beautypg.com

Section 36.1.6 – Westermo RedFox Series User Manual

Page 849

background image

Westermo OS Management Guide

Version 4.17.0-0

and off by measuring its usefulness (if the data transmitted is determined to
already be sufficiently compressed, additional LZO compression is disabled).
Default setting is ”compression adaptive”, i.e., compression is enabled in
adaptive mode.

Note

As of WeOS v4.17.0, the compression setting at the VPN client and VPN
server must match.

36.1.6

Related settings

An SSL tunnel is represented as a network interface in WeOS, and can be config-
ured for routing, NAT and Firewall as other network interfaces. Additional hints
on routing and firewall/NAT settings when using SSL VPNs are provided in the
following sections.

36.1.6.1

Routing and SSL VPNs

In HOST-NET setups (

fig. 36.1

, the VPN server typically pushes routing information

for relevant IP subnets to the VPN clients during tunnel establishment (see also

section 36.1.3.3

).

Below some other aspects of routing and SSL VPNs are listed:

❼ Blackhole routes: To ensure that traffic intended to be sent encrypted via

your SSL tunnel is dropped by your VPN client or server when the tunnel is
down, you can use blackhole routes (

section 26.1.4.3

). An example for Alice

in

fig. 36.2

is shown below, but a similar configuration can be used at the

VPN client (Bob).

Example

alice:/config/#> ip
alice:/config/ip/#> route 10.0.0.0/16 null0 200
alice:/config/ip/#> leave
Configuration activated.

Remember "copy run start" to save to flash (NVRAM).

alice:/#>

❼ Routing in NET-NET use case: In the NET-NET setup shown in

fig. 36.2

there

are some different alternatives for Alice and Bob to learn about the routes
available at the peer side.

➞ 2015 Westermo Teleindustri AB

849

This manual is related to the following products:
See also other documents in the category Westermo Equipment: