cancel
Showing results for 
Search instead for 
Did you mean: 
SOLVED

Guide for using ctrlX core as a "router" with firewall app and VPN client

Guide for using ctrlX core as a "router" with firewall app and VPN client

CodeShepherd
Community Moderator
Community Moderator

Is there a guide for using ctrlX core as a "router" with firewall app and VPN client available?

1 REPLY 1

MauroRiboniMX
Contributor

Hi to everyone,

This is not a question but is actually a sort of guide created from the experiences that me and @TheCodeCaptain have collected about the topic together.

"Disclamer: this procedure is not addressed to the basic user, in order to fully understand what is happening and to debug the setup it is necessary a good knowledge about IPtables, networking and VPNs. Furtermore the guide is not a complete setup to a production case, is just a proof of concept that, the user, must be able to develop in order to fit his own case"

Experience1:

Objective: we would like to login inside the XM22 passing trough the ctrlX core. Just like the picture below.

The test has been done with:

  • ctrlX core release 21.11 eth0: 192.168.1.1, eth2:192.168.2.1
  • App Firewall 1.12.0

MauroRiboniMX_0-1639158769895.png

Step1: Get the possibility to forward packets.

In order to forward packets it is necessary to allow it from the eht0-1 interfaces:

MauroRiboniMX_1-1639159384855.png

From firewall point of view it is also necessary to allow the packet forwarding (by default it is allowed).

Step2: SNAT

Now it should be possible to connect to the PLC but  it is necessary to set up the XM22 Gateway: it must be the ctrlX core IP address, in this case being the xm address 192.168.1.25 it must be 192.168.1.1. Otherwise the connection wouldbe dropped by the PLC.

In order to avoid this configuration for the PLC or the others devices on the machine network it is possible to setup a simple SNAT routing rule. Assuming again tath the ctrlX core address from the machine point of view is 192.168.1.1 here is my configuration adopted.

MauroRiboniMX_2-1639160316918.png

MauroRiboniMX_3-1639160345687.png

Step3: PC routing

Now that anything has been set up in ctrlX it is necessary to setup the right rules also inside the PC.Being the PC address 192.168.2.X and the ctrlX coro eth1 address = 192.168.2.1 the rule to be entered is the following:

route add 192.168.1.0 mask 255.255.255.0 192.168.2.1

It means that we're trying to reach a 192.168.1.X address passing trough 192.168.2.1 which is the ctrlX core.it It is possible to check the connection using the command "tracert".

MauroRiboniMX_4-1639160935230.png

The Experience with the VPN will follow.

Mauro

Icon--AD-black-48x48Icon--address-consumer-data-black-48x48Icon--appointment-black-48x48Icon--back-left-black-48x48Icon--calendar-black-48x48Icon--center-alignedIcon--Checkbox-checkIcon--clock-black-48x48Icon--close-black-48x48Icon--compare-black-48x48Icon--confirmation-black-48x48Icon--dealer-details-black-48x48Icon--delete-black-48x48Icon--delivery-black-48x48Icon--down-black-48x48Icon--download-black-48x48Ic-OverlayAlertIcon--externallink-black-48x48Icon-Filledforward-right_adjustedIcon--grid-view-black-48x48IC_gd_Check-Circle170821_Icons_Community170823_Bosch_Icons170823_Bosch_Icons170821_Icons_CommunityIC-logout170821_Icons_Community170825_Bosch_Icons170821_Icons_CommunityIC-shopping-cart2170821_Icons_CommunityIC-upIC_UserIcon--imageIcon--info-i-black-48x48Icon--left-alignedIcon--Less-minimize-black-48x48Icon-FilledIcon--List-Check-grennIcon--List-Check-blackIcon--List-Cross-blackIcon--list-view-mobile-black-48x48Icon--list-view-black-48x48Icon--More-Maximize-black-48x48Icon--my-product-black-48x48Icon--newsletter-black-48x48Icon--payment-black-48x48Icon--print-black-48x48Icon--promotion-black-48x48Icon--registration-black-48x48Icon--Reset-black-48x48Icon--right-alignedshare-circle1Icon--share-black-48x48Icon--shopping-bag-black-48x48Icon-shopping-cartIcon--start-play-black-48x48Icon--store-locator-black-48x48Ic-OverlayAlertIcon--summary-black-48x48tumblrIcon-FilledvineIc-OverlayAlertwhishlist