To set up a VPN network, the participants must first be created.
The icom Connectivity Suite - VPN is a service of INSYS icom for the simple and secure network connection of locations, plants, control centers and mobile devices via a Virtual Private Network (VPN).
The “devices” of the participants are differentiated between INSYS icom routers with icom OS, with INSYS OS and other third-party devices. These can be PCs, controls, cameras, other routers, etc. that support OpenVPN and are referred to as PC in summary in the icom Connectivity Suite - VPN.
Check your device!
This Configuration Guide only applies for third-party devices (PCs) and not for routers of INSYS icom.
Situation
You need to add a third-party device (PC) as a participant in the icom Connectivity Suite – VPN.
Solution
It is prerequisite that you have Internet access. It is prerequisite that you have an account for the icom Connectivity Suite. Refer to this Configuration Guide to find out how to register an account.
Optionally, you can configure an authentication of the device when connecting to the icom Connectivity Suite - VPN in two levels, password only or password and one-time password (2FA).
Open the portal of the icom Connectivity Suite:
Select your preferred language under Sprache or Language and click on Log in.
Click in the Devices menu on ADD DEVICE and select Service PC / 3rd Party Device.
Enter the following information:
Device Name: enter a name that allows to distinguish the device clearly from other devices.
Licence: select the licence to be used.
Location: [if your account is configured for China VPN,] specify here, whether the router is in the rest of world or in China.
Default monitoring: check this if the availability of the device is to be monitored (refer to Monitoring Devices in the icom Connectivity Suite - VPN for more information).
.png)
Click on NEXT.
Activate OPTIONALLY the checkbox Require password authentication to connect to secure the connection from the third-party device (PC) to the icom Connectivity Suite – VPN by entering a password.
Activate OPTIONALLY the checkbox Activate 2-factor authentication using a time-based one-time password to secure the connection from the third-party device (PC) to the icom Connectivity Suite – VPN by entering a one-time code in addition to entering a password.
Please note!
In both cases, the user of the third-party device (PC) must then be sent an authentication link (on the device details page), which must be opened within 8 hours in order to complete the registration of the device.
After this period has expired, the device must be deleted and added again for a re-registration.
Assign the device to a Group that combines devices with similar functions that share common communication rules.
Please note!
Groups can be added in the classic user interface on the Groups tab. If no groups are entered yet, only the standard group is available. See also this note.
Please note!
The following configuration step must only be specified if you also want to access this third-party device from other VPN devices or if accessing this third-party device via the VPN IP address is not sufficient.
Activate the IPv4 switch and enter the accessible IP address together with the Netmask over which the device is supposed to be accessible in the VPN network.
Please note!
The Netmask determines the size of the network that is made known around the local IP address via routing. It can be entered in long form (255.255.255.0) or CIDR format (/24). If a netmask that differs from the standard (255.255.255.0) is entered, the DHCP server in the device will be disabled.
.png)
Click on CREATE to add the device to the icom Connectivity Suite.
You have added your third-party device (PC) to the icom Connectivity Suite with this.
Configuring the authentication
If you have configured an authentication above, you must proceed as described here to register the device. There are two options:
Configuration of the authentication on an external computer for persons without access to the portal of the icom Connectivity Suite
Configuration of the authentication in the portal of the icom Connectivity Suite
In the first case, you will send the person who is to configure the device for access to the icom Connectivity Suite - VPN a link that enables the configuration. In the second case, you carry out the configuration in the icom Connectivity Suite - VPN yourself.
Configuration of the authentication on an external computer
Select in the Devices menu above added device to open its detail page.
Click on AUTHENICATION LINK to copy the link address to the clipboard.
Send the link to the person who is to configure access.
Have the person open the link within 8 hours to complete the configuration of the authentication. To do this, they must set the password for the connection to the icom Connectivity Suite - VPN. If 2-factor authentication was also required when adding the device, the person must also set this up. To do this, they must scan the QR code with a suitable TOTP app on their cell phone and then enter the code generated by the app. Click on NEXT to complete the configuration of the authentication.
Configuration of the authentication in the portal of the icom Connectivity Suite
Select in the Devices menu above added device to open its detail page.
Click on SETUP CERTIFICATE AND OTP to open the configuration page.
Set the password for the connection to the icom Connectivity Suite - VPN.
If 2-factor authentication was also required when adding the device, scan the CR code with a suitable TOTP app on your mobile phone.
Enter the code generated by the app.
Click NEXT to complete the configuration of the authentication.
Additional Information
This Configuration Guide describes how to configure a Windows PC as third-party device for a connection to the icom Connectivity Suite and establish a connection. Proceed accordingly for other third-party devices.
Troubleshooting
You can verify a successful connection when the Status of the device in the device list in the Devices menu of the icom Connectivity Suite - VPN changes to Online.