Installation guide

141

set socket_tunnel

Purpose Configures a socket tunnel. A socket tunnel can be used to connect two

network devices: one on the ConnectPort LTS product’s local network and the

other on the remote network. This is especially useful for providing SSL data

protection when the local devices do not support the SSL protocol.

One of the endpoint devices is configured to initiate the socket tunnel. The

tunnel is initiated when that device opens a TCP socket to the ConnectPort

LTS product on the configured port number. The ConnectPort LTS product

then opens a separate connection to the specified destination host. Once the

tunnel is established, the ConnectPort LTS product acts as a proxy for the data

between the remote network socket and the local network socket, regardless of

which end initiated the tunnel.

The socket tunnel feature is most useful for devices with two interfaces. It

could also be used as a connection proxy on a single-interface device. One

way the socket tunnel feature would be very useful in a single interface device

is when the device has the capability to use specified keys, and other devices

connected to it do not have that capability. Using the socket tunnel feature, the

device with the key capability basically becomes a security gatekeeper for

simple devices that cannot use PKI certificates.

Required permissions For products with two or more users, permissions must be set to “set

permissions s-socket-tunnel=read” to display socket tunnel settings, and “set

permissions s-socket-tunnel=rw” to display and change socket tunnel settings,

settings. See "set permissions" for details on setting user permissions for

commands.