ReliaGATE 20-25

The ReliaGATE 20-25 is a high-performance, LTE ready and Cloud certified Multi-service IoT Edge Gateway for industrial and lightly rugged applications.

ESF Installers

Eurotech provides the esf-reliagate-20-25-systemd ESF distribution for the ReliaGATE 20-25 EL 23.0.0, previous EL versions are not supported by ESF 7.

🚧

Warning

The ufw firewall management service might be enabled by default on some EL23.0.0 Linux image installers, it is recommended to manually disable it for using a ESF installation with network management support with the following command:

systemctl disable ufw

GPS Configuration

The REGATE-20-25-x6 ordering codes provide a dedicated GPS device, in other ordering codes, GPS is provided by internal modem or by external ReliaCELL 10-20 module.
In all cases ESF PositionService default configuration should work out of the box. If the GPS is provided by the modem, then it must be enabled in the network configuration section of ESF Web UI.

Ethernet Configuration

The naming scheme of Ethernet interfaces depends on the Linux image version.
The default configuration of the Ethernet interfaces for a ReliaGATE 20-25 with Eurotech Linux 23 is the following:

Interface NameGateway LabelStatus
enp3s0ETH0Enabled for LAN - Static address 172.16.0.1 with DHCP server
enp4s0ETH1Enabled for WAN - DHCP Client

Wireless Configuration

The ReliaGATE 20-25 has a WiFi interface, named wlp1s0 on Eurotech Linux 23.0.0.
By default, the interface is disabled.

To set the right Regulatory Domain create or edit the file /etc/modprobe.d/cfg80211.conf
with the following content and then reboot the system.

options cfg80211 ieee80211_regdom=<your regulatory domain>

Firewall Configuration

Following the ESF firewall configuration for the ReliaGATE 20-25 EL 23.0.0:

PortProtocolPermitted NetworkPermitted Interface Name
67udp0.0.0.0/0enp3s0
67udp0.0.0.0/0wlp1s0
53udp0.0.0.0/0enp3s0
53udp0.0.0.0/0wlp1s0
443tcp10.234.0.0/16
443tcp0.0.0.0/0enp3s0
4443tcp10.234.0.0/16
4443tcp0.0.0.0/0enp3s0
22tcp10.234.0.0/16
22tcp0.0.0.0/0enp3s0
5353udp0.0.0.0/0enp3s0

Modem Support

The ordering codes from REGATE-20-25-x2 to REGATE-20-25-x5 do not have an internal modem. An external ReliaCELL 10-20 can be added to provide cellular connectivity.
The ordering codes from REGATE-20-25-x7 to REGATE-20-25-x8 have an internal modem.
In all cases modem support should be provided out of the box by ESF.

Journald Persistence

EL 23.0.0 uses in RAM journal

AIDE Intrusion Detection Configuration

The default AIDE configuration from section "AIDE Intrusion Detection" can be applied to this device. An exception must be added if using EL 23.0.0 to avoid false tampering events for the file /etc/timestamp:

NORMAL = p+n+u+g+s+selinux+sha256
/etc NORMAL
/opt NORMAL
!/etc/bind/named.conf
!/etc/resolv.conf
!/etc/adjtime*
!/etc/timestamp

The file /etc/timestamp is used by EverywareLinux 23.0.0 to maintain a backup timestamp, hence it may change during the gateway's lifecycle.

Clock Service

If using EL 23.0.0, in order to be able to use the chrony-advanced option in the clock service configuration, chrony must be manually installed on the system, this is due to the fact that the chrony package conflicts with the ntp package, and the latter is installed by default.
The following command can be used to install the chrony package and uninstall the ntp package:

dnf install --allowerasing chrony chronyc

The chrony service will be managed by ESF, so we recommend to disable the service after installation.

systemctl stop chronyd
systemctl disable chronyd

📘

NTS is not supported by chrony on this platform with EL 23.0.0.

Forward Secure Sealing (FSS)

EL 23.0.0 does not support FSS verification to detect log file tampering.

Watchdog Service

If the watchdog service is enabled it will not be possible to stop it. From the ESF console, if the service gets disabled it will just prevent the watchdog from starting at the next reboot of the system.

Diagnostic Service

📘

rootfs usage alerts after fresh ESF installation

On EL 30.1.0 ESF might produce warning alerts about the rootfs usage, since the occupied space after installation is about 90% of the rootfs partition. You might want to tweak such threshold from the Diagnostic Service configuration to disable the warnings.