Administration

UCX Administration
Support – Remote Access
IMPORTANT

To allow the VPN connection to be established, the UCX system must be able to communicate with our server (remote.emetrotel.org) using the TCP port 1194.

IMPORTANT

The remote access server assigns virtual IP addresses ranging from 10.80.0.0 to 10.95.255.255 (10.80.0.0/12) to remote systems. To avoid IP address conflicts, do not use IP addresses in the same range for your UCX system.

Description

The UCX remote access feature allows support of UCX systems remotely, without requiring opening ports on the customer premises firewall. Access is provided by a centralized OpenVPN server, secured by client certificates on the UCX system as well as the connecting PC. Once you have configured Remote Access on your UCX system, you can leverage the VPN connection to access additional devices that are connected via the same internal LAN environment, such as DSM16 modules or cards.

To use the remote access package, you need to have OpenVPN installed on your PC or Mac computer. Additionally, you need to register the UCX system for remote access.

Please contact E-MetroTel support ([email protected]) to request a user or partner account to access the feature.

For step by step instruction on installing OpenVPN and using the Remote Access feature, login to the Partner Portal, go to Support -> VPN Services -> VPN Help.

User Accounts

User accounts are for your companies’ UCX installers and support personnel. They can use these accounts to create PC and Mac certificates, register UCX systems, and login to the remote VPN network. 

A user account cannot be used to manage or delete certificates created by another account and/or to de-register or re-register UCX systems registered by another account.  Please contact your E-MetroTel partner account holder if you need further access.

Partner Accounts

Partner accounts are assigned to one or more individuals in an E-MetroTel partner company. As with user accounts, partner accounts can create and manage their own PC, Mac, and UCX certificates, and log onto the remote network.

Additionally, partner accounts can be used to manage certificates created by another partner or user account in their own company.

Prerequisites

  • You have a Remote Access user or partner account provided by E-MetroTel.
  • You have OpenVPN installed on your computer.
  • You have created and installed the VPN certificate on your computer.

Remote Access Registration

To register your UCX for remote access, perform the following steps:

  1. From the Support tab, select Remote Access
    UCX70UVPNRegistrationEmpty.png
  2. Enter your remote access account Email and Password
  3. Provide a Description for the UCX system that you are registering
  4. Press the Register button
    UCX70VPNRegistionComplete.png
  5. After registration is complete, remote access is deactivated (stopped) by default
  6. Proceed to the next section to activate remote access

To Un-register your UCX for remote access, perform the following steps:

  1. From the Support tab, select Remote Access
    UCX70UnregisterStart.png
  2. Enter your remote access account Password
  3. Press the Unregister button
    UCX70VPNUnregisterComplete.png

Remote Access Activation

From the Remote Access page, press the Start button located at the top left corner of the Remote Access page.
When remote access is active, the IP Address field will show the virtual address for this UCX system. Provide this address when requesting support for your UCX system.

UCX70VPNStarted.png

To stop remote access, press the Stop button.

UCX70VPNStopped.png

Remote Support Toggle Feature Code

The Remote Support Toggle feature code can be used to Enable or Disable remote access from a phone. The feature code and password is configurable in the Feature Codes page.

Assuming the default values are used:

  1. From any phone connected to the UCX system, dial the feature code *48
  2. A message will be played back indicating the status of Remote Support, i.e. Enabled or Disabled
  3. You will be prompted to enter the Remote Support Password 829 to toggle the status

Add New Remote Host

The Remote Access functionality allows you to connect securely to other devices within the same LAN environment as the UCX system. For example, if you have DSM16 modules or cards connected to the UCX, you can add their IP address as a new remote host, and the UCX will allow you to connect to that device using specific port numbers.

UCX70VPNRemoteAccessRunning1.png

For example, if the IP Address of the DSM16 is 192.168.1.199, you would configure the remote host to support port 443 (for web access) and port 22 (for ssh access) as follows:

  1. Click on New Remote Host.
    UCX70VPNNewRemoteHost.png
  2. Enter the IP Address of the device (192.168.1.199), the Port(s) that you will want to use for connections (typically 443 and 22), and a Description (i.e. DSM16 #1). Then click Create.
    UCX70VPNNewRemoteHostData.png
  3. It will now appear in a list along with any additional Remote Hosts you create.
    UCX70VPNNewRemoteHostCreated.png
  4. Click Cancel to see the list this entry as well as any other Remote Hosts you have created.
    UCX70VPNNewRemoteHotListd.png

Using Remote Host to Connect to another Device

  1. In the Remote Host list, click on Connect in the row corresponding to the device you need to access.
    UCX70VPNNewRemoteHostConnected.png
  2. Click on the numbered link next to the port number you wish to use to connect. For example, to connect to the Administration page for the “DSM16 #1”, click on 8001
  3. A new tab will appear in your browser, showing the IP address of the UCX and the port number used to connect to the device.
    RemoteAccessHostConnected.png

 

Contents