set vpn

remote_vpn_endpoint=(fqdnip address}

The IP address or hostname of the peer with which the VPN connection is established.

remote_tunnel_addr=ip address remote_tunnel_mask=subnet mask remote_tunnel_range=ip address-ip address

These options specify the routes required to access clients on the remote network. They also specify the remote peers that local clients are allowed to connect to. The remote network specifies the private network to which the remote VPN endpoint is connected.

local_tunnel_addr=ip address local_tunnel_mask=subnet mask local_tunnel_range=ip address-ip address

These options specify the routes required to access clients on the local network. They also specify the clients that are allowed to access the remote clients through the VPN tunnel. Typically, the local network specifies the same network and subnet connected to the Digi Cellular device's Ethernet port. Thus, any client on the same network will be able to communicate over the VPN tunnel.

[manually-keyed options]

These options are for VPN manually-keyed VPN tunnels. To properly configure a manual-keyed tunnel, the following settings are required to be set as specified by the remote VPN server. This includes the local and remote network settings that handle the routing between the local and remote peers. It also includes the security settings for both incoming and outgoing traffic, which may be different from each other, depending on the implementation of the remote VPN server. Incoming or inbound traffic is defined as any traffic sent from a remote peer on the remote network of the remote VPN endpoint to a local peer on the local network. Outgoing or outbound traffic is defined as any traffic sent from a local peer to a remote peer.

mode=manually-keyed

Indicates that the settings are for a manually-keyed VPN tunnel. Manually-keyed tunnels specify the tunnel and security settings manually. These settings must match the settings of the remote VPN endpoint.

inbound_spi=256 - 2^32

The Security Parameter Index (SPI) for inbound traffic.The SPI defines the unique index for a tunnel used to identify the security settings for IPSec. The SPI is a 32-bit unsigned value that must not be less than 256.

234

Chapter 2 Command Descriptions

Page 234
Image 234
Digi 90000566_H Remotevpnendpoint=fqdnip address, Manually-keyed options, Mode=manually-keyed, Inboundspi=256