Example – Westermo RedFox Series User Manual
Page 846
Westermo OS Management Guide
Version 4.17.0-0
Example
alice:/config/#> aaa
alice:/config/aaa/#> remote-server 1
Creating new remote server 1
alice:/config/aaa/remote-server-1/#> address 10.0.0.5
alice:/config/aaa/remote-server-1/#> password str4wb3rry
alice:/config/aaa/remote-server-1/#> end
alice:/config/aaa/#> end
alice:/config/#> tunnel ssl 0
alice:/config/tunnel/ssl-0/#> aaa-method remote-server 1
alice:/config/tunnel/ssl-0/#> leave
Configuration activated.
Remember "copy run start" to save to flash (NVRAM).
alice:/#>
And you also need to setup a RADIUS server (in the example above it is
assumed to be located at 10.0.0.5 as in
and
). An example
is to use a FreeRADIUS server, see
for more
information. Some hints are given below.
Example
In
/etc/freeradius/clients.conf:
client 10.0.0.1
shortname = 10.0.0.1
secret = str4wb3rry
nastype
= other
In
/etc/freeradius/users:
bob
Cleartext-password := "builder"
36.1.4.2
Cipher Suite Settings
To protect the SSL tunnel, you can chose between a set of data encryption and
integrity protection alternatives:
❼ Encryption: WeOS supports various encryption alternatives based on Blow-
fish, DES and AES. Default is Blowfish (BF-CBC).
❼ Message Authentication: WeOS supports SHA1 and MD5 for message au-
thentication (message integrity). Default is SHA1.
The session keys used for encryption and message integrity is derived as part of
the authentication handshake at tunnel establishment. These session keys are
renegotiated at a regular interval, which is controlled by the ”renegotiation-timeout”
setting (default 3600 seconds). The lowest timeout value configured by the client
846
➞ 2015 Westermo Teleindustri AB