Section 36.1.3.2 – Westermo RedFox Series User Manual
Page 840

Westermo OS Management Guide
Version 4.17.0-0
Note
As of WeOS v4.17.0, the layer-2 SSL interfaces can not be added to VLANs,
i.e., it is not yet possible to bridge traffic between the SSL tunnel and the
Ethernet or DSL ports on your WeOS unit. Such support is planned, but not
yet implemented.
Below is an example of configuring the SSL interface type to layer-2 at Alice in
Example
alice:/config/#> tunnel
alice:/config/tunnel/#> ssl 0
alice:/config/tunnel/ssl-0/#> type layer2
alice:/config/tunnel/ssl-0/#> leave
alice:/#>
36.1.3.2
IP address and other SSL interface settings
In WeOS, the SSL VPN server (Alice) will always have a statically assigned ad-
dress, while the SSL client (Bob) can either be assigned his SSL address stati-
cally or acquire it dynamically as part of the SSL tunnel establishment. Similar
to other network interfaces, it is also possible to assign secondary IP addresses
(
) to SSL interfaces.
❼ Static IP addresses: By default SSL interfaces are configured for static IP
address assignment, but without any address defined. An example for Alice
in
is shown below.
Example
alice:/config/#> iface ssl0
alice:/config/iface-ssl0/#> inet static
alice:/config/iface-ssl0/#> address 10.0.2.1/24
alice:/config/iface-ssl0/#> leave
alice:/#>
❼ Dynamic IP addresses: Alice could hand out addresses dynamically to Bob
and other SSL clients. To do this she should define the address pool to assign
addresses from, see below
840
➞ 2015 Westermo Teleindustri AB