Section 36.1.3 – Westermo RedFox Series User Manual
Page 839
Westermo OS Management Guide
Version 4.17.0-0
36.1.3
SSL Network Settings
For the SSL tunnel, Alice and Bob will have an SSL network interface (with names
such as ssl0), which can be assigned an IP address, and be used as other network
interfaces when it comes to routing and firewall settings, etc. The SSL interface
can either be a layer-2 or layer-3 interface, see
for more infor-
mation.
Multiple clients (Bob and Dave) can connect to the same server. The clients and
the server forms a virtual subnet topology
❼ IP assignment: Alice, Bob, and Dave will each have an IP address within
this virtual subnet. See
for information on how to assign
IP addresses at the server and client side. That section also touches upon
related settings, such as domain name server and IP routes.
❼ Client to client communication: It is possible for two SSL clients to commu-
nicate with each other. This is enabled by default, see
for
more information.
36.1.3.1
Selecting layer-2 or layer-3 VPN interfaces
The SSL network interface can either be a layer-3 interface or a layer-2 interface.
❼ Layer-3 interface (IP): By default, WeOS SSL tunnels have layer-3 interfaces.
This simplifies setting up a HOST-NET solution (see
) with the WeOS
unit as SSL VPN Gateway, since many SSL VPN clients use layer-3 interfaces
by default.
❼ Layer-2 interface (LAN): Layer-2 SSL interfaces have MAC addresses, just
like other LAN interfaces in WeOS. As of WeOS v4.17.0 layer-2 is the rec-
ommended interface type when using SSL in NET-NET setups (see
Dynamic routing protocols such as OSPF (
and RIP
can be used on layer-2 SSL interfaces.
2
Although other topologies are possible for layer-3 SSL interfaces, current WeOS support is lim-
ited to the subnet topology. For more information on other possible SSL topologies not yet sup-
ported by WeOS (p2p and net30), see
➞ 2015 Westermo Teleindustri AB
839