Perle Systems CSS L2TP/IPsec

Network Commands 117

L2TP/IPsec

L2TP/IPsec

Once L2TP/IPsec is enabled, the IOLAN expects all connections to be established through a VPN

tunnel. To allows hosts to connect outside of the VPN tunnel, you must configure VPN exceptions,

see VPN Exceptions on page 119 for the command syntax.

Set L2TP

Description

User Level Admin

Syntax set l2tp listen-for-l2tp on|off

set l2tp authentication-method shared-secret [secret <text>]

set l2tp authentication-method x.509-certificate

remote-validation-criteria [country <code>]

[state-province <text>] [locality <text>] [organisation <text>]

[organisation-unit <text>] [common-name <text>]

[email <email_addr>]

set l2tp [ipsec-local-ip-address <ipv4_addr>]

[local-ip-address <ipv4_addr>]

[remote-ipv4-start-address <start_ip>]

[remote-ipv4-end-address <end_ip>]

[authentication-type pap|chap|both]

Options listen-for-l2tp

When enabled, allows L2TP/IPsec VPN connections. Note: to allow non-VPN

connections to the IOLAN, you must create entries in the VPN Exceptions list. The

default is off.

authentication methed shared-secret|x.509-certificate

Specify the authentication method that will be used between VPN peers to authenticate

the VPN tunnel.

Data Options:

zShared Secret—A text-based secret that is used to authenticate the IPsec tunnel

(case sensitive).

zX.509 Certificate—X.509 certificates are used to authenticate the IPsec tunnel.

When using this authentication method, you must include the signing authority’s

certificate information in the SSL/TLS CA list and download it to the IOLAN.

Default: Shared Secret

secret

When the Authentication Method is Secret, enter the case-sensitive secret word.

Maximum of 16 characters, spaces not allowed. The secret is shared for all IPsec and

L2TP/IPsec tunnels.

remote-validation-criteria

Any values that are entered in the remote validation criteria must match the remote

X.509 certificate for a succsessful connection; any fields left blank will not be validated

against the remote X.509 certificate. Note that all validation criteria must be configured

to match the X.509 certificate. An asterick (*) is valid as a wildcard.

Contents

Main Page Table of Contents Preface ...............................................................................15 Chapter 1 Introduction......................................................19 Chapter 2 Server Commands........................................... 21 Hardware Commands.................................................................29 SSH Server Commands .............................................................29 SSL/TLS Commands ..................................................................30 Modbus Commands ...................................................................33 Authentication Commands........................................................ 34 Page Chapter 3 User Commands ..............................................51 Commands for Users Logged Into the IOLAN......................... 51 Configuring Users ......................................................................58 Chapter 4 Line Commands...............................................67 Line Service Commands ........................................................... 76 Chapter 5 Network Commands...................................... 101 Page Chapter 6 Time Commands............................................121 Chapter 7 Administration Commands...........................127 Chapter 8 Statistics Commands ....................................133 Chapter 9 IOLAN+ User Commands.............................. 135 Chapter 10 I/O Commands .............................................137 Page Page Preface About This Book Intended Audience Typeface Conventions Contacting Technical Support Making a Technical Support Query Who To Contact Have Your Product Information Ready Making a support query via the Perle web page Repair Procedure Feedback on this Manual Page Introduction CLI Conventions Command Syntax Command Shortcuts can be typed as: or, you can use the ESC key to complete the lines as you go along: where the ESC key was pressed to complete the option as it was typed. Command Options Server Commands Server Commands Set Custom-App Set Console Set Port-Buffering Set Server Page Page Set SSL Server Set Service Show Console Show Custom-App Show Server Show Port-Buffering Show Modbus Hardware Commands Set Ethernet Show Hardware SSH Server Commands Set SSH-Server Show SSH-Server SSL/TLS Commands Set SSL Server Set SSL Server Cipher-suite Show SSL Modbus Commands Set Modbus Gateway Show Modbus Authentication Commands Set Authentication Set Authentication Local Set Authentication Kerberos Set Authentication LDAP Set Authentication NIS Add RADIUS Delete RADIUS Set Authentication RADIUS Set Authentication TACACS+ Set Authentication SecurID Show Authentication TruePort Baud Commands Show TruePort Set TruePort Remap-Baud Email Commands Set Email-Alert Server Show Email-Alert Server Clustering Commands Add Clustering Slave-IP Delete Clustering Slave-IP Set Clustering Slave-IP Show Clustering Slave-IP Dynamic DNS Commands Set Dynamic-DNS Set Dynamic-DNS SSL Page Set Dynamic-DNS SSL Cipher-Suite Show Dynamic-DNS PCI Commands Show PCI Set PCI Card Set PCI Wireless-WAN Show Wireless-WAN IPv6 Commands Set IPv6 Show IPv6 Add Custom-IPv6 Set Custom-IPv6 Delete Custom-IPv6 IPv6 Router Advertisements Set IPv6-Router-Advertisement Show IPv6-Router-Advertisement User Commands Commands for Users Logged Into the IOLAN Admin Help Kill Line Kill Session Logout Menu Ping Resume Rlogin Screen Set Termtype Set User Set User Session Show Line Users SSH Syslog Console Show Sessions Show Termtype Start Teln et Versi on Configuring Users Delete User Add User Set Default User Page Page Set User Page Page Page Set User Session Show Default User Show User Line Commands 1-Port vs. 2-Port+ Line Commands Line Commands Set Line Page Page Page Page Set Line Interface Set Line Service Page Page Set Modem Set Termtype Show Line Line Service Commands Set Custom-App Set Telnet-Client Set Rlogin-Client Set SSH-Client Page Set PPP Page Page Page Set PPP Dynamic-DNS Set SLIP Set UDP Set Vmodem Page Page Set Vmodem-Phone Set SSL Line Page Set SSL Line Cipher-suite Set Modbus-Slave Line Set Modbus-Master Line Set Power-Management Line Set Multihost Line Set Line Initiate-Connection Show Custom-App Show Interface Show Power-Management Page Modem Commands Add Modem Show Modems Delete Modem Set Modem Email Commands Set Email-Alert Line Show Email-Alert Line Packet Forwarding Commands Set Packet-Forwarding Line Page Page Page Page Network Commands SNMP Commands Add Trap Add Community Delete Community Delete Trap Set SNMP Set SNMP V3-Security Show SNMP TFTP Commands Delete Host Set Server TFTP Hosts Commands Add Host DNS/WINS Commands Add DNS Delete DNS Delete WINS Show DNS Show Server Show WINS Gateway Commands Add Gateway Delete Gateway Set Gateway Show Gateways Logging Commands Set Syslog Show Syslog RIP Commands Add RIP Delete RIP Set RIP Show RIP Show RIP Peers IPsec Commands Add IPsec Set IPsec Page Page Show IPsec IPsec IPv6 Tunnels Add IPv6tunnel Set IPv6tunnel Show IPv6tunnel Delete IPv6tunnel L2TP/IPsec Set L2TP Page Show LT2P VPN Exceptions Set VPN Exception Add VPN Exception Delete VPN Exception Show VPN Exception Time Commands Server Commands Set Time Set Timezone Show Time Show Timezone SNTP Commands Add SNTP Set SNTP Delete SNTP Show SNTP Show SNTP-Info Time/Date Setting Commands Set Date Set Summertime Set Summertime Fixed Set Summertime Recurring Show Date Show Summertime Page Administration Commands Bootup Commands Reboot Reset Reset Factory Save Set Bootup Show ARP Show Bootup TFTP File Transfer Commands Netsave Custom Factory Default Set Keys and Certificates Commands Netsave MOTD Commands Set MOTD Show MOTD Page Statistics Commands Configuration Statistics Show Netstat Statistics Show Netstat Show Modbus Statistics Run-Time Statistics Delete Arp Show Arp Show Serial Uptime Page Page I/O Commands Global I/O Commands Set IO UDP Set IO Failsafe Set IO Modbus Set Line Set IOChannel Set IOChannel Mode Set IOChannel Digital I/O Set IOChannel Digital Input Set IOChannel Digital Input (Serial Pins) Set IOChannel Digital Output Set IOChannel Digital Output (Serial Pins) Set IOChannel Relay Set IOChannel Analog (True Analog) Set IOChannel Analog (Temperature) Page Set IOChannel IOExtension Page Set IOChannel Multihost Set IOChannel IOExtension SSL Show IOChannel Status Kill IOChannel Show IO Show IOChannel Digital Output I/O Channel Control Commands Digital Input Relay Analog Input Calibrating Analog Input (Analog/Temperature) Calibrate Analog Reset Calibration Page Power Commands Power Commands Page Glossary