Networking Category
Table of Contents
-
Contents of Networking
Networking
Networking Questions and Answers
Activa or CAW not using VPN DNS
Under some circumstances Microsoft Windows will continue to use your primary connection's DNS server. This is first noticeable when the teller or caw is online, but not reporting to the SOC. From the command-line, run ping soc to see what it is resolving to. If it does not resolve to the correct server, then follow the directions below to force it to use the Intelio VPN's DNS server.
Correct VPN DNS IP addresses for each VPN segment:
| IntelioEdge |
172.16.1.254 |
| Sheetz |
172.16.1.254 |
| SegmentTen |
10.16.1.254 |
- Open the Control Panel.
- Double-click on Network Connections.
- Right-click on Intelio VPN.
- Left-click on Properties.
- Scroll Internet Protocol (TCP/IP), left-click it, then click on the Properties button.
- Click the radio button next to Use the following DNS server addresses.
- Enter the IP address from the table above into the Preferred DNS server field.
- Click the OK button, click the next OK button, and close the Network Connections window.
The effect should be immediate.
Adam Fanello
Internet Service Q&A
Intelio products and services require an always-on secure connection to the Internet from your car wash locations. There are several options, and this article provides some guidance in the form of questions and answers.
Why is Internet access required?
The Internet connection is used to:
- Process credit cards.
- Report wash activity and status. (For WashMax Maintain, Manage, and Market products.)
- Process marketing programs. (For WashMax Market.)
- Provide software updates with security patches, bug fixes, and new features. This help you meet your PCI-DSS compliance requirements.
- Provide technical support. Our technicians can remotely assist you and fix problems.
Is it secure?
Yes! Each Intelio provided computer has a unique key that it uses to connect to our Virtual Private Network (VPN) over an encrypted connection. Each system can only communicate with our servers, which are also secured, and not other locations. Our servers and network meets or exceeds all PCI requirements.
Please see the WashMax PCI Implementation Guide for details on how to implement your car wash site in a secure, compliant way.
Can I use a DSL connection?
Yes, this is the most popular option. Any speed DSL line will do, although a faster connection will allow for quicker software updates and technical support. The line may be "dry", meaning that it only includes Internet access and not a phone line.
Make sure that you receive or buy a quality DSL modem. Some low-end modems are not reliable and you'll find yourself frequently having to reset them to restore service. You do not need a static IP address, although there is no harm if that is the only option. Whether dynamic or static though, the public IP may only be held by the router and not be assigned to equipment. PCI-DSS compliance requires that a hardware firewall be used, including placing of all devices on a Local Area Network (LAN) behind a router.
Can I use a cable connection?
Yes, this is an excellent option due to it's high bandwidth and reliability. You do not need any special options like a business line or static IPs. However, you must add a network router behind the cable modem to provide a secure Local Area Network (LAN) for the equipment.
Can I use a satellite connection?
Yes, although this is not the optimal choice. Satellite Internet has a high latency and low upstream bandwidth, which makes for slow credit card processing and technical support services. Satellite dishes are also easily knocked out of alignment by weather, causing loss of service. That said, several Intelio customers do successfully use satellite services
Can I use Hughes Satellite service?
Hughes Satellite internet services block Intelio's VPN, and so have to be dealt with differently. Instead of the Intelio equipment connecting to Intelio's network, our servers must connect to your Hughes provided network. This requires that you provide Intelio with a special network client hardware device (similar to the one in your stores) to be installed in our server farm. Due to the complexity, overhead, and cost of this solution, it is subject to a minimum order with Intelio. Please consult with your sales representative.
Can I use a cellular data connection?
Yes, although it is sometimes tricky to make it work reliably. You must use a cellular router, which provides a Local Area Connection (LAN) behind the cellular data connection. A simple USB device intended for a single computer is not acceptable, as it does not provide a hardware firewall (routers have built-in firewalls). A cellular hot-spot (Wi-Fi) is also unacceptable due to weaker security of Wi-Fi.
That said, a cellular data router, in a location with a strong signal and an unlimited data plan, is a workable option. If you suffer from frequent loss of service or long credit card authorization delays, you may need to explore another option. Technical support may also be a frustrating experience due to the low bandwidth of most cellular plans.
Can I use a dial-up connection?
Although Intelio strongly recommends a broadband (DSL or cable) connection, this is simply not available in some rural locations. What is truly required is an always-on connection that multiple systems can use (router) and firewall. This can be achieved with a dial-up connection (still available throughout the U.S. from Earthlink, AT&T, and a few others) and a 3Com OfficeConnect 56k LAN Modem (model 3C886A-US). Other hardware may also be available, but this 3Com model is known to work with Intelio's network.
Can I share my Internet connection with other equipment?
Yes, but please make sure that you have sufficient bandwidth with your service to run all the equipment that you have on it, and ensure that you are not compromising the security of your network. Sharing with the store manager's office computer is generally fine, as this system is physically secure and bandwidth use is low. Sharing with a public Wi-Fi for customers is not an option, as this compromises the security of your network and makes it not PCI-DSS compliant.
A popular device, which sometimes causes trouble, is a video security system. These are also called DVRs, although unlike the DVR on your home TV, it records from security cameras. These can share an Internet connection with Intelio equipment, provided that you have a high-bandwidth connection. Often times people will stream video from a store's DVR over a low-speed DSL connection. This will use up all available bandwidth leaving nothing for your car wash operations. Tips:
- Check with your DVR and Internet providers; ensure that the maximum bandwidth used when streaming video is well less than the the guaranteed minimum level of service of your Internet connection.
- Place your car wash related devices on their own router, connected to the store's main router. This ensures that the car wash devices can communicate with each other without competing with DVR data.
Adam Fanello
Updating Distributor VPN key with IP for new Data Center
Intelio has moved servers to a new data center. In order to connect to the Intelio VPN, you must modify the key on your computer.
Short instructions:
Edit the file C:\Program Files\OpenVPN\config\*.ovpn. Find 64.79.169.197 and change it to 209.11.249.195.
Long instructions:
- Click on the START button and then click My Computer.
- Double-click on the C: drive.
- Double-click on the Program Files folder.
- Double-click on the OpenVPN folder.
- Double-click on the config folder.
- Right-click on the file OpenVPN Config File (your name.ovpn)
- Select Open With...
- Click on WordPad.
- If WordPad isn't shown, click on Choose Program and select WordPad from there.
- On the 7th line, you'll find the line starting with "remote 64.79.169.197".
- Change the numbers to 209.11.249.195. Leave "remote" and the number at the end of the line in place.
- Close WordPad and save the change.
Restart your OpenVPN connection. On some systems, you may need to reboot your computer.
Note for Windows Vista/7:
You may not be able to save the changes in place with WordPad. In this case, drag the *.ovpn file to the desktop, edit it there, and then drag it back to the OpenVPN\config folder.
Adam Fanello
Updating node VPN key with IP for new Data Center
Intelio moved servers to a new data center on July 11, 2011. Any system that was offline for the few days leading up to the migration does not have the new IP needed to connect to the Intelio VPN, you must modify by someone on site.
Short instructions:
Edit the file C:\Program Files\OpenVPN\config\*.ovpn. Find 64.79.169.197 and change it to 209.11.249.195.
Long instructions:
- Click on the START button and then click My Computer.
- Double-click on the C: drive.
- Double-click on the Program Files folder.
- Double-click on the OpenVPN folder.
- Double-click on the config folder.
- Right-click on the file OpenVPN Config File (<node name>.ovpn or <node-type>_configme.ovpn)
- Select Open With...
- Click on WordPad.
- If WordPad isn't shown, click on Choose Program and select WordPad from there.
- On the 7th line, you'll find the line starting with "remote 64.79.169.197".
- Change the numbers to 209.11.249.195. Leave "remote" and the number at the end of the line in place.
- Close WordPad and save the change.
Restart the OpenVPN connection by rebooting or restarting the Windows Service.
To restart the OpenVPN service:
- Click on the START button and then click Control Panel.
- Double click on Administration Tools.
- Double click on Services.
- Scroll down and click on the OpenVPN Service line.
- Click the Restart button on the control panel. (Looks like a square followed by a triangle.)
Adam Fanello
What IP and port do I need to allow my firewall to route for Intelio products?
All Intelio products deployed to customer sites communicate with Intelio servers via a VPN tunneled through the Internet. In order to do this, they need to be connected to an IP network that has access to the VPN server. The connection is always established from the car wash site to the VPN server; no inbound connections are used.
Simply put, the car wash site's network needs access to:
Additionally, sites that use Intelio to process credit cards need to have access to the credit card processing gateway or host. The most common gateway is Authorize.Net. In this case, the network also needs access to:
More Details:
Source: Intelio node
Destination: 209.11.249.195
Port: 2372
Protocol: UDP
Reason: OpenVPN connection for 172.18.x.x network.
Source: Intelio node
Destination: 209.11.249.195
Port: 2373
Protocol: UDP
Reason: OpenVPN connection for 172.19.x.x network.
Source: Intelio node
Destination: 209.11.249.195
Port: 2374
Protocol: UDP
Reason: OpenVPN connection for initial configuration (172.30.x.x)
Source: Intelio node
Destination: 209.11.249.195
Port: 2375
Protocol: UDP
Reason: OpenVPN connection for 10.0.x.x network. (For customers that use a 172.x.x.x network internally.)
Source: Intelio node
Destination: Credit Card Authorizer - 64.94.118.65 for Authorize.net
Port: 443
Protocol: SSL/HTTP (aka:https)
Reason: Processing credit cards.
Adam Fanello