Ticket #43 (task)
Opened 13 years ago
Last modified 12 years ago
Configure and Test GlobalStar VPN and static IPs
Status: closed (fixed)
Reported by: | haines | Assigned to: | haines |
---|---|---|---|
Priority: | major | Milestone: | Buoy-System-2010 |
Component: | communication | Version: | |
Severity: | must have | Keywords: | |
Cc: |
- contact ITS to obtain two subnets required for VPN router to Globalstar (GS).
- all three modems reconfigured for static IP
- once GS VPN router arrives, contact ITS again for port forwarding allocations so public computer (turb.marine.unc.edu) can access the VPN router
- setup and test Globalstar VPN router on campus with GS loopback adapter
- install and setup second ethernet adapter for turb.marine for VPN connection
- change registry setting on turb.marine to allow additional polling per instructions from Ron Mozer at Crystalline
- test GS modems with ping and test telnet
The phone numbers of our GlobalStar/ExtraNetCC satellite units:
ESN: 11601178763 / Phone# 999-008-1921 / IP: 10.1.64.1 (Buoy) ESN: 11601178914 / Phone# 999-008-1922 / IP: 10.1.64.2 (Buoy) ESN: 11601178933 / Phone# 999-008-1923 / IP: 10.1.64.3 (Tower)
Adair Thaxton Network Specialist, ITS Networking 440 W. Franklin St., Suite 1011 UNC Chapel Hill, (919) 445-9387 sthaxton@email.unc.edu
Matt Lord Manager, Communications Engineering Globalstar 461 S. Milpitas Blvd. Milpitas, CA 95035 P. 408.933.4507 matt.lord@globalstar.com
Brian Nordman | Crystalline Technology ??? | Monessen | PA | 15062 | USA T 724-638-8048 | M 724.557.8474 Brian@Crystalline.us Ron Mozer | Crystalline Technology ??? | Monessen| PA | 15062 | USA T 724-638-8048 | ron@Crystalline.us
This ticket is follow-on to ticket titled "Testing Globalstar from Loggernet" (ticket:40) where testing was successfully completed on straight dialup and "Setup GlobalStar? static IP/VPN service" (ticket:42) where the order was placed for VPN IP service through NetSat? and David O'hara.
Attachments
Change History
05/03/11 09:25:35: Modified by haines
- status changed from new to assigned.
- description changed.
- summary changed from Configure GlobalStar VPN to Configure and Test GlobalStar VPN and static IPs.
07/12/11 10:20:49: Modified by haines
- description changed.
07/12/11 10:29:26: Modified by haines
07/12/11 10:37:28: Modified by haines
- description changed.
07/12/11 10:45:29: Modified by haines
- description changed.
Adair Thaxton at ITS located and assigned both subnets for GS VPN router. Also attached completed form sent to Matt Lord at Globalstar.
Subject: Re: UNC-CH Remedy Ticket 2055166 Date: Wed, 15 Jun 2011 13:28:58 -0400 From: Adair Thaxton <sthaxton@email.unc.edu> To: <sara_haines@unc.edu>
Sara,
(Spreadsheet Item 1) For the outside interface, they can use 152.2.23.166/30 (mask 255.255.255.252, gateway 152.2.23.165). The VLAN number for this will be 37.
(Spreadsheet Item 3) For the inside interface, they can use 152.2.76.17/28. User machines will be 152.2.76.18 - 29, subnet mask 255.255.255.240, gateway 152.2.76.17. The VLAN number for this will be 39.
They may or may not need the VLAN numbers. When we configure VPNs, the VLAN numbers don't matter much, but they may wish to use those numbers for the sake of consistency.
When the VPN arrives, we will need to put the interface designated as "outside" into VLAN37. If you're planning to connect your user machine(s) directly to the VPN, no further switchport changes should be necessary, but if you're going to connect indirectly through some switches, we'll need to make switchport changes to reflect VLAN39.
(Spreadsheet item 5) I'm not sure if you've looked at having an analog line run for management, but SSH is probably easier.
Let me know if you have questions.
Adair
07/12/11 10:47:49: Modified by haines
- attachment GSIPVPNform_UNC.xls added.
Globalstar form filled out with UNC subnet information
08/02/11 10:47:13: Modified by haines
Received the GS VPN and installed and tested directly connecting to VPN on GS-Inside VLAN 39. I had to install a second ethernet card on turb.marine.unc.edu so we can maintain private connection to addresses assigned on VPN for the modems.
Testing with loopback adapter at GlobalStar? ground station is done by ping to 10.1.64.63 on turb.marine.
The only way I could ping 10.1.64.63 with both installed ethernet adapters enabled on the XP host was to not have a default gateway on the one adapter configured as 152.2.92.105 (turb.marine.unc.edu). See ipconfig output below.
----------------------------------------------------------------------------------- C:\Documents and Settings\haines>ping 10.1.64.63 Pinging 10.1.64.63 with 32 bytes of data: Reply from 10.1.64.63: bytes=32 time=83ms TTL=252 Reply from 10.1.64.63: bytes=32 time=57ms TTL=252 Reply from 10.1.64.63: bytes=32 time=57ms TTL=252 Reply from 10.1.64.63: bytes=32 time=57ms TTL=252 Ping statistics for 10.1.64.63: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 57ms, Maximum = 83ms, Average = 63ms C:\Documents and Settings\haines>ping 10.1.64.63 Pinging 10.1.64.63 with 32 bytes of data: Reply from 152.19.255.209: Destination net unreachable. Request timed out. Ping statistics for 10.1.64.63: Packets: Sent = 2, Received = 1, Lost = 1 (50% loss), Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms Control-C ^C -------------------------------------------------------------------------------------- C:\Documents and Settings\haines>ipconfig /all Windows IP Configuration Host Name . . . . . . . . . . . . : ehsloggernet Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Unknown IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No Ethernet adapter Local Area Connection GlobalStar: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Intel(R) PRO/1000 GT Desktop Adapter Physical Address. . . . . . . . . : 00-1B-21-B2-E6-73 Dhcp Enabled. . . . . . . . . . . : No IP Address. . . . . . . . . . . . : 152.2.76.18 Subnet Mask . . . . . . . . . . . : 255.255.255.240 Default Gateway . . . . . . . . . : 152.2.76.17 DNS Servers . . . . . . . . . . . : 152.2.21.1 152.2.253.100 Ethernet adapter Local Area Connection UNC: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Broadcom 440x 10/100 Integrated Cont roller Physical Address. . . . . . . . . : 00-12-3F-D4-1E-4C Dhcp Enabled. . . . . . . . . . . : No IP Address. . . . . . . . . . . . : 152.2.92.105 Subnet Mask . . . . . . . . . . . : 255.255.255.128 Default Gateway . . . . . . . . . : DNS Servers . . . . . . . . . . . : 152.2.21.1 152.2.253.100 C:\Documents and Settings\haines>
08/02/11 10:53:47: Modified by haines
- description changed.
Also, following the
-------- Original Message -------- Subject: Re: UNC Remedy Ticket 2055166 -- UNC VPN and static IPs with GlobalStar Date: Tue, 26 Jul 2011 10:39:37 -0400 From: Ron Mozer <ron@crystalline.us> To: <sara_haines@unc.edu> CC: Chris Abene <Chris.Abene@globalstar.com>, Adair Thaxton <sthaxton@email.unc.edu>, Matt Lord <Matt.Lord@globalstar.com>, "Crystalline Tech. Service" <techservice@crystalline.us> Hello Sara, Each of the units have a label on them which indicate the static IP address to which they are assigned. Specifically the first three IP addresses in your Globalstar subnet where used to provision these modems. They are 10.1.64.1, 10.1.64.2, and 10.1.64.3. In addition, it is very important that you modify the registry values on your Windows host computer that will be performing the polling of the remote units. As a bit of back ground, when a connection is initiated by your host it takes a few seconds for the gateway to locate and connect the remote modem. These registry setting provide a few extra seconds for the connection to be established. For Microsoft, the default number of retries for a TCP connect is 2. This is covered under the registry parameter TcpMaxConnectRetransmissions. The first retry happens at 3 seconds, and then doubles. So the default is: first SYN packet: t=0s first retry: t=3s second retry: t=9s (6 seconds after the first retry) To accommodate connections that take more than 9 seconds to complete, the parameter TcpMaxConnectRetransmissions for the host initiating the connection should be changed to 3. So then we'd have: first SYN packet: t=0s first retry: t=3s second retry: t=9s (6 seconds after the first retry) third retry: t=21s (12 seconds after the second retry) This will not affect currently successful connections that make it through with the first two retransmissions. The parameter may not show up if it is a default, so you would have to add a REG_DWORD with this name (TcpMaxConnectRetransmissions) and the value of 3. Procedure: 1. Click Start, click Run, type regedit.exe, and then click OK. 2. Use the tree view (the left pane) of the Registry Editor tool to open the following key: HKEY_LOCAL_MACHINE\SYSTEM\ CurrentControlSet\Services\Tcpip\Parameters 3. Change TcpMaxConnectRetransmissions to 3, or add it if it isn't shown Please do not hesitate to contact us if you have any questions. Thank You, Ron Mozer Ron Mozer | Crystalline Technology RAS Division- Equipment & Controls, Inc. & A.E. Ehrke Co, Emerson Process Management Local Business Partner 210 Riverview Drive | Monessen| PA | 15062 | USA T 724-684-5117 | F 724-684-4490 ron@Crystalline.us
08/02/11 11:16:43: Modified by haines
- description changed.
Last week, initial testing of modems via VPN to GS ground to GS satellite to our modems commenced. We successfully could ping both 10.1.64.1 (B1) and 10.1.64.2 (B2) but could not then connect to the datalogger on each buoy. We now think that there is a baud rate mismatch between the datalogger and modems.
Perhaps the best thing to do is to use the "Telnet 10.1.64.1" command from a DOS prompt on the LoggerNet computer. If you get a connect message then the ExtraNET CC is connected. They you can press the "return" key to get a CR1000 prompt. If you don't get the prompt then you need to check the connection between the ExtraNET CC and the CR1000 and make sure baud rates, parity, stop bits, and wiring is correct.
10/11/11 17:05:37: Modified by haines
- status changed from assigned to closed.
- resolution set to fixed.
01/17/12 10:12:42: Modified by haines
- description changed.
Changed number to contact Crystalline. They have split off from ECI as independent but still called Crystalline. Now is 724-638-8048. Still need new address.
All modems reconfigured by Brian Nordman at Crystalline, Inc (CI).