IPsec Commands

Options authentication-method

Specify the authentication method that will be used between VPN peers to authenticate the VPN tunnel.

Data Options:

zShared Secret—A text-based secret that is used to authenticate the IPsec tunnel (case sensitive).

zRSA Signature—RSA signatures are used to authenticate the IPsec tunnel. When using this authentication method, you must download the IPsec RSA public key to the IOLAN and upload the IPsec RSA public key from the IOLAN to the VPN gateway.

zX.509 Certificate—X.509 certificates are used to authenticate the IPsec tunnel. When using this authentication method, you must include the signing authority’s certificate information in the SSL/TLS CA list and download it to the IOLAN.

The default is shared secret.

boot-action

Determines the state of the VPN network when the IOLAN is booted.

zStart—Starts the VPN network, initiating communication to the remote VPN.

zAdd—Adds the VPN network, but doesn’t initiate a connection to the remote VPN.

zIgnore—Maintains the VPN network configuration, but the VPN network is not started and cannot be started through the IPsec command option.

When defining peer VPN gateways, one side should be defined as Start (initiate) and the other as Add (listen). It is invalid to define both gateways as Add. VPN connection time can take longer when both gateways are set to Start, as both sides will attempt to initiate the same VPN connection.

The default is start.

local-device

When the VPN tunnel is established, one side of the tunnel is designated as Right and the other as Left. You are configuring the IOLAN-side of the VPN tunnel. The default is left.

local-external-ip-address

When NAT Traversal (NAT_T) is enabled, this is IOLAN’s external IPv4 or IPv6 address or FQDN. When the IOLAN is behind a NAT router, this will be its public IP address.

local-host-nextwork

The IPv4 or IPv6 address of a specific host, or the network address that the IOLAN will provide a VPN connection to.

local-ip-address

The IPv4 or IPv6 address or FQDN of the IOLAN. You can specify %defaultroute when the IP address of the IOLAN is not always known (for example, when it gets its IP address from DHCP). When %defaultroute is used, a default gateway must be configured in the route table.

local-next-hop

The IPv4 or IPv6 address of the router/gateway that will forward data packets to the remote VPN (if required). The router/gateway must reside on the same subnet at the IOLAN. Leave this parameter blank if you want to use the Default Gateway configured in the IOLAN.

Network Commands 113

Page 116 Page 118
Page 117
Image 117
Perle Systems CSS manual Options authentication-method, Data Options, Boot-action, Local-device, Local-external-ip-address
Page 116 Page 118

CSS specifications

Perle Systems, a well-established provider of networking and IoT solutions, offers the innovative Perle CSS (ClearSky Services) platform, designed to facilitate efficient and secure device management. This powerful solution aims to address the challenges of managing a diverse range of devices connected to the Internet, particularly in enterprise, industrial, and M2M (Machine-to-Machine) environments.

One of the main features of the Perle CSS is its robust device management capabilities. Administrators can remotely monitor, configure, and control devices in real-time. This means that troubleshooting can be conducted without the need for physical access, significantly reducing operational downtime. Additionally, the platform supports bulk provisioning, allowing organizations to onboard multiple devices simultaneously, which streamlines the deployment process.

Another notable feature is its security architecture. Perle Systems has integrated advanced security protocols to ensure the integrity and confidentiality of data transmitted between devices. The use of virtual private networks (VPNs), secure socket layer (SSL) encryption, and secure shell (SSH) protocols ensures that sensitive information remains protected from unauthorized access while in transit.

The Perle CSS also stands out for its compatibility with various communication protocols, including MQTT, RESTful APIs, and others. This interoperability allows organizations to integrate the CSS platform seamlessly with their existing systems, facilitating efficient data exchange and interoperability between different devices and applications.

Moreover, Perle CSS adopts a cloud-based architecture, which provides users with the flexibility to access device information from any location. This cloud integration enhances scalability, allowing businesses to expand their network capabilities without the need for extensive infrastructure investments.

The platform's user-friendly interface simplifies navigation, allowing users to manage devices effectively without requiring extensive technical expertise. With customizable dashboards and real-time analytics, administrators can gain valuable insights into device performance, network status, and usage patterns.

In summary, Perle Systems' CSS offers a comprehensive solution for managing connected devices in a secure and efficient manner. Its key features, including robust device management, advanced security, protocol compatibility, and a cloud-based architecture make it an ideal choice for enterprises looking to enhance their IoT capabilities and streamline operations in an increasingly connected world.
Top Page Image Contents