gz to expand it, then double-click on the nrserver-<version>-<release>.mpkg to launch installer wizard.

4. Launch

NeoRouter is installed under /Library/NeoRouter folder. nrserver will automatically start after installation and every time OS starts.

  • Tip: Manually start/stop nrserver

0.9.9 uses launchd. Use "launchctl remove com.neorouter.nrserver" take over control from launchd. Then you can run "sudo /Library/NeoRouter/nrserver" or "sudo killall nrserver"

0.9.8 uses startup items. Use "/Library/StartupItems/nrservice/nrservice {start|stop}".

5. Setup Domain and User Accounts: see instructions under "Install NeoRouter server for Linux".


Install NeoRouter server for FreeBSD

1. Visit http://www.neorouter.com/Downloads.html and download NeoRouter server for FreeBSD.

2. Copy it to /tmp

3. Switch to su user

4. cd /tmp; tar zxvf nrserver*.tgz

5. cd /tmp/nrserver

6. make install

  • To uninstall NeoRouter server for FreeBSD

1. Switch to su user

2. rmnrserver.sh

Command Line Interface

From v0.9.9, the server executable supports more command line parameters for maintaining the settings. It's very useful for the Linux/Mac/in-a-box users, who don't have a Windows system to run the Configuration Explorer. With these commands, they can set most settings defined in the Configuration Explorer.

  • List all commands:
> nrserver -help

Usage: ./nrserver [options]

-run [--dbroot <DBROOT>]]

-showsettings

-setdomain <DOMAINNAME> <DOMAINPASSWORD>

-setport <PORT>

-dhcp <SUBNET> <NETMASK>

-showusers

-adduser <USERNAME> <PASSWORD> [admin|user]

-setpassword <USERNAME> <NEW PASSWORD>

-setrole <USERNAME> [admin|user]

-enableuser <USERNAME>

-disableuser <USERNAME>

-deleteuser <USERNAME>

-showcomputers

-deletecomputer COMPUTERNAME

-setalias COMPUTERNAME ALIAS

-activateproduct <PRODUCT KEY>

-showlicense

-help


User Access Auditing

NeoRouter Professional Edition (v1.2.0+) supports audting feature. It allows administrator to trace the user access activies, such as sign in, sign out and so on. In v1.2.0, it logs the auditing information to a file. By default, this feature is disabled.

The parameters controlling auditing feature is defined in Feature.ini


1. Enable or disable auditing

Auditing=[1|0]

1 - enable auditing

0 - disable auditing


2. Specify the audit log file location

AuditLogFileLocation=[path of the log file]

By default, the audit log file is located in the main configuration folder and the file name is in the format:

NRADT_yyyyMMddHHmmss.log

Note: the folder specified must exist.


3. Specify max number of lines in log file

MaxNumOfLinesPerLog=[integer value]

If it's 0 (zero), all information will be put in a single audit log file. By setting the max number of lines in each log file, it will split the information into several files.

An example of enabling auditing:

Open or create Feature.ini in the main configuration folder, add the following line:

[Default]
Auditing=1
AuditLogFileLocation=c:\audit
MaxNumOfLinesPerLog=20000