User Guide

R2000S-MHI Dual-SIM LTE IoT Gateway

x509
Item	Description	Default
PKCS # 12 Certificate	Select the PKCS # 12 certificate file to import into the route	—
Certificate Files
Index	Indicate the ordinal of the list.	—
Filename	Show the imported certificate’s name.	Null
File Size	Show the size of the certificate file.	Null
Last Modification	Show the timestamp of that the last time to modify the certificate file.	Null

3.15 VPN>OpenVPN
This section allows you to set the OpenVPN and the related parameters.OpenVPN is an open-source software application that implements virtual private network(VPN) techniques for creating secure point-to-point or site-to-site connections in routed or bridged configurations and remote access facilities. The router supports point-to-point and point-to-point connections.
Click Virtual Private Network> OpenVPN> OpenVPN. The following information is displayed:

OpenVPN

Click + to add tunnel settings. The maximum count is 3. The window is displayed below when choosing “None” as the authentication type. By default, the model is “P2P”.

OpenVPN

The window is displayed below when choosing “Client” as the mode.

The window is displayed below when choosing “Server” as the mode.

The window is displayed below when choosing “None” as the authentication type.

The window is displayed below when choosing “Preshared” as the authentication type.

The window is displayed below when choosing “Password” as the authentication type.

The window is displayed as below when choosing “X509CA” as the authentication type. The window is displayed as below when choosing “X 509CA Password” as the authentication type. The window is displayed below when choosing “Client” as the mode.

The window is displayed below when choosing “Server” as the mode.

The window of “Virtual Priva ate Network> OpenVPN> > OpenVPN” mode and choosing “X509CA A Password” is displayed as the auth notification type. Click User Password Management + to add the user’s name and past password, as shown below:

Click Client Management + to add client information, as shown below:

General Settings @ OpenVPN
Item	Description	Default
Index	Indicate the ordinal of the list.	—
Enable	Click the toggle button to enable/disable this OpenVPN tunnel.	ON
Enable Ipv6	Click the toggle button to enable/disable OpenVPN using IPv6.	OFF
Description	Enter a description for this OpenVPN tunnel.	Null

Mode	Select from “P2P” or “Client”.	Client
TLS Mode	Select from “None”, “Client” or “Server”.	None
Protocol	Select from “UDP”, “TCP-Client”, or “TCP-Server”.	UDP
Server Address	Enter the end-to-end IP address or the domain of the remote OpenVPN server.	Null
Server Port	Enter the end-to-end listener port or the listening port of the OpenVPN server.	1194
Listening Address	Local server address.	Null
Listening Port	Local server port.	1194
Interface Type	Select from “TUN” or “TAP” which are two different kinds of device interfaces for OpenVPN. The difference between TUN and TAP devices is that a TUN device is a point-to-point virtual device on the network while a TAP device is a virtual device on Ethernet.	TUN
Authentication Type	Select from “None”, “Preshared”, “Password”, “X509CA” and “X509CA Password”. Note: “None” and “Preshared” authentication types are only working with P2P mode.	None
Enable IP Address Pool	Click the toggle button to enable/disable the IP address pool allocation function.	OFF
Starting Address	Defines the beginning of an IP address pool that assigns addresses to OpenVPN clients.	10.8.0.5
End Address	Defines the end of the IP address pool for assigning addresses to OpenVPN clients.	10.8.0.254
Client Network	Enter the client network IP.	10.8.0.0
Client Netmask	Enter the client netmask.	255.255.255.0
Username	Enter the username used for the “Password” or “X509CA Password” authentication type.	Null
Password	Enter the password used for the “Password” or “X509CA Password” authentication type.	Null
Local IP	Enter the local virtual IP.	10.8.0.1
Remote IP	Enter the remote virtual IP.	10.8.0.2
Encrypt Algorithm	Select from “BF”, “DES”, “DES-EDE3”, “AES128”, “AES192” and “AES256”. •BF: Use 128-bit BF encryption algorithm in CBC mode •DES: Use 64-bit DES encryption algorithm in CBC mode •DES-EDE3: Use 192-bit 3DES encryption algorithm in CBC mode •AES128: Use 128-bit AES encryption algorithm in CBC mode •AES192: Use 192-bit AES encryption algorithm in CBC mode •AES256: Use 256-bit AES encryption algorithm in CBC mode	BF
Renegotiation Interval	Set the renegotiation interval. If the connection failed, OpenVPN will renegotiate when the renegotiation interval is reached.	86400

Maximum Number of Clients	Set the maximum number of clients allowed to access the OpenVPN server	10
Keepalive Interval	Set a keepalive (ping) interval to check if the tunnel is active.	20
Keepalive Timeout	Set the keepalive timeout. Trigger OpenVPN restart after n seconds pass without reception of a ping or other packet from remote.	120
MTU	Set the maximum transmission unit.	1500
Data Fragmentation	Set the maximum frame length.	Null
Private Key Password	Enter the private key password under the “X509CA” and “X509CA Password” authentication types.	Null
Enable Compression	Click the toggle button to enable/disable this option. Enable to compress the data stream of the header.	ON
Enable Default Gateway	Standalone switch button to enable/disable the default gateway function. After enabling, push the local tunnel address as the default gateway of the peer device.	OFF
Receive DNS Push	Standalone switch button to enable/disable receiving DNS push function. After enabling, it is allowed to receive DNS information pushed by the peer.	OFF
Enable NAT	Click the toggle button to enable/disable the NAT option. When enabled, the source IP address of the host behind the router will be disguised before accessing the remote OpenVPN client.	OFF
Verbose Level	Select the level of the output log and values from 0 to 11. •0: No output except fatal errors •1-4: Normal usage range •5: Output R and W characters to the console for each packet read and write •6-11: Debug info range	0
Advanced Settings @ OpenVPN
Enable HMAC Firewall	Click the toggle button to enable/disable this option. Add an additional layer of HMAC authentication on top of the TLS control channel to protect against DoS attacks.	OFF
Enable PKCS#12	Click the toggle button to enable/disable the PKCS#12 certificate. It is an exchange of digital certificate encryption standards, used to describe personal identity information.	OFF
Enable nsCertType	Click the toggle button to enable/disable nsCertType. Require that the peer certificate was signed with an explicit serotype designation of “server”.	OFF
Enable Crl	Click the toggle button to enable/disable the option. When enabled, client certificates can be revoked.	OFF
Enable Client to Client	Click the toggle button to enable/disable the option. When enabled, clients can communicate with each other.	OFF

Enable Dup Client	Click the toggle button to enable/disable the option. After being enabled, the tunnel IPs obtained by multiple clients are different, and the tunnel IP of the client and the tunnel IP of the server are interoperable.	OFF
Enable IP Address Hold	Click the toggle button to enable/disable the option. When enabled, the IP in the address pool is obtained automatically.	ON
Expert Options	Enter some other options of OpenVPN in this field. Each expression can be separated by a ‘;’.	Null
Advanced Settings @ User Password Management
Username	Custom tunnel connection username.	Null
Password	Custom tunnel connection password.	Null
Client Management
Enable	Click the toggle button to enable/disable this option. When enabled, the client’s IP address can be managed.	OFF
Common Name	Set the certificate name.	Null
Client IP Address	Set a fixed client virtual IP.	Null

Status

This allows you to view the status of the OpenVPN tunnel.
x509
Users can upload the X509 certificates for OpenVPN in this section.

x509
Item	Description	Default
X509 Settings
Tunnel Name	Choose a valid tunnel. Select from “Tunnel 1”, “Tunnel 2”, “Tunnel 3”, “Tunnel 4”, “Tunnel 5″or “Tunnel 6”.	Tunnel 1
Tunnel mode	Select “P2P Mode”, “Client Mode” or “Server Mode”.	Client mode
Root certificate	Select the root certificate file to import into the router.	—
Certificate Files	Click on “Choose File” to locate the certificate file from your computer, and then import this file into your router.	—
Private Key	Select the private key file to import into the router.	—
TLS-Auth Key	Select the TLS-Auth key file to import into the router.	—
PKCS # 12 Certificate	Select the PKCS # 12 certificate file to import into the router.	—
Certificate Files
Index	Indicate the ordinal of the list.	—
Filename	Show the imported certificate’s name.	Null
File Size	Show the size of the certificate file.	Null
Last Modification	Show the timestamp of that the last time to modify the certificate file.	Null

3.16 VPN > GRE
This section allows you to set the GRE and the related parameters. Generic Routing Encapsulation (GRE) is a tunneling protocol that can encapsulate a wide variety of network layer protocols inside virtual point-to-point links over an Internet Protocol network. There are two main uses of the GRE protocol: enterprise internal protocol encapsulation and private address encapsulation.

Tunnel Settings @ GRE
Item	Description	Default
Index	Indicate the ordinal of the list.	—
Enable	Click the toggle button to enable/disable this GRE tunnel.	ON
Description	Enter a description for this GRE tunnel.	Null
Remote IP Address	Set the remote real IP address of the GRE tunnel.	Null
Local Virtual IP Address	Set the local virtual IP address of the GRE tunnel.	Null
Local Virtual Netmask/ IPv6 prefix length	Set the local virtual Netmask of the GRE tunnel.	Null
Remote Virtual IP Address	Set the remote virtual IP Address of the GRE tunnel.	Null
Enable Default Route	Click the toggle button to enable/disable this option. When enabled, all the traffics of the router will go through the GRE VPN.	OFF
Enable NAT	Click the toggle button to enable/disable this option. This option must be enabled when the router is under a NAT environment.	OFF
Secrets	Set the key to the GRE tunnel.	Null
Link Binding	Select from “WWAN1”, “WWAN2”, “WAN”, or “WLAN”.	Not bound

Status
This section allows you to view the status of the GRE tunnel.

3.17 Services> Syslog
This section allows you to set the Syslog parameters. The system log of the router can be saved in the local, also supports to be sent to remote log server and specified application debugging. By default, the “Log to Remote” option is disabled.

The window is displayed as below when enabling the “Log to Remote” option.

Syslog Settings
Item	Description	Default
Enable	Click the toggle button to enable/disable the Syslog settings option.	OFF
Sy log Level	Select from “Debug”, “Info”, “Notice”, “Warning”, or “Error”, which from low to high. The lower level will output more Syslog in detail.	Debug
Save Position	Select the save position from “RAM”, “NVM” or “Console”. The data will be cleared after reboot when choosing “RAM”. Note: It’s not recommended that you save Syslog to NVM (Non‐Volatile Memory) for a long time.	RAM

Log to Remote	Click the toggle button to enable/disable this option. Enable to allow router sending Syslog to the remote Syslog server. You need to enter the IP and port of the Syslog server.	OFF
Add Identifier	Click the toggle button to enable/disable this option. When enabled, you can add a serial number to the Syslog message which is used for loading Syslog to RobustLink.	OFF
Remote IP Address	Enter the IP address of the Syslog server when enabling the “Log to Remote” option.	Null
Remote Port	Enter the port of the Syslog server when enabling the “Log to Remote” option.	514

3.18 Services> Event
This section allows you to set the event parameters. The event feature provides the ability to send alerts by SMS or Email when certain system events occur.

General Settings @ Event
Item	Description	Default
Signal Quality Threshold	Set the threshold for signal quality. The router will generate a log event when the actual threshold is less than the specified threshold. 0 means disable this option.	0

Click + button to add Event parameters.

General Settings @ Notification
Item	Description	Default
In ex	Indicate the ordinal of the list.	‐‐
Description	Enter a description for this group.	Null
Sent SMS	Click the toggle button to enable/disable this option. When enabled, the router will send notifications to the specified phone numbers via SMS if an event occurs. Set the related phone number in “3.21 Services > Email”, and use ‘;’ to separate each number.	OFF
Send Email	Click the toggle button to enable/disable this option. When enabled, the router will send a notification to the specified email box via Email if an event occurs. Set the related email address in “3.21 Services > Email”.	OFF

D Control	Click the toggle button to enable/disable this option. After it is turned on, the event router will send it to the corresponding DO in the form of Low / High level.	OFF
Save to NVM	Click the toggle button to enable/disable this option. Enable to save the event to nonvolatile memory.	OFF

In the following window, you can query various types of event records. Click Refresh to query filtered events while Clear clicking to clear the event records in the window.

Event Details
Item	Description	Default
Save Position	Select the events’ save position from”RAM” or “NVM”. • RAM: Random-access memory • NVM: Non-Volatile Memory	RAM
Filter Message	Enter the filtering message based on the keywords set by users. Click the “Refresh” button, the filtered event will be displayed in the following box. Use “&” to separate more than one filter message, such as message & message2.	Null

3.19 Services > NTP
This section allows you to set the related NTP (Network Time Protocol) parameters, including Time zone, NTP Client, and NTP Server.

NTP
Item	Description	Default
Timezone Settings
Time Zone	Click the drop-down list to select the time zone you are in.	UTC +08:00
Expert Setting	Specify the time zone with Daylight Saving Time in TZ environment variable format. The Time Zone option will be ignored in this case.	Null
NTP Client Settings
Enable	Click the toggle button to enable/disable this option. Enable to synchronize time with the NTP server.	ON
Primary NTP Server	Enter the primary NTP Server’s IP address or domain name.	pool.ntp.org
Secondary NTP Server	Enter the secondary NTP Server’s IP address or domain name.	Null
NTP Updateinterval	Enter the interval (minutes)synchronizing the NTP client time with the NTP servers. Minutes wait for the next update, and 0 means update only once.	0
NTP Server Settings
Enable	Click the toggle button to enable/disable the NTP server option.	OFF

This window allows you to view the current time of the router and also synchronize the router time. Click the Sync button to synchronize the router time with the PCs.

3.20 Services> SMS
This section allows you to set SMS parameters. The router supports SMS management, and users can control and configure their routers by sending SMS. For more details about SMS control, refer to 4.1.2 SMS RemoteControl.

SMS Management Settings
Item	Description	Default
Enable	Click the toggle button to enable/disable the SMS Management option. Note: If this option is disabled, the SMS configuration is invalid.	ON
Authentication Type	Select Authentication Type from “Password”, “Phonenum” or “Both”. • Password: Use the same username and password as the WEB manager for authentication. For example, the format of the SMS should be “username: password; cmd; cmd2; …” Note: Set the WEB manager password in the System > User Management section. • Phonenum: Use the Phone number for authentication, and the user should set the Phone Number that is allowed for SMS management. The format of the SMS should be “cmd; cmd2; …” • Both: Use both the “Password” and “Phonenum” for authentication. The user should set the Phone Number that is allowed for SMS management. The format of the SMS should be “username: password; cmd; cmd2; …”	Password
Phone Number	Set the phone number used for SMS management, and use`; ‘to separate each number. Note: It can be null when choosing “Password” as the authentication type.	Null

Users can test the current SMS service whether it is available in this section

SMS Testing
Item			Description	Default
Phone Number			Enter the specified phone number which can receive the SMS from the router.	Null
Message			Enter the message that the router will send to the specified phone number.	Null
Result			The result of the SMS test will be displayed in the result box.	Null
			Click the button to send the test message.	—

3.21 Services >Email
The email function supports sending the event notifications to the specified recipient by way of an email.

Email Settings
Item	Description	Default
Enable	Click the toggle button to enable/disable the Email option.	OFF
Enable TLS/SSL	Click the toggle button to enable/disable the TLS/SSL option.	OFF
Enable STARTTLS	Click the toggle button to enable/disable STARTTLS encryption.	OFF
Outgoing server	Enter the SMTP server IP Address or domain name.	Null
Server port	Enter the SMTP server port.	25
Timeout	Set the max time for sending email to the SMTP server. When the server doesn’t receive the email over this time, it will try to resend.	10
Auth Login	If the mail server supports AUTH login, you must enable this button and set a username and password.	OFF
Username	Enter the username which has been registered from the SMTP server.	Null
Password	Enter the password of the username above.	Null
From	Enter the source address of the email.	Null
Subject	Enter the subject of this email.	Null

3.22 Services > DDNS
This section allows you to set the DDNS parameters. The Dynamic DNS function allows you to alias a dynamic IP address to a static domain name, and allows you whose ISP does not assign them a static IP address to use a domain name. This is especially useful for hosting servers via your connection, so that anyone wishing to connect to you may use your domain name, rather than having to use your dynamic IP address, which changes from time to time. This dynamic IP address is the WAN IP address of the router, which is assigned to you by your ISP. The service provider defaults to “DynDNS”, as shown below.

When the “Custom” service provider is chosen, the window is displayed as below.

DDNS Settings
Item	Description	Default
Enable	Click the toggle button to enable/disable the DDNS option.	OFF
Service Provider	Select the DDNS service from “DynDNS”,”NO-IP”, “3322” or “Custom”. Note: The DDNS service only can be used after being registered by the Corresponding service provider.	DynDNS
Hostname	Enter the hostname provided by the DDNS server.	Null
Username	Enter the username provided by the DDNS server.	Null
Password	Enter the password provided by the DDNS server.	Null
URL	Enter the URL customized by the user.	Null

Click the ″Stauts″ bar to view the status of the DDNS

DDNS Status
Item	Description
Status	Display the current status of the DDNS.
Last Update Time	Display the date and time for the DDNS was last updated successfully.

3.23 Services > SSH
The router supports SSH password access and secret-key access

SSH Settings
Item	Description	Default
Enable	Click the toggle button to enable/disable this option. When enabled, you can access the router via SSH.	ON
Port	Set the port of the SSH access.	22
Disable Password Logins	Click the toggle button to enable/disable this option. When enabled, you cannot use a username and password to access the router via SSH. In this case, only the key can be used for login.	OFF

Import Authorized Keys
Item	Description
Authorized Ke s	Click on “Choose File” to locate an authorized key from your computer, and then click “Import” to import this key into your router. Note: This option is valid when enabling the password logins option.

3.24 Services > Web Server
This section allows you to modify the parameters of the Web Server.

General ettings @ Web Server
Item	Description	Default
HTTP Port	Enter the HTTP port number you want to change in the router’s Web Server. On a Web server, port 80 is the port that the server “listens to” or expects to receive from a Web client. If you configure the router with other HTTP Port numbers except 80, only adding that port number then you can log in router’s Web Server.	80
HTTPS Port	Enter the HTTPS port number you want to change in the router’s Web Server. On a Web server, port 443 is the port that the server “listens to” or expects to receive from a Web client. If you configure the router with other HTTPS Port numbers except 443, only adding that port number then you can log in router’s Web Server. Note: HTTPS is more secure than HTTP. In many cases, clients may be exchanging confidential information with a server, which needs to be secured in order to prevent unauthorized access. For this reason, HTTP was developed by Netscape corporation to allow authorization and secured transactions.	443

This section allows you to import the certificate file into the router.

Import Certifi ate
Item	Description	Default
Import Type	Select from “CA” and “Private Key”. CA: a digital certificate issued by the CA center Private Key: a private key file	CA
HTTPS Certific te	Click on “Choose File” to locate the certificate file from your computer, and then click “Import” to import this file into your router.	‐‐

3.25 Services > Advanced
This section allows you to set the Advanced and parameters.

System Setti gs
Item	Description	Default
Device Name	Set the device name to distinguish different devices you have installed; valid characters are a‐z, A‐Z, 0‐9, @, ., ‐, #, $, and *.	router
User LED Type	Specify the display type of your USR LED. Select from “None”, “SIM”, “NET”, “OpenVPN”, “IPSec”, or “WiFi”. None: Meaningless indication and the LED is off SIM: USR indicator showing the SIMstatus NET: USR indicator showing the NETstatus OpenVPN: USR indicator showing the OpenVPN status IPSec: USR indicator showing the IPsecstatus WiFi: USR indicator showing the WiFi status Note: For more details about the USR indicators, see “2.2 LED Indicators”.	None

Periodic Reboot Settings
Item	Description	Default
Periodic Reboot	Set the reboot period of the router. 0 means disable.	0
Daily Reboot Time	Set the daily reboot time of the router. You should follow the format as HH: MM, in 24h time frame, otherwise, the data will be invalid. Leave it empty means disable.	Null

3.26 System>Debug
This section allows you to check and download the Syslog details.

Syslog
Item	Description	Default
Syslog Details
Log Level	Select from “Debug”, “Info”, “Notice”, “Warn”, and “Error” from low to high. The lower level will output more Syslog in detail.	Debug
Fil ering	Enter the filtering message based on the keywords. Use “&” to separate more than one filter message, such as “keyword1&keyword2”.	Null
Refresh	Select from “Manual Refresh”, “5 Seconds”, “10 Seconds”, “20 Seconds” or “3 Seconds”. You can select these intervals to refresh the log information displayed in the following box. If selecting “manual refresh”, you should click the refresh button to refresh the Syslog.	Manual Refresh
Clear	Click the button to clear the Syslog.	‐‐
Refresh	Click the button to refresh the Syslog.	‐‐
Syslog Files
Sy log Files Lis	It can show at most 5 Syslog files in the list, the files’ names range from message0 to message 4. And the newest Syslog file will be placed at the top of the list.	‐‐
System Diagnosing Data
Generate	Click to generate the Syslog diagnosing file.	‐‐
Download	Click to download the system diagnosing file.	‐‐

3.27 System>Update
This section allows you to upgrade the router system and implement system updates by importing and updating
firmware files. Import a firmware file from the computer to the router, and click Update and restart the device as prompted to complete the firmware update.
Note: To access the latest firmware file, please contact your technical support engineer.

3.28 System>App Center
This section allows you to add some required or customized applications to the router. Import and install your application to the App Center, and reboot the device according to the system prompts. Each installed application will be displayed under the “Services” menu, while other applications related to VPN will be displayed under the “VPN” menu. Note: After importing the applications to the router, the page display may have a slight delay due to the browser cache. It is recommended that you clear the browser cache first and log in to the router again. The successfully installed app will be displayed in the following list. Click X to uninstall the app.

App Center
Item	Description	Default
App Install
File	Click on “Choose File” to locate the App file from your computer, and then click Install to import this file into your router. Note: File format should be xxx.rpk, e.g.R2000‐robustlink‐1.0.0.rpk.	‐‐
Installed Apps
In ex	Indicate the ordinal of the list.	‐‐
Name	Show the name of the App.	Null
Version	Show the version of the App.	Null
St tus	Show the status of the App.	Null
Description	Show the description for this App.	Null

3.29 System> Tools
This section provides users with three tools: Ping, Traceroute, and Sniffer.

Ping
Item	Description	Default
IP address	Enter the ping’s destination IP address or destination domain.	Null
Number of Re guests	Specify the number of ping requests.	5
Timeout	Specify the timeout of ping requests.	1
Local IP	Specify the local IP from cellular WAN, Ethernet WAN, or Ethernet LAN. Null stands for selecting a local IP address from these three automatically.	Null
Start	Click this button to start a ping request, and the log will be displayed in the following box.	‐‐
Stop	Click this button to stop the ping requests.	‐‐

Traceroute
Item	Description	Default
Trace Address	Enter the trace’s destination IP address or destination domain.	Null
Trace Hops	Specify the max trace hops. The router will stop tracing if the trace hops have met the max value no matter whether the destination has been reached or not.	30
Trace Timeout	Specify the timeout of the Traceroute request.	1
Start	Click this button to start the Traceroute request, and the log will be displayed in the following box.	‐‐
Stop	Click this button to stop the Traceroute request.	‐‐

Sniffer
Item	Description	Default
Interface	Choose the interface according to your Ethernet configuration.	All
Host	Filter the packet that contains the specified IP address.	Null
Packets Request	Set the packet number that the router can sniffer at a time.	1000
Protocol	Select from “All”, “IP”, “TCP”, “UDP” and “ARP”.	All
St tus	Show the current status of the sniffer.	‐‐
Start	Click this button to start the sniffer.	‐‐
Stop	Click this button to stop the sniffer. Once you click this button, a new log file will be displayed in the following List.	‐‐
Capture Files	Every time of sniffer log will be saved automatically as a new file. You can find the file from this Sniffer Traffic Data List click to download the log and click × to delete the log file. It can cache a maximum of 5 files.	‐‐

3.30 System> Profile
This section allows you to import or export the configuration file, and restore the router to the factory default setting.

Profile
Item	Description	Default
Import Configuration File
Reset Other Settings to Default	Click the toggle button as “ON” to return other parameters to default settings.	OFF
Ig ore Invalid settings	Click the toggle button as “OFF” to ignore invalid settings.	OFF
X L Configuration File	Click on Choose File to locate the XML configuration file from your computer, and then click Inport to import this file into your router.	‐‐

Export Configuration File
Ig ore Disabled Features	Click the toggle button as “OFF” to ignore the disabled features.	OFF
Add Detailed Information	Click the toggle button as “On” to add detailed information.	OFF
Encrypt Secret Data	Click the toggle button as “ON” to encrypt the secret data.	OFF
X L Configuration File	Click Generate the button to generate the XML configuration file, and click Export to export the XML configuration file.	‐‐
Def ult Configuration
Save the Running configuration as Default	Click Save the button to save the current running parameters as the default configuration.	‐‐
Restore to Default Configuration	Click Restore the button to restore the factory defaults.	‐‐

Rollback
Item	Description	Default
Configuration Rollback
Save as a Rollbackable Archive	Create a savepoint manually. Additionally, the system will create a savepoint every day automatically if configuration changes.	‐‐
Configuration Archive Files
Configuration Archive Files	View the related information about configuration archive files, including name, size, and modification time.	‐‐

3.31 System> User Management
This section allows you to change your username and password, and create or manage user accounts. One router has only one super user who has the highest authority to modify, add and manage other common users.
Note: Your new password must be more than 5 characters and less than 32 characters and may contain numbers, upper and lowercase letters, and standard symbols.

Su er User Set ings
Item	Description	Default
New Username	Enter a new username you want to create; valid characters are a‐z, A‐Z, 0‐9, @, ., ‐, #, $, and *.	Null
Old Password	Enter the old password of your router. The default is “admin”.	Null
New Password	Enter a new password you want to create; valid characters are a‐z, A‐Z, 0‐9, @, ., ‐, #, $, and *.	Null
Confirm Password	Enter the new password again to confirm.	Null

Click the button to add a new common user. The maximum rule count is 5.

Common User S things
Item	Description	Default
In ex	Indicate the ordinal of the list.	‐‐
Role	Select from “Visitor” and “Editor”. Visitor: Users only can view the configuration of the router under this level Editor: Users can view and set the configuration of the router under this level	Visitor

Username	Set the Username; valid characters are a‐z, A‐Z, 0‐9, @, ., ‐, #, $, and *.	Null
Password	Set the password which at least contains 5 characters; valid characters are a‐z, A‐Z, 0‐9, @, ., ‐, #, $, and *.	Null

Chapter 4 Configuration Examples

4.1 Cellular
4.1.1 Cellular Dial‐Up
This section shows you how to configure the primary and backup SIM card for Cellular Dial‐up. Connect the router correctly and insert two SIM, then open the configuration page. Under the homepage menu, click Interface > Link Manager > Link Manager > General Settings, choose “WWAN1” as the primary link and “WWAN2” as the backup link, and set “Cold Backup” as the backup mode, then click “Submit”.
Note: All data will be transferred via WWAN1 when choosing WWAN1 as the primary link and set the backup mode as a cold backup. At the same time, WWAN2 is always offline as a backup link. All data transmission will be switched to WWAN2 when the WWAN1 is disconnected.

Click the button of WWAN1 to set its parameters according to the current ISP.

The window is displayed below by clicking Interface > Cellular > Advanced Cellular Settings.

Click the edit button of SIM1 to set its parameters according to your application request.

When finished, click Submit > Save & Apply for the configuration to take effect.

4.1.2 SMS Remote Control
R2000supports remote control via SMS. You can use the following commands to get the status of the router, and set all the parameters of the router. There are three authentication types for SMS control. You can select from “Password”, “Phonenum” or “Both”.
An SMS command has the following structure:

1. Password mode—Username: Password;cmd1;cmd2;cmd3; …code (available for every phone number).
2. phonenum mode‐‐ Password; cmd1; cmd2; cmd3; … code (available when the SMS was sent from the phone number which had been added to the router’s phone group).
3. Both modes‐‐ Username: Password;cmd1;cmd2;cmd3; …code(available when the SMS was sent from the phone number which had been added in the router’s phone group).

SMS command Explanation:

1. User name and Password: Use the same username and password as the WEB manager for authentication.
2. cmd1, cmd2, cmd3 to Cmdn, the command format is the same as the CLI command, more details about CLI cmd please refer to Chapter 5 Introductions for CLI.
   Note: Download the configured XML file from the configured web browser. The format of SMS control command can refer to the data of the XML file.
   Go to System > Profile > Export Configuration File, click Generate to generate the XML file, and click Export to export the XML file.
   XML command:
   <lan >
   <network max_entry_num=”2″ >
   <id > 1</id >
   <interface > lan0</interface >
   <ip > 172.16.10.67</ip >
   <netmask > 255.255.0.0</netmask >
   <mtu > 1500</mtu >
   SMS cmd:
   set lan network 1 interface lan0
   set lan network 1 ip 172.16.10.67
   set lan network 1 netmask 255.255.0.0
   set lan network 1 mtu 1500
3. The semicolon character (‘;’) is used to separate more than one command packed in a single SMS.
4. E.g.
   admin:admin;status system
   In this command, the username is “admin”, the password is “admin”, and the function of the command is to get the system status.
   SMS received:
   hardware_version = 1.0
   firmware_version = “3.0.0”
   kernel_version = 3.10.49
   device_model = R2000
   serial_number = 111111111
   system_uptime = “0 days, 06:17:32”
   system_time = “Thu Jul617:28:51 2017”

admin:admin;reboot
In this command, the username is “admin”, the password is “admin”, and the command is to reboot the Router.
SMS received:
OK

admin:admin;set firewall remote_ssh_access false;set firewall remote_telnet_access false
In this command, the username is “admin”, the password is “admin”, and the command is to disable the remote_ssh
and remote_telnet access.
SMS received:
OK
OK

admin:admin; set lan network 1 interface lan0;set lan network 1 IP 172.16.99.11;set lan network 1 netmask
255.255.0.0;set lan network 1 mtu 1500
In this command, the username is “admin”, the password is “admin”, and the command is to configure the LAN parameter.
SMS received:
OK
OK
OK
OK

4.2 Network
4.2.1 IPsec VPN

The configuration of server and client is as follows.
IPsecVPN_Server:
Cisco 2811:

Click the button and set the parameters of IPsec Client as below.

When finished, click Submit > Save & Apply for the configuration to take effect.
The comparison between server and client is as below.

4.2.2 OpenVPN
OpenVPN supports two modes, including Client and P2P. Here takes the Client as an example.

OpenVPN_Server:
Generate the relevant OpenVPN certificate on the server side firstly, and refer to the following commands to configuration of the Server:
local 202.96.1.100
mode server
port 1194
proto UDP
dev tun‐
MTU 1500
fragment 1500
ca ca. crt
cert Server01.crt
key Server01.key
DH dh1024.poem
server 10.8.0.0 255.255.255.0
ifconfig‐pool‐persist ipp.txt
push “route 192.168.3.0 255.255.255.0”
client‐config‐dir CCD
route 192.168.1.0 255.255.255.0
keepalive 10 120
cipher BF‐CBC
comp‐lzo max‐
clients 100 persist‐
key persist‐tun
status OpenVPN‐status.log
verb 3
Note: For more configuration details, please contact your technical support engineer.

OpenVPN_Client:
Click VPN > OpenVPN > OpenVPN as below.

Click to configure the Client01 as below.

When finished, click Submit > Save & Apply for the configuration to take effect.

4.2.3 GRE VPN

The configuration of the two points is as follows.
The window is displayed below by clicking VPN > GRE > GRE.

GRE‐1：
Click button and set the parameters of GRE‐1 as below.

When finished, click Submit > Save & Apply for the configuration to take effect.

GRE‐2:
Click button and set the parameters of GRE‐1 as below.

When finished, click Submit > Save & Apply for the configuration to take effect.

The comparison between GRE‐1 and GRE‐2 is as below.

Chapter 5 Introductions for CLI

5.1 What Is CLI
Command‐line interface (CLI) is a software interface providing another way to set the parameters of equipment from the SSH or through a telnet network connection.

Route login:
Router login: admin
Password: admin
#

CLI commands:

#? (Note: the ‘?’ won’t display on the page.)

!	Comments
add	Add a list entry of configuration
clear	Clear statistics
config	Configuration operation
debug	Output debug information to the console
del	Delete a list entry of configuration
exit	Exit from the CLI
help	Display an overview of the CLI syntax
ovpn_cert_get	Download the OpenVPN certificate file via HTTP or FTP
ping	Send messages to network hosts
reboot	Halt and perform a cold restart
route	Static route modify dynamically, this setting will not be saved
set	Set system configuration
show	Show system configuration
status	Show running system information
TFTP update	Update firmware using TFTP
traceroute	Print the route packets trace to the network host
URL update	Update firmware using HTTP or FTP
ver	Show version of the firmware

5.2 How to Configure the CLI
Following is a table about the description of help and the error that should be encountered in the configuring program.

Commands /tips	Description
?	Typing a question mark “?” will show you the helpful information. eg. # config（Press ‘?’）config     Configuration operation # config（Press spacebar +’?’）commit Save the configuration changes and take effect changed configuration save_and_apply      Save the configuration changes and take effect changed configuration load default Restore Factory Configuration
Ctrl+c	Press these two keys at the same time, except its “copy” function but also can be used to “break” out of the setting program.
Syntax error: The command is not completed	The command is not completed.
Tick space key+ Tab key	It can help you finish your command. Example: # config (tick enter key) Syntax error: The command is not completed # config (tick space key+ Tab key) commit save_and_apply loan default
#config commit	When your setting is finished, you should enter those commands to make

# config save_and_apply

your setting takes effect on the device. Note: Commit and save_and_apply play the same role.

5.3 Commands Reference

Commands	Syntax	Description
Debug	Debug parameters	Turn on or turn off debug function
Show	Show parameters	Sho    current co figuration of each function, if we need to see all plea e using “sh w running ”
Se	Set parameters Add parameters	All t e function parameters are set by commands set and add, the difference is that set is for the single parameter and add is for the list parameter
Add

Note: Download the config.XML file from the configured web browser. The command format can refer to the config.XML file format.

5.4 Quick Start with Configuration Examples
The best and quickest way to master CLI is firstly to view all features from the webpage and then read all CLI commands at a time, finally learning to configure it with some reference examples.

Example 1: Show the current version
# status system
hardware_version = 1.0
firmware_version = “3.0.0”
kernel_version = 3.10.49
device_model = R2000
serial_number = 111111111
system_uptime = “0 days, 06:17:32”
system_time = “Thu Jul 6 17:28:51 2017”

Example 2: Update firmware via tftp
# tftpupdate (space+?)
firmware New firmware
# tftpupdate firmware (space+?)
String Firmware name
# tftpupdate firmware filename R2000‐firmware‐sysupgrade‐unknown.bin host 192.168.100.99 //enter a new
firmware name
Downloading
R2000‐firmware‐s 100% |*******************************| 5018k 0:00:00 ETA

Flashing
Checking 100%
Decrypting 100%
Flashing 100%
Verifying 100%
Verify Success
upgrade success
# config save_and_apply
OK
//update success
// save and apply current configure ion, make your configuration effect

Example 3: Set link‐manager

# set
# set

at_over_telnet	AT Over Telnet
cellular	Cellular
DNS	Dynamic DNS
ethernet	Ethernet
event	Event Management
firewall	Firewall
GRE	GRE
IPsec	IPsec
lan	Local Area Network
link_manager	Link Manager
NTP	NTP
OpenVPN	OpenVPN
reboot	Automatic Reboot
RobustLink	RobustLink
route	Route
SMS	SMS
SNMP	SNMP agent
ssh	SSH
syslog	Syslog
system	System
user_management	User Management
very	VRRP
web_server	Web Server
# set link_manager
primary_link	Primary Link
backup_link	Backup Link
backup_mode	Backup Mode
emergency_reboot	Emergency Reboot
link	Link Settings

# set link_manager primary_link (space+?)
Enum Primary Link (wwan1/wwan2/wan)
# set link_manager primary_link wwan1 //select “wwan1” as primary_link
OK
//setting succeed
# se t link_mana ger link 1

type desc connection_type wwan static_addr pppoe ping mtu dnsl_overrided dns2_overrided

Type Description Connection Type WWAN Settings Static Address Settings PPPoE Settings Ping Settings MTU Override Primary DNS Override Secondary DNS

# set link_manager link 1 ty e wwan1
OK
#set link_manager link 1 wwan

auto_apn apn username password dialup_number auth_type aggressive_reset switch_by_data_allowance data allowance billing_day

Automatic APN Selection APN Username Password Dialup Number Authentication Type Aggressive Reset Switch SIM By Data Allowance Data Allowance Billing Day

# set link_manager link 1 wwan switch_by_data_allowance true
OK
#
# set link_manager link 1 wwan billing_data_allowance 100
OK
# set link_manager link 1wwan billing_day 1
OK
…
# config save_and_apply
OK
//open cellular switch_by_data_traffic
//setting succeed
// setting specifies the day of the month for billing
// setting succeed
// save and apply the current configuration, and make your configuration effect

Example 4: Set Ethernet

# set Ethernet port_setting 2 port_assignmEnt Ian0
OK
# config save_and_apply
OK
//Set Table 2 (ethyl) to Ian0
//setting succeed

Example 5: Set LAN IP address

Glossary

Abbr.	Description
AC	Alternating Current
APN	Access Point Name
ASCII	American Standard Code for Information Interchange
CE	Conformité Européene (European Conformity)
CHAP	Challenge Handshake Authentication Protocol
CLI	Command Line Interface for batch scripting
CSD	Circuit Switched Data
CTS	Clear to Send
dB	Decibel
dBi	Decibel Relative to an Isotropic radiator
DC	Direct Current
DCD	Data Carrier Detect
DCE	Data Communication Equipment (typically modems)
DCS 1800	Digital Cellular System, also referred to as PCN
DI	Digital Input
DO	Digital Output
DSR	Data Set Ready
DTE	Data Terminal Equipment
DTMF	Dual Tone Multi‐frequency
DTR	Data Terminal Ready
EDGE	Enhanced Data rates for Global Evolution of GSM and IS‐136
EMC	Electromagnetic Compatibility
EMI	Electro‐Magnetic Interference
ESD	Electrostatic Discharges
ETSI	European Telecommunications Standards Institute
EVDO	Evolution‐Data Optimized
FDD LTE	Frequency Division Duplexing Long-Term Evolution
GND	Ground
GPRS	General Packet Radio Service
GRE	generic route encapsulation
GSM	Global System for Mobile Communications
HSPA	High-Speed Packet Access
ID	identification data
IMEI	International Mobile Equipment Identity
IP	Internet Protocol
IPsec	Internet Protocol Security
kbps	bits per second
L2TP	Layer 2 Tunneling Protocol

LAN	local area network
LED	Light Emitting Diode
M2M	Machine to Machine
MAX	Maximum
Min	Minimum
MO	Mobile Originated
MS	Mobile Station
MT	Mobile Terminated
OpenVPN	Open Virtual Private Network
PAP	Password Authentication Protocol
PC	Personal Computer
PCN	Personal Communications Network, also referred to as DCS 1800
PCS	Personal Communication System, also referred to as GSM 1900
PDU	Protocol Data Unit
PIN	Personal Identity Number
PLCs	Program Logic Control System
PPP	Point‐to‐point Protocol
PPTP	Point to Point Tunneling Protocol
PSU	Power Supply Unit
PUK	Personal Unblocking Key
R&TTE	Radio and Telecommunication Terminal Equipment
RF	Radio Frequency
RTC	Real-Time Clock
RTS	Request to Send
RTU	Remote Terminal Unit
Rx	Receive Direction
SDK	Software Development Kit
SIM	subscriber identification module
SMA antenna	Stubby antenna or Magnet antenna
SMS	Short Message Service
SNMP	Simple Network Management Protocol
TCP/IP	Transmission Control Protocol / Internet Protocol
TE	Terminal Equipment also referred to as DTE
Tx	Transmit Direction
UART	Universal Asynchronous Receiver‐transmitter
UMTS	Universal Mobile Telecommunications System
USB	Universal Serial Bus
USSD	Unstructured Supplementary Service Data
VDC	Volts Direct current
VLAN	Virtual Local Area Network
VPN	Virtual Private Network
VSWR	Voltage Stationary Wave Ratio

WAN	Wide Area Network

Guangzhou Robustel LTD
Add: 3rd Floor, Building F, Kehui Park, No.95 Daguan Road, Guangzhou, China 510660
Tel: 86-20-29019902
Email: info@robustel.com
Web: www.robustel.com

Documents / Resources

robustel R2000S-MHI Dual-SIM LTE IoT Gateway [pdf] User Guide R2000S-MHI, R2000SMHI, 2AAJGR2000S-MHI, 2AAJGR2000SMHI, R2000S-MHI Dual-SIM LTE IoT Gateway, R2000S-MHI, Dual-SIM LTE IoT Gateway

References

• User Manual