Configuring a VPN device

You configure VPN devices at the network interface vpn level.

To create a VPN device, use the following command:

Admin@nodename# create network interface vpn

Parameters:

Parameter

Description

enabled

Enable/disable a VPN interface:

  • on

  • off

interface-name

Enter a number to include in the interface name (for example, if you enter 1 the interface name will be tunnel1).

description

VPN interface description.

alias

The interface's alias.

zone

Zone to which the interface belongs.

link-info

Settings for network interface parameters:

  • bc_forwarding: control forwarding the directed broadcast packets arriving at the specified interface.

  • proxy_arp, proxy_arp_vlan: Proxy ARP mechanism. With proxy_arp, UserGate will respond to ARP requests for addresses outside the interface's network; with proxy_arp_vlan, UserGate will respond to ARP requests for addresses that belong to the interface's network.

To specify them, use the following format:

Admin@nodename# create network interface <iface-type> ... link-info [ key/value ]

where key is the parameter name. which can include lowercase Latin letters (a-z) and underscore (_), and

value is the parameter value. Parameter values can only be integers.

For example, use proxy_arp/1 to enable the Proxy ARP mechanism and proxy_arp/0 to disable it.

The link-info field is displayed only when adding parameters.

Important! You cannot delete the specified parameters.

netflow-profile

The Netflow profile to send statistical data to the Netflow collector. For more details on Netflow profile settings, see Configuring Netflow Profiles.

iface-mode

IP address assignment mode:

  • dhcp: obtain a dynamic IP address via DHCP.

  • manual: no address.

If the interface is to be used for receiving VPN connections (Site-2-Site VPN or Remote access VPN), a static IP address must be used. Static mode is set automatically when an IP address is assigned to the interface. To use an interface as a client, select the dynamic mode.

ip-addresses

Assign an IP address to the interface.

The IP addresses are specified as [ <ip_address/mask> ] or [ <ip_address/mask> <ip_address/mask> ]. In case of several IP addresses (with space used as the separator), the subnet mask is entered in the decimal format.

Important! Make sure to separate the square brackets with spaces on both sides.

mtu

Specify the MTU size for the selected interface.

To update an existing VPN interface, use the following command:

Admin@nodename# set network interface vpn <vpn-name>

The parameters available for setting are the same as those for creating an interface, except for interface-name (you cannot change this parameter's value).

To delete a VPN interface or its parameters, use the following command:

Admin@nodename# delete network interface vpn <vpn-name>

You can delete the following parameters: ip-addresses.

To display information about all VPN interfaces, use the following command:

Admin@nodename# show network interface vpn

To display information about a single interface, use the following command:

Admin@nodename# show network interface vpn <vpn-name>