General commands for remote access configuration
clear remote-access counters
This command resets the connection counters for OpenVPN, PPTP and L2TP over IPsec users.
Syntax
clear remote-access counters [ pptp | l2tp | openvpn ] [ server <SERVER-NAME> ] [ username <USER-NAME> ] [ ip-address <ADRR> ]
Parameters
<SERVER-NAME> – OpenVPN, PPTP or L2TP over IPsec server profile name;
<USER-NAME> – OpenVPN, PPTP or L2TP over IPsec user name;
<ADDR> – OpenVPN, PPTP or L2TP over IPsec user IP address.
When executing the command without a parameter, all the counters of OpenVPN, PPTP and L2TP over IPsec user connections will be reset.
Required privilege level
10
Command mode
ROOT
Example
esr# clear remote-access counters
clear remote-access session
This command ends the connection for OpenVPN, PPTP and L2TP over IPsec users.
Syntax
clear remote-access session [ pptp | l2tp | openvpn] [ server <SERVER-NAME> ] [ username <USER-NAME> ] [ip-address <ADRR> ]
Parameters
<SERVER-NAME> – OpenVPN, PPTP or L2TP over IPsec server profile name;
<USER-NAME> – OpenVPN, PPTP or L2TP over IPsec user name;
<ADDR> – OpenVPN, PPTP or L2TP over IPsec user IP address. When executing the command without a parameter, all OpenVPN, PPTP and L2TP over IPsec connections will be ended.
Required privilege level
10
Command mode
ROOT
Example
esr# clear remote-access session
description
This command changes the description of the OpenVPN, PPTP and L2TP profile over IPsec servers.
The use of a negative form (no) of the command removes a profile description.
Syntax
description <DESCRIPTION>
no description
Parameters
<DESCRIPTION> – profile description, set by the string of up to 255 characters.
Required privilege level
10
Command mode
CONFIG-PPTP-SERVER
CONFIG-L2TP-SERVER
CONFIG-OPENVPN-SERVER
Example
Set the description for PPTP server profile:
esr(config-pptp-server)# description "Our remote workers"
enable
This command enables a configurable PPTP and L2TP profile over IPsec servers.
The use of a negative form (no) of the command disables the configurable profile.
Syntax
[no] enable
Parameters
The command does not contain parameters.
Default value
Disabled.
Required privilege level
10
Command mode
CONFIG-PPTP-SERVER
CONFIG-L2TP-SERVER
CONFIG-OPENVPN-SERVER
Example
esr(config-pptp-server)# enable
encryption mppe
This command enables Microsoft Point-to-Point Encryption (MPPE) encryption for PPTP connections.
The use of a negative form (no) of the command disables the encryption.
Syntax
[no] encryption mppe
Parameters
The command does not contain parameters.
Default value
Disabled.
Required privilege level
15
Command mode
CONFIG-PPTP-SERVER
Example
esr(config-pptp-server)# encryption mppe
remote-access
This command creates a remote access server profile.
The use of a negative form (no) of the command removes a specified profile.
Syntax
[no] remote-access <SERVER-TYPE> <NAME>
Parameters
<SERVER-TYPE> – remote access server type. May take following values: l2tp, openvpn, pptp
<NAME> – remote access server profile name, set by the string of up to 31 characters.
Required privilege level
10
Command mode
CONFIG
Example
esr(config)# remote-access l2tp remote-workers esr(config-l2tp-server)#
show remote-access configuration
The command displays the parameters of the OpenVPN, PPTP and L2TP profiles over IPsec servers.
Syntax
show remote-access configuration { pptp | l2tp | openvpn } [ <NAME> ]
Parameters
<SERVER-NAME> – OpenVPN, PPTP or L2TP over IPsec server profile name;
When executing the command without a parameter, all OpenVPN, PPTP and L2TP over IPsec server parameters will be shown.
Required privilege level
10
Command mode
ROOT
Example
esr# show remote-access configuration pptp pptp1 State: Enabled Description: -- Security zone: trusted Authentication mode: local MTU: 1500 Local address: 192.168.1.1 Remote address: rem_pptp(10.0.10.20-10.0.10.40) Outside address: 115.0.0.1 DNS server: -- WINS server: -- Users ~~~~~ # Name State Encrypted password --- -------------------- -------- ------------------------------ 0 pptp Enabled 8CB5107EA7005AFF 1 petr Enabled CCE5513EE45A1EAC
show remote-access counters
This command displays the connection counters for OpenVPN, PPTP and L2TP over IPsec users.
Syntax
show remote-access counters [ pptp | l2tp | openvpn ] [ server <SERVER-NAME> ] [ username <USER-NAME> ] [ ip-address <ADRR> ]
Parameters
<SERVER-NAME> – PPTP or L2TP over IPsec server profile name;
<USER-NAME> – OpenVPN, PPTP or L2TP over IPsec user name;
<ADDR> – OpenVPN, PPTP or L2TP over IPsec user IP address.
When executing the command without a parameter, all the counters of OpenVPN, PPTP and L2TP over IPsec user connections will be shown.
Required privilege level
10
Command mode
ROOT
Example
esr# show remote-access counters User IP-address UC recv Bytes recv Err recv MC recv ------------- --------------- ---------- ---------- ---------- ---------- ivan 10.20.20.5 262 25365 0 0 fedor 20.20.20.160 59 5236 0 0 User IP-address UC sent Bytes sent Err sent ------------- --------------- ---------- ---------- ---------- ivan 10.20.20.5 249 29298 0 fedor 20.20.20.160 16 739 0 esr# show remote-access counters l2tp PPTP Server: remote-workers User: ivan(10.20.20.5) Packets received: 231 Bytes received: 22229 Dropped on receive: 0 Receive errors: 0 Multicasts received: 0 Receive length errors: 0 Receive buffer overflow errors: 0 Receive CRC errors: 0 Receive frame errors: 0 Receive FIFO errors: 0 Receive missed errors: 0 Receive compressed: 0 Packets transmitted: 189 Bytes transmitted: 21858 Dropped on transmit: 0 Transmit errors: 0 Transmit aborted errors: 0 Transmit carrier errors: 0 Transmit FIFO errors: 0 Transmit heartbeat errors: 0 Transmit window errors: 0 Transmit comressed: 0 Collisions: 0
show remote-access status
This command displays the OpenVPN, PPTP and L2TP over IPsec user connections status.
Syntax
show remote-access status [ pptp | l2tp | openvpn ] [ server <SERVER-NAME> ] [ username <USER-NAME> ] [ ip-address <ADRR> ]
Parameters
<SERVER-NAME> – OpenVPN, PPTP or L2TP over IPsec server profile name;
<USER-NAME> – OpenVPN, PPTP or L2TP over IPsec user name;
<ADDR> – OpenVPN, PPTP or L2TP over IPsec user IP address.
When executing the command without a parameter, all the statuses of OpenVPN, PPTP and L2TP over IPsec user connections will be shown.
Required privilege level
10
Command mode
ROOT
Example
esr# show remote-access status User IP-address Server ---------------- --------------- -------------------------------------- ivan 10.20.20.5 pptp(remote-workers) fedor 20.20.20.160 l2tp(remote-workers-l2tp) Count sessions: 2
Настройка L2TP over IPsec/PPTP-сервера
authentication mode
This command sets the authentication mode for remote users connecting via PPTP or L2TP over IPsec.
The use of a negative form (no) of the command removes a set mode.
Syntax
authentication mode { local | radius }
no authentication mode
Parameters
- local - authentication mode using the local user base of the configured profile.
- radius - the mode in which user authentication passes through a RADIUS server.
Required privilege level
15
Command mode
CONFIG-PPTP-SERVER
CONFIG-L2TP-SERVER
Example
esr(config-pptp-server)# authentication mode local
dns-servers
This command specifies the list of DNS servers that remote users using PPTP and L2TP over IPsec will use.
The use of a negative form (no) of the command removes configured DNS server addresses.
Syntax
dns-servers object-group <NAME>
no dns-servers
Parameters
<NAME> – name of IP addresses profile that contains addresses of required DNS servers, set by the string of up to 31 characters.
Required privilege level
10
Command mode
CONFIG-PPTP-SERVER
CONFIG-L2TP-SERVER
Example
esr(config-pptp-server)# dns-servers object-group pptp_dns
dscp
The command sets the DSCP code value for the use in IP headers of PPTP and L2TP over IPsec server outgoing packets.
The use of a negative form (no) of the command sets the default DSCP value.
Syntax
dscp <DSCP>
no dscp
Parameters
<DSCP> – DSCP code value, takes values in the range of [0..63].
Default value
32
Required privilege level
10
Command mode
CONFIG-PPTP-SERVER
CONFIG-L2TP-SERVER
Example
esr(config-pptp-server)# dscp 40
ipsec authentication method
This command selects the key authentication method for the IKE connection. Message authentication by key is used when an IKE connection is established. The key is set by the 'ipsec authentication pre-shared-key' command (see subsection ipsec authentication pre-shared-key).
The use of a negative form (no) of the command sets the default value.
Syntax
ipsec authentication method pre-shared-key
no ipsec authentication method
Parameters
pre-shared-key – authentication method using pre-received encryption keys.
Required privilege level
15
Command mode
CONFIG-L2TP-SERVER
Example
esr(config-l2tp-server)# ipsec authentication method psk
ipsec authentication pre-shared-key
This command specifies a shared secret authentication key that should be the same for both parties of the tunnel.
The use of a negative form (no) of the command removes a set key.
Syntax
ipsec authentication pre-shared-key { ascii-text { <TEXT> | encrypted <ENCRYPTED-TEXT> }| hexadecimal {<HEX> | encrypted <ENCRYPTED-HEX> } }
no ipsec authentication pre-shared-key
Parameters
<TEXT> – string [1..64] ASCII characters.
<HEX> – number, [1..32] bytes size, set by the string of [2..128] characters in hexadecimal format (0xYYYY ...) or (YYYY ...).
<ENCRYPTED-TEXT> – encrypted password, [1..32] bytes size, set by the string of [2..128] characters.
<ENCRYPTED-TEXT> – encrypted number, [2..64] bytes size, set by the string of [2..256] characters.
Default value
none
Required privilege level
15
Command mode
CONFIG-L2TP-SERVER
Example
esr(config-l2tp-server)# ipsec authentication pre-shared-key ascii-text password
local-address
This command specifies the IP address used by the PPTP or L2TP over IPsec server as the local IP address of the tunnel.
The use of a negative form (no) of the command removes configured tunnel local IP address.
Syntax
local-address { object-group <NAME> | ip-address <ADDR> }
no local-address
Parameters
<NAME> – name of IP addresses profile that contains local IP address of the tunnel, set by the string of up to 31 characters.
<ADDR> – local IP address of the tunnel, defined as AAA.BBB.CCC.DDD where each part takes values of [0..255].
Required privilege level
10
Command mode
CONFIG-PPTP-SERVER
CONFIG-L2TP-SERVER
Example
esr(config-pptp-server)# local-address object-group pptp_local
mtu
This command specifies the MTU for the interfaces that will be created when remote users connect using PPTP and L2TP over IPsec.
The use of a negative form (no) of the command sets the default MTU value.
Syntax
mtu <MTU>
no mtu
Parameters
<MTU> – MTU value, takes values in the range of [1280..1500].
Default value
1500
Required privilege level
10
Command mode
CONFIG-PPTP-SERVER
CONFIG-L2TP-SERVER
Example
esr(config-pptp-server)# mtu 1400
outside-address
This command specifies the IP address that the PPTP or L2TP over IPsec server will listen on for incoming connections.
The use of a negative form (no) of the command removes the configured listening address.
Syntax
outside-address { object-group <NAME> | ip-address <ADDR> | interface <IF>}
no outside-address
Parameters
<NAME> – the name of the IP address profile containing the address that PPTP or L2TP over IPsec will listen on for incoming connections, is specified in a string of up to 31 characters.
<ADDR> – the IP address that PPTP or L2TP over IPsec will listen on for incoming connections, defined as AAA.BBB.CCC.DDD, where each part takes the values [0..255].
<IF> – an interface, specified in the form described in Section Types and naming order of router interfaces.
Required privilege level
10
Command mode
CONFIG-PPTP-SERVER
CONFIG-L2TP-SERVER
Example
esr(config-pptp-server)# outside-address object-group pptp_outside
remote-address
This command specifies a list of IP addresses from which PPTP or L2TP over IPsec server issues dynamic IP addresses to remote users.
The use of a negative form (no) of the command removes the remote user IP addresses list.
Syntax
remote-address { object-group <NAME>| address-range <FROM-ADDR>-<TO-ADDR> }
no remote-address
Parameters
<NAME> – name of IP addresses profile that contains remote user IP addresses list, set by the string of up to 31 characters.
<FROM-ADDR> – range starting IP address, defined as AAA.BBB.CCC.DDD where each part takes values of [0..255].
<TO-ADDR> – range ending IP address, defined as AAA.BBB.CCC.DDD where each part takes values of [0..255].
Required privilege level
10
Command mode
CONFIG-PPTP-SERVER
CONFIG-L2TP-SERVER
Example
esr(config-pptp-server)# remote-address object-group pptp_remote
remote network
The command is used to set an IP address of a subnet available when a dynamic PPTP/L2TP tunnel is created.
The use of a negative form (no) of the command removes an IP address of a subnet available via dynamic PPTP/L2TP tunnel creation.
Syntax
remote network <ADDR/LEN>
no remote network
Parameters
<ADDR/LEN> – IP subnet of a recipient. The parameter is defined as AAA.BBB.CCC.DDD/EE where each part AAA-DDD takes values of [0..255] and EE takes values of [1..32].
Required privilege level
10
Command mode
CONFIG-PPP-USER
Example
esr(config-ppp-user)# remote network 192.168.54.0/24
remote networks
The command is used to set a list of IP addresses of subnets available when a dynamic PPTP/L2TP tunnel is created.
The use of a negative form (no) of the command removes an IP address of a subnet available via dynamic PPTP/L2TP tunnel creation.
Syntax
remote networks <OBJ-GROUP-NETWORK-NAME>
no remote network
Parameters
<OBJ-GROUP-NETWORK-NAME> – IP/IPv6 addresses profile name, set by the string of up to 31 characters.
Required privilege level
10
Command mode
CONFIG-PPP-USER
Example
esr(config-ppp-user)# remote network 192.168.54.0/24
username
This command creates a user to connect to PPTP or L2TP over IPsec servers. After executing command, the router enters the PPP user password configuration mode.
The use of a negative form (no) of the command removes a specified user.
The command sets the command line mode to PPTP USER or L2TP USER depending on the current command mode.
Syntax
[no] username <NAME>
Parameters
<NAME> – user name, set by the string of up to 31 characters.
Required privilege level
15
Command mode
CONFIG-PPTP-SERVER
CONFIG-L2TP-SERVER
Example
esr(config-pptp-server)# username fedor esr(config-pptp-user)#
wins-servers
This command specifies the list of WINS servers that remote users using PPTP and L2TP over IPsec will use.
The use of a negative form (no) of the command removes configured WINS server addresses.
Syntax
wins-servers object-group <NAME>
no wins-servers
Parameters
<NAME> – name of IP addresses profile that contains addresses of required WINS servers, set by the string of up to 31 characters.
Required privilege level
10
Command mode
CONFIG-PPTP-SERVER
CONFIG-L2TP-SERVER
Example
esr(config-pptp-server)# wins-servers object-group l2tp_wins
OpenVPN server configuration
address-range
This command specifies the IP addresses list from which dynamic IP addresses are leased to remote users in L2 mode by OpenVPN server.
The use of a negative form (no) of the command removes the remote user IP addresses list.
Syntax
address-range <FROM-ADDR>-<TO-ADDR>
no address-range
Parameters
<FROM-ADDR> – range starting IP address, defined as AAA.BBB.CCC.DDD where each part takes values of [0..255];
<TO-ADDR> – range ending IP address, defined as AAA.BBB.CCC.DDD where each part takes values of [0..255].
Required privilege level
10
Command mode
CONFIG-OPENVPN-SERVER
Example
esr(config-openvpn-server)# address-range 192.168.1.10-192.168.1.250
authentication-algorithm
This command defines OpenVPN clients authentication algorithm.
The use of a negative form (no) of the command sets the default authentication mode.
Syntax
authentication-algorithm <ALGORITHM>
no authentication-algorithm
Parameters
<ALGORITHM> – authentication algorithm:
- 8-128 bits key size: md4, rsa-md4, md5, rsa-md5, mdc2, rsa-mdc2
- 8-160 bits key size: sha, sha1, rsa-sha, rsa-sha1, rsa-sha1-2, dsa, dsa-sha, dsa-sha1, dsa-sha1-old, ripemd160, rsa-ripemd160, ecdsa-with-sha1
- 8-224 bits key size: sha-224, rsa-sha-224
- 8-256 bits key size: sha-256, rsa-sha-256
- 8-384 bits key size: sha-384, rsa-sha-384
- 8-512 bits key size: sha-512, rsa-sha-512, whirlpool
Default value
sha
Required privilege level
15
Command mode
CONFIG-OPENVPN-SERVER
Example
esr(config-openvpn-server)# authentication algorithm cleartext
bridge-group
This command includes client connections via OpenVPN to the L2 domain.
The use of a negative form (no) of the command excludes connections from the L2 domain.
Syntax
bridge-group <BRIDGE-ID>
no bridge-group
Parameters
<BRIDGE-ID> – bridge identifying number. Specified in the form described in Section Types and naming order of router interfaces.
Required privilege level
10
Command mode
CONFIG-OPENVPN-SERVER
Example
esr(config-openvpn-server)# bridge-group 15
certificate
This command specifies certificates and keys. Certificates and keys must be previously copied to the router using the copy command described in section copy.
The use of a negative form (no) of the command removes a specified certificate from the profile.
Syntax
certificate <CERTIFICATE-TYPE> <NAME>
no certificate <CERTIFICATE-TYPE>
Parameters
<CERTIFICATE-TYPE> – certificate or key type, may take the following values:
- ca – Certificate Authority;
- crl – Certificate Revocation List;
- dh – Diffie-Hellman key;
- server-crt – public server certificate;
- server-key – private server key;
- ta – HMAC key.
<NAME> – certificate or key name, set by the string of up to 31 characters.
Required privilege level
15
Command mode
CONFIG-OPENVPN-SERVER
Example
esr(config-openvpn-server)# certificate ca ca.crt
client-isolation
This commands enables blocking of data transfer between clients.
The use of a negative form (no) of the command removes blocking.
Syntax
[no] client-isolation
Parameters
The command does not contain parameters.
Default value
Disabled.
Required privilege level
15
Command mode
CONFIG-OPENVPN-SERVER
Example
esr(config-openvpn-server)# client-isolation
client-max
This command sets the maximum number of simultaneous user sessions.
The use of a negative form (no) of the command sets the default value.
Syntax
client-max <VALUE>
no client-max
Parameters
<VALUE> – maximum amount of users, takes values of [1..65535].
Default value
Not limited.
Required privilege level
10
Command mode
CONFIG-OPENVPN-SERVER
Example
esr(config-openvpn-server)# clients-max 500
compression
This command enables the mechanism of transmitted data compression between clients and the OPENVPN server.
The use of a negative form (no) of the command disables the mechanism of transmitted data compression.
Syntax
[no] compression
Parameters
The command does not contain parameters.
Default value
Disabled.
Required privilege level
10
Command mode
CONFIG-OPENVPN-SERVER
Example
esr(config-openvpn-server)# compression
dns-server
This command specifies the list of DNS servers that will be used by remote users.
The use of a negative form (no) of the command removes configured DNS server addresses.
Syntax
dns-server <ADDR>
no dns-server { <ADDR> | all }
Parameters
<ADDR> – DNS server IP address, defined as AAA.BBB.CCC.DDD where each part takes values of [0..255];
all – remove all configured IP address ranges.
Required privilege level
10
Command mode
CONFIG-OPENVPN-SERVER
Example
esr(config-openvpn-server)# dns-server 1.1.1.1
duplicate-cn
The command allows connecting several users with one certificate.
The use of a negative form (no) of the command prohibits the use of the same certificate by several users.
Syntax
[no] duplicate-cn
Parameters
The command does not contain parameters.
Required privilege level
10
Command mode
CONFIG-OPENVPN-SERVER
Example
esr(config-openvpn-server)# duplicate-cn
encryption algorithm
This command selects the encryption algorithm used when data transmission.
The use of a negative form (no) of the command disables the encryption.
Syntax
encryption algorithm <ALGORITHM>
no encryption algorithm
Parameters
<ALGORITHM> – encryption protocol identifier, takes the following values: des, blowfish128, aes128, des-ede, aes192, 3des, desx, aes256.
Default value
Encryption disabled.
Required privilege level
15
Command mode
CONFIG-OPENVPN-SERVER
Example
esr(config-openvpn-server)# encryption algorithm aes128
ip address
The command sets a static IP address for a specified user. The use of a negative form (no) of the command removes a client's static IP address.
Syntax
[no] ip address <ADDR>
Parameters
<ADDR> – IP address set in the following format:
AAA.BBB.CCC.DDD – IP address of a subnet with a mask in the prefix form where AAA-DDD take values [0..255].
Required privilege level
15
Command mode
CONFIG-OPENVPN-USER
Example
esr(config-openvpn-server)# username client esr(config-openvpn-user)# ip address 10.10.100.15
network
This command defines the subnet from which IP addresses are leased to users. The first IP address on the subnet is the gateway for user sessions.
The use of a negative form (no) of the command removes this subnet.
Syntax
network <ADDR/LEN>
no network
Parameters
<ADDR/LEN> – subnet IPaddress, set in one of the following formats:
- BBB.CCC.DDD/NN – network IP address with prefix mask, where AAA-DDD take values of [0..255] and EE takes values of [1..32].
Required privilege level
10
Command mode
CONFIG-OPENVPN-SERVER
Example
esr(config-openvpn-server)# network 192.168.25.0/24
port
This command sets the TCP/UDP port that the OpenVPN server will listen on.
The use of a negative form (no) of the command sets the default value.
Syntax
port <PORT>
no port
Parameters
<PORT> – TCP/UDP port, takes values of [1..65535].
Default value
1194
Required privilege level
15
Command mode
CONFIG-OPENVPN-SERVER
Example
esr(config-openvpn-server)# port 5000
protocol
The command sets encapsulation protocol.
The use of a negative form (no) of the command sets the default value.
Syntax
protocol <PROTOCOL>
no protocol
Parameters
<TYPE> – encapsulation type, possible values:
- TCP encapsulation in TCP segments;
- Udp encapsulation in UDP datagrams.
Default value
Not set.
Required privilege level
15
Command mode
CONFIG-OPENVPN-SERVER
Example
esr(config-openvpn-server)# protocol udp
redirect-gateway
This command enables the default route advertising for OpenVPN connections, which leads to the replacement of the default route on the client side. The new default gateway will be the OpenVPN server IP address.
The use of a negative form (no) of the command disables the default route advertising.
Syntax
[no] redirect-gateway
Parameters
The command does not contain parameters.
Required privilege level
10
Command mode
CONFIG-OPENVPN-SERVER
Example
esr(config-openvpn-server)# redirect-gateway
route
This command enables advertising of the specified subnets, the IP address of the OpenVPN server is the gateway (the first IP address from the subnet specified using the network command described in the section network).
The use of a negative form (no) of the command disables specified subnets advertising.
Syntax
route <ADDR/LEN>
no route { <ADDR/LEN> | all }
Parameters
<ADDR/LEN> – subnet IP address set in the following format:
AAA.BBB.CCC.DDD/EE – network IP address with prefix mask, where AAA-DDD take values of [0..255] and EE takes values of [1..32].
Required privilege level
10
Command mode
CONFIG-OPENVPN-SERVER
Example
esr(config-openvpn-server)# route 192.168.25.0/24, 192.168.26.0/24
timers holdtime
This command sets time interval after which the opposing party is considered to be unavailable. The timer starts after establishing a neighborhood relationship and starts counting from 0. The timer is reset when each reply to a keepalive message from the opposite side is received. It is recommended to set the timer value to 3 * keepalive.
The use of a negative form (no) of the command sets the default value.
Syntax
timers holdtime <TIME>
no timers holdtime
Parameters
<TIME> – time in seconds, takes values of [1..65535].
Default value
120 seconds
Required privilege level
10
Command mode
CONFIG-OPENVPN-SERVER
Example
esr(config-openvpn-server)# timers holdtime 360
timers keepalive
This command sets the time interval after which the connection with the opposing party will be checked.
The use of a negative form (no) of the command sets the default value.
Syntax
timers keepalive <TIME>
no timers keeaplive
Parameters
<TIME> – time in seconds, takes values of [1..65535].
Default value
10 seconds
Required privilege level
10
Command mode
CONFIG-OPENVPN-SERVER
Example
esr(config-openvpn-server)# timers keepalive 120
subnet
This command defines the subnet for the specified user of the OpenVPN server
The use of a negative form (no) of the command removes a bind to a specified subnet.
Syntax
[no] subnet <ADDRLEN>
Parameters
<ADDR/LEN> – subnet IP address set in the following format:
AAA.BBB.CCC.DDD/NN – network IP address with prefix mask, where AAA-DDD take values of [0..255] and EE takes values of [1..32].
Required privilege level
15
Command mode
CONFIG-OPENVPN-USER
Example
esr(config-openvpn-server)# username client esr(config-openvpn-user)# subnet 192.168.25.128/28
tunnel
This command defines type of connection with a private network via OpenVPN server.
The use of a negative form (no) of the command removes a current value.
Syntax
tunnel <TYPE>
no tunnel
Parameters
<TYPE> – encapsulation protocol, takes the following values:
- ip – point-to-point connection;
- ethernet – L2 domain connection.
Default value
None
Required privilege level
10
Command mode
CONFIG-OPENVPN-SERVER
Example
esr(config-openvpn-server)# tunnel ip
username
The command allows switching to a specified OpenVPN user's configuration mode.
The use of a negative form (no) of the command returns default user settings.
Syntax
[no] username { <NAME> | all }
Parameters
<NAME> – user name, set by the string of up to 31 characters.
all — the key used to delete all users created before.
Required privilege level
15
Command mode
CONFIG-OPENVPN-SERVER
Example
esr(config-openvpn-server)# username client esr(config-openvpn-user)#
wins-server
This command specifies the list of WINS servers that will be used by remote users.
The use of a negative form (no) of the command removes configured WINS server addresses.
Syntax
wins-server <ADDR>
no wins-server { <ADDR> | all }
Parameters
<ADDR> – WINS server IP address, defined as AAA.BBB.CCC.DDD where each part takes values of [0..255].
all – remove all configured DNS server IP addresses.
Required privilege level
10
Command mode
CONFIG-OPENVPN-SERVER
Example
esr(config-openvpn-server)# wins-servers 1.1.1.1