netfield onpremise V2.2 testing

[MGharat]

Dear Armin,

We want to order below netfield onpremise gateway . 

NIOT-E-TIJCX-GB-RE/NFLD 1321.300/NFLD Docker Edge Gateway ”netFIELD OnPremise“, 4x 2GHz x64 CPU, 8GB RAM, 128GB SSD, Wifi

1] Do we need to purchase monthly netfield io subscription ? or when we will need it ? as it is mentioned in nefield edge datasheet
2] For VPN functionality with V2.2 OS, is there any additional software charged than hardware?
3] Do we have any knowledgebase page for VPN connnectivity with netfield ?

BR
Madhumati

[Armin@netPI]

Hello Madhumati,

1.) No the netFIELD OnPremise can be ordered without any subscription. You can operate totally independent of netfield cloud services. So you can manage it locally using a standard Linux terminal console over SSH or via the web UI pages. Using the option netfield and cloud management can be ordered separately and is an addtional function. Some customers do not allow Internet connection in their plants anyway, so for them it is the ideal solution to do everything locally only. The two gateways netFIELD Connect and netFIELD OnPremise both have two Docker engines preinstalled. One Docker instance we call "local" and can be managed via local terminal console. This one is active in both devices by default and you are free to use it with any Docker container you want (OnPremise is Intel CPU based so it needs X86 compatible containers so "hilschernetpi/netpi-nodered" container for example will never run on it, Connect is ARM CPU based so it needs ARM compatible containers ). The second Docker instance is deactivated and "sleeping" until you book a netfield subscription additonally. Then this Docker instance can be controlled from remote over netfield cloud/internet platform. But this is just an option. If you don't like it to use it keeps "sleeping".

2.) No there is no other software in charge for an OpenVPN connection. In new netFIELD OS 2.2 the command line (CLI) program openvpn comes preinstalled right away for a direct use. You can reach this command like all other Linux commands using a terminal console over an SSH connection or alternatively over the device web-UI site (embedded terminal).

3.) OpenVPN is a community developed service. We have just embedded it as command into the latest netFIELD OS 2.2 version as it is. The OpenVPN project and the CLI command openvpn is well documented by the OpenVPN organization. It does not make sense to document this CLI command and its parametes once again on any Hilscher web site. Here is for example one of the official Internet pages explaining the command line: https://openvpn.net/vpn-server-resources...ith-linux/

Today I tried to establish a VPN connection to my OpenVPN server running at home via Hilscher gateways using netFIELD OS 2.2. It worked immediately and I was able to ping all my home network devices via the netFIELD Connect or netFIELD OnPremise gateway after I have established the VPN connection. The command line I was calling was quite simple: openvpn --config arminhomserver.ovpn. 
The *.ovpn file is a common configuration file I created based on the instructions on the OpenVPN organizations web site or there are also online web sites like this one https://ovpnconfig.com.br/ you can feed with data/credentials coming from my OpenVPN server to generate them. It contains parameters like the internet domain name of my server (I am using a DNS provideron my server for giving me a constant Internet Domain name), used ports for the connections and the most important point the certificates (issued for my Internet Domain name). Of course there are a lot of other parameters that can be added to the config file which I don't know and just the basic ones. But in the end with such a very simple setup I was able to establish an OpenVPN connection to my homeserver in 5 minutes.

Thx
Armin

[MGharat]

Hello Madhumati,

1.) No the netFIELD OnPremise can be ordered without any subscription. You can operate totally indenepdent of netfield cloud usage. So you can manage it using a standard Linux terminal console over SSH or via the web UI pages. Using the option netfield and cloud management can be ordered separately and is an addtional function. The two gateways netFIELD Connect and netFIELD OnPremise both have two Docker engines perinstalled. On Docker instance we call "local" and can be managed via terminal console. This one is active in both devices by default and you are free to use it with any Docker container you want. The second Docker instance is deactivated and sleeping until you book a netfield subscription additonal. Then this Docker instance can be controlled from remote over netfield internet platform. But this is just an option. If you don't like it it keeps "sleeping".

2.) No there is no other software in charge for an OpenVPN connection. In new netFIELD OS 2.2 the command line (CLI) program openvpn comes preinstalled right away for a direct use. You can reach this command like all other Linux commands using a terminal console over an SSH connection or alternatively over the device web-UI site (embedded terminal).

3.) OpenVPN is a community developed service. We have just embedded it as command into the latest netFIELD OS 2.2 version as it is. The OpenVPN project and the CLI command openvpn is well documented by the OpenVPN organization. It does not make sense to document this CLI command and its parametes once again on any Hilscher web site. Here is for example one of the official Internet pages explaining the command line: https://openvpn.net/vpn-server-resources...ith-linux/

Today I tried to establish a VPN connection to my VPN server at home. It works immediately and I was able to ping all my home network devices via the netFIELD Connect or netFIELD OnPremise gateway after I have established the connection. The command line I was calling was quite simple: openvpn --config arminhomserver.ovpn. 
The *.ovpn file is a common configuration file I generated on my OpenVPN server. It contains the internet name of my server, used ports for the connections and the most important point certificiates. Of course there are a lot of other parameters that can be added to the config file which I don't know. But in the end with such a very simple setup I was able to establish an OpenVPN connection to my homeserver in 5 minutes.

Thx
Armin


Dear Armin,

ok we will try testing.

1] Do we need any changes to be done into office internet router ?
2] As per my earlier communication with Dominik,  It mentions about netfield remote proxy software, but i could not found this software anywhere? 

[Armin@netPI]

Well,

1.) No changes on the Internet router was necessary during my test session with my personal OpenVPN server at home. Here on the Hilscher's Headquarter office network I have anyway no chance to make any changes on this HQ internet router, since I am not an IT admin. So I was using the standard Internet connection of the office network they are providing to my notebook, PC and also to my netFIELD Connect gateway of course during this test.

2.) I have seen this remote proxy software once when our netFIELD software product manager Frank Bauer introduced it. But now Frank Bauer has left Hilscher 2 month ago, and I don't know where he put this software to. But there is one important thing ... the netFIELD remote proxy function will only work if you have a running subscription with your netFIELD gateway. If you or your customer don't have it then you can't use it. And remember getting a subsciption for a single device is not rentable, he always has to pay an initial setup cost in any case per month plus the device usage. Getting subscriptions and remote management option makes only sense if you have multiple devices running and want to control them from remote. Anyway the netfield cloud services and functions run independent from the openvpn CLI command introduced with netFIELD OS 2.2. openvpn is, was and stays a free tool from the community.

For your tests you need of course a working VPN server somewhere on the Internet the gateway can connect to. And also you need a proper *.ovpn configuration file.
To connect this server it has to have a static IP address forever as one option since the *.ovpn file contains its IP address ... but static IP address is quite unusal to have since its IP address usually changes daily due to forced disconnection by the Internet provider ... or your server is getting a static domain name instead like my server at home using a DNS provide. So instead of a static IP address in the *.ovpn file the static domain name in this file is telling later the openvpn CLI where to connect to.

If you have a servier and proper *.ovpn file then you should be able to connect netFIELD Connect gateway running netFIELD OS 2.2 with charm in just a minute without any problems.

[MGharat]

Well,

1.) No changes on the Internet router was necessary during my test session with my personal OpenVPN server at home. Here on the Hilscher's Headquarter office network I have anyway no chance to make any changes on this HQ internet router, since I am not an IT admin. So I was using the standard Internet connection of the office network they are providing to my notebook, PC and also to my netFIELD Connect gateway of course during this test.

2.) I have seen this remote proxy software once when our netFIELD software product manager Frank Bauer introduced it. But now Frank Bauer has left Hilscher 2 month ago, and I don't know where he put this software to. But there is one important thing ... the netFIELD remote proxy function will only work if you have a running subscription with your netFIELD gateway. If you or your customer don't have it then you can't use it. And remember getting a subsciption for a single device is not rentable, he always has to pay an initial setup cost in any case per month plus the device usage. Getting subscriptions and remote management option makes only sense if you have multiple devices running and want to control them from remote. Anyway the netfield cloud services and functions run independent from the openvpn CLI command introduced with netFIELD OS 2.2. openvpn is, was and stays a free tool from the community.

For your tests you need of course a working VPN server somewhere on the Internet the gateway can connect to. And also you need a proper *.ovpn configuration file.
To connect this server it has to have a static IP address forever as one option since the *.ovpn file contains its IP address ... but static IP address is quite unusal to have since its IP address usually changes daily due to forced disconnection by the Internet provider ... or your server is getting a static domain name instead like my server at home using a DNS provide. So instead of a static IP address in the *.ovpn file the static domain name in this file is telling later the openvpn CLI where to connect to.

If you have a servier and proper *.ovpn file then you should be able to connect netFIELD Connect gateway running netFIELD OS 2.2 with charm in just a minute without any problems.



Dear Armin,

I  understand as - we have preinstalled openVPN Client program on netfield gateway, so client is running on our gateway . 
Now we have to setup a VPN server into internet network, which will further communicate with netfield open VPN client & create a tunnel. Hope this is correct.

Here in office, we are using open vpn GUI for server connection on one of Windows system/laptop. where we are trying to import client.ovpn generated afetr following all the instructions on the webpages.

but while importing it gives error as attached.  


Br
Madhumati

[Armin@netPI]

Well I am no OpenVPN expert to be honest and cannot answer you this question 100%.

So I am do not know better ... then I am always searching on the internet for others having the same problem: https://openvpn.net/faq/i-am-having-trou...ovpn-file/

So it seems in your *.ovpn file the certificates were not embedded by you and are just referenced as external files. So you have two possibilities ... embed the needed certificate and key in the *.ovpn file in the <cert> </cert> section and in the <key> </key> section (you can paste them since it is ASCII text only) or you copy the certificate file client.cnf and the client.key file into the requested folder the error message box is telling you.

By the way I looked into my personal *.ovpn file I used yesterday and I can see that it embeds the certificate and key already as ASCII text. So I did not have this problem.

[DSongra]

Dear Armin,

while tying to perform command in console "openvpn --config devendra-laptop.ovpn" getting errors attached screenshot (file error). File already available in the same directory (on my laptop).

With the all files we are able to connect in OpenVPN connect App attachment (openvpn app).


Br,
Devendra

[Armin@netPI]

Well Devendra ... please look again to your own screen shot: "c:\program files\ ..." is a Windows folder. This is in no way a folder you will find on a Linux machine. :-)

So either
a.) edit your *.opvn file and correct the folders to fit you Linux file system and copy the *.crt and *.key file to the folder you are referencing

alternatively

b.) include the ASCII content of your *.crt file and *.key file into the *.ovpn file as I described it to Madhumati in my previous post in accordance to https://openvpn.net/faq/i-am-having-trou...ovpn-file/

[DSongra]

Dear Armin,

Good Morning.

Now we have changed the directory in .ovpn file, now able to perform "openvpn --config devendra-laptop.ovpn" command getting logs as attached, is it correct response?.
 

Br,
Devendra

[Armin@netPI]

Well I am no VPN expert as I told you. I just can guess on the error and again the very official web site explains the following https://openvpn.net/faq/tls-error-tls-ke...nectivity/

If I interpret it right ... the OpenVPN client command tries to connect to the VPN server ... but it fails. And I also see is that it tries to connect to 10.8.0.1:1194. So is this IP address reachable from netFIELD Connect Gateway?