L2TP/IPsec

L2TP/IPsec

Once L2TP/IPsec is enabled, the IOLAN expects all connections to be established through a VPN tunnel. To allows hosts to connect outside of the VPN tunnel, you must configure VPN exceptions, see VPN Exceptions on page 119 for the command syntax.

Set L2TP

Description

User Level Admin

Syntax set l2tp listen-for-l2tp onoff

set l2tp authentication-method shared-secret [secret <text>]

set l2tp authentication-method x.509-certificate remote-validation-criteria [country <code>] [state-province <text>] [locality <text>] [organisation <text>] [organisation-unit <text>] [common-name <text>]

[email <email_addr>]

set l2tp [ipsec-local-ip-address <ipv4_addr>] [local-ip-address <ipv4_addr>] [remote-ipv4-start-address <start_ip>] [remote-ipv4-end-address <end_ip>] [authentication-type papchapboth]

Options listen-for-l2tp

When enabled, allows L2TP/IPsec VPN connections. Note: to allow non-VPN connections to the IOLAN, you must create entries in the VPN Exceptions list. The default is off.

authentication methed shared-secretx.509-certificate

Specify the authentication method that will be used between VPN peers to authenticate the VPN tunnel.

Data Options:

zShared Secret—A text-based secret that is used to authenticate the IPsec tunnel (case sensitive).

zX.509 Certificate—X.509 certificates are used to authenticate the IPsec tunnel. When using this authentication method, you must include the signing authority’s certificate information in the SSL/TLS CA list and download it to the IOLAN.

Default: Shared Secret

secret

When the Authentication Method is Secret, enter the case-sensitive secret word.

Maximum of 16 characters, spaces not allowed. The secret is shared for all IPsec and

L2TP/IPsec tunnels.

remote-validation-criteria

Any values that are entered in the remote validation criteria must match the remote X.509 certificate for a succsessful connection; any fields left blank will not be validated against the remote X.509 certificate. Note that all validation criteria must be configured to match the X.509 certificate. An asterick (*) is valid as a wildcard.

Network Commands 117

Page 120 Page 122
Page 121
Image 121
Perle Systems CSS L2TP/IPsec, Set L2TP, Options listen-for-l2tp, Authentication methed shared-secretx.509-certificate
Page 120 Page 122

CSS specifications

Perle Systems, a well-established provider of networking and IoT solutions, offers the innovative Perle CSS (ClearSky Services) platform, designed to facilitate efficient and secure device management. This powerful solution aims to address the challenges of managing a diverse range of devices connected to the Internet, particularly in enterprise, industrial, and M2M (Machine-to-Machine) environments.

One of the main features of the Perle CSS is its robust device management capabilities. Administrators can remotely monitor, configure, and control devices in real-time. This means that troubleshooting can be conducted without the need for physical access, significantly reducing operational downtime. Additionally, the platform supports bulk provisioning, allowing organizations to onboard multiple devices simultaneously, which streamlines the deployment process.

Another notable feature is its security architecture. Perle Systems has integrated advanced security protocols to ensure the integrity and confidentiality of data transmitted between devices. The use of virtual private networks (VPNs), secure socket layer (SSL) encryption, and secure shell (SSH) protocols ensures that sensitive information remains protected from unauthorized access while in transit.

The Perle CSS also stands out for its compatibility with various communication protocols, including MQTT, RESTful APIs, and others. This interoperability allows organizations to integrate the CSS platform seamlessly with their existing systems, facilitating efficient data exchange and interoperability between different devices and applications.

Moreover, Perle CSS adopts a cloud-based architecture, which provides users with the flexibility to access device information from any location. This cloud integration enhances scalability, allowing businesses to expand their network capabilities without the need for extensive infrastructure investments.

The platform's user-friendly interface simplifies navigation, allowing users to manage devices effectively without requiring extensive technical expertise. With customizable dashboards and real-time analytics, administrators can gain valuable insights into device performance, network status, and usage patterns.

In summary, Perle Systems' CSS offers a comprehensive solution for managing connected devices in a secure and efficient manner. Its key features, including robust device management, advanced security, protocol compatibility, and a cloud-based architecture make it an ideal choice for enterprises looking to enhance their IoT capabilities and streamline operations in an increasingly connected world.
Top Page Image Contents