Справочник Пользователя для Nortel Networks 608(WL)

Advanced Features

E-DOC-CTC-20051017-0169 v0.1

6.10 Connection Options

Options list

The connection options alter the behaviour of the VPN network. Options to be 
applied to Connections are stored in named Option Lists. An Option List contains 
the following options:

IPSec routing mode

[routed]

This parameter has two possible settings: routed and non-routed mode. 

Routed mode means that the packets are routed to the IPSec interface. This is the 
preferred mode of operation, which is valid for all possible scenarios.

Non-routed mode simulates the behaviour of previous SpeedTouch™ IPSec 
implementations. In the present release, it is recommended to 

use the non-

routed mode, because some scenarios are not supported in this mode.

Virtual interface

The SpeedTouch™ uses the concept of a Virtual Interface to implement the IPSec 
processing. By default, the IPSec module uses the Virtual Interface, named ipsec0. 
This interface is automatically created when IPSec is enabled. 

Firewall rules for example, can be attached to virtual interfaces.

In most cases, the use of the default ipsec0 virtual interface is sufficient. Only in 
some very specific occasions, it may be useful to create an additional virtual 
interface for IPSec. For example, if you want to apply different firewall rules to 
different IPSec tunnels, an additional Virtual Interface can be created in the 
Connection Options list.

A typical situation where multiple IPSec virtual interfaces might be needed, is the 
VPN hub and spoke model.

Option

Keyword

Description

IPSec routing mode

routed

Selects routed or non-routed mode.

Virtual interface

virtual_if

Defines the Virtual Interface for a 
connection.

DF bit

force_df

Selects treatment of Don’t Fragment bit

Minimal MTU

min_mtu

Minimal value for MTU.

Add route

add_route

Enables or disables automatic addition of 
routes to the routing table.

virtual_if

Possible values

A string value, containing the name of 
the Virtual interface