openvpn
- interfaces openvpn <ifc>
- SDE
M10-Smart
M2
RS420
OpenVPN tunnel
- Values
ovpnN – OpenVPN tunnel name
- Instances
Multiple
- interfaces openvpn <ifc> address <ipv4cidr|ipv6cidr|id>
- SDE
M10-Smart
M2
RS420
IP address
- Values
ipv6cidr – IPv6 address and prefix length
dhcpv6 – Dynamic Host Configuration Protocol for IPv6
ipv4cidr – IPv4 address and prefix length
dhcp – Dynamic Host Configuration Protocol
- Instances
Multiple
- interfaces openvpn <ifc> alarm
- SDE
M10-Smart
M2
RS420
Enable or disable alarm according the link state
- interfaces openvpn <ifc> alarm down <txt>
- SDE
M10-Smart
M2
RS420
Alarm to be enabled if the link is down
- Reference
- interfaces openvpn <ifc> connect-timeout <u32>
- SDE
M10-Smart
M2
RS420
Maximum time to wait for a response before trying the next server
- Values
u32 – Seconds
- interfaces openvpn <ifc> description <id>
- SDE
M10-Smart
M2
RS420
Description
- Values
id – “Interface description is too long (limit 256 characters)” (1-256)
- interfaces openvpn <ifc> dhcp
- SDE
M10-Smart
M2
RS420
Dynamic Host Configuration Protocol configuration
- interfaces openvpn <ifc> dhcp client
- SDE
M10-Smart
M2
RS420
DHCP client configuration
- interfaces openvpn <ifc> dhcp client fallback <ipv4cidr|ipv6cidr>
- SDE
M10-Smart
M2
RS420
- Values
ipv4cidr – Fallback IP address
ipv6cidr – Fallback IP address
- interfaces openvpn <ifc> dhcp client rfc3442-routes
- SDE
M10-Smart
M2
RS420
Install RFC3442 routes received from DHCP server
- interfaces openvpn <ifc> dhcp client send
- SDE
M10-Smart
M2
RS420
Send user-defined options to the DHCP server
- interfaces openvpn <ifc> dhcp client send dhcp-client-identifier
- SDE
M10-Smart
M2
RS420
Include the ‘dhcp-client-identifier’ option
- Instances
Unique
- interfaces openvpn <ifc> dhcp client send dhcp-client-identifier base-mac
- SDE
M10-Smart
M2
RS420
Use device base mac as identifier
- interfaces openvpn <ifc> dhcp client send dhcp-client-identifier serial-number
- SDE
M10-Smart
M2
RS420
Use device serial number as identifier
- interfaces openvpn <ifc> dhcp client send dhcp-client-identifier string <id>
- SDE
M10-Smart
M2
RS420
Use a string as identifier
- Values
id – Identifier string (1-255)
- interfaces openvpn <ifc> dhcp client send vendor-class-identifier
- SDE
M10-Smart
M2
RS420
Include the ‘vendor-class-identifier’ option
- Instances
Unique
- interfaces openvpn <ifc> dhcp client send vendor-class-identifier string <id>
- SDE
M10-Smart
M2
RS420
Use a string as identifier
- Values
id – Identifier string (1-255)
- interfaces openvpn <ifc> dhcpv6
- SDE
M10-Smart
M2
RS420
Dynamic Host Configuration Protocol v6 configuration
- interfaces openvpn <ifc> dhcpv6 client
- SDE
M10-Smart
M2
RS420
DHCPv6 client configuration
- interfaces openvpn <ifc> dhcpv6 client parameters-only
- SDE
M10-Smart
M2
RS420
Acquire only config parameters, not address
- interfaces openvpn <ifc> dhcpv6 client send
- SDE
M10-Smart
M2
RS420
Send user-defined options to the DHCPv6 server
- interfaces openvpn <ifc> dhcpv6 client send duid <id>
- SDE
M10-Smart
M2
RS420
- Values
id – DHCPv6 DUID to be sent by dhcpv6 client
- interfaces openvpn <ifc> dhcpv6 client temporary
- SDE
M10-Smart
M2
RS420
IPv6 “temporary” address
- interfaces openvpn <ifc> disable
- SDE
M10-Smart
M2
RS420
Disable interface
- interfaces openvpn <ifc> disable advisor <txt>
- SDE
M10-Smart
M2
RS420
Advisor to enable or disable the interface
- Reference
- interfaces openvpn <ifc> flow
- SDE
M10-Smart
M2
RS420
Active netflow on interface
- interfaces openvpn <ifc> flow egress
- SDE
M10-Smart
M2
RS420
Active output traffic
- interfaces openvpn <ifc> flow egress selector <txt>
- SDE
M10-Smart
M2
RS420
Traffic selector
- Reference
- interfaces openvpn <ifc> flow ingress
- SDE
M10-Smart
M2
RS420
Active input traffic
- interfaces openvpn <ifc> flow ingress selector <txt>
- SDE
M10-Smart
M2
RS420
Traffic selector
- Reference
- interfaces openvpn <ifc> ip
- SDE
M10-Smart
M2
RS420
IPv4 routing parameters
- interfaces openvpn <ifc> ip igmp
- SDE
M10-Smart
M2
RS420
Internet Group Management Protocol (IGMP) parameters
- interfaces openvpn <ifc> ip igmp join <ipv4>
- SDE
M10-Smart
M2
RS420
Join multicast group
- Values
ipv4 – Join multicast group on this interface
- interfaces openvpn <ifc> ip igmp last-member-query-count <u32>
- SDE
M10-Smart
M2
RS420
IGMP last member query count
- Values
u32 – IGMP last member query count (1-255)
- interfaces openvpn <ifc> ip igmp last-member-query-interval <u32>
- SDE
M10-Smart
M2
RS420
IGMP last member query interval
- Values
u32 – IGMP last member query interval in deciseconds (1-65535)
- interfaces openvpn <ifc> ip igmp query-interval <u32>
- SDE
M10-Smart
M2
RS420
IGMP query interval
- Values
u32 – IGMP query interval in seconds (1-65535)
- interfaces openvpn <ifc> ip igmp query-max-response-time <u32>
- SDE
M10-Smart
M2
RS420
IGMP query response timeout value
- Values
u32 – IGMP query response timeout value in deciseconds (1-65535)
- interfaces openvpn <ifc> ip igmp version <u32>
- SDE
M10-Smart
M2
RS420
IGMP version
- Values
u32 – IGMP version used on this interface (2-3)
- interfaces openvpn <ifc> ip multicast
- SDE
M10-Smart
M2
RS420
Multicast parameters
- interfaces openvpn <ifc> ip multicast boundary-list <txt>
- SDE
M10-Smart
M2
RS420
Prefix-list to control for which groups to accept or ignore received PIM join or IGMP report messages
- Reference
- interfaces openvpn <ifc> ip ospf
- SDE
M10-Smart
M2
RS420
Open Shortest Path First (OSPF) parameters
- interfaces openvpn <ifc> ip ospf authentication
- SDE
M10-Smart
M2
RS420
OSPF interface authentication
- interfaces openvpn <ifc> ip ospf authentication encrypted-password <password>
- SDE
M10-Smart
M2
RS420
- Values
password – Encrypted password
- interfaces openvpn <ifc> ip ospf authentication message-digest <id>
- SDE
M10-Smart
M2
RS420
MD5 authentication parameters
- Values
id – MD5 ID number (1-255)
- Instances
Multiple
- interfaces openvpn <ifc> ip ospf authentication message-digest <id> encrypted-password <password>
- SDE
M10-Smart
M2
RS420
- Values
password – MD5 encrypted key
- interfaces openvpn <ifc> ip ospf authentication message-digest <id> password <txt>
- SDE
M10-Smart
M2
RS420
MD5 key
- Values
txt – MD5 Key (1-16)
- interfaces openvpn <ifc> ip ospf authentication password <txt>
- SDE
M10-Smart
M2
RS420
- Values
txt – Plain text password
- interfaces openvpn <ifc> ip ospf bandwidth <u32>
- SDE
M10-Smart
M2
RS420
Bandwidth of interface (kilobits/sec)
- Values
u32 – Bandwidth in kilobits/sec (for calculating OSPF cost) (1-10000000)
- interfaces openvpn <ifc> ip ospf cost <u32>
- SDE
M10-Smart
M2
RS420
Interface cost
- Values
u32 – OSPF interface cost (1-65535)
- interfaces openvpn <ifc> ip ospf dead-interval <u32>
- SDE
M10-Smart
M2
RS420
Interval after which neighbor is dead
- Values
u32 – OSPF dead interval in seconds (1-65535)
- interfaces openvpn <ifc> ip ospf hello-interval <u32>
- SDE
M10-Smart
M2
RS420
Interval between hello packets
- Values
u32 – Interval between OSPF hello packets in seconds (1-65535)
- interfaces openvpn <ifc> ip ospf mtu-ignore
- SDE
M10-Smart
M2
RS420
Disable Maximum Transmission Unit (MTU) mismatch detection
- interfaces openvpn <ifc> ip ospf network <id>
- SDE
M10-Smart
M2
RS420
Network type
- Values
broadcast – Broadcast network type
non-broadcast – Non-broadcast network type
point-to-multipoint – Point-to-multipoint network type
point-to-point – Point-to-point network type
- interfaces openvpn <ifc> ip ospf priority <u32>
- SDE
M10-Smart
M2
RS420
Router priority
- Values
u32 – Priority (0-255)
- interfaces openvpn <ifc> ip ospf retransmit-interval <u32>
- SDE
M10-Smart
M2
RS420
Interval between retransmitting lost link state advertisements
- Values
u32 – Retransmit interval in seconds (3-65535)
- interfaces openvpn <ifc> ip ospf transmit-delay <u32>
- SDE
M10-Smart
M2
RS420
Link state transmit delay
- Values
u32 – Transmit delay in seconds (1-65535)
- interfaces openvpn <ifc> ip pim
- SDE
M10-Smart
M2
RS420
Protocol Independent Multicast (PIM) parameters
- interfaces openvpn <ifc> ip pim disable-bsm
- SDE
M10-Smart
M2
RS420
Disable sending and receiving bootstrap messages
- interfaces openvpn <ifc> ip pim disable-unicast-bsm
- SDE
M10-Smart
M2
RS420
Disable sending and receiving unicast bootstrap messages
- interfaces openvpn <ifc> ip pim drpriority <u32>
- SDE
M10-Smart
M2
RS420
PIM Designated Router (DR) priority
- Values
u32 – PIM DR priority for the interface (1-4294967295)
- interfaces openvpn <ifc> ip pim hello <u32>
- SDE
M10-Smart
M2
RS420
PIM hello interval
- Values
u32 – PIM hello interval in seconds (1-255)
- interfaces openvpn <ifc> ip pim passive
- SDE
M10-Smart
M2
RS420
Disable sending and receiving all PIM control messages (such as: ASSERT, BSM, HELLO, JOIN, PRUNE, REGISTER, REGISTER-STOP)
- interfaces openvpn <ifc> ip reverse-path-filter <id>
- SDE
M10-Smart
M2
RS420
Policy for source validation by reversed path, as specified in RFC3704
- Values
strict – Enable Strict Reverse Path Forwarding as defined in RFC3704
loose – Enable Loose Reverse Path Forwarding as defined in RFC3704
disable – No source validation
- interfaces openvpn <ifc> ip rip
- SDE
M10-Smart
M2
RS420
Routing Information Protocol (RIP) parameters
- interfaces openvpn <ifc> ip rip authentication
- SDE
M10-Smart
M2
RS420
Authentication method
- interfaces openvpn <ifc> ip rip authentication encrypted-password <password>
- SDE
M10-Smart
M2
RS420
- Values
password – Encrypted password
- interfaces openvpn <ifc> ip rip authentication message-digest <u32>
- SDE
M10-Smart
M2
RS420
MD5 authentication parameters
- Values
u32 – MD5 ID number (1-255)
- Instances
Multiple
- interfaces openvpn <ifc> ip rip authentication message-digest <u32> encrypted-password <password>
- SDE
M10-Smart
M2
RS420
- Values
password – MD5 encrypted key
- interfaces openvpn <ifc> ip rip authentication message-digest <u32> password <txt>
- SDE
M10-Smart
M2
RS420
MD5 key
- Values
txt – MD5 Key (1-16)
- interfaces openvpn <ifc> ip rip authentication password <txt>
- SDE
M10-Smart
M2
RS420
Plain text password
- Values
txt – Plain text password (1-16)
- interfaces openvpn <ifc> ip rip split-horizon
- SDE
M10-Smart
M2
RS420
Split horizon parameters
- interfaces openvpn <ifc> ip rip split-horizon disable
- SDE
M10-Smart
M2
RS420
Disable split horizon on specified interface
- interfaces openvpn <ifc> ip rip split-horizon poison-reverse
- SDE
M10-Smart
M2
RS420
Enable poison reverse for split-horizon
- interfaces openvpn <ifc> ipv6
- SDE
M10-Smart
M2
RS420
IPv6 routing parameters
- interfaces openvpn <ifc> ipv6 address
- SDE
M10-Smart
M2
RS420
IPv6 address auto-configuration modes
- interfaces openvpn <ifc> ipv6 address autoconf
- SDE
M10-Smart
M2
RS420
Enable acquisition of IPv6 address using stateless autoconfig
- interfaces openvpn <ifc> ipv6 address eui64 <ipv6net>
- SDE
M10-Smart
M2
RS420
Assign IPv6 address using EUI-64 based on MAC address
- Values
ipv6net – 64-bit IPv6 prefix to use with EUI-64 to make address
- Instances
Multiple
- interfaces openvpn <ifc> ipv6 address prefix-from-provider <id>
- SDE
M10-Smart
M2
RS420
- Values
id – IPv6 from Learned Prefix
- Instances
Multiple
- interfaces openvpn <ifc> ipv6 address prefix-from-provider <id> ifc-ID <ipv6net>
- SDE
M10-Smart
M2
RS420
Assign IPv6 address using Learned Prefixes
- Values
< – 64-bit IPv6 prefix (:h:h:h:h/64>)
- Instances
Multiple
- interfaces openvpn <ifc> ipv6 dhcp-client-pd <id>
- SDE
M10-Smart
M2
RS420
- Values
id – Name of learned prefix from provider
- interfaces openvpn <ifc> ipv6 disable-forwarding
- SDE
M10-Smart
M2
RS420
Disable IPv6 forwarding on this interface only
- interfaces openvpn <ifc> ipv6 dup-addr-detect-transmits <u32>
- SDE
M10-Smart
M2
RS420
Number of NS messages to send while performing DAD
- Values
u32 – Number of NS messages to send while performing DAD (0-2147483647)
- interfaces openvpn <ifc> ipv6 ospfv3
- SDE
M10-Smart
M2
RS420
IPv6 Open Shortest Path First (OSPFv3) parameters
- interfaces openvpn <ifc> ipv6 ospfv3 cost <u32>
- SDE
M10-Smart
M2
RS420
Interface cost
- Values
u32 – OSPFv3 cost (1-65535)
- interfaces openvpn <ifc> ipv6 ospfv3 dead-interval <u32>
- SDE
M10-Smart
M2
RS420
Interval after which neighbor is declared dead
- Values
u32 – Neighbor dead interval in seconds (1-65535)
- interfaces openvpn <ifc> ipv6 ospfv3 hello-interval <u32>
- SDE
M10-Smart
M2
RS420
Interval between hello packets
- Values
u32 – Interval between OSPFv3 hello packets in seconds (1-65535)
- interfaces openvpn <ifc> ipv6 ospfv3 ifmtu <u32>
- SDE
M10-Smart
M2
RS420
Interface MTU
- Values
u32 – Interface MTU value (1-65535)
- interfaces openvpn <ifc> ipv6 ospfv3 instance-id <u32>
- SDE
M10-Smart
M2
RS420
Instance-id
- Values
u32 – Instance Id (0-255)
- interfaces openvpn <ifc> ipv6 ospfv3 mtu-ignore
- SDE
M10-Smart
M2
RS420
Disable Maximum Transmission Unit mismatch detection
- interfaces openvpn <ifc> ipv6 ospfv3 passive
- SDE
M10-Smart
M2
RS420
Disable forming of adjacency
- interfaces openvpn <ifc> ipv6 ospfv3 priority <u32>
- SDE
M10-Smart
M2
RS420
Router priority
- Values
u32 – Priority (0-255)
- interfaces openvpn <ifc> ipv6 ospfv3 retransmit-interval <u32>
- SDE
M10-Smart
M2
RS420
Interval between retransmitting lost link state advertisements
- Values
u32 – Retransmit interval in seconds (3-65535)
- interfaces openvpn <ifc> ipv6 ospfv3 transmit-delay <u32>
- SDE
M10-Smart
M2
RS420
Link state transmit delay
- Values
u32 – Link state transmit delay (1-65535)
- interfaces openvpn <ifc> ipv6 ripng
- SDE
M10-Smart
M2
RS420
Routing Information Protocol (RIPng)
- interfaces openvpn <ifc> ipv6 ripng split-horizon
- SDE
M10-Smart
M2
RS420
Split horizon parameters
- interfaces openvpn <ifc> ipv6 ripng split-horizon disable
- SDE
M10-Smart
M2
RS420
Disable split horizon
- interfaces openvpn <ifc> ipv6 ripng split-horizon poison-reverse
- SDE
M10-Smart
M2
RS420
Enable poison reverse for split-horizon
- interfaces openvpn <ifc> ipv6 router-advert
- SDE
M10-Smart
M2
RS420
Configure parameters for sending Router Advertisements (RAs)
- interfaces openvpn <ifc> ipv6 router-advert cur-hop-limit <u32>
- SDE
M10-Smart
M2
RS420
Value to be placed in the Current Hop Limit field in RAs
- Values
u32 – Value to place in the Current Hop Limit field in RAs (0-255)
- interfaces openvpn <ifc> ipv6 router-advert default-lifetime <u32>
- SDE
M10-Smart
M2
RS420
Value to be placed in Router Lifetime field in RAs
- Values
u32 – Value in seconds to be placed in Router Lifetime field in RAs (4-9000)
u32 – This means “not a default router”, in Router Lifetime field (0)
- interfaces openvpn <ifc> ipv6 router-advert default-preference <txt>
- SDE
M10-Smart
M2
RS420
Default router preference
- Values
low – Default router is low preference
medium – Default router is medium preference
high – Default router is high preference
- interfaces openvpn <ifc> ipv6 router-advert link-mtu <u32>
- SDE
M10-Smart
M2
RS420
Value of link MTU to place in RAs
- Values
u32 – Do not send MTU options in RAs (0)
u32 – Value of link MTU to place in RAs (1280-2147483647)
- interfaces openvpn <ifc> ipv6 router-advert managed-flag <txt>
- SDE
M10-Smart
M2
RS420
- Values
txt – Value for “managed address configuration” flag in RAs
- interfaces openvpn <ifc> ipv6 router-advert max-interval <u32>
- SDE
M10-Smart
M2
RS420
Maximum interval between unsolicited multicast RAs
- Values
u32 – Maximum interval in seconds between unsolicited multicast RAs (4-1800)
- interfaces openvpn <ifc> ipv6 router-advert min-interval <u32>
- SDE
M10-Smart
M2
RS420
Minimum interval between unsolicited multicast RAs
- Values
u32 – Minimum interval in seconds between unsolicited multicast RAs (3-1350)
- interfaces openvpn <ifc> ipv6 router-advert name-server <ipv6>
- SDE
M10-Smart
M2
RS420
- Values
ipv6 – IPv6 address of a Recursive DNS Server
- Instances
Multiple
- interfaces openvpn <ifc> ipv6 router-advert other-config-flag <txt>
- SDE
M10-Smart
M2
RS420
- Values
txt – Value to be placed in the “other configuration” flag in RAs
- interfaces openvpn <ifc> ipv6 router-advert prefix <ipv6net>
- SDE
M10-Smart
M2
RS420
IPv6 prefix to be advertised in Router Advertisements (RAs)
- Values
ipv6net – IPv6 prefix to be advertized in Router Advertisements (RAs)
- Instances
Multiple
- interfaces openvpn <ifc> ipv6 router-advert prefix <ipv6net> autonomous-flag <txt>
- SDE
M10-Smart
M2
RS420
- Values
txt – Whether prefix can be used for address auto-configuration
- interfaces openvpn <ifc> ipv6 router-advert prefix <ipv6net> on-link-flag <txt>
- SDE
M10-Smart
M2
RS420
- Values
txt – Flag that prefix can be used for on-link determination
- interfaces openvpn <ifc> ipv6 router-advert prefix <ipv6net> preferred-lifetime <u32|id>
- SDE
M10-Smart
M2
RS420
Time in seconds that the prefix will remain preferred
- Values
u32 – Time in seconds that the prefix will remain preferred (0-2147483647)
infinity – Prefix will remain preferred forever
- interfaces openvpn <ifc> ipv6 router-advert prefix <ipv6net> valid-lifetime <u32|id>
- SDE
M10-Smart
M2
RS420
Time in seconds that the prefix will remain valid
- Values
u32 – Time in seconds that the prefix will remain valid (0-2147483647)
infinity – Prefix will remain valid forever
- interfaces openvpn <ifc> ipv6 router-advert reachable-time <u32>
- SDE
M10-Smart
M2
RS420
Value to be placed in “Reachable Time” field in RAs
- Values
u32 – Reachable Time value in RAs (in milliseconds) (1-3600000)
u32 – Reachable Time 0 (i.e., unspecified by this router) (0)
- interfaces openvpn <ifc> ipv6 router-advert retrans-timer <u32>
- SDE
M10-Smart
M2
RS420
Value to place in “Retrans Timer” field in RAs.
- Values
u32 – Value in milliseconds to place in “Retrans Timer” field in RAs (0-2147483647)
- interfaces openvpn <ifc> ipv6 router-advert send-advert <txt>
- SDE
M10-Smart
M2
RS420
- Values
txt – Enable/disable sending RAs
- interfaces openvpn <ifc> ipv6 router-advert used-prefixes
- SDE
M10-Smart
M2
RS420
Delegate prefixes used on the interface
- interfaces openvpn <ifc> ipv6 router-advert used-prefixes autonomous-flag <txt>
- SDE
M10-Smart
M2
RS420
- Values
txt – Whether prefix can be used for address auto-configuration
- interfaces openvpn <ifc> ipv6 router-advert used-prefixes on-link-flag <txt>
- SDE
M10-Smart
M2
RS420
- Values
txt – Flag that prefix can be used for on-link determination
- interfaces openvpn <ifc> ipv6 router-advert used-prefixes preferred-lifetime <u32|id>
- SDE
M10-Smart
M2
RS420
Time in seconds that the prefix will remain preferred
- Values
u32 – Time in seconds that the prefix will remain preferred (0-2147483647)
infinity – Prefix will remain preferred forever
- interfaces openvpn <ifc> ipv6 router-advert used-prefixes valid-lifetime <u32|id>
- SDE
M10-Smart
M2
RS420
Time in seconds that the prefix will remain valid
- Values
u32 – Time in seconds that the prefix will remain valid (0-2147483647)
infinity – Prefix will remain valid forever
- interfaces openvpn <ifc> local-address <ipv4|ipv6>
- SDE
M10-Smart
M2
RS420
Local address
- Values
ipv4 – Remote IPv4 address
ipv6 – Remote IPv6 address
- Local IP address
- interfaces openvpn <ifc> local-endpoint <ipv4|ipv4net>
- SDE
M10-Smart
M2
RS420
Local VPN endpoint address
- Values
ipv4 – Local IPv4 address
ipv4net – Local IPv4 subnet (server mode)
- interfaces openvpn <ifc> local-port <u32>
- SDE
M10-Smart
M2
RS420
Local port
- Values
u32 – Numeric IP port (1-65535)
- interfaces openvpn <ifc> mode
- SDE
M10-Smart
M2
RS420
VPN mode parameters
- Instances
Unique
- interfaces openvpn <ifc> mode client
- SDE
M10-Smart
M2
RS420
Client mode
- Required
- interfaces openvpn <ifc> mode client client-profile <id>
- SDE
M10-Smart
M2
RS420
Client profile
- Reference
- interfaces openvpn <ifc> mode client encryption-profile <id>
- SDE
M10-Smart
M2
RS420
Data channel encryption profile
- Reference
- interfaces openvpn <ifc> mode client tls-profile <id>
- SDE
M10-Smart
M2
RS420
TLS profile
- Reference
- interfaces openvpn <ifc> mode client tunnel-profile <id>
- SDE
M10-Smart
M2
RS420
Tunnel profile
- Reference
- interfaces openvpn <ifc> mode p2p
- SDE
M10-Smart
M2
RS420
Peer-to-peer mode
- interfaces openvpn <ifc> mode p2p encryption-profile <id>
- SDE
M10-Smart
M2
RS420
Data channel encryption profile
- Reference
- interfaces openvpn <ifc> mode p2p tunnel-profile <id>
- SDE
M10-Smart
M2
RS420
Tunnel profile
- Reference
- interfaces openvpn <ifc> mode server
- SDE
M10-Smart
M2
RS420
Server mode
- Required
- interfaces openvpn <ifc> mode server encryption-profile <id>
- SDE
M10-Smart
M2
RS420
Data channel encryption profile
- Reference
- interfaces openvpn <ifc> mode server server-profile <id>
- SDE
M10-Smart
M2
RS420
Server profile
- Reference
- interfaces openvpn <ifc> mode server tls-profile <id>
- SDE
M10-Smart
M2
RS420
TLS profile
- Reference
- interfaces openvpn <ifc> mode server tunnel-profile <id>
- SDE
M10-Smart
M2
RS420
Tunnel profile
- Reference
- interfaces openvpn <ifc> peer <u32>
- SDE
M10-Smart
M2
RS420
VPN peer parameters (client/p2p mode)
- Values
u32 – Peer index
- Instances
Multiple
- Required
- interfaces openvpn <ifc> peer <u32> address <fqdn|ipv4|ipv6>
- SDE
M10-Smart
M2
RS420
Remote address to use for SSL communication. Required to initiate a connection
- Values
fqdn – Remote domain name
ipv4 – Remote IPv4 address
ipv6 – Remote IPv6 address
- interfaces openvpn <ifc> peer <u32> connect-timeout <u32>
- SDE
M10-Smart
M2
RS420
Maximum time to wait for a response before trying the next server override for peer
- Values
u32 – Seconds
- interfaces openvpn <ifc> peer <u32> local-port <u32>
- SDE
M10-Smart
M2
RS420
Local port override for peer
- Values
u32 – Numeric IP port (1-65535)
- interfaces openvpn <ifc> peer <u32> protocol <id>
- SDE
M10-Smart
M2
RS420
Protocol override for peer
- Values
udp – UDP protocol
tcp-client – TCP protocol (initiator)
tcp-server – TCP protocol (listener)
- interfaces openvpn <ifc> peer <u32> remote-port <u32>
- SDE
M10-Smart
M2
RS420
Remote port override for peer
- Values
u32 – Numeric IP port (1-65535)
- interfaces openvpn <ifc> protocol <id>
- SDE
M10-Smart
M2
RS420
Default protocol
- Values
udp – UDP protocol
tcp-client – TCP protocol (initiator)
tcp-server – TCP protocol (listener)
- interfaces openvpn <ifc> remote-endpoint <ipv4>
- SDE
M10-Smart
M2
RS420
Remote VPN endpoint address
- Values
ipv4 – Remote IPv4 address
- interfaces openvpn <ifc> remote-port <u32>
- SDE
M10-Smart
M2
RS420
Default remote port
- Values
u32 – Numeric IP port (1-65535)
- interfaces openvpn <ifc> tcp-mss <u32>
- SDE
M10-Smart
M2
RS420
- Values
u32 – Change tcp-mss value
- interfaces openvpn <ifc> traffic
- SDE
M10-Smart
M2
RS420
Traffic processing options
- interfaces openvpn <ifc> traffic control
- SDE
M10-Smart
M2
RS420
Traffic control for interface
- interfaces openvpn <ifc> traffic control in <id>
- SDE
M10-Smart
M2
RS420
Ingress traffic control for interface
- Reference
- interfaces openvpn <ifc> traffic control out <id>
- SDE
M10-Smart
M2
RS420
Egress traffic control for interface
- Reference
- interfaces openvpn <ifc> traffic nat
- SDE
M10-Smart
M2
RS420
Network Address Translation (NAT) parameters
- interfaces openvpn <ifc> traffic nat destination
- SDE
M10-Smart
M2
RS420
Destination NAT settings
- interfaces openvpn <ifc> traffic nat destination rule <u32>
- SDE
M10-Smart
M2
RS420
Rule number for NAT
- Values
u32 – Number for this NAT rule (1-9999)
- Instances
Multiple
- interfaces openvpn <ifc> traffic nat destination rule <u32> address <ipv4|ipv4net|ipv4range|id>
- SDE
M10-Smart
M2
RS420
IP address, subnet, range or redirect
- Values
ipv4 – NAT to the specified IP address
ipv4net – NAT to the specified network address
ipv4range – NAT to the specified IP range
redirect – NAT to the interface address
- interfaces openvpn <ifc> traffic nat destination rule <u32> description <txt>
- SDE
M10-Smart
M2
RS420
- Values
txt – Rule description
- interfaces openvpn <ifc> traffic nat destination rule <u32> log
- SDE
M10-Smart
M2
RS420
Log packets to which this rule has been applied
- interfaces openvpn <ifc> traffic nat destination rule <u32> log level <txt>
- SDE
M10-Smart
M2
RS420
Loggin level
- Values
emerg – Emergency messages
alert – Urgent messages
crit – Critical messages
err – Error messages
warn – Warning messages
notice – Messages for further investigation
info – Informational messages
debug – Debug messages
- interfaces openvpn <ifc> traffic nat destination rule <u32> log prefix <txt>
- SDE
M10-Smart
M2
RS420
- Values
txt – Log message prefix text, up to 29 characters
- interfaces openvpn <ifc> traffic nat destination rule <u32> network <ipv4net>
- SDE
M10-Smart
M2
RS420
IP prefix to use in translation (host part is kept)
- Values
ipv4net – NAT to the specified network address, host part of the address will remain unchanged
- interfaces openvpn <ifc> traffic nat destination rule <u32> port <u32|id>
- SDE
M10-Smart
M2
RS420
NAT port
- Values
u32 – Port to use in PAT (1-65535)
range – Port range (pool, for example, 1001-1005)
- interfaces openvpn <ifc> traffic nat destination rule <u32> protocol <txt>
- SDE
M10-Smart
M2
RS420
- Values
txt – NAT transport protocol
- interfaces openvpn <ifc> traffic nat destination rule <u32> selector <txt>
- SDE
M10-Smart
M2
RS420
Traffic selector
- Reference
- interfaces openvpn <ifc> traffic nat source
- SDE
M10-Smart
M2
RS420
Source NAT settings
- interfaces openvpn <ifc> traffic nat source rule <u32>
- SDE
M10-Smart
M2
RS420
Rule number for NAT
- Values
u32 – Number for this NAT rule (1-9999)
- Instances
Multiple
- interfaces openvpn <ifc> traffic nat source rule <u32> address <ipv4|ipv4net|ipv4range|id>
- SDE
M10-Smart
M2
RS420
IP address, subnet, range or masquerade
- Values
ipv4 – NAT to the specified IP address
ipv4net – NAT to the specified network address
ipv4range – NAT to the specified IP range
masquerade – NAT to the interface address
- interfaces openvpn <ifc> traffic nat source rule <u32> description <txt>
- SDE
M10-Smart
M2
RS420
- Values
txt – Rule description
- interfaces openvpn <ifc> traffic nat source rule <u32> log
- SDE
M10-Smart
M2
RS420
Log packets to which this rule has been applied
- interfaces openvpn <ifc> traffic nat source rule <u32> log level <txt>
- SDE
M10-Smart
M2
RS420
Loggin level
- Values
emerg – Emergency messages
alert – Urgent messages
crit – Critical messages
err – Error messages
warn – Warning messages
notice – Messages for further investigation
info – Informational messages
debug – Debug messages
- interfaces openvpn <ifc> traffic nat source rule <u32> log prefix <txt>
- SDE
M10-Smart
M2
RS420
- Values
txt – Log message prefix text, up to 29 characters
- interfaces openvpn <ifc> traffic nat source rule <u32> network <ipv4net>
- SDE
M10-Smart
M2
RS420
IP prefix to use in translation (host part is kept)
- Values
ipv4net – NAT to the specified network address, host part of the address will remain unchanged
- interfaces openvpn <ifc> traffic nat source rule <u32> port <u32|id>
- SDE
M10-Smart
M2
RS420
NAT port
- Values
u32 – Port to use in PAT (1-65535)
range – Port range (pool, for example, 1001-1005)
- interfaces openvpn <ifc> traffic nat source rule <u32> protocol <txt>
- SDE
M10-Smart
M2
RS420
- Values
txt – NAT transport protocol
- interfaces openvpn <ifc> traffic nat source rule <u32> selector <txt>
- SDE
M10-Smart
M2
RS420
Traffic selector
- Reference
- interfaces openvpn <ifc> traffic policy
- SDE
M10-Smart
M2
RS420
Traffic policy rulesets for interface
- interfaces openvpn <ifc> traffic policy in <txt>
- SDE
M10-Smart
M2
RS420
Input traffic policy ruleset for interface
- Reference
- Instances
Multiple
- interfaces openvpn <ifc> traffic policy in <txt> priority <txt>
- SDE
M10-Smart
M2
RS420
Priority order for traffic policy
- Values
very-high – First policy executed before NAT
high – Second policy executed before NAT
low – First policy executed after NAT
very-low – Second policy executed after NAT
- interfaces openvpn <ifc> traffic policy local-in <txt>
- SDE
M10-Smart
M2
RS420
Local input traffic policy ruleset for interface
- Reference
- Instances
Multiple
- interfaces openvpn <ifc> traffic policy local-in <txt> priority <txt>
- SDE
M10-Smart
M2
RS420
Priority order for traffic policy
- Values
very-high – First policy executed
high – Second policy executed
low – Third policy executed
very-low – Fourth policy executed
- interfaces openvpn <ifc> traffic policy local-out <txt>
- SDE
M10-Smart
M2
RS420
Local output traffic policy ruleset for interface
- Reference
- Instances
Multiple
- interfaces openvpn <ifc> traffic policy local-out <txt> priority <txt>
- SDE
M10-Smart
M2
RS420
Priority order for traffic policy
- Values
very-high – First policy executed
high – Second policy executed
low – Third policy executed
very-low – Fourth policy executed
- interfaces openvpn <ifc> traffic policy out <txt>
- SDE
M10-Smart
M2
RS420
Output traffic policy ruleset for interface
- Reference
- Instances
Multiple
- interfaces openvpn <ifc> traffic policy out <txt> priority <txt>
- SDE
M10-Smart
M2
RS420
Priority order for traffic policy
- Values
very-high – First policy executed before NAT
high – Second policy executed before NAT
low – First policy executed after NAT
very-low – Second policy executed after NAT
- interfaces openvpn <ifc> traffic zone <txt>
- SDE
M10-Smart
M2
RS420
Traffic zone associated with this interface
- Reference
- interfaces openvpn <ifc> vrf <id>
- SDE
M10-Smart
M2
RS420
Virtual Routing and Forwarding domain name
- Reference