SSL TUNNELING
The router Imola can be configured as a SSL proxy, so it can accept a LAN connection and enable a
SSL tunneling toward a remote host.
The implementation responds to the specific TLS 1.2 and provides the possibility to use the SNI
functionality.
You can enable up to 6 tunnels towars 6 different hosts at the same time.
set ssl tunnel-number <1-6>
declares the number of private instances.
set ssl
tunnel
N local
-addr <any|ipaddr> local-port <port> remote
-address <ipaddr> remote
-port <port>
set the IP address and the port on which the router will receive the requests coming from the
terminal and both the IP address and the termination ports of the SSL tunnel.
set ssl tunnel <1-6> role <client|server>
tells if the router, for the specified instance, must act as a SSL client or a SSL server
set ssl tunnel <1-6> verify <0|1|2|3>
sets, for the specified instance, the verify level to use. The values are:
0 – no authentication is requested
1 – the session is authenticated via certificate, if it is present and requested by the peer
2 – a certificate is always requested
3 – both router and peer certificates must be on the router itself: the peer‟s certificate is verified by
comparing it with the one of the router
set ssl tunnel <1-6> <sni|no-sn> <SNI>
for the specified instance, it defines or removes the SNI string that has to be used ad the opening of
the session.
set ssl tunnel <1-6> cacert <CA cert file name>
for the specified instance, it defines che CA certificate that will be used (like cacert.pem). Each
instance can use a different certificate.
set ssl tunnel
<1-6> key <private key file name>
for the specified instance, it defines he private key that will be used (like key.pem). Each instance
can use a different key.
set ssl tunnel <1-6> <on|off>
enables or disables the session.
set ssl <on|off>
the command is enabled and activated (on) or disabled and deactivated (off).
Every certificate, to work properly and be used by the SSL process, must be generated by a
Certification Authority, then it must be transferred on the router and be installed.
The certificates can be transferred on the router via TFTP, FTP or SCP.
To Next Page
Loading...
Need help?
General
