Westermo RedFox Series User Manual

Westermo OS Management Guide

Version 4.17.0-0

Example

alice:/config/#> tunnel
alice:/config/tunnel/#> ssl 0
alice:/config/tunnel/ssl-0/#> pool start 10.0.2.100 end 10.0.2.110
alice:/config/tunnel/ssl-0/#> leave
alice:/#>

An optional ”netmask” parameter can be added to the ”pool” command, if
the netmask for the clients should be smaller than the netmask of Alice SSL
interface (set to ”/24” in the example above).

Bob configures his SSL interface for dynamic address assignment:

Example

bob:/config/#> iface ssl0
bob:/config/iface-ssl0/#> inet dynamic
bob:/config/iface-ssl0/#> leave
bob:/#>

36.1.3.3

Other settings assigned by SSL server

The SSL server (Alice) can push the following settings to the client (Bob):

❼ Network route: In the HOST-NET setup (

fig. 36.1

), Alice would typically push

a route to the central office subnet using the ”push-network 10.0.0.0/24”
setting. Up to 10 subnets can be pushed.

❼ Compression setting: The data compression setting (see

section 36.1.5

) at

the server and client must match. Therefore the compression setting at the
Alice is implicitly pushed to Bob. See also

section 36.1.5

.

Bob can decline using these settings offered by Alice, by using the ”no pull”
command. This does not affect Bob’s IP address assignment, which is instead
controlled via interface settings as described in

section 36.1.3.2

.

Note

It is not possible to push routes from client to server. In the NET-NET setup
(

fig. 36.2

) Alice would either configure a static route to Bob’s local network,

or RIP or OSPF to exchange routes dynamically.

➞ 2015 Westermo Teleindustri AB

841