Tion 33.1.7, Section 33.1.7, Section 33.1.6 – Westermo RedFox Series User Manual

Page 758

Advertising
background image

Westermo OS Management Guide

Version 4.17.0-0

33.1.6

PPP Encryption Support

WeOS provides support for the Microsoft Point-To-Point Encryption (MPPE) Protocol[

27

]),

either with 40 or 128 bit key lengths. By enabling MPPE you achieve a basic level
of protection of your PPP session. However, to reach a higher level of security
it is recommended to use IPsec VPNs or SSL VPNs (OpenVPN) as described in

chapters 35

and

36

.

Use of MPPE requires that either MS-CHAPv2 or MS-CHAP are used for authenti-
cation, see

section 33.1.5

. MPPE is disabled by default.

33.1.7

IP and PPP network interfaces

Configuration of IP settings of PPP interfaces is handled somewhat differently
as compared to other network interfaces in WeOS. The main reason is that PPP
contains more options related to IP settings.

The following PPP related IP or interface settings are configured in the Modem or
PPPoE contexts . Most important are the local and remote IP address settings:

Local IP address: Your local IP address can either be assigned dynamically

by the peer, or you can assign a static IP address for your PPP interface.

Remote IP address: You can either assign an IP address to your peer, or

accept the peer to use an IP address chosen by itself.

Proxy ARP: A WeOS unit will by default apply proxy ARP to its PPP connec-

tions. With proxy ARP enabled for a PPP connection, the WeOS unit will
check if the PPP peer’s IP address matches any local IP subnet. The unit will
then respond to ARP requests for the peer’s IP address on that local VLAN.

E.g., if the remote PPP address is 10.1.0.10, and this matches the subnet
of the local interface vlan1 with address 10.1.0.2/24, the WeOS unit will
respond to ARP requests for 10.1.0.10 on vlan1.

On demand dialing: PPP interfaces are commonly brought up immediately.

However, in some use cases it is preferred to only have the PPP connection
up when the units are actively sending traffic. The connection is brought up
when there is traffic to be routed through that path, and brought down after
a configurable idle timeout. To get traffic routed through the PPP interface
(and bring it up) you can use a static route. A static 0.0.0.0/0 route to the
PPP interface sets it as default.

758

➞ 2015 Westermo Teleindustri AB

Advertising
This manual is related to the following products:

Wolverine Series, Falcon Series, Viper Series

Popular Brands
Popular manuals