Step by step

Introduction

Sometimes, there is the need to access AdvanReader 60/150 Series devices and derived systems (e.g. AdvanSafe, AdvanGuard, AdvanGate, AdvanPay...)  to do some maintenance or changes on the configuration. All of these devices can be monitored by entering on AdvanNet Manager (Web application), which is on port 3161. 

To do it remotely, Keonn's devices have the LogMeIn VPN solution preinstalled, so that you only need to activate it with your own credentials.

This way, you can access the device connected to a local network from any place with Internet connection. Even if there is a firewall activated.

The following sections will explain how to remotely monitor any of these Keonn systems using the port 3161 (HTTP) more SECURELY.

Remotely monitoring

We will explain two ways to do remote monitoring:

LogMeIn-Hamachi

LogMeIn Hamachi is a hosted VPN service that lets you securely extend LAN-like networks, creating virtual private networks on-demand.

This feature is a solution when these scenarios are not available:

The version for ARM (which includes AdvanReader 60/150 Series devices or AdvanReader 150/60 Series derived systems (e.g. AdvanSafe, AdvanGuard, AdvanGate, AdvanPay, ...) is a BETA version and is not directly supported by the manufacturer.

Hamachi is provided 'as is', use it at your own risk. 

LogMeIn-Hamachi allows us to create a virtual private network between a computer and the Keonn reader/system, giving us the possibility to remote monitoring.

Create account and Network

1. Create an account in LogMeIn: https://secure.logmein.com

It is not necessary to Buy the LogMeIn-Central, just the Hamachi STANDARD plan: https://www.vpn.net/#pricing

2. Login in https://secure.logmein.com and go to Networks -> My Networks and Add a new Network.

3. Set a Network name and chose the Network type. The most simplest way is using the Mesh network type.

4. Set the Join Request to Must be approved which will make the admin to have to accept each connection at first, and the Standard (32 members per network, $49.00/year).

5. After the payment process, you will have a network where you can add up to 32 members.

Add the ADMIN computer

The process is different depending on the Operating System:

Windows

1. Download the Hamachi program for Windows (https://www.vpn.net)  and install it.

2. Open the LogMeiHamachi program and a window like this will appear. Click on the button mark with a red square.

3. Click on the link "send them an attach request"

4. Fill with the LogMeIn account and click Attach:

5. In your LogMeIn dashboard, a request will appear, accept it:

6. In the non-members section, the new machine will appear. Click on the Edit button surrounded by a red square:

7. Select the Members tab and the Add/Remove members. Then select the new machine and save it.

8. Now, the new machine is added to the Network.

Linux

1. Download the deb package for your linux distribution: https://www.vpn.net/linux

2. Open a terminal and do as follows:

sudo dpkg -i logmein-hamachi_2.1.0.198-1_armhf.deb

sudo hamachi login

sudo hamachi set-nick "Nick-For-This-Computer" (e.g. sudo hamachi set-nick "keonn.admin"

sudo hamachi attach logmein-email-account (e.g. sudo hamachi attach test@gmail.com)

3. At this point, the hamachi software has sent a attachment request. The process now is the same as with Windows in point 5.

Add Keonn reader/system

New devices already have Hamachi installed. This way, you only need to configure it so that it is attached to your LogMeIn Account. 

To check if Hamachi is installed, run the following command once you have connected to the reader via SSH:

sudo hamachi

If the output of the command includes the Hamachi version, PID, client ID, etc., it means the program is already installed. You can go to Hamachi is already installed section.

If the reader does not recognize the command, go to Hamachi is NOT installed section.

Hamachi is already installed

In this case, you only need to attach the device to your LogMeIn account.  You can do so by running the following commands:

sudo hamachi login
sudo hamachi set-nick "<custom name for your device>"
sudo hamachi attach <logmein-email-account>

Note the double quotes when assigning a nick for your device. Here you have an example of the commands:

sudo hamachi login
sudo hamachi set-nick "AdvanReader-m4-150.shop1.device1"
sudo hamachi attach test@gmail.com

You can confirm everything has been properly set up by running the following command again:

sudo hamachi

The last step is to login to the LogMeIn web interface and accept the new device request to join the account.

Hamachi is NOT installed

To install and configure Hamachi from scratch on a Keonn reader/system based on AdvanReader-150/60, follow the next steps:

1. Connect via SSH to the reader using an SFTP program like FileZilla. To get SSH credentials, please follow this section of our wiki.

2. Download the .deb package for ARM HF: https://www.dropbox.com/scl/fi/hhv1q0c7f8y14kocubqa9/logmein-hamachi_2.1.0.203-1_armhf.deb?rlkey=8mbkhsykko6zvli49tiziy9bg&dl=0

3. Upload the .deb package into the reader folder: /home/keonn

4. Connect to the reader using PuTTy or a similar program.

5. Run the following commands:

sudo ln -s /lib/ld-linux-armhf.so.3 /lib/ld-linux.so.3

sudo dpkg --force-architecture --force-depends -i /home/keonn/logmein-hamachi_2.1.0.203-1_armhf.deb

sudo hamachi login

sudo hamachi set-nick "Nick-For-This-Computer" (e.g. sudo hamachi set-nick "spain.bcn.advansafe.001"

sudo hamachi attach logmein-email-account (e.g. sudo hamachi attach test@gmail.com)

cd /etc/init.d

sudo update-rc.d logmein-hamachi defaults

6.  We have found problems with this version so we encourage to follow the next steps and add a way to reboot the hamachi service installed in the Keonn reader/system:

sudo mv /home/keonn/custom-start-hamachi.sh /sbin

sudo chmod 770 /sbin/custom-start-hamachi.sh

sudo chown root: /sbin/custom-start-hamachi.sh

sudo su
echo "*/15 * * * * /sbin/custom-start-hamachi.sh" >> /var/spool/cron/crontabs/root
echo "0 0 * * * /etc/init.d/logmein-hamachi restart" >> /var/spool/cron/crontabs/root
echo -e "" >> /var/spool/cron/crontabs/root
chown root:crontab /var/spool/cron/crontabs/root
shutdown -r now

7. After this process, this device should have send a request to logmein and the process now is the same as Add the ADMIN computer --> Windows --> point 5.

SSH tunneling

If a Keonn reader/system will be accessible via a public IP address, it is more secure to not give access to the port 3161 and create a tunnel via the port for SSH connections (22). Secure Shell (SSH) is a cryptographic network protocol for operating network services securely over an unsecured network.

Using this tunnel, a user will have access to the port 3161 of the remote Keonn reader/system and will have a secure connection.

Using PuTTY

1. There has to be a connection between the user and the remote Keonn reader/system via the port 22 (e.g. the router where the remote Keonn reader/system is connected will have to forward the port 22 to the IP of the Keonn reader/system)

2. Download the PuTTy program: http://www.putty.org/

3. To check if there is connection via the port 22, open the PuTTy program, configure it as follows and connect to it.

If the following window opens and, after writing keonn and press ENTER, this messages appears, there is connection via the port 22:

4. To obtain the password for the keonn user, please follow this section.

5. Close the PuTTy session opened on point 3.

Stop here until you have the password for the keonn user. 

6. Open the PuTTy program and follow the next steps:

1. On the category section, go to SSH and then to Tunnels.

2. First set all the parameters in red.

3. Click in the Add button.

4. On the category section, go to Session and click on the Save button.

5. Click in the Open button. A new window will appear, writte keonn, press ENTER and then write the password provided by Keonn Support (no character or letter or dots will appear on the screen while writting the password)

7. Open a web browser on http://localhost:8081 and AdvanNet Manager will appear.

When closing the PuTTY window, the connection will be closed and the page at http://localhost:8081 will not be accessible until another PuTTY connection is made. 

Remote Guest

A very important feature of this service is the possibility to add a guest from another account to your network, for example, adding a Keonn User to your network to perform an update or a configuration update.

To do so, follow the next steps:

Network for the Guest to connect

For a Guest to connect, it needs a Network ID and the password of a network.

1. First, identify the network to use. Make sure there is at least one free slot in the network. Otherwise, you will not be able to add any new Guest:

In this case, there are some free slots. The number of the total slots available will depend on your LogMeIn Subscription (Free, Standard...).

2. Then, click Edit:

3. After clicking in Edit, the Network ID will appear (e.g. 123-456-789):

4. It is highly advised to set a password for a network:

5. Make sure your Guest has permissions to see the rest of the members of the network:

5.1. If your network type is Mesh or Gateway, you do not need to do anything else.

5.2. If your network type is Hub-and-spoke, make sure the Guest is a hub:

Configure the Guest

When the owner of the network wants a user from another account to connect to their network, for example, to allow Keonn personnel to check a reader/system, the owner of the network will have to send Keonn the Network ID and password obtain in the last section.

After a user from another account is connected to the owner's network, the new user will appear as a Guest.

Downloads