openvpn

interfaces openvpn <ifc>

SDE M10-Smart M2 RS420 AresC640

OpenVPN tunnel

Values:

• ovpnN – OpenVPN tunnel name

Instances:

Multiple

interfaces openvpn <ifc> address <ipv4cidr|ipv6cidr|id>

SDE M10-Smart M2 RS420 AresC640

IP address

Values:

• ipv6cidr – IPv6 address and prefix length

• dhcpv6 – Dynamic Host Configuration Protocol for IPv6

• ipv4cidr – IPv4 address and prefix length

• dhcp – Dynamic Host Configuration Protocol

Instances:

Multiple

interfaces openvpn <ifc> alarm

SDE M10-Smart M2 RS420 AresC640

Enable or disable alarm according the link state

interfaces openvpn <ifc> alarm down <txt>

SDE M10-Smart M2 RS420 AresC640

Alarm to be enabled if the link is down

Reference:

system alarm <txt>

interfaces openvpn <ifc> connect-timeout <u32>

SDE M10-Smart M2 RS420 AresC640

Maximum time to wait for a response before trying the next server

Values:

• u32 – Seconds

interfaces openvpn <ifc> description <id>

SDE M10-Smart M2 RS420 AresC640

Description

Values:

• id – “Interface description is too long (limit 256 characters)” (1-256)

interfaces openvpn <ifc> dhcp

SDE M10-Smart M2 RS420 AresC640

Dynamic Host Configuration Protocol configuration

interfaces openvpn <ifc> dhcp client

SDE M10-Smart M2 RS420 AresC640

DHCP client configuration

interfaces openvpn <ifc> dhcp client fallback <ipv4cidr|ipv6cidr>

SDE M10-Smart M2 RS420 AresC640

Values:

• ipv4cidr – Fallback IP address

• ipv6cidr – Fallback IP address

interfaces openvpn <ifc> dhcp client rfc3442-routes

SDE M10-Smart M2 RS420 AresC640

Install RFC3442 routes received from DHCP server

interfaces openvpn <ifc> dhcp client send

SDE M10-Smart M2 RS420 AresC640

Send user-defined options to the DHCP server

interfaces openvpn <ifc> dhcp client send dhcp-client-identifier

SDE M10-Smart M2 RS420 AresC640

Include the ‘dhcp-client-identifier’ option

Instances:

Unique

interfaces openvpn <ifc> dhcp client send dhcp-client-identifier base-mac

SDE M10-Smart M2 RS420 AresC640

Use device base mac as identifier

interfaces openvpn <ifc> dhcp client send dhcp-client-identifier serial-number

SDE M10-Smart M2 RS420 AresC640

Use device serial number as identifier

interfaces openvpn <ifc> dhcp client send dhcp-client-identifier string <id>

SDE M10-Smart M2 RS420 AresC640

Use a string as identifier

Values:

• id – Identifier string (1-255)

interfaces openvpn <ifc> dhcp client send vendor-class-identifier

SDE M10-Smart M2 RS420 AresC640

Include the ‘vendor-class-identifier’ option

Instances:

Unique

interfaces openvpn <ifc> dhcp client send vendor-class-identifier string <id>

SDE M10-Smart M2 RS420 AresC640

Use a string as identifier

Values:

• id – Identifier string (1-255)

interfaces openvpn <ifc> dhcpv6

SDE M10-Smart M2 RS420 AresC640

Dynamic Host Configuration Protocol v6 configuration

interfaces openvpn <ifc> dhcpv6 client

SDE M10-Smart M2 RS420 AresC640

DHCPv6 client configuration

interfaces openvpn <ifc> dhcpv6 client parameters-only

SDE M10-Smart M2 RS420 AresC640

Acquire only config parameters, not address

interfaces openvpn <ifc> dhcpv6 client send

SDE M10-Smart M2 RS420 AresC640

Send user-defined options to the DHCPv6 server

interfaces openvpn <ifc> dhcpv6 client send duid <id>

SDE M10-Smart M2 RS420 AresC640

Values:

• id – DHCPv6 DUID to be sent by dhcpv6 client

interfaces openvpn <ifc> dhcpv6 client temporary

SDE M10-Smart M2 RS420 AresC640

IPv6 “temporary” address

interfaces openvpn <ifc> disable

SDE M10-Smart M2 RS420 AresC640

Disable interface

interfaces openvpn <ifc> disable advisor <txt>

SDE M10-Smart M2 RS420 AresC640

Advisor to enable or disable the interface

Reference:

system advisor <txt>

interfaces openvpn <ifc> flow

SDE M10-Smart M2 RS420 AresC640

Active netflow on interface

interfaces openvpn <ifc> flow egress

SDE M10-Smart M2 RS420 AresC640

Active output traffic

interfaces openvpn <ifc> flow egress selector <txt>

SDE M10-Smart M2 RS420 AresC640

Traffic selector

Reference:

traffic selector <txt>

interfaces openvpn <ifc> flow ingress

SDE M10-Smart M2 RS420 AresC640

Active input traffic

interfaces openvpn <ifc> flow ingress selector <txt>

SDE M10-Smart M2 RS420 AresC640

Traffic selector

Reference:

traffic selector <txt>

interfaces openvpn <ifc> ip

SDE M10-Smart M2 RS420 AresC640

IPv4 routing parameters

interfaces openvpn <ifc> ip igmp

SDE M10-Smart M2 RS420 AresC640

Internet Group Management Protocol (IGMP) parameters

interfaces openvpn <ifc> ip igmp join <ipv4>

SDE M10-Smart M2 RS420 AresC640

Join multicast group

Values:

• ipv4 – Join multicast group on this interface

interfaces openvpn <ifc> ip igmp last-member-query-count <u32>

SDE M10-Smart M2 RS420 AresC640

IGMP last member query count

Values:

• u32 – IGMP last member query count (1-255)

interfaces openvpn <ifc> ip igmp last-member-query-interval <u32>

SDE M10-Smart M2 RS420 AresC640

IGMP last member query interval

Values:

• u32 – IGMP last member query interval in deciseconds (1-65535)

interfaces openvpn <ifc> ip igmp query-interval <u32>

SDE M10-Smart M2 RS420 AresC640

IGMP query interval

Values:

• u32 – IGMP query interval in seconds (1-65535)

interfaces openvpn <ifc> ip igmp query-max-response-time <u32>

SDE M10-Smart M2 RS420 AresC640

IGMP query response timeout value

Values:

• u32 – IGMP query response timeout value in deciseconds (1-65535)

interfaces openvpn <ifc> ip igmp version <u32>

SDE M10-Smart M2 RS420 AresC640

IGMP version

Values:

• u32 – IGMP version used on this interface (2-3)

interfaces openvpn <ifc> ip multicast

SDE M10-Smart M2 RS420 AresC640

Multicast parameters

interfaces openvpn <ifc> ip multicast boundary-list <txt>

SDE M10-Smart M2 RS420 AresC640

Prefix-list to control for which groups to accept or ignore received PIM join or IGMP report messages

Reference:

protocols ip prefix-list <txt>

interfaces openvpn <ifc> ip ospf

SDE M10-Smart M2 RS420 AresC640

Open Shortest Path First (OSPF) parameters

interfaces openvpn <ifc> ip ospf authentication

SDE M10-Smart M2 RS420 AresC640

OSPF interface authentication

interfaces openvpn <ifc> ip ospf authentication encrypted-password <password>

SDE M10-Smart M2 RS420 AresC640

Values:

• password – Encrypted password

interfaces openvpn <ifc> ip ospf authentication message-digest <id>

SDE M10-Smart M2 RS420 AresC640

MD5 authentication parameters

Values:

• id – MD5 ID number (1-255)

Instances:

Multiple

interfaces openvpn <ifc> ip ospf authentication message-digest <id> encrypted-password <password>

SDE M10-Smart M2 RS420 AresC640

Values:

• password – MD5 encrypted key

interfaces openvpn <ifc> ip ospf authentication message-digest <id> password <txt>

SDE M10-Smart M2 RS420 AresC640

MD5 key

Values:

• txt – MD5 Key (1-16)

interfaces openvpn <ifc> ip ospf authentication password <txt>

SDE M10-Smart M2 RS420 AresC640

Values:

• txt – Plain text password

interfaces openvpn <ifc> ip ospf bandwidth <u32>

SDE M10-Smart M2 RS420 AresC640

Bandwidth of interface (kilobits/sec)

Values:

• u32 – Bandwidth in kilobits/sec (for calculating OSPF cost) (1-10000000)

interfaces openvpn <ifc> ip ospf cost <u32>

SDE M10-Smart M2 RS420 AresC640

Interface cost

Values:

• u32 – OSPF interface cost (1-65535)

interfaces openvpn <ifc> ip ospf dead-interval <u32>

SDE M10-Smart M2 RS420 AresC640

Interval after which neighbor is dead

Values:

• u32 – OSPF dead interval in seconds (1-65535)

interfaces openvpn <ifc> ip ospf hello-interval <u32>

SDE M10-Smart M2 RS420 AresC640

Interval between hello packets

Values:

• u32 – Interval between OSPF hello packets in seconds (1-65535)

interfaces openvpn <ifc> ip ospf mtu-ignore

SDE M10-Smart M2 RS420 AresC640

Disable Maximum Transmission Unit (MTU) mismatch detection

interfaces openvpn <ifc> ip ospf network <id>

SDE M10-Smart M2 RS420 AresC640

Network type

Values:

• broadcast – Broadcast network type

• non-broadcast – Non-broadcast network type

• point-to-multipoint – Point-to-multipoint network type

• point-to-point – Point-to-point network type

interfaces openvpn <ifc> ip ospf priority <u32>

SDE M10-Smart M2 RS420 AresC640

Router priority

Values:

• u32 – Priority (0-255)

interfaces openvpn <ifc> ip ospf retransmit-interval <u32>

SDE M10-Smart M2 RS420 AresC640

Interval between retransmitting lost link state advertisements

Values:

• u32 – Retransmit interval in seconds (3-65535)

interfaces openvpn <ifc> ip ospf transmit-delay <u32>

SDE M10-Smart M2 RS420 AresC640

Link state transmit delay

Values:

• u32 – Transmit delay in seconds (1-65535)

interfaces openvpn <ifc> ip pim

SDE M10-Smart M2 RS420 AresC640

Protocol Independent Multicast (PIM) parameters

interfaces openvpn <ifc> ip pim disable-bsm

SDE M10-Smart M2 RS420 AresC640

Disable sending and receiving bootstrap messages

interfaces openvpn <ifc> ip pim disable-unicast-bsm

SDE M10-Smart M2 RS420 AresC640

Disable sending and receiving unicast bootstrap messages

interfaces openvpn <ifc> ip pim drpriority <u32>

SDE M10-Smart M2 RS420 AresC640

PIM Designated Router (DR) priority

Values:

• u32 – PIM DR priority for the interface (1-4294967295)

interfaces openvpn <ifc> ip pim hello <u32>

SDE M10-Smart M2 RS420 AresC640

PIM hello interval

Values:

• u32 – PIM hello interval in seconds (1-255)

interfaces openvpn <ifc> ip pim passive

SDE M10-Smart M2 RS420 AresC640

Disable sending and receiving all PIM control messages (such as: ASSERT, BSM, HELLO, JOIN, PRUNE, REGISTER, REGISTER-STOP)

interfaces openvpn <ifc> ip reverse-path-filter <id>

SDE M10-Smart M2 RS420 AresC640

Policy for source validation by reversed path, as specified in RFC3704

Values:

• strict – Enable Strict Reverse Path Forwarding as defined in RFC3704

• loose – Enable Loose Reverse Path Forwarding as defined in RFC3704

• disable – No source validation

interfaces openvpn <ifc> ip rip

SDE M10-Smart M2 RS420 AresC640

Routing Information Protocol (RIP) parameters

interfaces openvpn <ifc> ip rip authentication

SDE M10-Smart M2 RS420 AresC640

Authentication method

interfaces openvpn <ifc> ip rip authentication encrypted-password <password>

SDE M10-Smart M2 RS420 AresC640

Values:

• password – Encrypted password

interfaces openvpn <ifc> ip rip authentication message-digest <u32>

SDE M10-Smart M2 RS420 AresC640

MD5 authentication parameters

Values:

• u32 – MD5 ID number (1-255)

Instances:

Multiple

interfaces openvpn <ifc> ip rip authentication message-digest <u32> encrypted-password <password>

SDE M10-Smart M2 RS420 AresC640

Values:

• password – MD5 encrypted key

interfaces openvpn <ifc> ip rip authentication message-digest <u32> password <txt>

SDE M10-Smart M2 RS420 AresC640

MD5 key

Values:

• txt – MD5 Key (1-16)

interfaces openvpn <ifc> ip rip authentication password <txt>

SDE M10-Smart M2 RS420 AresC640

Plain text password

Values:

• txt – Plain text password (1-16)

interfaces openvpn <ifc> ip rip split-horizon

SDE M10-Smart M2 RS420 AresC640

Split horizon parameters

interfaces openvpn <ifc> ip rip split-horizon disable

SDE M10-Smart M2 RS420 AresC640

Disable split horizon on specified interface

interfaces openvpn <ifc> ip rip split-horizon poison-reverse

SDE M10-Smart M2 RS420 AresC640

Enable poison reverse for split-horizon

interfaces openvpn <ifc> ipv6

SDE M10-Smart M2 RS420 AresC640

IPv6 routing parameters

interfaces openvpn <ifc> ipv6 address

SDE M10-Smart M2 RS420 AresC640

IPv6 address auto-configuration modes

interfaces openvpn <ifc> ipv6 address autoconf

SDE M10-Smart M2 RS420 AresC640

Enable acquisition of IPv6 address using stateless autoconfig

interfaces openvpn <ifc> ipv6 address eui64 <ipv6net>

SDE M10-Smart M2 RS420 AresC640

Assign IPv6 address using EUI-64 based on MAC address

Values:

• ipv6net – 64-bit IPv6 prefix to use with EUI-64 to make address

Instances:

Multiple

interfaces openvpn <ifc> ipv6 address prefix-from-provider <id>

SDE M10-Smart M2 RS420 AresC640

Values:

• id – IPv6 from Learned Prefix

Instances:

Multiple

interfaces openvpn <ifc> ipv6 address prefix-from-provider <id> ifc-ID <ipv6net>

SDE M10-Smart M2 RS420 AresC640

Assign IPv6 address using Learned Prefixes

Values:

• < – 64-bit IPv6 prefix (:h:h:h:h/64>)

Instances:

Multiple

interfaces openvpn <ifc> ipv6 dhcp-client-pd <id>

SDE M10-Smart M2 RS420 AresC640

Values:

• id – Name of learned prefix from provider

interfaces openvpn <ifc> ipv6 disable-forwarding

SDE M10-Smart M2 RS420 AresC640

Disable IPv6 forwarding on this interface only

interfaces openvpn <ifc> ipv6 dup-addr-detect-transmits <u32>

SDE M10-Smart M2 RS420 AresC640

Number of NS messages to send while performing DAD

Values:

• u32 – Number of NS messages to send while performing DAD (0-2147483647)

interfaces openvpn <ifc> ipv6 ospfv3

SDE M10-Smart M2 RS420 AresC640

IPv6 Open Shortest Path First (OSPFv3) parameters

interfaces openvpn <ifc> ipv6 ospfv3 cost <u32>

SDE M10-Smart M2 RS420 AresC640

Interface cost

Values:

• u32 – OSPFv3 cost (1-65535)

interfaces openvpn <ifc> ipv6 ospfv3 dead-interval <u32>

SDE M10-Smart M2 RS420 AresC640

Interval after which neighbor is declared dead

Values:

• u32 – Neighbor dead interval in seconds (1-65535)

interfaces openvpn <ifc> ipv6 ospfv3 hello-interval <u32>

SDE M10-Smart M2 RS420 AresC640

Interval between hello packets

Values:

• u32 – Interval between OSPFv3 hello packets in seconds (1-65535)

interfaces openvpn <ifc> ipv6 ospfv3 ifmtu <u32>

SDE M10-Smart M2 RS420 AresC640

Interface MTU

Values:

• u32 – Interface MTU value (1-65535)

interfaces openvpn <ifc> ipv6 ospfv3 instance-id <u32>

SDE M10-Smart M2 RS420 AresC640

Instance-id

Values:

• u32 – Instance Id (0-255)

interfaces openvpn <ifc> ipv6 ospfv3 mtu-ignore

SDE M10-Smart M2 RS420 AresC640

Disable Maximum Transmission Unit mismatch detection

interfaces openvpn <ifc> ipv6 ospfv3 passive

SDE M10-Smart M2 RS420 AresC640

Disable forming of adjacency

interfaces openvpn <ifc> ipv6 ospfv3 priority <u32>

SDE M10-Smart M2 RS420 AresC640

Router priority

Values:

• u32 – Priority (0-255)

interfaces openvpn <ifc> ipv6 ospfv3 retransmit-interval <u32>

SDE M10-Smart M2 RS420 AresC640

Interval between retransmitting lost link state advertisements

Values:

• u32 – Retransmit interval in seconds (3-65535)

interfaces openvpn <ifc> ipv6 ospfv3 transmit-delay <u32>

SDE M10-Smart M2 RS420 AresC640

Link state transmit delay

Values:

• u32 – Link state transmit delay (1-65535)

interfaces openvpn <ifc> ipv6 ripng

SDE M10-Smart M2 RS420 AresC640

Routing Information Protocol (RIPng)

interfaces openvpn <ifc> ipv6 ripng split-horizon

SDE M10-Smart M2 RS420 AresC640

Split horizon parameters

interfaces openvpn <ifc> ipv6 ripng split-horizon disable

SDE M10-Smart M2 RS420 AresC640

Disable split horizon

interfaces openvpn <ifc> ipv6 ripng split-horizon poison-reverse

SDE M10-Smart M2 RS420 AresC640

Enable poison reverse for split-horizon

interfaces openvpn <ifc> ipv6 router-advert

SDE M10-Smart M2 RS420 AresC640

Configure parameters for sending Router Advertisements (RAs)

interfaces openvpn <ifc> ipv6 router-advert cur-hop-limit <u32>

SDE M10-Smart M2 RS420 AresC640

Value to be placed in the Current Hop Limit field in RAs

Values:

• u32 – Value to place in the Current Hop Limit field in RAs (0-255)

interfaces openvpn <ifc> ipv6 router-advert default-lifetime <u32>

SDE M10-Smart M2 RS420 AresC640

Value to be placed in Router Lifetime field in RAs

Values:

• u32 – Value in seconds to be placed in Router Lifetime field in RAs (4-9000)

• u32 – This means “not a default router”, in Router Lifetime field (0)

interfaces openvpn <ifc> ipv6 router-advert default-preference <txt>

SDE M10-Smart M2 RS420 AresC640

Default router preference

Values:

• low – Default router is low preference

• medium – Default router is medium preference

• high – Default router is high preference

interfaces openvpn <ifc> ipv6 router-advert link-mtu <u32>

SDE M10-Smart M2 RS420 AresC640

Value of link MTU to place in RAs

Values:

• u32 – Do not send MTU options in RAs (0)

• u32 – Value of link MTU to place in RAs (1280-2147483647)

interfaces openvpn <ifc> ipv6 router-advert managed-flag <txt>

SDE M10-Smart M2 RS420 AresC640

Values:

• txt – Value for “managed address configuration” flag in RAs

interfaces openvpn <ifc> ipv6 router-advert max-interval <u32>

SDE M10-Smart M2 RS420 AresC640

Maximum interval between unsolicited multicast RAs

Values:

• u32 – Maximum interval in seconds between unsolicited multicast RAs (4-1800)

interfaces openvpn <ifc> ipv6 router-advert min-interval <u32>

SDE M10-Smart M2 RS420 AresC640

Minimum interval between unsolicited multicast RAs

Values:

• u32 – Minimum interval in seconds between unsolicited multicast RAs (3-1350)

interfaces openvpn <ifc> ipv6 router-advert name-server <ipv6>

SDE M10-Smart M2 RS420 AresC640

Values:

• ipv6 – IPv6 address of a Recursive DNS Server

Instances:

Multiple

interfaces openvpn <ifc> ipv6 router-advert other-config-flag <txt>

SDE M10-Smart M2 RS420 AresC640

Values:

• txt – Value to be placed in the “other configuration” flag in RAs

interfaces openvpn <ifc> ipv6 router-advert prefix <ipv6net>

SDE M10-Smart M2 RS420 AresC640

IPv6 prefix to be advertised in Router Advertisements (RAs)

Values:

• ipv6net – IPv6 prefix to be advertized in Router Advertisements (RAs)

Instances:

Multiple

interfaces openvpn <ifc> ipv6 router-advert prefix <ipv6net> autonomous-flag <txt>

SDE M10-Smart M2 RS420 AresC640

Values:

• txt – Whether prefix can be used for address auto-configuration

interfaces openvpn <ifc> ipv6 router-advert prefix <ipv6net> on-link-flag <txt>

SDE M10-Smart M2 RS420 AresC640

Values:

• txt – Flag that prefix can be used for on-link determination

interfaces openvpn <ifc> ipv6 router-advert prefix <ipv6net> preferred-lifetime <u32|id>

SDE M10-Smart M2 RS420 AresC640

Time in seconds that the prefix will remain preferred

Values:

• u32 – Time in seconds that the prefix will remain preferred (0-2147483647)

• infinity – Prefix will remain preferred forever

interfaces openvpn <ifc> ipv6 router-advert prefix <ipv6net> valid-lifetime <u32|id>

SDE M10-Smart M2 RS420 AresC640

Time in seconds that the prefix will remain valid

Values:

• u32 – Time in seconds that the prefix will remain valid (0-2147483647)

• infinity – Prefix will remain valid forever

interfaces openvpn <ifc> ipv6 router-advert reachable-time <u32>

SDE M10-Smart M2 RS420 AresC640

Value to be placed in “Reachable Time” field in RAs

Values:

• u32 – Reachable Time value in RAs (in milliseconds) (1-3600000)

• u32 – Reachable Time 0 (i.e., unspecified by this router) (0)

interfaces openvpn <ifc> ipv6 router-advert retrans-timer <u32>

SDE M10-Smart M2 RS420 AresC640

Value to place in “Retrans Timer” field in RAs.

Values:

• u32 – Value in milliseconds to place in “Retrans Timer” field in RAs (0-2147483647)

interfaces openvpn <ifc> ipv6 router-advert send-advert <txt>

SDE M10-Smart M2 RS420 AresC640

Values:

• txt – Enable/disable sending RAs

interfaces openvpn <ifc> ipv6 router-advert used-prefixes

SDE M10-Smart M2 RS420 AresC640

Delegate prefixes used on the interface

interfaces openvpn <ifc> ipv6 router-advert used-prefixes autonomous-flag <txt>

SDE M10-Smart M2 RS420 AresC640

Values:

• txt – Whether prefix can be used for address auto-configuration

interfaces openvpn <ifc> ipv6 router-advert used-prefixes on-link-flag <txt>

SDE M10-Smart M2 RS420 AresC640

Values:

• txt – Flag that prefix can be used for on-link determination

interfaces openvpn <ifc> ipv6 router-advert used-prefixes preferred-lifetime <u32|id>

SDE M10-Smart M2 RS420 AresC640

Time in seconds that the prefix will remain preferred

Values:

• u32 – Time in seconds that the prefix will remain preferred (0-2147483647)

• infinity – Prefix will remain preferred forever

interfaces openvpn <ifc> ipv6 router-advert used-prefixes valid-lifetime <u32|id>

SDE M10-Smart M2 RS420 AresC640

Time in seconds that the prefix will remain valid

Values:

• u32 – Time in seconds that the prefix will remain valid (0-2147483647)

• infinity – Prefix will remain valid forever

interfaces openvpn <ifc> local-address <ipv4|ipv6>

SDE M10-Smart M2 RS420 AresC640

Local address

Values:

• ipv4 – Remote IPv4 address

• ipv6 – Remote IPv6 address

Local IP address:

interfaces openvpn <ifc> local-endpoint <ipv4|ipv4net>

SDE M10-Smart M2 RS420 AresC640

Local VPN endpoint address

Values:

• ipv4 – Local IPv4 address

• ipv4net – Local IPv4 subnet (server mode)

interfaces openvpn <ifc> local-port <u32>

SDE M10-Smart M2 RS420 AresC640

Local port

Values:

• u32 – Numeric IP port (1-65535)

interfaces openvpn <ifc> mode

SDE M10-Smart M2 RS420 AresC640

VPN mode parameters

Instances:

Unique

interfaces openvpn <ifc> mode client

SDE M10-Smart M2 RS420 AresC640

Client mode

Required:

vpn openvpn tls-profile <id>

interfaces openvpn <ifc> mode client client-profile <id>

SDE M10-Smart M2 RS420 AresC640

Client profile

Reference:

vpn openvpn client-profile <id>

interfaces openvpn <ifc> mode client encryption-profile <id>

SDE M10-Smart M2 RS420 AresC640

Data channel encryption profile

Reference:

vpn openvpn encryption-profile <id>

interfaces openvpn <ifc> mode client tls-profile <id>

SDE M10-Smart M2 RS420 AresC640

TLS profile

Reference:

vpn openvpn tls-profile <id>

interfaces openvpn <ifc> mode client tunnel-profile <id>

SDE M10-Smart M2 RS420 AresC640

Tunnel profile

Reference:

vpn openvpn tunnel-profile <id>

interfaces openvpn <ifc> mode p2p

SDE M10-Smart M2 RS420 AresC640

Peer-to-peer mode

interfaces openvpn <ifc> mode p2p encryption-profile <id>

SDE M10-Smart M2 RS420 AresC640

Data channel encryption profile

Reference:

vpn openvpn encryption-profile <id>

interfaces openvpn <ifc> mode p2p tunnel-profile <id>

SDE M10-Smart M2 RS420 AresC640

Tunnel profile

Reference:

vpn openvpn tunnel-profile <id>

interfaces openvpn <ifc> mode server

SDE M10-Smart M2 RS420 AresC640

Server mode

Required:

vpn openvpn tls-profile <id>

interfaces openvpn <ifc> mode server encryption-profile <id>

SDE M10-Smart M2 RS420 AresC640

Data channel encryption profile

Reference:

vpn openvpn encryption-profile <id>

interfaces openvpn <ifc> mode server server-profile <id>

SDE M10-Smart M2 RS420 AresC640

Server profile

Reference:

vpn openvpn server-profile <id>

interfaces openvpn <ifc> mode server tls-profile <id>

SDE M10-Smart M2 RS420 AresC640

TLS profile

Reference:

vpn openvpn tls-profile <id>

interfaces openvpn <ifc> mode server tunnel-profile <id>

SDE M10-Smart M2 RS420 AresC640

Tunnel profile

Reference:

vpn openvpn tunnel-profile <id>

interfaces openvpn <ifc> peer <u32>

SDE M10-Smart M2 RS420 AresC640

VPN peer parameters (client/p2p mode)

Values:

• u32 – Peer index

Instances:

Multiple

Required:

interfaces openvpn <ifc> peer <u32> address <fqdn|ipv4|ipv6>

SDE M10-Smart M2 RS420 AresC640

Remote address to use for SSL communication. Required to initiate a connection

Values:

• fqdn – Remote domain name

• ipv4 – Remote IPv4 address

• ipv6 – Remote IPv6 address

interfaces openvpn <ifc> peer <u32> connect-timeout <u32>

SDE M10-Smart M2 RS420 AresC640

Maximum time to wait for a response before trying the next server override for peer

Values:

• u32 – Seconds

interfaces openvpn <ifc> peer <u32> local-port <u32>

SDE M10-Smart M2 RS420 AresC640

Local port override for peer

Values:

• u32 – Numeric IP port (1-65535)

interfaces openvpn <ifc> peer <u32> protocol <id>

SDE M10-Smart M2 RS420 AresC640

Protocol override for peer

Values:

• udp – UDP protocol

• tcp-client – TCP protocol (initiator)

• tcp-server – TCP protocol (listener)

interfaces openvpn <ifc> peer <u32> remote-port <u32>

SDE M10-Smart M2 RS420 AresC640

Remote port override for peer

Values:

• u32 – Numeric IP port (1-65535)

interfaces openvpn <ifc> protocol <id>

SDE M10-Smart M2 RS420 AresC640

Default protocol

Values:

• udp – UDP protocol

• tcp-client – TCP protocol (initiator)

• tcp-server – TCP protocol (listener)

interfaces openvpn <ifc> remote-endpoint <ipv4>

SDE M10-Smart M2 RS420 AresC640

Remote VPN endpoint address

Values:

• ipv4 – Remote IPv4 address

interfaces openvpn <ifc> remote-port <u32>

SDE M10-Smart M2 RS420 AresC640

Default remote port

Values:

• u32 – Numeric IP port (1-65535)

interfaces openvpn <ifc> tcp-mss <u32>

SDE M10-Smart M2 RS420 AresC640

Values:

• u32 – Change tcp-mss value

interfaces openvpn <ifc> traffic

SDE M10-Smart M2 RS420 AresC640

Traffic processing options

interfaces openvpn <ifc> traffic control

SDE M10-Smart M2 RS420 AresC640

Traffic control for interface

interfaces openvpn <ifc> traffic control in <id>

SDE M10-Smart M2 RS420 AresC640

Ingress traffic control for interface

Reference:

traffic control <id>

interfaces openvpn <ifc> traffic control out <id>

SDE M10-Smart M2 RS420 AresC640

Egress traffic control for interface

Reference:

traffic control <id>

interfaces openvpn <ifc> traffic nat

SDE M10-Smart M2 RS420 AresC640

Network Address Translation (NAT) parameters

interfaces openvpn <ifc> traffic nat destination

SDE M10-Smart M2 RS420 AresC640

Destination NAT settings

interfaces openvpn <ifc> traffic nat destination rule <u32>

SDE M10-Smart M2 RS420 AresC640

Rule number for NAT

Values:

• u32 – Number for this NAT rule (1-9999)

Instances:

Multiple

interfaces openvpn <ifc> traffic nat destination rule <u32> address <ipv4|ipv4net|ipv4range|id>

SDE M10-Smart M2 RS420 AresC640

IP address, subnet, range or redirect

Values:

• ipv4 – NAT to the specified IP address

• ipv4net – NAT to the specified network address

• ipv4range – NAT to the specified IP range

• redirect – NAT to the interface address

interfaces openvpn <ifc> traffic nat destination rule <u32> description <txt>

SDE M10-Smart M2 RS420 AresC640

Values:

• txt – Rule description

interfaces openvpn <ifc> traffic nat destination rule <u32> log

SDE M10-Smart M2 RS420 AresC640

Log packets to which this rule has been applied

interfaces openvpn <ifc> traffic nat destination rule <u32> log level <txt>

SDE M10-Smart M2 RS420 AresC640

Loggin level

Values:

• emerg – Emergency messages

• alert – Urgent messages

• crit – Critical messages

• err – Error messages

• warn – Warning messages

• notice – Messages for further investigation

• info – Informational messages

• debug – Debug messages

interfaces openvpn <ifc> traffic nat destination rule <u32> log prefix <txt>

SDE M10-Smart M2 RS420 AresC640

Values:

• txt – Log message prefix text, up to 29 characters

interfaces openvpn <ifc> traffic nat destination rule <u32> network <ipv4net>

SDE M10-Smart M2 RS420 AresC640

IP prefix to use in translation (host part is kept)

Values:

• ipv4net – NAT to the specified network address, host part of the address will remain unchanged

interfaces openvpn <ifc> traffic nat destination rule <u32> port <u32|id>

SDE M10-Smart M2 RS420 AresC640

NAT port

Values:

• u32 – Port to use in PAT (1-65535)

• range – Port range (pool, for example, 1001-1005)

interfaces openvpn <ifc> traffic nat destination rule <u32> protocol <txt>

SDE M10-Smart M2 RS420 AresC640

Values:

• txt – NAT transport protocol

interfaces openvpn <ifc> traffic nat destination rule <u32> selector <txt>

SDE M10-Smart M2 RS420 AresC640

Traffic selector

Reference:

traffic selector <txt>

interfaces openvpn <ifc> traffic nat source

SDE M10-Smart M2 RS420 AresC640

Source NAT settings

interfaces openvpn <ifc> traffic nat source rule <u32>

SDE M10-Smart M2 RS420 AresC640

Rule number for NAT

Values:

• u32 – Number for this NAT rule (1-9999)

Instances:

Multiple

interfaces openvpn <ifc> traffic nat source rule <u32> address <ipv4|ipv4net|ipv4range|id>

SDE M10-Smart M2 RS420 AresC640

IP address, subnet, range or masquerade

Values:

• ipv4 – NAT to the specified IP address

• ipv4net – NAT to the specified network address

• ipv4range – NAT to the specified IP range

• masquerade – NAT to the interface address

interfaces openvpn <ifc> traffic nat source rule <u32> description <txt>

SDE M10-Smart M2 RS420 AresC640

Values:

• txt – Rule description

interfaces openvpn <ifc> traffic nat source rule <u32> log

SDE M10-Smart M2 RS420 AresC640

Log packets to which this rule has been applied

interfaces openvpn <ifc> traffic nat source rule <u32> log level <txt>

SDE M10-Smart M2 RS420 AresC640

Loggin level

Values:

• emerg – Emergency messages

• alert – Urgent messages

• crit – Critical messages

• err – Error messages

• warn – Warning messages

• notice – Messages for further investigation

• info – Informational messages

• debug – Debug messages

interfaces openvpn <ifc> traffic nat source rule <u32> log prefix <txt>

SDE M10-Smart M2 RS420 AresC640

Values:

• txt – Log message prefix text, up to 29 characters

interfaces openvpn <ifc> traffic nat source rule <u32> network <ipv4net>

SDE M10-Smart M2 RS420 AresC640

IP prefix to use in translation (host part is kept)

Values:

• ipv4net – NAT to the specified network address, host part of the address will remain unchanged

interfaces openvpn <ifc> traffic nat source rule <u32> port <u32|id>

SDE M10-Smart M2 RS420 AresC640

NAT port

Values:

• u32 – Port to use in PAT (1-65535)

• range – Port range (pool, for example, 1001-1005)

interfaces openvpn <ifc> traffic nat source rule <u32> protocol <txt>

SDE M10-Smart M2 RS420 AresC640

Values:

• txt – NAT transport protocol

interfaces openvpn <ifc> traffic nat source rule <u32> selector <txt>

SDE M10-Smart M2 RS420 AresC640

Traffic selector

Reference:

traffic selector <txt>

interfaces openvpn <ifc> traffic policy

SDE M10-Smart M2 RS420 AresC640

Traffic policy rulesets for interface

interfaces openvpn <ifc> traffic policy in <txt>

SDE M10-Smart M2 RS420 AresC640

Input traffic policy ruleset for interface

Reference:

traffic policy <txt>

Instances:

Multiple

interfaces openvpn <ifc> traffic policy in <txt> priority <txt>

SDE M10-Smart M2 RS420 AresC640

Priority order for traffic policy

Values:

• very-high – First policy executed before NAT

• high – Second policy executed before NAT

• low – First policy executed after NAT

• very-low – Second policy executed after NAT

interfaces openvpn <ifc> traffic policy local-in <txt>

SDE M10-Smart M2 RS420 AresC640

Local input traffic policy ruleset for interface

Reference:

traffic policy <txt>

Instances:

Multiple

interfaces openvpn <ifc> traffic policy local-in <txt> priority <txt>

SDE M10-Smart M2 RS420 AresC640

Priority order for traffic policy

Values:

• very-high – First policy executed

• high – Second policy executed

• low – Third policy executed

• very-low – Fourth policy executed

interfaces openvpn <ifc> traffic policy local-out <txt>

SDE M10-Smart M2 RS420 AresC640

Local output traffic policy ruleset for interface

Reference:

traffic policy <txt>

Instances:

Multiple

interfaces openvpn <ifc> traffic policy local-out <txt> priority <txt>

SDE M10-Smart M2 RS420 AresC640

Priority order for traffic policy

Values:

• very-high – First policy executed

• high – Second policy executed

• low – Third policy executed

• very-low – Fourth policy executed

interfaces openvpn <ifc> traffic policy out <txt>

SDE M10-Smart M2 RS420 AresC640

Output traffic policy ruleset for interface

Reference:

traffic policy <txt>

Instances:

Multiple

interfaces openvpn <ifc> traffic policy out <txt> priority <txt>

SDE M10-Smart M2 RS420 AresC640

Priority order for traffic policy

Values:

• very-high – First policy executed before NAT

• high – Second policy executed before NAT

• low – First policy executed after NAT

• very-low – Second policy executed after NAT

interfaces openvpn <ifc> traffic zone <txt>

SDE M10-Smart M2 RS420 AresC640

Traffic zone associated with this interface

Reference:

traffic zone <txt>

interfaces openvpn <ifc> vrf <id>

SDE M10-Smart M2 RS420 AresC640

Virtual Routing and Forwarding domain name

Reference:

system vrf <id>