This article describes how to set up your Ewon so your LAN devices can get access to the Internet through it.
The procedure is explained in the case of a Cosy, but it is also applicable for the Flexy.
APPLICABLE PRODUCTS
Ewon Flexy, Ewon Cosy
PRE-REQUISITES
Have an access (locally or remotely) to your Ewon and its web user interface.
IN THIS ARTICLE
INTRODUCTION
In a typical Ewon Cosy installation, all communication through the Cosy occurs within an
encrypted VPN tunnel. This restriction prevents the remote user from reaching any device
not connected directly to the Cosy’s LAN. This restriction also prevents devices on the Cosy’s
LAN from reaching the internet.
In applications where a device on the Cosy’s LAN needs internet access, the Cosy can be
configured to act as a gateway and allow traffic from its LAN network to its WAN network.
For example, a PC on a machine might need to reach the internet to send status or alarm
notification emails. The Cosy can be configured to act as a gateway for the PC and allow it to
reach the internet.
Note :
The internet requests to and from the device behind the Cosy will not travel through the
VPN tunnel. As a result, if your network has a strict firewall that prevents traffic outside the
VPN tunnel, you will need to work with your IT manager.
CONFIGURE THE EWON
Use the Tabular edition tool to modify the required COM parameters on your Cosy. The
Tabular addition tool is accessible from Setup > System > Storage > Tabular edition
To modify a parameter, double click on a parameter’s value and enter the new value.
Click the Save button to save your changes.
Set the following parameters :
- NatItf = 2 (NAT and TF on WAN)
- VPNRedirect = 0 (Allow traffic outside the VPN tunnel)
- FwrdToWAN = 1 (Forward LAN traffic to WAN)
If you use a Cosy+ 4G EU model, you must also set another parameter :
- ModemMtu = 1500
Once you have set the parameters, reboot the Cosy to apply the changes.
(Alternatively, these parameters can be added to a comcfg.txt file and applied to the Cosy by
SD card or USB drive.)
LAN DEVICES CONFIGURATION
Your NAT and TF settings on the Cosy are now set to “NAT and TF on WAN”.
This configuration turns off the Plug'n Route (NAT on LAN) feature of the Cosy.
You will need to make sure that all Ethernet devices on the Cosy’s LAN network have the
Cosy’s LAN IP address as their gateway address. If you do not take this step, you will not be
able to reach those devices through your VPN connection.
Additional configuration steps are required for the device that needs to access the internet.
In addition to setting its gateway to the Cosy’s LAN IP address, you must specify a valid DNS
server. The DNS server can either be the DNS server you specified when you configured your
Cosy's WAN settings or can be a public DNS server.
LAN DHCP Server
LAN DHCP Server can also be enabled on your Ewon device :
For Flexy and Cosy131, this must be configured through the following COM parameters :
| Parameter | Description |
|---|---|
| LANDHCPSEnable | 1 : Enable DHCP Server 0 : Disable DHCP Server (Default) |
| LANDHCPSStartIP | Start IP address of the Dynamic IP address pool (Default = 0.0.0.0). Must be in the eWON LAN range |
| LANDHCPSEndIP | End IP address of the Dynamic IP address pool (Default = 0.0.0.0) |
| LANDHCPSLogLevel | Log level of the DHCP server (0, 1 or 2). (Default: 0) |
| LANDHCPSDns1 | Primary DNS IP address for DHCP Clients. If firmware < 12.x, do not set Ewon LAN IP. Use public or corporate DNS. |
| LANDHCPSDns2 | Secondary DNS IP address for DHCP Clients. Same note as above. |
If you want to use the Ewon LAN IP as DNS Server for your LAN devices, make sure you enable the extra parameter "DNSREnabled".
For Cosy+, there is a web interface that offers an convenient way to configure the LAN DHCP server :