Chapter 6
Advanced Features
6.10 Connection Options
Options list The connection options alter the behaviour of the VPN network. Options to be applied to Connections are stored in named Option Lists. An Option List contains the following options:
Option | Keyword | Description |
|
|
|
IPSec routing mode | routed | Selects routed or |
|
|
|
Virtual interface | virtual_if | Defines the Virtual Interface for a |
|
| connection. |
|
|
|
DF bit | force_df | Selects treatment of Don’t Fragment bit |
|
|
|
Minimal MTU | min_mtu | Minimal value for MTU. |
|
|
|
Add route | add_route | Enables or disables automatic addition of |
|
| routes to the routing table. |
|
|
|
IPSec routing mode | This parameter has two possible settings: routed and |
[routed] | Routed mode means that the packets are routed to the IPSec interface. This is the |
| |
| preferred mode of operation, which is valid for all possible scenarios. |
| |
| implementations. In the present release, it is recommended to not use the non- |
| routed mode, because some scenarios are not supported in this mode. |
Virtual interface The SpeedTouch™ uses the concept of a Virtual Interface to implement the IPSec processing. By default, the IPSec module uses the Virtual Interface, named ipsec0. This interface is automatically created when IPSec is enabled.
Firewall rules for example, can be attached to virtual interfaces.
In most cases, the use of the default ipsec0 virtual interface is sufficient. Only in some very specific occasions, it may be useful to create an additional virtual interface for IPSec. For example, if you want to apply different firewall rules to different IPSec tunnels, an additional Virtual Interface can be created in the Connection Options list.
virtual_if
Possible values
A string value, containing the name of the Virtual interface
A typical situation where multiple IPSec virtual interfaces might be needed, is the VPN hub and spoke model.
207 | |
|
