beautypg.com

Section 36.1.5 – Westermo RedFox Series User Manual

Page 848

background image

Westermo OS Management Guide

Version 4.17.0-0

Example

alice:/#> cert import ovpn type key label mylabel ftp://192.168.2.10/ta-example.key
Downloading ta-example.key from ftp://192.168.2.10...
Connecting to 192.168.2.10:21 (192.168.2.10:21)
ta-example.key

100% |*******************************|

636

0:00:00 ETA

Importing certificate mylabel...
OK
alice:/#>

An imported key label is referred from the tunnel configuration, and there is an
optional direction setting that can be used together with the key.

The key direction setting is either “0” or “1”, and if it is used, the opposite sides
of the tunnel need to have different settings for this parameter.

Commonly “0” is used on the server side, and “1” for the client side, but the
opposite will also work. A specific key direction is optional, the default is to have
the key work in both directions (bi-directional).

Example

alice:/config/#> tunnel
alice:/config/tunnel/#> ssl 0
alice:/config/tunnel/ssl-0/#> tls-auth label mylabel direction 0
alice:/config/tunnel/ssl-0/#> leave
Configuration activated.

Remember "copy run start" to save to flash (NVRAM).

alice:/#>

36.1.5

Other SSL tunnel settings

WeOS provides some additional SSL VPN settings:

Keepalive: The ”keepalive” setting is used (1) to keep session state in

intermediate firewalls and NAT gateways (”ping” messages are send at a
configurable interval when no data is transmitted), and (2) to restart the
tunnel if the connection has gone down or if the server domain name re-
solves to a new IP address. Thus the keepalive setting also resembles a
dead-peer-detection mechanism. Default is to send ”pings” at a 10 second
interval, and to restart the tunnel (including DNS lookup) after 60 seconds
if no response is received. The setting at the VPN server is pushed to the
connecting VPN clients.

Data compression: WeOS supports LZO compression for the SSL tunnel.

When LZO compression is enabled, you can select to always compress or
you set the ”adaptive” mode when compression is dynamically turned on

848

➞ 2015 Westermo Teleindustri AB

This manual is related to the following products:
See also other documents in the category Westermo Equipment: