After the tunnel establishment, the OXO VPN IP address and a connection ID are returned to the
connection agent. Then the connection agent sends a connection acknowledgement to the connection
service with OXO VPN IP address and connection ID, through the CCI.
If after its establishment, the tunnel is cut, it is never re-established automatically. A new VPN
connection request must be sent.
When the VPN establishment is not successful, an error code is returned to the connection agent and
logged. It is then forwarded by the connection agent to the connection service through CCI.
Only one VPN tunnel is allowed on OXO Connect, but several users (10 max) can use it. The first VPN
connection request creates the VPN tunnel and the first connection. The next ones only create new
connections, linked to the VPN tunnel, and the returned information is the same OXO VPN IP address
and a new connection ID.
3.4.2.1 VPN clossing
3.4.2.1.1 Automatic closing for inactivity
The VPN is automatically closed after a timeout in case of inactivity. The timeout is managed by the
OXO Connect VPN agent. It can be configured in the VPN parameters given to the VPN connection
request. Its value must be in the range [5 minutes, 1 hour]. If it is lower than 5 minutes, it is set to 5
minutes. If it is higher than 1 hour, it is set to 1 hour. The default value is 20 minutes.
When a VPN is closed for inactivity, the information is not transmitted to the CCI. But this situation is
detected by OXO Connect with a supervision mechanism in connection agent and a historic event
(unexpected close) is generated. The exact information is available in the VPN agent log file.
3.4.2.1.2 Dead peer detection
When a VPN is up, the dead peer detection is activated by the VPN agent. Messages are sent
periodically in order to check the liveliness of the peer. The period interval is 30 seconds. The timeout
after which a VPN is closed in case of no answer of the peer, is 150 seconds.
These values are not configurable. The information of closing on dead peer detection is not transmitted
to the connection agent. But it gets it with the supervision mechanism and generates a historic event:
unexpected close. The exact information is available in the VPN agent log file.
3.4.2.1.3 VPN connection closing
The VPN connection service allows closing an active VPN connection.
To send a connection closing request, an application uses the CCI connection service. The service
sends a VPN closing request to the CCI, containing:
• CC credential: to connect to CCI
• User/organization name: Used by OXO Connect to know who requests the connection closing
• CC product id: to identify which OXO Connect to send the connection closing request to
• Connection ID: to identify which connection to close.
The request is sent to OXO Connect through the CCI, the connection is closed and, if it is the last
active one (the last user having not closed the VPN), the VPN tunnel is closed.
3.4.2.1.4 VPN tunnel closing (closeall)
The VPN connection service allows closing all the active VPN connections. The service sends a VPN
closeall request to CCI, containing:
• CC credential: to connect to CCI
• User/organization name: Used by OXO Connect to know who requests the connection closing
• CC product id: to identify which OXO Connect to send the connection closing request
Chapter
3
System Services
3EH21123USAA - Ed. 01 - April 2017 - Installation Manual 41/207
To Next Page
Loading...
