Ewon TechForum
Providing technical solutions to technical requests


Disable Remote Access but keep the DatamailBox connection
simon Offline
eWON Support
#1
Hi,

I know some people would like to be able to disable the Remote Access connection using the Key switch connected to the DI (like on the Cosy) but keep the DataMailbox connection active.
This is actually possible by using an old feature called "VPN protection" that allows you to define up to three IP rules to filter VPN to LAN traffic.

See
.png   VPNProtection.png (Size: 180,25 KB / Downloads: 5)

To be able to set or reset the VPN protection at runtime, I have created a BASIC script function that you can call according to the DI1 value for example (but it could be executed using other triggers like DI2, SMS reception, Webpage...) :

Code:
ONCHANGE "DI1", "@SwitchOffOnRemoteAccess(DI1@)" //In init section.  Calling the function causes a VPN disconnection/reconnection


FUNCTION SwitchOffOnRemoteAccess($offon%)
  IF $offon% = 1 THEN //ENABLE REMOTE ACCESS
    SETSYS COM, "LOAD"
    SETSYS COM, "VpnFltEn", "0"
    SETSYS COM, "VPNCnxType", "0"
    SETSYS COM, "SAVE"

    SETSYS COM, "LOAD"
    SETSYS COM, "VPNCnxType", "2"
    SETSYS COM, "SAVE"

  ELSE //DISABLE REMOTE ACCESS
    SETSYS COM, "LOAD"
    SETSYS COM, "VpnFltEn", "1"
    SETSYS COM, "VpnFSa1", "255.255.255.255"
    $VPNIP$ = GETSYS PRG, "VPNIP"
    SETSYS COM, "VpnFDaS1", $VPNIP$   //SET 0.0.0.0 is you want to block all access, even to the Ewon
    SETSYS COM, "VpnFDaE1", $VPNIP$   //SET 0.0.0.0 is you want to block all access, even to the Ewon
    SETSYS COM, "VpnFDp1", "80" //SET 0 is you want to block all access, even to the Ewon
    SETSYS COM, "VPNCnxType", "0"
    SETSYS COM, "SAVE"

    SETSYS COM, "LOAD"
    SETSYS COM, "VPNCnxType", "2"
    SETSYS COM, "SAVE"
  ENDIF

ENDFN

With this script, you'll disable the access to any LAN devices (through eCatcher/M2Web or eCatcher Mobile) but you'll keep the web access (FTP access is disable too) to the Ewon itself through its VPN IP using eCatcher/eCatcher Mobile or through M2Web.
If you do want to disable the access to the Ewon as well, check the comments in the script.

Simon
Reply

tom.serru Offline
Junior Member
#2
Hi Simon,

Thank you for this script, exactly what we needed!

While testing it, we noticed you also need to put the port as an empty string when you want to block all access towards the eWon device's GUI.

When the switch is triggered, it looks like you need to re-connect with eCatcher before the changes are applied. Can this be correct?

Regards,
Tom
Reply

simon Offline
eWON Support
#3
Hi Tom,

- I have modified the script with a new comment about the port (I did test with "0" but empty is probably also ok)
- The firewall rule is applied on the Ewon, so eCatcher should not see anything. However, when you turn the switch on/off (and execute the script), it causes a VPN disconnection. So you should loose the eCatcher connection during a short time and eCatcher should reconnect automatically. I have seen sometimes in this case that you have to wait some seconds to get back your connection. Maybe that ?
Reply



Possibly Related Threads…
02-12-2019, 11:25 PM
Last Post: simon
09-09-2019, 12:44 PM
Last Post: simon
26-06-2019, 10:58 AM
Last Post: saadzahabi_bowman
19-06-2019, 10:46 PM
Last Post: simon
23-05-2019, 05:45 PM
Last Post: smoro
19-05-2019, 05:29 PM
Last Post: Richard
15-05-2019, 06:54 PM
Last Post: simon
03-01-2019, 06:13 PM
Last Post: simon
07-11-2018, 11:45 PM
Last Post: simon
28-03-2018, 12:57 PM
Last Post: Waterlot



Users browsing this thread:
1 Guest(s)



Theme © Ewon 2019 - Forum software by © MyBB - Cookie policy