Section 36.1.3.2 – Westermo RedFox Series User Manual

Westermo OS Management Guide

Version 4.17.0-0

Note

As of WeOS v4.17.0, the layer-2 SSL interfaces can not be added to VLANs,
i.e., it is not yet possible to bridge traffic between the SSL tunnel and the
Ethernet or DSL ports on your WeOS unit. Such support is planned, but not
yet implemented.

Below is an example of configuring the SSL interface type to layer-2 at Alice in

fig. 36.2

.

Example

alice:/config/#> tunnel
alice:/config/tunnel/#> ssl 0
alice:/config/tunnel/ssl-0/#> type layer2
alice:/config/tunnel/ssl-0/#> leave
alice:/#>

36.1.3.2

IP address and other SSL interface settings

In WeOS, the SSL VPN server (Alice) will always have a statically assigned ad-
dress, while the SSL client (Bob) can either be assigned his SSL address stati-
cally or acquire it dynamically as part of the SSL tunnel establishment. Similar
to other network interfaces, it is also possible to assign secondary IP addresses
(

section 19.2.5

) to SSL interfaces.

❼ Static IP addresses: By default SSL interfaces are configured for static IP

address assignment, but without any address defined. An example for Alice
in

fig. 36.1

is shown below.

Example

alice:/config/#> iface ssl0
alice:/config/iface-ssl0/#> inet static
alice:/config/iface-ssl0/#> address 10.0.2.1/24
alice:/config/iface-ssl0/#> leave
alice:/#>

❼ Dynamic IP addresses: Alice could hand out addresses dynamically to Bob

and other SSL clients. To do this she should define the address pool to assign
addresses from, see below

840

➞ 2015 Westermo Teleindustri AB