The VPNRouter iR 5221 is an advanced industrial VPN router designed for security sensitive network applications. The product's main feature includes the easy setup of secure VPN connections (SSL/TLS and AES-256 based) to other remote VPNRouters. The VPNRouter can act as the central firewall/router to the Internet or as a VPN gateway within an existing local network. In both roles, the VPNRouter can be a server or a client for the VPN. With the VPNRouter, one can significantly reduce costs as remote management and monitoring of critical assets is made possible. Examples of such assets include power and water treatment stations, production lines, ATMs, CCTVs and many other M2M applications.
Basic Router Services
The VPNRouter software is based on OpenWrt, which complies with all industrial high security standards. Over the browser based web front-end, the user can easily configure all network services including DHCP, DNS, NTP, UPnP and Firewall. Furthermore, it has the following security features:
openVPN provides secure communication tunnels, using encryption of all IP packets and sender authentication whenever users access a private network over the public Internet.
The firewall controls traffic between various trust zones shielding the private network from unauthorized outside access such as NAT.
VPNRouters support broadband GSM/3G/4G as Internet access variants for installation on mobile vehicles. Wifi is available as a common option. Furthermore, three SMA-antenna sockets are provided. All interfaces - namely the serial ports, Digital I/O and CAN-Bus (VPNRouter iR 5221 only) - are remotely accessible over the LAN ports and VPN supported by services such as RFC2217, Modbus/TCP and VSCAN API; this allows simple remote access to a variety of industrial machines. The USB port can be used for firmware updates or the transfer of VPN configuration files.
Easy VPN deployment with SimpleVPN
SimpleVPN software enables a simple and comfortable OpenVPN configuration of all VPNRouters, whether they are used as Servers or Clients. The VPN setup of the whole can be fully configured by a single VPNRouter: Once a configuration of a VPNRouter is done, it can then easily be exported to other VPNRouters within the network with the use of a either a USB-Stick, a configuration file or Ethernet cables. SimpleVPN supports common VPN standards such as OpenVPN. The level of simplicity that comes with the handling of necessary encryption keys and certificates, which can be created on the device itself, makes it easy and convenient for the user to establish a VPN tunnel network.
The industrial VPNRouter series stands out due to their robust and compact design. VPNRouters are fanless, have small footprint and are DIN Rail mountable systems. They are fully ESD and surge protected, complying with IEC 61000-4-2 (8kV air and 4KV contact). Properties such as low power consumption (3W typical), an extended temperature range (−20°C to +65°C) and a wide range power supply (12-50V DC) make them ideal for harsh industrial environments. The options of WLAN and GSM/3G/4G modems for installations on mobile platforms exist. The MTBF of 10.5 years at 45°C environments shows the high technological reliability of VPNRouter series.
SimpleVPN implemented in to VPN Routers can create a network of VPN tunnels. The network has star topology: all Client Routers (in Branches or Home Offices) connect to one central Server Router (in the Head Office). The Server acts as a central Hub/Switch for all data transfers: each PC in an office communicates with any other PC in other offices over the Server/Router. Changes in the configuration of Clients are easily done on the Server.
Based on OpenVPN with SSL/TLS and AES-256
No. of VPN Tunnels
Depends on Internet connection Max. 5 Clients per Server in typical applications More Clients are possible with low data transfer demand
The VPNRouter acting as Server allows the configuration of all Clients. Transfering the configuration to other clients can be done via
File Upload / Download
Ethernet cable (before deploying the Client Routers)
Keys / Certificates
Generated locally on the VPNRouter, or upload them from another reliable source
Router Role: In this mode the VPN Router can be configured as Router providing access to the Internet via Ethernet, 3G/4G Modem or WLAN. Ethernet supports xDSL, TV-Cable or fiber. The VPN tunnels are supported on all types of media. Internet and VPN access is granted to the local LAN ports, behind the built-in Firewall.
Gateway Role: A VPN Router is placed into an existing company's local network, creating a VPN Gateway for IP addresses connected by VPN tunnels. PCs and other Devices in the local network use this Router as a Route to access the other offices.
Remote Access / Remote Service
The integrated software services also allow secure VPN connections to machines and devices with serial ports, CAN Bus interfaces, facilitating smart remote control of these interfaces on the VPN Routers. Using VSCAN API for CAN-Bus, RFC 2217 for serial ports and Modbus/TCP for Digital I/O full remote access to the machines is enabled in a very convenient way. Machines and devices with LAN interfaces are remote connected via LAN ports of the VPN Router.