sumelco · content 1 general...
TRANSCRIPT
A
dd
-On
Man
ual
MoRoS / MLR / SDSL
Reference Manual ASCII Con-figuration File
Copyright © July 11 INSYS MICROELECTRONICS GmbH
Any duplication of this manual is prohibited. All rights on this documentation and the devices are with INSYS MICROELECTRONICS GmbH Regensburg.
Trademarks
The use of a trademark not shown below is not an indication that it is freely avail-able for use.
MNP is a registered trademark of Microcom Inc.
IBM PC, AT, XT are registered trademarks of International Business Machine Cor-poration.
INSYS®, e-Mobility LSG® and e-Mobility PLC® are registered trademarks of INSYS MICROELECTRONICS GmbH.
Windows™ is a registered trademark of Microsoft Corporation.
Linux is a registered trademark of Linus Torvalds.
Publisher:
INSYS MICROELECTRONICS GmbH
Waffnergasse 8
D-93047 Regensburg, Germany
Phone: +49 (0)941/56 00 61
Fax: +49 (0)941/56 34 71
E-mail: [email protected]
Internet: http://www.insys-icom.com
Date: Jul-11
Item: 31-22-03.165
Version: 1.3
Language: EN
Content
1 General Information ........................................................................................... 5
2 Version History.................................................................................................... 6
3 ASCII Configuration File ...................................................................................... 7
3.1 Set-Up of the Configuration File ........................................................................................7 3.1.1 Comments............................................................................................................................7 3.1.2 Formatting ...........................................................................................................................8 3.1.3 Strings ...................................................................................................................................8 3.1.4 Endless Lists .........................................................................................................................8 3.1.5 Missing or Double Sections / Objects ...........................................................................9 3.1.6 Mutually Exclusive Settings ............................................................................................9 3.1.7 Restart at the End of the Configuration.................................................................... 10 3.1.8 Reloading the Old Configuration after Configuration Aborts............................. 10 3.1.9 Including Files .................................................................................................................. 11
4 Log File .............................................................................................................. 12
5 Configuration Using ASCII Configuration File .................................................. 13
6 Reference for the ASCII Configuration File....................................................... 14
4 Jul-11
MoRoS / MLR / SDSL General Information
1 General Information
This add-on manual serves as reference for the configuration file of the MoRoS / MLR in ASCII format and may only be used together with the operator manual of the respective router. Safety instructions, technical data, and functional descriptions must be taken from the operator manual. This add-on manual is valid for all routers of the models MoRoS and MLR of INSYS MI-CROELECTRONICS GmbH with a firmware version of 2.4.x or higher. This reference describes all configuration options of the different variants of the router. The individual variants do not contain all described settings. The actual scope depends on firmware and variant.
5
Version History MoRoS / MLR / SDSL
2 Version History
Version Description
1.0 Release
1.1 Update for FW 2.5.x
1.2 Update for FW 2.6.x
1.3 Update for FW 2.7.x
6
MoRoS / MLR / SDSL ASCII Configuration File
3 ASCII Configuration File
The router allows to export the configuration as ASCII text file. This text file can be modi-fied accordingly and uploaded again to the router to configure it in a convenient way. Moreover, an "empty" configuration file (ASCII template) can be downloaded from the router, i.e. a configuration file that contains no settings, but all setting options available on the respective device. A detailed description of the function for downloading and uploading configuration files can be found in the operator manual of the router.
3.1 Set-Up of the Configuration File The ASCII configuration file is structured in several sections. The section and object sort-ing is based on the web interface. Each section starts with the name of the section in square brackets "[ section ]" followed by further lines with the individual objects of this section. Within the objects, object name and object value are separated by an equals sign "object name = object value". Each line is finished with a carriage return. The end of a section is defined by the start of a new section or the file end. The configuration file is case sensitive, i.e. capitalisation is considered. The following excerpt of an ASCII configuration file shows the section "textconfig" with the two objects "reboot" and "abort_on_error" as well as the section "webinterface" with further objects: [ textconfig ]
reboot = 0
abort_on_error = 0
[ webinterface ]
local_http = 1
remote_http = 1
remote_https = 1
http_port = 80
https_port = 8888
location = 'Location' #This value has to be enclosed in single quotes
3.1.1 Comments
Comments can be introduced by a hash sign " # " at the beginning or also within a line. A semicolon " ; " can only introduce a comment at the beginning of a line (also follow-ing leading blanks or tabs). All other characters in the line will be ignored.
7
ASCII Configuration File MoRoS / MLR / SDSL
3.1.2 Formatting
Blank lines can be inserted between any lines. Blanks and tabs can be inserted
at the beginning of a line
at the end of a line
between square brackets and section names
between object name and " = "
between " = " and object value
between object name and " ; " for endless list entries
between " ; " and object value for endless list entries
3.1.3 Strings
Strings that are used to enter passwords or user names for example must be placed be-tween single quotes " ’ " (a comment indicates the use of single quotes in each such entry). The strings may also contain single quotes because only the first and last single quote is searched for. Basically, the characters 0x20 through 0x7E are permissible, i.e. 0 through 9, a through z, A through Z, and the special characters! " # $ % & ' ( ) * + , - . / ; < = > ? @ [ ] \ ^ _ { } | ~, as well as the blank. The colon is not permissible. The following ex-ample shows the entry of strings: dialnumber = '*99***1#' #This value has to be enclosed in single quotes
3.1.4 Endless Lists
Some objects can form endless lists (e.g. routes). If further objects are passed with an object (e.g. the source address, net mask, data direction, etc. in case of a firewall rule), these are written into the same line, but separated from each other using a semicolon " ; ". The object "list" defines, whether the endless list contained in this section that is already stored on the router is to be deleted "list = d" (d for delete) before the new ob-jects are entered, or the new objects are appended to the list "list = a" (a for append). If the object "list" is missing, the objects are appended to the list. Generally, there is no more than one endless list per section. The following example shows such an endless list: ....list = d
new_entry = common_name = cname1 ; vpn_ip = 10.1.0.9
new_entry = common_name = cname2 ; vpn_ip = 10.1.0.13
8
MoRoS / MLR / SDSL ASCII Configuration File
3.1.5 Missing or Double Sections / Objects
If sections or objects are missing in an ASCII configuration file, the missing sections or objects will not be uploaded to the router, i.e. the configuration of these objects remains untouched. A single section is already a valid configuration file. Moreover, it must not even contain an object, which can be used to restart a dial-out for example. Processing a section in a configuration file corresponds with pressing the "OK" button on the respec-tive page of the web interface. If an ASCII configuration file contains an object more than once, the successive object overwrites the previous one, because the configuration file is processed sequential. In the following example, the second object overwrites the first, i.e. the object "dns" will be set to "2.2.2.2": [ dns ]
dns = 1.1.1.1
dns = 2.2.2.2
Sections can also occur repeatedly and are also configured repeatedly. This can be used for example to close a dial-up connection, configure the communication device, and set-up the dial-up connection again within one configuration, as shown in the following ex-ample: [ dialout ]
start_dialout = 0
[ isdn ]
msn = 25
[ dialout ]
start_dialout = 1
3.1.6 Mutually Exclusive Settings
If settings are made in an ASCII configuration file that are mutually exclusive, for exam-ple simultaneously activating an OpenVPN client and server, the section configured first is valid (i.e. the one that is earlier in the configuration file). However, the associated set-tings are taken over. A comparable behaviour is also on the web interface: a conflicting setting cannot be made after configuring a certain setting, because it will be faded out.
9
ASCII Configuration File MoRoS / MLR / SDSL
3.1.7 Restart at the End of the Configuration
The section "textconfig" of the ASCII configuration file contains the object "reboot" to define whether a restart of the router is to be made following the configuration (0 = no restart; 1 = restart). A restart can be used to ensure that all services are started with the new settings (VPN settings are only used following a new dial-out for example). A restart will be made at the end of the configuration in the following example: [ textconfig ]
reboot = 1
abort_on_error = 0
3.1.8 Reloading the Old Configuration after Configuration Aborts
The section "textconfig" of the ASCII configuration file contains the object "abort_on_error" to define whether the old configuration is to be reloaded in case the configuration aborts due to an error (0 = no reload of the old configuration; 1 = reload of the old configuration). The configuration aborts in case of severely faulty configurations that would result a red warning message in the web interface. This function can be used for example to secure "critical" configurations (e.g. the dial-up connection that is cur-rently used for remote configuration), by activating this function before the "critical" sec-tion and deactivating it again behind it, i.e. the old configuration will only be reloaded, if the abort happens in the "critical" section. The old configuration will be reloaded after an abort in the following example: [ textconfig ]
reboot = 0
abort_on_error = 1
10
MoRoS / MLR / SDSL ASCII Configuration File
3.1.9 Including Files
It is also possible to upload the content of other files within the ASCII configuration file. This is required to upload certificates, keys, lists, or e-mail and SSM texts for example. These files are entered in text form as object value with the respective object. Carriage returns may also be contained within the object with this. In order to upload certificates or keys for example, these will be entered as object value following the object name. For this, the certificate or key is opened in a text editor, cop-ied there, and completely pasted behind the " = " in the object. The following (short-ened) example shows the CA certificate in the ASCII configuration file: [ openvpn server dialin ]
...
ca_certificate = -----BEGIN CERTIFICATE-----
MIIC+jCCAmOgAwIBAgIBATANBgkqhkiG9w0BAQUFADCBiDELMAkGA1UEBhMCREUx
...
cNAMClSZ3yDocBkiJuL7sMqAk8uN8XI4uKSBhZ0bZUG1O5dubek/Gkl2Bkymjw==
-----END CERTIFICATE-----
The entry of lists, like the AT answer list, takes place in a similar way and is shown in the following example: [ serial ethernet modem ]
...
at_answer_list = -----BEGIN AT ANSWER LIST-----
i="Serial Ethernet Gateway Version 1.0"
-----END AT ANSWER LIST-----
The configuration of e-mail messages takes place in form of endless lists (see Endless Lists). The object value in form of further objects is entered here behind the object name "new_entry" that are separated by a semicolon " ; " from each other. The message text is then entered in the sub-object "text". This may also contain carriage returns in case for e-mails and is enclosed by the strings "-----BEGIN MESSAGE-----" and "-----END MES-SAGE-----". This may not contain carriage returns for SMS messages and is entered without any further formattings. This is shown in the following example for an e-mail message: [ email ]
start_email = 1
list = d
new_entry = recipient = [email protected] ; cause = 0001 ; attach = 0001 ; status = 1 ; text = -----BEGIN MESSAGE-----
E-Mail-Text
will be sent on system start-----END MESSAGE-----
new_entry = recipient = [email protected] ; cause = 0002 ; attach = 0004 ; text = -----BEGIN MESSAGE-----
E-mail text
Will be sent when setting up an OpenVPN tunnel-----END MESSAGE-----
11
Log File MoRoS / MLR / SDSL
4 Log File
A log file is written during the configuration file is processed. Besides start and end of the configuration, the following faults are recorded in the log file.
Unknown section
Section not available on this router (e.g. [ dialout ] on MoRoS LAN)
Missing value of an object
Unknown object The log file can be displayed on the web interface of the router in the "System" menu on the "System data" page using the link "Show text config log" and in the "System" menu on the "Download" page using the link "Text Configuration Log". A detailed description of the function for displaying the log file can be found in the op-erator manual of the router.
12
MoRoS / MLR / SDSL Configuration Using ASCII Configuration File
5 Configuration Using ASCII Configuration File
This section describes how to download an ASCII configuration file from the router, edit it accordingly, and loading it up to the router again.
Your router must be in operation and you must have access to the web interface to per-form the following steps. It is prerequisite that you are familiar with the router and have worked through the associated user manual, especially the sections "Commissioning" and "Operating Principle".
Configuration with the web interface In order to download the actual configuration of the router, right-click in the "System" menu on the "Download" page in the "Configuration" section the link "ASCII". Select "Save target as..." and save the configuration file to an ap-propriate location under a suitable name.
In order to download an empty configuration file of the router, right-click in the "System" menu on the "Download" page in the "Configuration" section the link "ASCII template". Select "Save target as..." and save the configuration file to an appropriate location under a suitable name.
Open the configuration file with a text editor and make the respective modi-fications. Save the edited configuration file again.
Delete unused sections and objects to speed up the subsequent upload.
In order to upload the edited configuration to the router again, select in the "System" menu on the "Update" page in the "Manual update" the "Browse..." button and open the configuration file to be uploaded.
Save your settings by clicking "OK".
Confirm the upload by clicking "Yes".
Note! Change of the time!
The time can be misadjusted by uploading a previously downloaded configuration.
If you load a configuration from the router, the actual time is also stored in the configuration file. If you upload this configu-ration file without deleting or editing the [ settime ] section again later, the time in the router will be overwritten with the time in the configuration file (that is wrong in the meantime).
13
Reference for the ASCII Configuration File MoRoS / MLR / SDSL
6 Reference for the ASCII Configuration File
You will find a reference of all sections with the associated objects that can appear in the ASCII configuration file in this section. Please note that the available sections, objects, and options depend on the firmware and variant of the router. If you download an actual ASCII configuration file from a router, this contains only the currently configured objects in their respective sections, i.e. objects that exist in the router indeed, but are not config-ured, are not contained. If you download an empty ASCII configuration file as template from a router, this contains all available objects of this router. Sections and objects can be deleted from or added to an ASCII configuration file. It is also possible to create an ASCII configuration file from an empty TXT file. The requirements for the ASCII configuration file that are described in the section "ASCII Configuration File" of this manual must be considered with this. [ textconfig ] reboot 0 = No restart after configuration (default)
1 = Restart after configuration abort_on_error 0 = No reload of the old configuration after abort (default)
1 = Reload of the old configuration after abort [ webinterface ] username User name for web interface access (default: insys)
The object value must be passed in single quotes! password Password for web interface access (default: moros)
The object value must be passed in single quotes! local_http 0 = Local configuration via HTTP disabled
1 = Local configuration via HTTP enabled (default) remote_http 0 = Remote configuration via HTTP disabled
1 = Remote configuration via HTTP enabled (default) remote_https 0 = Remote configuration via HTTPS disabled
1 = Remote configuration via HTTPS enabled (default) http_port HTTP port of the web interface (default: 80) https_port HTTPS port of the web interface (default: 443) location Location of the router
The object value must be passed in single quotes! [ address ] ip IP address of the router (default: 192.168.1.1) netmask Network mask of the router (default: 255.255.255.0) start_netmapping 0 = Netmapping disabled (default)
1 = Netmapping enabled
(from FW 2.6.x) virtual_net Virtual network address of the local network
(from FW 2.6.x)
14
MoRoS / MLR / SDSL Reference for the ASCII Configuration File
[ routing local ] list a = New entries are appended to existing list
d = Existing list is deleted (default) new_entry New route entry that passes the following sub-objects: net Network address of the static route netmask Net mask of the static route gateway Gateway of the static route
[ com1 ] for cellular routers pin PIN of SIM card 1 pin2 PIN of SIM card 2 provider_mode auto = Automatic log-in to standard provider of SIM
card 1
preferred = Log-in to preferred provider for SIM card 1, oth-erwise to standard provider
exclusive = Exclusive log-in to exclusive provider for SIM card 1
pref_provider Provider ID of the preferred provider for SIM card 1 excl_provider Provider ID of the exclusive provider for SIM card 1 provider_mode2 auto = Automatic log-in to standard provider of SIM
card 2
preferred = Log-in to preferred provider for SIM card 2, oth-erwise to standard provider
exclusive = Exclusive log-in to exclusive provider for SIM card 2
pref_provider2 Provider ID of the preferred provider for SIM card 2 excl_provider2 Provider ID of the exclusive provider for SIM card 2 auto_login 0 = Daily log-out and log-in disabled
1 = Daily log-out and log-in enabled (default) hour_out Daily log-out at (hour; 00-23) min_out Daily log-out at (minute; 00-59) hour_in Daily log-in at (hour; 00-23) min_in Daily log-in at (minute; 00-59)
[ com1 ] for ISDN routers msn MSN of the connection to which the router is connected caller1 Permitted caller number 1 caller2 Permitted caller number 2 caller3 Permitted caller number 3 caller4 Permitted caller number 4 caller5 Permitted caller number 5
[ com1 ] for Modem routers country Country-specific settings of the modem (default: FD) wait_for_dialtone 0 = Do not wait for dial tone before dialling (default)
1 = Wait for dial tone before dialling
15
Reference for the ASCII Configuration File MoRoS / MLR / SDSL
[ com2 ] for redundant cellular communication device pin PIN of the SIM card of the redundant communication device provider_mode auto = Automatic log-in to standard provider of SIM
card 1
preferred = Log-in to preferred provider for SIM card 1, oth-erwise to standard provider
exclusive = Exclusive log-in to exclusive provider for SIM card 1
pref_provider Provider ID of the preferred provider for SIM card 1 excl_provider Provider ID of the exclusive provider for SIM card 1 auto_login 0 = Daily log-out and log-in disabled
1 = Daily log-out and log-in enabled (default) hour_out Daily log-out at (hour; 00-23) min_out Daily log-out at (minute; 00-59) hour_in Daily log-in at (hour; 00-23) min_in Daily log-in at (minute; 00-59)
[ com2 ] for redundant ISDN communication device msn MSN of the connection to which the redundant communica-
tion device is connected caller1 Permitted caller number 1 caller2 Permitted caller number 2 caller3 Permitted caller number 3 caller4 Permitted caller number 4 caller5 Permitted caller number 5
[ com2 ] for redundant Modem communication device country Country-specific settings of the modem (default: FD) wait_for_dialtone 0 = Do not wait for dial tone before dialling (default)
1 = Wait for dial tone before dialling [ terminal1 ] not for LAN routers command AT command that is passed to the communication device
[ terminal2 ] for redundant communication device command AT command that is passed to the redundant communication
device
16
MoRoS / MLR / SDSL Reference for the ASCII Configuration File
[ dialin ] start_dialin 0 = Dial-in disabled (default)
1 = Dial-in using internal communication device
2 = Dial-in using redundant communication device
3 = Dial-in using internal or redundant communication device dialin_prio 0 = Do not prioritise dial-in over LAN (ext) (default)
1 = Prioritise dial-in over LAN (ext) idletime Idle time in seconds after which a dial-in connection without
data traffic is disconnected (default: 0, no disconnection) rings Number of ring tones until call acceptance authentication 0 = Authentication for dial-in disabled
1 = Authentication for dial-in enabled (default) username<x> User name for authentication account <x> (<x> = 0-9)
The object value must be passed in single quotes! password<x> Password for authentication account <x> (<x> = 0-9)
The object value must be passed in single quotes! auth<x> pap = Authentication for authentication account <x> via PAP
chap = Authentication for authentication account <x> via CHAP
callback<x> 0 = Call-back for authentication account <x> disabled (de-fault)
1 = Call-back for authentication account <x> enabled ip_local_intern Own IP address ip_remote_intern IP address of remote terminal ip_local_extern Own IP address of the redundant communication device ip_remote_extern IP address of remote terminal of the red. communication
device callback 0 = Automatic call-back disabled (default)
1 = Automatic call-back enabled for ISDN or Modem routers callback_mode auth = Call-back after PPP authentication
clip = Call-back after call from one of the specified numbers: clip1 Phone number 1 for which a call-back is made clip2 Phone number 2 for which a call-back is made clip3 Phone number 3 for which a call-back is made clip4 Phone number 4 for which a call-back is made clip5 Phone number 5 for which a call-back is made
17
Reference for the ASCII Configuration File MoRoS / MLR / SDSL
[ routing dialin ] default_route 0 = Set no default route
1 = Set default route (default) nat_incoming 0 = NAT for incoming packets disabled
1 = NAT for incoming packets enabled (default) nat_outgoing 0 = NAT for outgoing packets disabled
1 = NAT for outgoing packets enabled (default) list a = New entries are appended to existing list
d = Existing list is deleted (default) new_entry New route entry that passes the following sub-objects: net Network address of the route netmask Net mask of the route gateway Gateway of the route (only for LAN routers)
[ routing dialin ] start_firewall 0 = Firewall for dial-in connections disabled (default)
1 = Firewall for dial-in connections enabled list a = New entries are appended to existing list
d = Existing list is deleted (default) new_entry New permitted connection that passes the following sub-
objects: protocol icmp = ICMP protocol is used
udp = UDP protocol is used
tcp = TCP protocol is used direction in = Only incoming connections are permitted
out = Only outgoing connections are permitted
both = Incoming and outgoing connections are permitted source_ip Source IP address source_netmask Source net mask dest_port Destination port
(or start of the port range (from FW 2.6.x)) dest_port_end End of the destination port range (from FW 2.6.x) dest_ip Destination IP address dest_netmask Destination net mask dialinuser Name of the user that has dialled in
The object value must be passed in single quotes!
18
MoRoS / MLR / SDSL Reference for the ASCII Configuration File
[ openvpn server dialin ] start_openvpn_server 0 = OpenVPN server for dial-in connections disabled (default)
1 = OpenVPN server for dial-in connections enabled lport Local port of the tunnel (default: 1194) rport Remote port of the tunnel (default: 1194) protocol udp = UDP protocol is used
tcp = TCP protocol is used push_server_route 0 = Inform clients about server network disabled
1 = Inform clients about server network enabled (default)
(from FW 2.6.x) float 0 = Float (remote terminal may change its IP address) dis-
abled
1 = Float (remote terminal may change its IP address) enabled (default)
comp_lzo 0 = LZO compression disabled
1 = LZO compression enabled (default) masquerade 0 = Do not mask packets before tunnelling
1 = Mask packets before tunnelling (default) cipher BF-CBC = Encryption algorithm Blowfish 128 Bit (de-
fault)
DES-CBC = Encryption algorithm DES 64 Bit
DES-EDE-CBC = Encryption algorithm DES EDE 128 Bit
DES-EDE3-CBC = Encryption algorithm DES EDE3 192 Bit
DESX-CBC = Encryption algorithm DESX 192 Bit
CAST5-CBC = Encryption algorithm CAST5 128 Bit
IDEA-CBC = Encryption algorithm IDEA 128 Bit
RC2-CBC = Encryption algorithm RC2 128 Bit
RC2-40-CBC = Encryption algorithm RC2 40 Bit
RC2-64-CBC = Encryption algorithm RC2 64 Bit
AES-128-CBC = Encryption algorithm AES 128 Bit
AES-192-CBC = Encryption algorithm AES 192 Bit
AES-256-CBC = Encryption algorithm AES 256 Bit verb Verbosity of the messages in connection log (default: 3, 0-9) fragment Maximum size of the tunnel packets (in bytes) reneg Interval for key renegotiation (in seconds, default: 3600) ping Interval for ping dispatch to remote terminal (in seconds,
default: 30) restart Interval for ping restart (in seconds, default: 60) auth_type static = No authentication or with static key
cert = Authentication with certificates client_to_client 0 = Do not allow communication between clients (default)
1 = Allow communication between clients pool_ip IP address pool for clients pool_netmask Net mask of the IP address pool list a = New entries are appended to existing list
d = Existing list is deleted (default) remote_peer IP address or domain name of remote site remote_peer2 IP address or domain name of alternative remote site local_vpn_ip Local IP address of VPN tunnel remote_vpn_ip Remote IP address of VPN tunnel
19
Reference for the ASCII Configuration File MoRoS / MLR / SDSL
remote_net Address of network behind the VPN tunnel remote_netmask Net mask of network behind the VPN tunnel new_entry New route entry to client network that passes the following
sub-objects: common_name "Common Name" in certificate of the client net Network address of the client netmask Net mask of the client vpn_ip VPN IP address of the client
dh_parameters Diffie-Hellman parameter set crl Certificate Revocation List ca_certificate CA certificate public_certificate Public certificate of the server private_key Private key of the server static_key Static key
20
MoRoS / MLR / SDSL Reference for the ASCII Configuration File
[ openvpn client dialin ] start_openvpn_client 0 = OpenVPN client for dial-in connections disabled (default)
1 = OpenVPN client for dial-in connections enabled remote_peer IP address or domain name of remote site remote_peer2 IP address or domain name of alternative remote site lport Local port of the tunnel (default: 1194) rport Remote port of the tunnel (default: 1194) protocol udp = UDP protocol is used
tcp = TCP protocol is used defaultroute 0 = Default route disabled (default)
1 = Default route enabled
(from FW 2.6.x) bind 0 = No-bind (fix local address and port) disabled
1 = No-bind (fix local address and port) enabled (default) float 0 = Float (remote terminal may change its IP address) dis-
abled
1 = Float (remote terminal may change its IP address) enabled (default)
comp_lzo 0 = LZO compression disabled
1 = LZO compression enabled (default) masquerade 0 = Do not mask packets before tunnelling
1 = Mask packets before tunnelling (default) cipher BF-CBC = Encryption algorithm Blowfish 128 Bit (de-
fault)
DES-CBC = Encryption algorithm DES 64 Bit
DES-EDE-CBC = Encryption algorithm DES EDE 128 Bit
DES-EDE3-CBC = Encryption algorithm DES EDE3 192 Bit
DESX-CBC = Encryption algorithm DESX 192 Bit
CAST5-CBC = Encryption algorithm CAST5 128 Bit
IDEA-CBC = Encryption algorithm IDEA 128 Bit
RC2-CBC = Encryption algorithm RC2 128 Bit
RC2-40-CBC = Encryption algorithm RC2 40 Bit
RC2-64-CBC = Encryption algorithm RC2 64 Bit
AES-128-CBC = Encryption algorithm AES 128 Bit
AES-192-CBC = Encryption algorithm AES 192 Bit
AES-256-CBC = Encryption algorithm AES 256 Bit verb Verbosity of the messages in connection log (default: 3, 0-9) fragment Maximum size of the tunnel packets (in bytes) reneg Interval for key renegotiation (in seconds, default: 3600) ping Interval for ping dispatch to remote terminal (in seconds,
default: 30) restart Interval for ping restart (in seconds, default: 60) icmp_ping IP address or domain name for additional ICMP ping
21
Reference for the ASCII Configuration File MoRoS / MLR / SDSL
auth_type static = No authentication or with static key
cert = Authentication with certificates username User name of the client for log-in at the OpenVPN server
The object value must be passed in single quotes! password Password of the client for log-in at the OpenVPN server
The object value must be passed in single quotes! check_server_cert 0 = Check of certificate type of remote terminal disabled (de-
fault)
1 = Check of certificate type of remote terminal enabled local_vpn_ip Local IP address of VPN tunnel remote_vpn_ip Remote IP address of VPN tunnel remote_net Address of network behind the VPN tunnel remote_netmask Net mask of network behind the VPN tunnel ca_certificate CA certificate public_certificate Public certificate of the client private_key Private key of the client static_key Static key
[ pptp server dialin ] (from FW 2.6.x) start_pptp_server 0 = PPTP server for dial-in connections disabled (default)
1 = PPTP server for dial-in connections enabled authentication none No authentication
pap Authentication via PAP
chap Authentication via CHAP
mschap Authentication via MS-CHAP
mschap-v2 Authentication via MS-CHAP-v2 (default) encryption none No encryption
mppe-40 Encryption via MPPE-40
mppe-128 Encryption via MPPE-128 mtu MTU (Maximum Transmission Unit) mru MRU (Maximum Receive Unit) local_ip Local IP address of VPN tunnel remote_vpn_ip_start IP address pool for the clients (start of the address range) remote_vpn_ip_end IP address pool for the clients (end of the address range) list a = New entries are appended to existing list
d = Existing list is deleted (default) new_entry New user entry that passes the following sub-objects: username User name of the user password Password of the user
22
MoRoS / MLR / SDSL Reference for the ASCII Configuration File
[ pptp client dialin ] (from FW 2.6.x) start_pptp_client 0 = PPTP client for dial-in connections disabled (default)
1 = PPTP client for dial-in connections enabled remote_peer IP address or domain name of remote site username User name of the client for log-in at the PPTP server
The object value must be passed in single quotes! password Password of the client for log-in at the PPTP server
The object value must be passed in single quotes! encryption none No encryption
mppe-40 Encryption via MPPE-40
mppe-128 Encryption via MPPE-128 defaultroute 0 = Default route disabled (default)
1 = Default route enabled remote_net Local subnet of remote terminal remote_netmask Net mask of local subnet of remote terminal mtu MTU (Maximum Transmission Unit) mru MRU (Maximum Receive Unit) icmp_ping IP address or domain name for additional ICMP ping
23
Reference for the ASCII Configuration File MoRoS / MLR / SDSL
[ ipsec dialin ] FW 2.4.x start_ipsec 0 = IPsec for dial-in connections disabled (default)
1 = IPsec for dial-in connections enabled remote_peer IP address or domain name of remote site remote_net Local subnet of remote terminal remote_netmask Net mask of local subnet of remote terminal remote_id Remote terminal ID
The object value must be passed in single quotes! local_id Own ID
The object value must be passed in single quotes! auth_mode main = Authentication mode Main is used (default)
aggressive = Authentication mode Aggressive is used ike_cipher 3des = IKE encryption algorithm DES EDE3 (default)
aes128 = IKE encryption algorithm AES 128 Bit
aes192 = IKE encryption algorithm AES 192 Bit
aes256 = IKE encryption algorithm AES 256 Bit ike_hash sha1 = IKE hash algorithm SHA1 (default)
md5 = IKE hash algorithm MD5 ike_dh modp768 = Diffie-Hellman group for IKE is DH 768
modp1024 = Diffie-Hellman group for IKE is DH 1024 (de-fault)
modp1536 = Diffie-Hellman group for IKE is DH 1536 ipsec_cipher 3des = IPsec encryption algorithm DES EDE3 (default)
aes128 = IPsec encryption algorithm AES 128 Bit
aes192 = IPsec encryption algorithm AES 192 Bit
aes256 = IPsec encryption algorithm AES 256 Bit ipsec_hash sha1 = IPsec hash algorithm SHA1 (default)
md5 = IPsec hash algorithm MD5 key_attempts Maximum connection attempts (0 = infinite) nat_traversal on = NAT traversal is enabled (default)
off = NAT traversal is disabled
forced = NAT traversal is enforced keep_alive Interval of keep alive packets (in seconds, default: 10) pfs 0 = Perfect forward secrecy is disabled
1 = Perfect forward secrecy is enabled (default) dpd_interval Interval for dead peer detection (in seconds, default: 30) dpd_timeout Timeout for dead peer detection (in seconds, default: 120)
24
MoRoS / MLR / SDSL Reference for the ASCII Configuration File
dpd_action clear = Closing the connection on dead peer detection
hold = Holding the connection on dead peer detection
restart = Restarting the connection on dead peer detection (default)
key_lifetime Interval for key renegotiation (in seconds, default: 3600) icmp_ping IP address or domain name for additional ICMP ping auth_type cert = Authentication with certificates
psk = Authentication with pre-shared key (PSK) psk Pre-shared key (PSK)
The object value must be passed in single quotes! masquerade 0 = Do not mask packets through the tunnel
1 = Mask packets through the tunnel (default) ca_certificate CA certificate public_certificate Public certificate private_key Private key
25
Reference for the ASCII Configuration File MoRoS / MLR / SDSL
[ ipsec dialin ] from FW 2.5.x; <x> = 1-10 start_ipsec 0 = IPsec for dial-in connections disabled (default)
1 = IPsec for dial-in connections enabled nat_traversal on = NAT traversal is enabled (default)
off = NAT traversal is disabled
forced = NAT traversal is enforced keep_alive Interval of keep alive packets (in seconds, default: 10) start_tunnel<x> 0 = IPsec tunnel <x> disabled (default)
1 = IPsec tunnel <x> enabled tunnel_name<x> Name for IPsec tunnel <x> remote_peer<x> IP address or domain name of remote site local_net<x> Local subnet local_netmask<x> Network mask of the local subnet remote_net<x> Local subnet of remote terminal remote_netmask<x> Net mask of local subnet of remote terminal remote_id<x> Remote terminal ID
The object value must be passed in single quotes! local_id<x> Own ID
The object value must be passed in single quotes! auth_mode<x> main = Authentication mode Main is used (default)
aggressive = Authentication mode Aggressive is used ike_cipher<x> 3des = IKE encryption algorithm DES EDE3 (default)
aes128 = IKE encryption algorithm AES 128 Bit
aes192 = IKE encryption algorithm AES 192 Bit
aes256 = IKE encryption algorithm AES 256 Bit ike_hash<x> sha1 = IKE hash algorithm SHA1 (default)
md5 = IKE hash algorithm MD5 ike_dh<x> modp768 = Diffie-Hellman group for IKE is DH 768
modp1024 = Diffie-Hellman group for IKE is DH 1024 (de-fault)
modp1536 = Diffie-Hellman group for IKE is DH 1536 ipsec_cipher<x> 3des = IPsec encryption algorithm DES EDE3 (default)
aes128 = IPsec encryption algorithm AES 128 Bit
aes192 = IPsec encryption algorithm AES 192 Bit
aes256 = IPsec encryption algorithm AES 256 Bit ipsec_hash<x> sha1 = IPsec hash algorithm SHA1 (default)
md5 = IPsec hash algorithm MD5 key_attempts<x> Maximum connection attempts (0 = infinite) masquerade<x> 0 = Do not mask packets through the tunnel
1 = Mask packets through the tunnel (default) dpd_interval<x> Interval for dead peer detection (in seconds, default: 30) dpd_timeout<x> Timeout for dead peer detection (in seconds, default: 120)
26
MoRoS / MLR / SDSL Reference for the ASCII Configuration File
dpd_action<x> clear = Closing the connection on dead peer detection
hold = Holding the connection on dead peer detection
restart = Restarting the connection on dead peer detection (default)
pfs<x> 0 = Perfect forward secrecy is disabled
1 = Perfect forward secrecy is enabled (default) key_lifetime<x> Interval for key renegotiation (in seconds, default: 3600) icmp_ping<x> IP address or domain name for additional ICMP ping auth_type<x> cert = Authentication with certificates
psk = Authentication with pre-shared key (PSK) psk<x> Pre-shared key (PSK)
The object value must be passed in single quotes! ca_certificate<x> CA certificate public_certificate<x> Public certificate private_key<x> Private key
27
Reference for the ASCII Configuration File MoRoS / MLR / SDSL
[ dialout ] start_dialout 0 = Dial-out disabled (default)
1 = Dial-out using internal communication device
2 = Dial-out primarily using internal or secondarily using re-dundant communication device
3 = Dial-out primarily using redundant or secondarily using internal communication device
4 = Dial-out primarily using previously used, working com-munication device
dialnumber Phone number for target A
The object value must be passed in single quotes! dialnumber_b Phone number for target B
The object value must be passed in single quotes! username User name for target A
The object value must be passed in single quotes! username_b User name for target B
The object value must be passed in single quotes! password Password for target A
The object value must be passed in single quotes! password_b Password for target B
The object value must be passed in single quotes! auth both = Authentication for target A via PAP or CHAP
pap = Authentication for target A via PAP
chap = Authentication for target A via CHAP auth_b both = Authentication for target B via PAP or CHAP
pap = Authentication for target B via PAP
chap = Authentication for target B via CHAP apn Access point name for target A
(only for cellular routers) apn_b Access point name for target B
(only for cellular routers) sim 1 = SIM card 1 is used for target B (default)
2 = SIM card 2 is used for target B
(only for cellular routers) idletime Maximum idle time (in seconds, default: 20, 0 = unlimited) maxtime Maximum connection time (in seconds, default: 0, 0 = unlim-
ited) prio target_a = Always try target A first
last = Try last successful target first fetch_dns 0 = Do not request DNS server address
1 = Request DNS server address (default)
28
MoRoS / MLR / SDSL Reference for the ASCII Configuration File
dialnumber_extern Phone number for target A of red. communication device
The object value must be passed in single quotes! dialnumber_extern_b Phone number for target B of red. communication device
The object value must be passed in single quotes! username_extern User name for target A of red. communication device
The object value must be passed in single quotes! username_extern_b User name for target B of red. communication device
The object value must be passed in single quotes! password_extern Password for target A of red. communication device
The object value must be passed in single quotes! password_extern_b Password for target B of red. communication device
The object value must be passed in single quotes! auth_extern both = Authentication for target A of redundant communica-
tion device via PAP or CHAP
pap = Authentication for target A of redundant communica-tion device via PAP
chap = Authentication for target A of redundant communica-tion device via CHAP
auth_extern_b both = Authentication for target B of redundant communica-tion device via PAP or CHAP
pap = Authentication for target B of redundant communica-tion device via PAP
chap = Authentication for target B of redundant communica-tion device via CHAP
apn_extern Access point name for target A of red. communication device (only for cellular routers)
apn_extern_b Access point name for target B of red. communication device (only for cellular routers)
sim_extern 1 = SIM card 1 is used for target B of redundant communica-tion device (default)
2 = SIM card 2 is used for target B of redundant communica-tion device
(only for cellular routers) idletime_extern Maximum idle time (in seconds, default: 20, 0 = unlimited) of
redundant communication device maxtime_extern Maximum connection time (in seconds, default: 0, 0 = unlim-
ited) of redundant communication device prio_extern target_a = Always try target A of redundant communication
device first
last = Try last successful target of redundant communi-cation device first
fetch_dns_extern 0 = Do not request DNS server address of redundant commu-nication device
1 = Request DNS server address of redundant communication device (default)
29
Reference for the ASCII Configuration File MoRoS / MLR / SDSL
flat 0 = Leased-line operation disabled (default)
1 = Leased-line operation enabled check_interval Interval of connection check (in minutes, default: 60) check_type dns = Connection check via DNS request (default)
ping = Connection check via ping dns_target Target of connection check via DNS request ping_target Target of connection check via ping auto_daily_start 0 = Daily automatic connection set-up disabled (default)
1 = Daily automatic connection set-up enabled auto_hour_start Daily automatic connection set-up at (hour; 00-23) auto_minutes_start Daily automatic connection set-up at (minute; 00-59) auto_daily_stop 0 = Daily automatic connection clearing disabled (default)
1 = Daily automatic connection clearing enabled auto_hour_stop Daily automatic connection clearing at (hour; 00-23) auto_minutes_stop Daily automatic connection clearing at (minute; 00-59)
[ routing dialout ] default_route 0 = Set no default route
1 = Set default route (default) nat_incoming 0 = NAT for incoming packets disabled
1 = NAT for incoming packets enabled (default) nat_outgoing 0 = NAT for outgoing packets disabled
1 = NAT for outgoing packets enabled (default) list a = New entries are appended to existing list
d = Existing list is deleted (default) new_entry New route entry that passes the following sub-objects: net Network address of the route netmask Net mask of the route gateway Gateway of the route (only for LAN routers)
[ dialfilters dialout ] start_dialfilter 0 = Dial filter for dial-out connections disabled (default)
1 = Dial filter for dial-out connections enabled list a = New entries are appended to existing list
d = Existing list is deleted (default) new_entry New dial filter rule that passes the following sub-objects: protocol icmp = ICMP protocol is used
udp = UDP protocol is used
tcp = TCP protocol is used source_ip Source IP address source_netmask Source net mask dest_port Destination port dest_ip Destination IP address dest_netmask Destination net mask dns 0 = DNS requests from source IP address must not initiate a
connection (default)
1 = DNS requests from source IP address may initiate a con-nection
30
MoRoS / MLR / SDSL Reference for the ASCII Configuration File
[ firewall dialout ] start_firewall 0 = Firewall for dial-out connections disabled (default)
1 = Firewall for dial-out connections enabled list a = New entries are appended to existing list
d = Existing list is deleted (default) new_entry New permitted connection that passes the following sub-
objects: protocol icmp = ICMP protocol is used
udp = UDP protocol is used
tcp = TCP protocol is used direction in = Only incoming connections are permitted
out = Only outgoing connections are permitted
both = Incoming and outgoing connections are permitted source_ip Source IP address source_netmask Source net mask dest_port Destination port
(or start of the port range (from FW 2.6.x)) dest_port_end End of the destination port range (from FW 2.6.x) dest_ip Destination IP address dest_netmask Destination net mask
[ portforward dialout ] start_portforwarding 0 = Port forwarding for dial-out connections disabled
1 = Port forwarding for dial-out connections enabled (default) exposed_host IP address of exposed host list a = New entries are appended to existing list
d = Existing list is deleted (default) new_entry New permitted connection that passes the following sub-
objects: protocol icmp = ICMP protocol is used
udp = UDP protocol is used
tcp = TCP protocol is used
esp = ESP protocol is used source_port_start Start of port range for forwarding source_port_end End of port range for forwarding dest_ip IP address of forwarding destination dest_port Port of forwarding destination
31
Reference for the ASCII Configuration File MoRoS / MLR / SDSL
[ openvpn server dialout ] start_openvpn_server 0 = OpenVPN server for dial-out connections disabled (de-
fault)
1 = OpenVPN server for dial-out connections enabled lport Local port of the tunnel (default: 1194) rport Remote port of the tunnel (default: 1194) protocol udp = UDP protocol is used
tcp = TCP protocol is used push_server_route 0 = Inform clients about server network disabled
1 = Inform clients about server network enabled (default)
(from FW 2.6.x) float 0 = Float (remote terminal may change its IP address) dis-
abled
1 = Float (remote terminal may change its IP address) enabled (default)
comp_lzo 0 = LZO compression disabled
1 = LZO compression enabled (default) masquerade 0 = Do not mask packets before tunnelling
1 = Mask packets before tunnelling (default) cipher BF-CBC = Encryption algorithm Blowfish 128 Bit (de-
fault)
DES-CBC = Encryption algorithm DES 64 Bit
DES-EDE-CBC = Encryption algorithm DES EDE 128 Bit
DES-EDE3-CBC = Encryption algorithm DES EDE3 192 Bit
DESX-CBC = Encryption algorithm DESX 192 Bit
CAST5-CBC = Encryption algorithm CAST5 128 Bit
IDEA-CBC = Encryption algorithm IDEA 128 Bit
RC2-CBC = Encryption algorithm RC2 128 Bit
RC2-40-CBC = Encryption algorithm RC2 40 Bit
RC2-64-CBC = Encryption algorithm RC2 64 Bit
AES-128-CBC = Encryption algorithm AES 128 Bit
AES-192-CBC = Encryption algorithm AES 192 Bit
AES-256-CBC = Encryption algorithm AES 256 Bit verb Verbosity of the messages in connection log (default: 3, 0-9) fragment Maximum size of the tunnel packets (in bytes) reneg Interval for key renegotiation (in seconds, default: 3600) ping Interval for ping dispatch to remote terminal (in seconds,
default: 30) restart Interval for ping restart (in seconds, default: 60) auth_type static = No authentication or with static key
cert = Authentication with certificates client_to_client 0 = Do not allow communication between clients (default)
1 = Allow communication between clients pool_ip IP address pool for clients pool_netmask Net mask of the IP address pool list a = New entries are appended to existing list
d = Existing list is deleted (default) remote_peer IP address or domain name of remote site remote_peer2 IP address or domain name of alternative remote site local_vpn_ip Local IP address of VPN tunnel
32
MoRoS / MLR / SDSL Reference for the ASCII Configuration File
remote_vpn_ip Remote IP address of VPN tunnel remote_net Address of network behind the VPN tunnel remote_netmask Net mask of network behind the VPN tunnel new_entry New route entry to client network that passes the following
sub-objects: common_name "Common Name" in certificate of the client net Network address of the client netmask Net mask of the client vpn_ip VPN IP address of the client
dh_parameters Diffie-Hellman parameter set crl Certificate Revocation List ca_certificate CA certificate public_certificate Public certificate of the server private_key Private key of the server static_key Static key
33
Reference for the ASCII Configuration File MoRoS / MLR / SDSL
[ openvpn client dialout ] start_openvpn_client 0 = OpenVPN client for dial-out connections disabled (de-
fault)
1 = OpenVPN client for dial-out connections enabled remote_peer IP address or domain name of remote site remote_peer2 IP address or domain name of alternative remote site lport Local port of the tunnel (default: 1194) rport Remote port of the tunnel (default: 1194) protocol udp = UDP protocol is used
tcp = TCP protocol is used defaultroute 0 = Default route disabled (default)
1 = Default route enabled
(from FW 2.6.x) bind 0 = No-bind (fix local address and port) disabled
1 = No-bind (fix local address and port) enabled (default) float 0 = Float (remote terminal may change its IP address) dis-
abled
1 = Float (remote terminal may change its IP address) enabled (default)
comp_lzo 0 = LZO compression disabled
1 = LZO compression enabled (default) masquerade 0 = Do not mask packets before tunnelling
1 = Mask packets before tunnelling (default) cipher BF-CBC = Encryption algorithm Blowfish 128 Bit (de-
fault)
DES-CBC = Encryption algorithm DES 64 Bit
DES-EDE-CBC = Encryption algorithm DES EDE 128 Bit
DES-EDE3-CBC = Encryption algorithm DES EDE3 192 Bit
DESX-CBC = Encryption algorithm DESX 192 Bit
CAST5-CBC = Encryption algorithm CAST5 128 Bit
IDEA-CBC = Encryption algorithm IDEA 128 Bit
RC2-CBC = Encryption algorithm RC2 128 Bit
RC2-40-CBC = Encryption algorithm RC2 40 Bit
RC2-64-CBC = Encryption algorithm RC2 64 Bit
AES-128-CBC = Encryption algorithm AES 128 Bit
AES-192-CBC = Encryption algorithm AES 192 Bit
AES-256-CBC = Encryption algorithm AES 256 Bit verb Verbosity of the messages in connection log (default: 3, 0-9) fragment Maximum size of the tunnel packets (in bytes) reneg Interval for key renegotiation (in seconds, default: 3600) ping Interval for ping dispatch to remote terminal (in seconds,
default: 30) restart Interval for ping restart (in seconds, default: 60) icmp_ping IP address or domain name for additional ICMP ping
34
MoRoS / MLR / SDSL Reference for the ASCII Configuration File
auth_type static = No authentication or with static key
cert = Authentication with certificates username User name of the client for log-in at the OpenVPN server
The object value must be passed in single quotes! password Password of the client for log-in at the OpenVPN server
The object value must be passed in single quotes! check_server_cert 0 = Check of certificate type of remote terminal disabled (de-
fault)
1 = Check of certificate type of remote terminal enabled local_vpn_ip Local IP address of VPN tunnel remote_vpn_ip Remote IP address of VPN tunnel remote_net Address of network behind the VPN tunnel remote_netmask Net mask of network behind the VPN tunnel ca_certificate CA certificate public_certificate Public certificate of the client private_key Private key of the client static_key Static key
[ pptp server dialout ] (from FW 2.6.x) start_pptp_server 0 = PPTP server for dial-out connections disabled (default)
1 = PPTP server for dial-out connections enabled authentication none No authentication
pap Authentication via PAP
chap Authentication via CHAP
mschap Authentication via MS-CHAP
mschap-v2 Authentication via MS-CHAP-v2 (default) encryption none No encryption
mppe-40 Encryption via MPPE-40
mppe-128 Encryption via MPPE-128 mtu MTU (Maximum Transmission Unit) mru MRU (Maximum Receive Unit) local_ip Local IP address of VPN tunnel remote_vpn_ip_start IP address pool for the clients (start of the address range) remote_vpn_ip_end IP address pool for the clients (end of the address range) list a = New entries are appended to existing list
d = Existing list is deleted (default) new_entry New user entry that passes the following sub-objects: username User name of the user password Password of the user
35
Reference for the ASCII Configuration File MoRoS / MLR / SDSL
[ pptp client dialout ] (from FW 2.6.x) start_pptp_client 0 = PPTP client for dial-out connections disabled (default)
1 = PPTP client for dial-out connections enabled remote_peer IP address or domain name of remote site username User name of the client for log-in at the PPTP server
The object value must be passed in single quotes! password Password of the client for log-in at the PPTP server
The object value must be passed in single quotes! encryption none No encryption
mppe-40 Encryption via MPPE-40
mppe-128 Encryption via MPPE-128 defaultroute 0 = Default route disabled (default)
1 = Default route enabled remote_net Local subnet of remote terminal remote_netmask Net mask of local subnet of remote terminal mtu MTU (Maximum Transmission Unit) mru MRU (Maximum Receive Unit) icmp_ping IP address or domain name for additional ICMP ping
36
MoRoS / MLR / SDSL Reference for the ASCII Configuration File
[ ipsec dialout ] FW 2.4.x start_ipsec 0 = IPsec for dial-out connections disabled (default)
1 = IPsec for dial-out connections enabled remote_peer IP address or domain name of remote site remote_net Local subnet of remote terminal remote_netmask Net mask of local subnet of remote terminal remote_id Remote terminal ID
The object value must be passed in single quotes! local_id Own ID
The object value must be passed in single quotes! auth_mode main = Authentication mode Main is used (default)
aggressive = Authentication mode Aggressive is used ike_cipher 3des = IKE encryption algorithm DES EDE3 (default)
aes128 = IKE encryption algorithm AES 128 Bit
aes192 = IKE encryption algorithm AES 192 Bit
aes256 = IKE encryption algorithm AES 256 Bit ike_hash sha1 = IKE hash algorithm SHA1 (default)
md5 = IKE hash algorithm MD5 ike_dh modp768 = Diffie-Hellman group for IKE is DH 768
modp1024 = Diffie-Hellman group for IKE is DH 1024 (de-fault)
modp1536 = Diffie-Hellman group for IKE is DH 1536 ipsec_cipher 3des = IPsec encryption algorithm DES EDE3 (default)
aes128 = IPsec encryption algorithm AES 128 Bit
aes192 = IPsec encryption algorithm AES 192 Bit
aes256 = IPsec encryption algorithm AES 256 Bit ipsec_hash sha1 = IPsec hash algorithm SHA1 (default)
md5 = IPsec hash algorithm MD5 key_attempts Maximum connection attempts (0 = infinite) nat_traversal on = NAT traversal is enabled (default)
off = NAT traversal is disabled
forced = NAT traversal is enforced keep_alive Interval of keep alive packets (in seconds, default: 10) pfs 0 = Perfect forward secrecy is disabled
1 = Perfect forward secrecy is enabled (default) dpd_interval Interval for dead peer detection (in seconds, default: 30) dpd_timeout Timeout for dead peer detection (in seconds, default: 120)
37
Reference for the ASCII Configuration File MoRoS / MLR / SDSL
dpd_action clear = Closing the connection on dead peer detection
hold = Holding the connection on dead peer detection
restart = Restarting the connection on dead peer detection (default)
key_lifetime Interval for key renegotiation (in seconds, default: 3600) icmp_ping IP address or domain name for additional ICMP ping auth_type cert = Authentication with certificates
psk = Authentication with pre-shared key (PSK) psk Pre-shared key (PSK)
The object value must be passed in single quotes! masquerade 0 = Do not mask packets through the tunnel
1 = Mask packets through the tunnel (default) ca_certificate CA certificate public_certificate Public certificate private_key Private key
38
MoRoS / MLR / SDSL Reference for the ASCII Configuration File
[ ipsec dialout ] from FW 2.5.x; <x> = 1-10 start_ipsec 0 = IPsec for dial-out connections disabled (default)
1 = IPsec for dial-out connections enabled nat_traversal on = NAT traversal is enabled (default)
off = NAT traversal is disabled
forced = NAT traversal is enforced keep_alive Interval of keep alive packets (in seconds, default: 10) start_tunnel<x> 0 = IPsec tunnel <x> disabled (default)
1 = IPsec tunnel <x> enabled tunnel_name<x> Name for IPsec tunnel <x> remote_peer<x> IP address or domain name of remote site local_net<x> Local subnet local_netmask<x> Network mask of the local subnet remote_net<x> Local subnet of remote terminal remote_netmask<x> Net mask of local subnet of remote terminal remote_id<x> Remote terminal ID
The object value must be passed in single quotes! local_id<x> Own ID
The object value must be passed in single quotes! auth_mode<x> main = Authentication mode Main is used (default)
aggressive = Authentication mode Aggressive is used ike_cipher<x> 3des = IKE encryption algorithm DES EDE3 (default)
aes128 = IKE encryption algorithm AES 128 Bit
aes192 = IKE encryption algorithm AES 192 Bit
aes256 = IKE encryption algorithm AES 256 Bit ike_hash<x> sha1 = IKE hash algorithm SHA1 (default)
md5 = IKE hash algorithm MD5 ike_dh<x> modp768 = Diffie-Hellman group for IKE is DH 768
modp1024 = Diffie-Hellman group for IKE is DH 1024 (de-fault)
modp1536 = Diffie-Hellman group for IKE is DH 1536 ipsec_cipher<x> 3des = IPsec encryption algorithm DES EDE3 (default)
aes128 = IPsec encryption algorithm AES 128 Bit
aes192 = IPsec encryption algorithm AES 192 Bit
aes256 = IPsec encryption algorithm AES 256 Bit ipsec_hash<x> sha1 = IPsec hash algorithm SHA1 (default)
md5 = IPsec hash algorithm MD5 key_attempts<x> Maximum connection attempts (0 = infinite) masquerade<x> 0 = Do not mask packets through the tunnel
1 = Mask packets through the tunnel (default) dpd_interval<x> Interval for dead peer detection (in seconds, default: 30) dpd_timeout<x> Timeout for dead peer detection (in seconds, default: 120)
39
Reference for the ASCII Configuration File MoRoS / MLR / SDSL
dpd_action<x> clear = Closing the connection on dead peer detection
hold = Holding the connection on dead peer detection
restart = Restarting the connection on dead peer detection (default)
pfs<x> 0 = Perfect forward secrecy is disabled
1 = Perfect forward secrecy is enabled (default) key_lifetime<x> Interval for key renegotiation (in seconds, default: 3600) icmp_ping<x> IP address or domain name for additional ICMP ping auth_type<x> cert = Authentication with certificates
psk = Authentication with pre-shared key (PSK) psk<x> Pre-shared key (PSK)
The object value must be passed in single quotes! ca_certificate<x> CA certificate public_certificate<x> Public certificate private_key<x> Private key
[ lanext ] lan_ext_mode off = LAN (ext) interface disabled (default)
bridge = LAN (ext) behaves like another switch port
dsl = DSL connection enabled
dhcp = DHCP client enabled
static = Set static IP address: ip IP address of LAN (ext) interface (default: 192.168.2.1) netmask Net mask of LAN (ext) interface (default: 255.255.255.0)
[ sdsl ] for SDSL routers mode_ch1 cpe = Device is operated in operating mode CPE (default)
co = Device is operated in operating mode CO annex b = Device uses Annex B for modulation (default)
a = Device uses Annex A for modulation aggregate 0 = Channels are not bundled (default)
1 = Channels are bundled min_rate_ch1 Minimum speed on channel 1 in Bit/s (default: 192000, see
web interface for possible values) max_rate_ch1 Maximum speed on channel 1 in Bit/s (default: 5696000, see
web interface for possible values) line_probing_ch1 0 = Maximum speed is not negotiated automatically
1 = Maximum speed is negotiated automatically (default) min_rate_ch2 Minimum speed on channel 2 in Bit/s (default: 192000, see
web interface for possible values) max_rate_ch2 Maximum speed on channel 2 in Bit/s (default: 5696000, see
web interface for possible values) line_probing_ch2 0 = Maximum speed is not negotiated automatically
1 = Maximum speed is negotiated automatically (default)
40
MoRoS / MLR / SDSL Reference for the ASCII Configuration File
[ redundant ] not for LAN routers w/o redundant communication device start_redundant 0 = Redundant WAN disabled (default)
1 = Redundant WAN enabled check_interval Interval of connection check (in minutes, default: 5) check_type dns = Connection check via DNS request (default)
ping = Connection check via ping dns_target Target of connection check via DNS request ping_target Target of connection check via ping fallback_interval Interval for fall-back to LAN (ext) (in minutes, default: 5)
[ dsl ] username User name for dial-in to DSL provider
The object value must be passed in single quotes! password Password for dial-in to DSL provider
The object value must be passed in single quotes! idletime Maximum idle time (in seconds, default: 20, 0 = unlimited) maxtime Maximum connection time (in seconds, default: 0, 0 = unlim-
ited) mtu MTU (Maximum Transmission Unit) mru MRU (Maximum Receive Unit) fetch_dns 0 = Do not request DNS server address
1 = Request DNS server address (default) flat 0 = Leased-line operation disabled (default)
1 = Leased-line operation enabled check_interval Interval of connection check (in minutes, default: 60) check_type dns = Connection check via DNS request (default)
ping = Connection check via ping dns_target Target of connection check via DNS request ping_target Target of connection check via ping auto_daily_start 0 = Daily automatic connection set-up disabled (default)
1 = Daily automatic connection set-up enabled auto_hour_start Daily automatic connection set-up at (hour; 00-23) auto_minutes_start Daily automatic connection set-up at (minute; 00-59) auto_daily_stop 0 = Daily automatic connection clearing disabled (default)
1 = Daily automatic connection clearing enabled auto_hour_stop Daily automatic connection clearing at (hour; 00-23) auto_minutes_stop Daily automatic connection clearing at (minute; 00-59)
41
Reference for the ASCII Configuration File MoRoS / MLR / SDSL
[ routing lan ] default_route 0 = Set no default route
1 = Set default route (default) default_gateway IP address of default gateway nat_incoming 0 = NAT for incoming packets disabled
1 = NAT for incoming packets enabled (default) nat_outgoing 0 = NAT for outgoing packets disabled
1 = NAT for outgoing packets enabled (default) list a = New entries are appended to existing list
d = Existing list is deleted (default) new_entry New route entry that passes the following sub-objects: net Network address of the route netmask Net mask of the route gateway Gateway of the route
[ dialfilters lan ] start_dialfilter 0 = Dial filter for LAN (ext) interface disabled (default)
1 = Dial filter for LAN (ext) interface enabled list a = New entries are appended to existing list
d = Existing list is deleted (default) new_entry New dial filter rule that passes the following sub-objects: protocol icmp = ICMP protocol is used
udp = UDP protocol is used
tcp = TCP protocol is used source_ip Source IP address source_netmask Source net mask dest_port Destination port dest_ip Destination IP address dest_netmask Destination net mask dns 0 = DNS requests from source IP address must not initiate a
connection (default)
1 = DNS requests from source IP address may initiate a con-nection
42
MoRoS / MLR / SDSL Reference for the ASCII Configuration File
[ firewall lan ] start_firewall 0 = Firewall for LAN (ext) interface disabled (default)
1 = Firewall for LAN (ext) interface enabled list a = New entries are appended to existing list
d = Existing list is deleted (default) new_entry New permitted connection that passes the following sub-
objects: protocol icmp = ICMP protocol is used
udp = UDP protocol is used
tcp = TCP protocol is used direction in = Only incoming connections are permitted
out = Only outgoing connections are permitted
both = Incoming and outgoing connections are permitted source_ip Source IP address source_netmask Source net mask dest_port Destination port
(or start of the port range (from FW 2.6.x)) dest_port_end End of the destination port range (from FW 2.6.x) dest_ip Destination IP address dest_netmask Destination net mask
[ portforward lan ] start_portforwarding 0 = Port forwarding for LAN (ext) interface disabled
1 = Port forwarding for LAN (ext) interface enabled (default) exposed_host IP address of exposed host list a = New entries are appended to existing list
d = Existing list is deleted (default) new_entry New permitted connection that passes the following sub-
objects: protocol icmp = ICMP protocol is used
udp = UDP protocol is used
tcp = TCP protocol is used
esp = ESP protocol is used source_port_start Start of port range for forwarding source_port_end End of port range for forwarding dest_ip IP address of forwarding destination dest_port Port of forwarding destination
43
Reference for the ASCII Configuration File MoRoS / MLR / SDSL
[ openvpn server lan ] start_openvpn_server 0 = OpenVPN server for LAN (ext) interface disabled (default)
1 = OpenVPN server for LAN (ext) interface enabled lport Local port of the tunnel (default: 1194) rport Remote port of the tunnel (default: 1194) protocol udp = UDP protocol is used
tcp = TCP protocol is used push_server_route 0 = Inform clients about server network disabled
1 = Inform clients about server network enabled (default)
(from FW 2.6.x) float 0 = Float (remote terminal may change its IP address) dis-
abled
1 = Float (remote terminal may change its IP address) enabled (default)
comp_lzo 0 = LZO compression disabled
1 = LZO compression enabled (default) masquerade 0 = Do not mask packets before tunnelling
1 = Mask packets before tunnelling (default) cipher BF-CBC = Encryption algorithm Blowfish 128 Bit (de-
fault)
DES-CBC = Encryption algorithm DES 64 Bit
DES-EDE-CBC = Encryption algorithm DES EDE 128 Bit
DES-EDE3-CBC = Encryption algorithm DES EDE3 192 Bit
DESX-CBC = Encryption algorithm DESX 192 Bit
CAST5-CBC = Encryption algorithm CAST5 128 Bit
IDEA-CBC = Encryption algorithm IDEA 128 Bit
RC2-CBC = Encryption algorithm RC2 128 Bit
RC2-40-CBC = Encryption algorithm RC2 40 Bit
RC2-64-CBC = Encryption algorithm RC2 64 Bit
AES-128-CBC = Encryption algorithm AES 128 Bit
AES-192-CBC = Encryption algorithm AES 192 Bit
AES-256-CBC = Encryption algorithm AES 256 Bit verb Verbosity of the messages in connection log (default: 3, 0-9) fragment Maximum size of the tunnel packets (in bytes) reneg Interval for key renegotiation (in seconds, default: 3600) ping Interval for ping dispatch to remote terminal (in seconds,
default: 30) restart Interval for ping restart (in seconds, default: 60) auth_type static = No authentication or with static key
cert = Authentication with certificates client_to_client 0 = Do not allow communication between clients (default)
1 = Allow communication between clients pool_ip IP address pool for clients pool_netmask Net mask of the IP address pool list a = New entries are appended to existing list
d = Existing list is deleted (default) remote_peer IP address or domain name of remote site remote_peer2 IP address or domain name of alternative remote site local_vpn_ip Local IP address of VPN tunnel remote_vpn_ip Remote IP address of VPN tunnel
44
MoRoS / MLR / SDSL Reference for the ASCII Configuration File
remote_net Address of network behind the VPN tunnel remote_netmask Net mask of network behind the VPN tunnel new_entry New route entry to client network that passes the following
sub-objects: common_name "Common Name" in certificate of the client net Network address of the client netmask Net mask of the client vpn_ip VPN IP address of the client
dh_parameters Diffie-Hellman parameter set crl Certificate Revocation List ca_certificate CA certificate public_certificate Public certificate of the server private_key Private key of the server static_key Static key
45
Reference for the ASCII Configuration File MoRoS / MLR / SDSL
[ openvpn client lan ] start_openvpn_client 0 = OpenVPN client for LAN (ext) interface disabled (default)
1 = OpenVPN client for LAN (ext) interface enabled remote_peer IP address or domain name of remote site remote_peer2 IP address or domain name of alternative remote site lport Local port of the tunnel (default: 1194) rport Remote port of the tunnel (default: 1194) protocol udp = UDP protocol is used
tcp = TCP protocol is used defaultroute 0 = Default route disabled (default)
1 = Default route enabled
(from FW 2.6.x) bind 0 = No-bind (fix local address and port) disabled
1 = No-bind (fix local address and port) enabled (default) float 0 = Float (remote terminal may change its IP address) dis-
abled
1 = Float (remote terminal may change its IP address) enabled (default)
comp_lzo 0 = LZO compression disabled
1 = LZO compression enabled (default) masquerade 0 = Do not mask packets before tunnelling
1 = Mask packets before tunnelling (default) cipher BF-CBC = Encryption algorithm Blowfish 128 Bit (de-
fault)
DES-CBC = Encryption algorithm DES 64 Bit
DES-EDE-CBC = Encryption algorithm DES EDE 128 Bit
DES-EDE3-CBC = Encryption algorithm DES EDE3 192 Bit
DESX-CBC = Encryption algorithm DESX 192 Bit
CAST5-CBC = Encryption algorithm CAST5 128 Bit
IDEA-CBC = Encryption algorithm IDEA 128 Bit
RC2-CBC = Encryption algorithm RC2 128 Bit
RC2-40-CBC = Encryption algorithm RC2 40 Bit
RC2-64-CBC = Encryption algorithm RC2 64 Bit
AES-128-CBC = Encryption algorithm AES 128 Bit
AES-192-CBC = Encryption algorithm AES 192 Bit
AES-256-CBC = Encryption algorithm AES 256 Bit verb Verbosity of the messages in connection log (default: 3, 0-9) fragment Maximum size of the tunnel packets (in bytes) reneg Interval for key renegotiation (in seconds, default: 3600) ping Interval for ping dispatch to remote terminal (in seconds,
default: 30) restart Interval for ping restart (in seconds, default: 60) icmp_ping IP address or domain name for additional ICMP ping
46
MoRoS / MLR / SDSL Reference for the ASCII Configuration File
auth_type static = No authentication or with static key
cert = Authentication with certificates username User name of the client for log-in at the OpenVPN server
The object value must be passed in single quotes! password Password of the client for log-in at the OpenVPN server
The object value must be passed in single quotes! check_server_cert 0 = Check of certificate type of remote terminal disabled (de-
fault)
1 = Check of certificate type of remote terminal enabled local_vpn_ip Local IP address of VPN tunnel remote_vpn_ip Remote IP address of VPN tunnel remote_net Address of network behind the VPN tunnel remote_netmask Net mask of network behind the VPN tunnel ca_certificate CA certificate public_certificate Public certificate of the client private_key Private key of the client static_key Static key
[ pptp server lan ] (from FW 2.6.x) start_pptp_server 0 = PPTP server for LAN (ext) interface disabled (default)
1 = PPTP server for LAN (ext) interface enabled authentication none No authentication
pap Authentication via PAP
chap Authentication via CHAP
mschap Authentication via MS-CHAP
mschap-v2 Authentication via MS-CHAP-v2 (default) encryption none No encryption
mppe-40 Encryption via MPPE-40
mppe-128 Encryption via MPPE-128 mtu MTU (Maximum Transmission Unit) mru MRU (Maximum Receive Unit) local_ip Local IP address of VPN tunnel remote_vpn_ip_start IP address pool for the clients (start of the address range) remote_vpn_ip_end IP address pool for the clients (end of the address range) list a = New entries are appended to existing list
d = Existing list is deleted (default) new_entry New user entry that passes the following sub-objects: username User name of the user password Password of the user
47
Reference for the ASCII Configuration File MoRoS / MLR / SDSL
[ pptp client lan ] (from FW 2.6.x) start_pptp_client 0 = PPTP client for LAN (ext) interface disabled (default)
1 = PPTP client for LAN (ext) interface enabled remote_peer IP address or domain name of remote site username User name of the client for log-in at the PPTP server
The object value must be passed in single quotes! password Password of the client for log-in at the PPTP server
The object value must be passed in single quotes! encryption none No encryption
mppe-40 Encryption via MPPE-40
mppe-128 Encryption via MPPE-128 defaultroute 0 = Default route disabled (default)
1 = Default route enabled remote_net Local subnet of remote terminal remote_netmask Net mask of local subnet of remote terminal mtu MTU (Maximum Transmission Unit) mru MRU (Maximum Receive Unit) icmp_ping IP address or domain name for additional ICMP ping
48
MoRoS / MLR / SDSL Reference for the ASCII Configuration File
[ ipsec lan ] FW 2.4.x start_ipsec 0 = IPsec for LAN (ext) interface disabled (default)
1 = IPsec for LAN (ext) interface enabled remote_peer IP address or domain name of remote site remote_net Local subnet of remote terminal remote_netmask Net mask of local subnet of remote terminal remote_id Remote terminal ID
The object value must be passed in single quotes! local_id Own ID
The object value must be passed in single quotes! auth_mode main = Authentication mode Main is used (default)
aggressive = Authentication mode Aggressive is used ike_cipher 3des = IKE encryption algorithm DES EDE3 (default)
aes128 = IKE encryption algorithm AES 128 Bit
aes192 = IKE encryption algorithm AES 192 Bit
aes256 = IKE encryption algorithm AES 256 Bit ike_hash sha1 = IKE hash algorithm SHA1 (default)
md5 = IKE hash algorithm MD5 ike_dh modp768 = Diffie-Hellman group for IKE is DH 768
modp1024 = Diffie-Hellman group for IKE is DH 1024 (de-fault)
modp1536 = Diffie-Hellman group for IKE is DH 1536 ipsec_cipher 3des = IPsec encryption algorithm DES EDE3 (default)
aes128 = IPsec encryption algorithm AES 128 Bit
aes192 = IPsec encryption algorithm AES 192 Bit
aes256 = IPsec encryption algorithm AES 256 Bit ipsec_hash sha1 = IPsec hash algorithm SHA1 (default)
md5 = IPsec hash algorithm MD5 key_attempts Maximum connection attempts (0 = infinite) nat_traversal on = NAT traversal is enabled (default)
off = NAT traversal is disabled
forced = NAT traversal is enforced keep_alive Interval of keep alive packets (in seconds, default: 10) pfs 0 = Perfect forward secrecy is disabled
1 = Perfect forward secrecy is enabled (default) dpd_interval Interval for dead peer detection (in seconds, default: 30) dpd_timeout Timeout for dead peer detection (in seconds, default: 120)
49
Reference for the ASCII Configuration File MoRoS / MLR / SDSL
dpd_action clear = Closing the connection on dead peer detection
hold = Holding the connection on dead peer detection
restart = Restarting the connection on dead peer detection (default)
key_lifetime Interval for key renegotiation (in seconds, default: 3600) icmp_ping IP address or domain name for additional ICMP ping auth_type cert = Authentication with certificates
psk = Authentication with pre-shared key (PSK) psk Pre-shared key (PSK)
The object value must be passed in single quotes! masquerade 0 = Do not mask packets through the tunnel
1 = Mask packets through the tunnel (default) ca_certificate CA certificate public_certificate Public certificate private_key Private key
50
MoRoS / MLR / SDSL Reference for the ASCII Configuration File
[ ipsec lan ] from FW 2.5.x; <x> = 1-10 start_ipsec 0 = IPsec for LAN (ext) interface disabled (default)
1 = IPsec for LAN (ext) interface enabled nat_traversal on = NAT traversal is enabled (default)
off = NAT traversal is disabled
forced = NAT traversal is enforced keep_alive Interval of keep alive packets (in seconds, default: 10) start_tunnel<x> 0 = IPsec tunnel <x> disabled (default)
1 = IPsec tunnel <x> enabled tunnel_name<x> Name for IPsec tunnel <x> remote_peer<x> IP address or domain name of remote site local_net<x> Local subnet local_netmask<x> Network mask of the local subnet remote_net<x> Local subnet of remote terminal remote_netmask<x> Net mask of local subnet of remote terminal remote_id<x> Remote terminal ID
The object value must be passed in single quotes! local_id<x> Own ID
The object value must be passed in single quotes! auth_mode<x> main = Authentication mode Main is used (default)
aggressive = Authentication mode Aggressive is used ike_cipher<x> 3des = IKE encryption algorithm DES EDE3 (default)
aes128 = IKE encryption algorithm AES 128 Bit
aes192 = IKE encryption algorithm AES 192 Bit
aes256 = IKE encryption algorithm AES 256 Bit ike_hash<x> sha1 = IKE hash algorithm SHA1 (default)
md5 = IKE hash algorithm MD5 ike_dh<x> modp768 = Diffie-Hellman group for IKE is DH 768
modp1024 = Diffie-Hellman group for IKE is DH 1024 (de-fault)
modp1536 = Diffie-Hellman group for IKE is DH 1536 ipsec_cipher<x> 3des = IPsec encryption algorithm DES EDE3 (default)
aes128 = IPsec encryption algorithm AES 128 Bit
aes192 = IPsec encryption algorithm AES 192 Bit
aes256 = IPsec encryption algorithm AES 256 Bit ipsec_hash<x> sha1 = IPsec hash algorithm SHA1 (default)
md5 = IPsec hash algorithm MD5 key_attempts<x> Maximum connection attempts (0 = infinite) masquerade<x> 0 = Do not mask packets through the tunnel
1 = Mask packets through the tunnel (default) dpd_interval<x> Interval for dead peer detection (in seconds, default: 30) dpd_timeout<x> Timeout for dead peer detection (in seconds, default: 120)
51
Reference for the ASCII Configuration File MoRoS / MLR / SDSL
dpd_action<x> clear = Closing the connection on dead peer detection
hold = Holding the connection on dead peer detection
restart = Restarting the connection on dead peer detection (default)
pfs<x> 0 = Perfect forward secrecy is disabled
1 = Perfect forward secrecy is enabled (default) key_lifetime<x> Interval for key renegotiation (in seconds, default: 3600) icmp_ping<x> IP address or domain name for additional ICMP ping auth_type<x> cert = Authentication with certificates
psk = Authentication with pre-shared key (PSK) psk<x> Pre-shared key (PSK)
The object value must be passed in single quotes! ca_certificate<x> CA certificate public_certificate<x> Public certificate private_key<x> Private key
[ inputs ] in2 off = Input 2 has no function (default)
dialout = Set-up dial-out connection with input 2
openvpn = Set-up OpenVPN tunnel with input 2
ipsec = Set-up IPsec tunnel with input 2
serial = Set-up serial Ethernet connection with input 2 in2_dial_exclusive 0 = Do not set-up dial-out connection exclusively (default)
1 = Set-up dial-out connection exclusively in2_dial_stop 0 = Do not close dial-out connection if input is open again
(default)
1 = Close dial-out connection if input is open again in2_openvpn_exclusive 0 = Do not set-up OpenVPN tunnel exclusively (default)
1 = Set-up OpenVPN tunnel exclusively via input in2_openvpn_stop 0 = Do not close OpenVPN tunnel if input is open again (de-
fault)
1 = Close OpenVPN tunnel if input is open again in2_pptpn_exclusive 0 = Do not set-up PPTP tunnel exclusively (default)
1 = Set-up PPTP tunnel exclusively via input in2_pptp_stop 0 = Do not close PPTP tunnel if input is open again (default)
1 = Close PPTP tunnel if input is open again in2_ipsec_exclusive 0 = Do not set-up IPsec tunnel exclusively (default)
1 = Set-up IPsec tunnel exclusively via input in2_ipsec_stop 0 = Do not close IPsec tunnel if input is open again (default)
1 = Close IPsec tunnel if input is open again in2_serial_stop 0 = Do not close serial Ethernet connection if input is open
again (default)
1 = Close serial Ethernet connection if input is open again
52
MoRoS / MLR / SDSL Reference for the ASCII Configuration File
[ outputs ] out1_set idle = Output 1 in idle condition (default)
operated = Output 1 in operated condition out2_set idle = Output 2 in idle condition (default)
operated = Output 2 in operated condition out1_daily_operated 0 = Do not switch output 1 to operated condition daily (de-
fault)
1 = Switch output 1 to operated condition daily out1_daily_operated_hour Switch output 1 to operated condition daily at (hour, 00-23) out1_daily_operated_min Switch output 1 to operated condition daily at (minute, 00-
59) out1_daily_idle 0 = Do not switch output 1 to idle condition daily (default)
1 = Switch output 1 to idle condition daily out1_daily_idle_hour Switch output 1 to idle condition daily at (hour, 00-23) out1_daily_idle_min Switch output 1 to idle condition daily at (minute, 00-59) out2_daily_operated 0 = Do not switch output 2 to operated condition daily (de-
fault)
1 = Switch output 2 to operated condition daily out2_daily_operated_hour Switch output 2 to operated condition daily at (hour, 00-23) out2_daily_operated_min Switch output 2 to operated condition daily at (minute, 00-
59) out2_daily_idle 0 = Do not switch output 2 to idle condition daily (default)
1 = Switch output 2 to idle condition daily out2_daily_idle_hour Switch output 2 to idle condition daily at (hour, 00-23) out2_daily_idle_min Switch output 2 to idle condition daily at (minute, 00-59) out1 off = Output 1 has no automatic function (default)
ppp = Output 1 switches to operated condition if a PPP con-nection exists
out2 off = Output 2 has no automatic function (default)
openvpn = Output 2 switches to operated condition if an OpenVPN tunnel exists
ipsec = Output 2 switches to operated condition if an IPsec tunnel exists
serial2 = Output 2 switches to operated condition if a serial Ethernet connection exists
53
Reference for the ASCII Configuration File MoRoS / MLR / SDSL
[ switch port ] active1 0 = Switch port 1 disabled
1 = Switch port 1 enabled (default) active2 0 = Switch port 2 disabled
1 = Switch port 2 enabled (default) active3 0 = Switch port 3 disabled
1 = Switch port 3 enabled (default) active4 0 = Switch port 4 disabled
1 = Switch port 4 enabled (default) autoneg1 0 = Auto negotiation for switch port 1 disabled
1 = Auto negotiation for switch port 1 enabled (default) autoneg2 0 = Auto negotiation for switch port 2 disabled
1 = Auto negotiation for switch port 2 enabled (default) autoneg3 0 = Auto negotiation for switch port 3 disabled
1 = Auto negotiation for switch port 3 enabled (default) autoneg4 0 = Auto negotiation for switch port 4 disabled
1 = Auto negotiation for switch port 4 enabled (default) speed1 10 = Fix speed of switch port 1 is 10 MBit/s
100 = Fix speed of switch port 1 is 100 MBit/s speed2 10 = Fix speed of switch port 2 is 10 MBit/s
100 = Fix speed of switch port 2 is 100 MBit/s speed3 10 = Fix speed of switch port 3 is 10 MBit/s
100 = Fix speed of switch port 3 is 100 MBit/s speed4 10 = Fix speed of switch port 4 is 10 MBit/s
100 = Fix speed of switch port 4 is 100 MBit/s duplex1 half = Protocol of switch port 1 is half-duplex
full = Protocol of switch port 1 is full-duplex duplex2 half = Protocol of switch port 2 is half-duplex
full = Protocol of switch port 2 is full-duplex duplex3 half = Protocol of switch port 3 is half-duplex
full = Protocol of switch port 3 is full-duplex duplex4 half = Protocol of switch port 4 is half-duplex
full = Protocol of switch port 4 is full-duplex
54
MoRoS / MLR / SDSL Reference for the ASCII Configuration File
[ switch led ] led_green 100 = Green LED displays speed 100 MBit/s (de-
fault)
link = Green LED displays link
full = Green LED displays full-duplex protocol
collision = Green LED displays collision
rxtx = Green LED displays RX/TX activity
duplex_collision = Green LED displays full-duplex / collision
link_activity = Green LED displays link / activity led_red 100 = Red LED displays speed 100 MBit/s (de-
fault)
link = Red LED displays link
full = Red LED displays full-duplex protocol
collision = Red LED displays collision
rxtx = Red LED displays RX/TX activity
duplex_collision = Red LED displays full-duplex / collision
link_activity = Red LED displays link / activity
55
Reference for the ASCII Configuration File MoRoS / MLR / SDSL
[ switch vlan ] start_vlan 0 = VLAN configuration disabled (default)
1 = VLAN configuration enabled vlana_port1 0 = Port 1 does not belong to VLAN A (default)
1 = Port 1 belongs to VLAN A vlana_port2 0 = Port 2 does not belong to VLAN A (default)
1 = Port 2 belongs to VLAN A vlana_port3 0 = Port 3 does not belong to VLAN A (default)
1 = Port 3 belongs to VLAN A vlana_port4 0 = Port 4 does not belong to VLAN A (default)
1 = Port 4 belongs to VLAN A vlana_port5 0 = Router does not belong to VLAN A (default)
1 = Router belongs to VLAN A vlanb_port1 0 = Port 1 does not belong to VLAN B (default)
1 = Port 1 belongs to VLAN B vlanb_port2 0 = Port 2 does not belong to VLAN B (default)
1 = Port 2 belongs to VLAN B vlanb_port3 0 = Port 3 does not belong to VLAN B (default)
1 = Port 3 belongs to VLAN B vlanb_port4 0 = Port 4 does not belong to VLAN B (default)
1 = Port 4 belongs to VLAN B vlanb_port5 0 = Router does not belong to VLAN B (default)
1 = Router belongs to VLAN B vlanc_port1 0 = Port 1 does not belong to VLAN C (default)
1 = Port 1 belongs to VLAN C vlanc_port2 0 = Port 2 does not belong to VLAN C (default)
1 = Port 2 belongs to VLAN C vlanc_port3 0 = Port 3 does not belong to VLAN C (default)
1 = Port 3 belongs to VLAN C vlanc_port4 0 = Port 4 does not belong to VLAN C (default)
1 = Port 4 belongs to VLAN C vlanc_port5 0 = Router does not belong to VLAN C (default)
1 = Router belongs to VLAN C vland_port1 0 = Port 1 does not belong to VLAN D (default)
1 = Port 1 belongs to VLAN D vland_port2 0 = Port 2 does not belong to VLAN D (default)
1 = Port 2 belongs to VLAN D vland_port3 0 = Port 3 does not belong to VLAN D (default)
1 = Port 3 belongs to VLAN D vland_port4 0 = Port 4 does not belong to VLAN D (default)
1 = Port 4 belongs to VLAN D vland_port5 0 = Router does not belong to VLAN D (default)
1 = Router belongs to VLAN D vlan_ida VLAN ID of VLAN A vlan_idb VLAN ID of VLAN B vlan_idc VLAN ID of VLAN C vlan_idd VLAN ID of VLAN D port1_tag insert = Insert VLAN tag for port 1
remove = Remove VLAN tag for port 1 (default)
56
MoRoS / MLR / SDSL Reference for the ASCII Configuration File
port2_tag insert = Insert VLAN tag for port 2
remove = Remove VLAN tag for port 2 (default) port3_tag insert = Insert VLAN tag for port 3
remove = Remove VLAN tag for port 3 (default) port4_tag insert = Insert VLAN tag for port 4
remove = Remove VLAN tag for port 4 (default) [ switch mirror ] sniffer_port off = Sniffer port disabled (default)
1 = Port 1 is sniffer port
2 = Port 2 is sniffer port
3 = Port 3 is sniffer port
4 = Port 4 is sniffer port tx_port off = TX mirroring at sniffer port disabled (default)
1 = Port 1 sends send data to sniffer port
2 = Port 2 sends send data to sniffer port
3 = Port 3 sends send data to sniffer port
4 = Port 4 sends send data to sniffer port rx_port off = RX mirroring at sniffer port disabled (default)
1 = Port 1 sends receive data to sniffer port
2 = Port 2 sends receive data to sniffer port
3 = Port 3 sends receive data to sniffer port
4 = Port 4 sends receive data to sniffer port
57
Reference for the ASCII Configuration File MoRoS / MLR / SDSL
[ serial ethernet basic ] start_serial 0 = Serial Ethernet gateway disabled (default)
1 = Serial Ethernet gateway enabled connection_mode demand = Connection enabled on request (default)
flat = Leased-line mode enabled increase_interval 0 = Do not increase time between connection attempts (de-
fault)
1 = Increase time between connection attempts ipt 0 = Do not use IPT (default)
1 = Use IPT
(from FW 2.5.x) incoming 0 = Do not accept incoming connection
1 = Accept incoming connection (default) listen_port Port that is monitored for incoming connections outgoing off = Outgoing connection not enabled (default)
atd = Outgoing connection triggered by dialling command ATD
char = Outgoing connection triggered by serial charcater
wan = Outgoing connection triggered by WAN connection outgoing_server IP address or domain name of primary destination outgoing_port Port of primary destination outgoing_ipt IPT dial number of primary destination outgoing_server2 IP address or domain name of secondary destination outgoing_port2 Port of secondary destination outgoing_ipt2 IPT dial number of secondary destination auth_incoming 0 = VCom authentication for accepting incoming connections
not required (default)
1 = VCom authentication for accepting incoming connections required
auth_outgoing off = No VCom authentication for outgoing connections (default)
udp = VCom authentication via UDP for outgoing connec-tions
tcp = VCom authentication via TCP for outgoing connections
58
MoRoS / MLR / SDSL Reference for the ASCII Configuration File
[ serial ethernet interfaces ] speed Speed of serial interface
(110, 300, 600, 1200, 2400, 4800, 9600, 19200, 38400, 57600, 115200 Bit/s; default: 115200)
databits Data bits on serial interface (7, 8; default: 8) parity Parity of serial interface (O, E, N; default: N) stopbits Stop bits on serial interface (1, 2; default: 1) flowctrl hard = Hardware data flow control enabled (default)
soft = Software data flow control enabled
none = No data flow control enabled ctl 0 = Do not use control lines
1 = Use control lines (default) reset_ctl 0 = Do not reset control lines after connection termination
1 = Reset control lines after connection termination (default) blocksize Maximum TCP block size (in bytes, default: 512) aggregationtime Aggregation timeout (in milliseconds, default: 100) idletime Maximum idle time (in seconds, default: 20, 0 = unlimited) keepalive_interval Interval of keep alive packets (in seconds, default: 0) telnet 0 = Telnet protocol is not used
1 = Telnet protocol is used (default) [ serial ethernet modem ] modem_emulation 0 = Modem emulator disabled
1 = Modem emulator enabled (default) ate 0 = Echo (ATE) disabled
1 = Echo (ATE) enabled (default) atq 0 = Answers (ATQ) disabled (default)
1 = Answers (ATQ) enabled atv 0 = Verbose answers (ATV) disabled
1 = Verbose answers (ATV) enabled (default) ats0 Number of ring tones until call acceptance (default: 1) default_at_answer Default answer for unknown commands
The object value must be passed in single quotes! at_answer_list AT answer list
59
Reference for the ASCII Configuration File MoRoS / MLR / SDSL
[ message ] email_address E-mail address of e-mail account real_name Name of e-mail account owner
The object value must be passed in single quotes! server SMTP server address port SMTP port (default: 25) username User name of e-mail account
The object value must be passed in single quotes! password Password of e-mail account
The object value must be passed in single quotes! scn SCN for SIM card (not for LAN routers) scn2 SCN for SIM card 2 (only for cellular routers) sms_protocol 0 = Remote terminal is modem (only for Modem routers)
1 = Remote terminal is mobile phone (PET/IXO/TAP 8N1) (only for Modem routers)
1 = TAP protocol (only for ISDN routers)
2 = Remote terminal is mobile phone (EMI/UCP 7E1) (only for Modem routers)
2 = UGP protocol (only for ISDN routers)
3 = Remote terminal is mobile phone (PET/IXO/TAP 7E1) (only for Modem routers)
4 = Remote terminal is mobile phone (EMI/UCP 8N1) (only for Modem routers)
5 = Remote terminal is fax (only for Modem routers)
6 = Remote terminal is SMS to landline (only for Modem routers)
start_sms_reception 0 = SMS receipt disabled (default)
1 = SMS receipt enabled acknowledge_sms 0 = SMS acknowledgement disabled (default)
1 = SMS acknowledgement enabled sms_reception_password Password for SMS receipt
The object value must be passed in single quotes! forward_sms_to_sandbox 0 = SMS forwarding to sandbox disabled (default)
1 = SMS forwarding to sandbox enabled snmp_version 2 = SNMPv2c enabled (default)
3 = SNMPv3 enabled snmp_community Community string for SNMPv2c (default: public)
The object value must be passed in single quotes! snmp_username User name for SNMPv3
The object value must be passed in single quotes! snmp_auth_hash none = No SNMP authentication (default)
md5 = SNMP authentication via MD5
sha = SNMP authentication via SHA snmp_auth_password Password for SNMP authentication
The object value must be passed in single quotes! snmp_privacy_cipher none = No SNMP encryption (default)
des = SNMP encryption via DES
aes = SNMP encryption via AES snmp_privacy_password Password for SNMP encryption
The object value must be passed in single quotes!
60
MoRoS / MLR / SDSL Reference for the ASCII Configuration File
[ email ] start_email 0 = Dispatch of e-mail messages disabled
1 = Dispatch of e-mail messages enabled (default) list a = New entries are appended to existing list
d = Existing list is deleted (default) new_entry New e-mail dispatch rule that passes the following sub-
objects: recipient E-mail address of recipient cause 1 = Message dispatch on system start
2 = Message dispatch on OpenVPN tunnel set-up
3 = Message dispatch on IPsec tunnel set-up
4 = Message dispatch on simple alarm on input 1
5 = Message dispatch on one pulse on input 1
6 = Message dispatch on two pulses on input 1
7 = Message dispatch on three pulses on input 1
8 = Message dispatch on four pulses on input 1
9 = Message dispatch on five pulses on input 1
10 = Message dispatch on six pulses on input 1
11 = Message dispatch on seven pulses on input 1
12 = Message dispatch on eight pulses on input 1
13 = Message dispatch on nine pulses on input 1
14 = Message dispatch on ten pulses on input 1
15 = Message dispatch on dial-out connection set-up
16 = Message dispatch on dial-in connection set-up
17 = Message dispatch on switching the SIM cards
18 = Message dispatch on DSL connection set-up
19 = Message dispatch on receiving IP address via DCHP
20 = Message dispatch on switching to integrated communi-cation device
21 = Message dispatch on switching back to LAN (ext) inter-face
22 = Message dispatch if internal communication device is not ready
23 = Message dispatch on automatic update
24 = Message dispatch on receipt of a new SMS
25 = Message dispatch if SIM card 1 is active
26 = Message dispatch if SIM card 2 is active
27 = Message dispatch on PPTP tunnel set-up
61
Reference for the ASCII Configuration File MoRoS / MLR / SDSL
attach 0 = No attachment attached to e-mail
1 = System messages attached to e-mail
2 = System log attached to e-mail
3 = Wireless network log attached to e-mail
4 = OpenVPN dial-in client log attached to e-mail
5 = OpenVPN dial-in server log attached to e-mail
6 = OpenVPN dial-out client log attached to e-mail
7 = OpenVPN dial-out server log attached to e-mail
8 = OpenVPN LAN (ext) client log attached to e-mail
9 = OpenVPN LAN (ext) server log attached to e-mail
10 = IPsec LAN (ext) log attached to e-mail
11 = IPsec dial-in log attached to e-mail
12 = IPsec dial-out log attached to e-mail
13 = Serial Ethernet gateway log attached to e-mail
14 = Auto update log attached to e-mail
15 = Text configuration log attached to e-mail
16 = IPT log attached to e-mail
17 = SDSL log attached to e-mail
18 = PPTP dial-in client log attached to e-mail
19 = PPTP dial-in server log attached to e-mail
20 = PPTP dial-out client log attached to e-mail
21 = PPTP dial-out server log attached to e-mail
22 = PPTP LAN (ext) client log attached to e-mail
23 = PPTP LAN (ext) server log attached to e-mail status 0 = Do not attach status page to e-mail message (default)
1 = Attach status page to e-mail message text Text of e-mail message
62
MoRoS / MLR / SDSL Reference for the ASCII Configuration File
[ sms ] start_sms 0 = Dispatch of SMS messages disabled
1 = Dispatch of SMS messages enabled (default) list a = New entries are appended to existing list
d = Existing list is deleted (default) new_entry New SMS dispatch rule that passes the following sub-objects: recipient Phone number of recipient cause 1 = Message dispatch on system start
2 = Message dispatch on OpenVPN tunnel set-up
3 = Message dispatch on IPsec tunnel set-up
4 = Message dispatch on simple alarm on input 1
5 = Message dispatch on one pulse on input 1
6 = Message dispatch on two pulses on input 1
7 = Message dispatch on three pulses on input 1
8 = Message dispatch on four pulses on input 1
9 = Message dispatch on five pulses on input 1
10 = Message dispatch on six pulses on input 1
11 = Message dispatch on seven pulses on input 1
12 = Message dispatch on eight pulses on input 1
13 = Message dispatch on nine pulses on input 1
14 = Message dispatch on ten pulses on input 1
15 = Message dispatch on dial-out connection set-up
16 = Message dispatch on dial-in connection set-up
17 = Message dispatch on switching the SIM cards
18 = Message dispatch on DSL connection set-up
19 = Message dispatch on receiving IP address via DCHP
20 = Message dispatch on switching to integrated communi-cation device
21 = Message dispatch on switching back to LAN (ext) inter-face
22 = Message dispatch if internal communication device is not ready
23 = Message dispatch on automatic update
24 = Message dispatch on receipt of a new SMS
25 = Message dispatch if SIM card 1 is active
26 = Message dispatch if SIM card 2 is active
27 = Message dispatch on PPTP tunnel set-up text Text of SMS message
63
Reference for the ASCII Configuration File MoRoS / MLR / SDSL
[ snmp traps ] start_snmptrap 0 = Dispatch of SMS messages disabled
1 = Dispatch of SMS messages enabled (default) list a = New entries are appended to existing list
d = Existing list is deleted (default) new_entry New SMS dispatch rule that passes the following sub-objects: recipient_ip IP address or domain name of recipient recipient_port Destination port cause 1 = Message dispatch on system start
2 = Message dispatch on OpenVPN tunnel set-up
3 = Message dispatch on IPsec tunnel set-up
4 = Message dispatch on simple alarm on input 1
5 = Message dispatch on one pulse on input 1
6 = Message dispatch on two pulses on input 1
7 = Message dispatch on three pulses on input 1
8 = Message dispatch on four pulses on input 1
9 = Message dispatch on five pulses on input 1
10 = Message dispatch on six pulses on input 1
11 = Message dispatch on seven pulses on input 1
12 = Message dispatch on eight pulses on input 1
13 = Message dispatch on nine pulses on input 1
14 = Message dispatch on ten pulses on input 1
15 = Message dispatch on dial-out connection set-up
16 = Message dispatch on dial-in connection set-up
17 = Message dispatch on switching the SIM cards
18 = Message dispatch on DSL connection set-up
19 = Message dispatch on receiving IP address via DCHP
20 = Message dispatch on switching to integrated communi-cation device
21 = Message dispatch on switching back to LAN (ext) inter-face
22 = Message dispatch if internal communication device is not ready
23 = Message dispatch on automatic update
24 = Message dispatch on receipt of a new SMS
25 = Message dispatch if SIM card 1 is active
26 = Message dispatch if SIM card 2 is active
27 = Message dispatch on PPTP tunnel set-up [ dns ] dns IP address of first DNS server dns2 IP address of second DNS server
64
MoRoS / MLR / SDSL Reference for the ASCII Configuration File
[ dyndns ] start_dyndns 0 = Dynamic DNS update disabled (default)
1 = Dynamic DNS update enabled provider dyndns = DynDNS as DynDNS provider (default)
dyndns-custom = DynDNS custom as DynDNS provider
dyndns-static = DynDNS static as DynDNS provider
dhs = DHS as DynDNS provider
ods = ODS as DynDNS provider
tzo = TZO as DynDNS provider
easydns = easyDNS as DynDNS provider
dyns = DyNS as DynDNS provider
zoneedit = zoneedit as DynDNS provider
own = User-defined DynDNS provider server User-defined DynDNS server
No server must be entered if a provider is selected from the list!
domain Domain name at DynDNS provider username User name at DynDNS provider
The object value must be passed in single quotes! password Password at DynDNS provider
The object value must be passed in single quotes! [ dhcp ] start_dhcpserver 0 = DHCP server disabled (default)
1 = DHCP server enabled dhcp_ip_start First IP address of address pool dhcp_ip_end Last IP address of address pool leasetime Validity of IP addresses (in seconds, default: 3600) alternate_dns IP address of alternative DNS servers for DHCP clients list a = New entries are appended to existing list
d = Existing list is deleted (default) new_entry New assignment of MAC address and IP address that passes
the following sub-objects: mac MAC address (without colons) ip IP address
65
Reference for the ASCII Configuration File MoRoS / MLR / SDSL
[ proxy ] start_proxy 0 = Proxy server disabled (default)
1 = Proxy server enabled port Port of proxy server (default: 8888) timeout Timeout for inactive connections (in seconds, default: 600) max_clients Maximum number of permitted clients (default: 10) min_spare Minimum number of free proxy servers (default: 1) max_spare Maximum number of free proxy servers (default: 5) filter 0 = Proxy filter disabled (default)
1 = Proxy filter enabled list a = New entries are appended to existing list
d = Existing list is deleted (default) new_entry New entry in list of permitted URLs or IP addresses of proxy
filter [ ipt ] from FW 2.5.x start_ipt 0 = IPT slave disabled (default)
1 = IPT slave enabled master IP address or domain name of primary IPT master port Port of primary IPT master username User name for access to primary IPT master
The object value must be passed in single quotes! password Password for access to primary IPT master
The object value must be passed in single quotes! master2 IP address or domain name of secondary IPT master port2 Port of secondary IPT master username2 User name for access to secondary IPT master
The object value must be passed in single quotes! password2 Password for access to secondary IPT master
The object value must be passed in single quotes! device_identifier IPT device identifier (default: INS_<MAC address>) increase_interval 0 = Do not increase time between connection attempts (de-
fault)
1 = Increase time between connection attempts response_timeout Timeout for IPT response (in seconds, default: 30) receive_timeout Timeout for IPT character (in seconds, default: 15) scrambled 0 = Do not use IPT scrambling (default)
1 = Use IPT scrambling challenge_key IPT challenge scramble key fix_key IPT fix scramble key
66
MoRoS / MLR / SDSL Reference for the ASCII Configuration File
[ snmp agent ] from FW 2.6.x start_snmpd 0 = SNMP agent disabled (default)
1 = SNMP agent enabled local_exclusiv 0 = Permit SNMP only local disabled
1 = Permit SNMP only local enabled (default) port SNMP agent port for receiving requests system_contact Entry for contact information of the SNMP agent
The object value must be passed in single quotes! system_description Entry for description of the SNMP agent
The object value must be passed in single quotes! use_v1_v2c 0 = SNMP version v1 and v2c disabled
1 = SNMP version v1 and v2c enabled (default) community Community string for SNMPv2c (default: public)
The object value must be passed in single quotes! use_v3 0 = SNMP version v3 disabled (default)
1 = SNMP version v3 enabled username User name for SNMPv3
The object value must be passed in single quotes! auth_hash none = No SNMP authentication (default)
md5 = SNMP authentication via MD5
sha = SNMP authentication via SHA auth_password Password for SNMP authentication
The object value must be passed in single quotes! privacy_cipher none = No SNMP encryption (default)
des = SNMP encryption via DES
aes = SNMP encryption via AES privacy_password Password for SNMP encryption
The object value must be passed in single quotes!
67
Reference for the ASCII Configuration File MoRoS / MLR / SDSL
[ settime ] day Set system time to day (01-31) mon Set system time to month (01-12) year Set system time to year (01-31) hour Set system time to hour (00-23) min Set system time to minute (00-59)
68
MoRoS / MLR / SDSL Reference for the ASCII Configuration File
timezone UTC = Time zone UTC
GMT = Time zone GMT
GMT-1 = Time zone GMT -1
GMT+1 = Time zone GMT +1
GMT-2 = Time zone GMT -2
GMT+2 = Time zone GMT +2
GMT-3 = Time zone GMT -3
GMT+3 = Time zone GMT +3
GMT-4 = Time zone GMT -4
GMT+4 = Time zone GMT +4
GMT-5 = Time zone GMT -5
GMT+5 = Time zone GMT +5
GMT-6 = Time zone GMT -6
GMT+6 = Time zone GMT +6
GMT-7 = Time zone GMT -7
GMT+7 = Time zone GMT +7
GMT-8 = Time zone GMT -8
GMT+8 = Time zone GMT +8
GMT-9 = Time zone GMT -9
GMT+9 = Time zone GMT +9
GMT-10 = Time zone GMT -10
GMT+10 = Time zone GMT +10
GMT-11 = Time zone GMT -11
GMT+11 = Time zone GMT +11
GMT-12 = Time zone GMT -12
GMT+12 = Time zone GMT +12
GMT-13 = Time zone GMT -13
GMT-14 = Time zone GMT -14
Europe/Amsterdam = Time zone Europe/Amsterdam
Europe/Andorra = Time zone Europe/Andorra
Europe/Athens = Time zone Europe/Athens
Europe/Belfast = Time zone Europe/Belfast
Europe/Belgrade = Time zone Europe/Belgrade
Europe/Berlin = Time zone Europe/Berlin
Europe/Bratislava = Time zone Europe/Bratislava
Europe/Brussels = Time zone Europe/Brussels
Europe/Bucharest = Time zone Europe/Bucharest
Europe/Budapest = Time zone Europe/Budapest
Europe/Chisinau = Time zone Europe/Chisinau
Europe/Copenhagen = Time zone Europe/Copenhagen
Europe/Dublin = Time zone Europe/Dublin
Europe/Eire = Time zone Europe/Eire
Europe/Gibraltar = Time zone Europe/Gibraltar
Europe/Helsinki = Time zone Europe/Helsinki
Europe/Iceland = Time zone Europe/Iceland
Europe/Istanbul = Time zone Europe/Istanbul
Europe/Kaliningrad = Time zone Europe/Kaliningrad
Europe/Kiev = Time zone Europe/Kiev
Europe/Lisbon = Time zone Europe/Lisbon
Europe/Ljubljana = Time zone Europe/Ljubljana
69
Reference for the ASCII Configuration File MoRoS / MLR / SDSL
Europe/London = Time zone Europe/London
Europe/Luxembourg = Time zone Europe/Luxembourg
Europe/Madrid = Time zone Europe/Madrid
Europe/Malta = Time zone Europe/Malta
Europe/Minsk = Time zone Europe/Minsk
Europe/Monaco = Time zone Europe/Monaco
Europe/Moscow = Time zone Europe/Moscow
Europe/Nicosia = Time zone Europe/Nicosia
Europe/Oslo = Time zone Europe/Oslo
Europe/Paris = Time zone Europe/Paris
Europe/Poland = Time zone Europe/Poland
Europe/Portugal = Time zone Europe/Portugal
Europe/Prague = Time zone Europe/Prague
Europe/Regensburg = Time zone Europe/Ratisbon (default)
Europe/Riga = Time zone Europe/Riga
Europe/Rome Time zone Europe/Rome
Europe/Samara = Time zone Europe/Samara
Europe/San_Marino = Time zone Europe/San Marino
Europe/Sarajevo = Time zone Europe/Sarajevo
Europe/Simferopol = Time zone Europe/Simferopol
Europe/Skopje = Time zone Europe/Skopje
Europe/Sofia = Time zone Europe/Sofia
Europe/Stockholm = Time zone Europe/Stockholm
Europe/Tallinn = Time zone Europe/Tallinn
Europe/Tirane = Time zone Europe/Tirane
Europe/Tiraspol = Time zone Europe/Tiraspol
Europe/Turkey = Time zone Europe/Turkey
Europe/Uzhgorod = Time zone Europe/Uzhgorod
Europe/Vaduz = Time zone Europe/Vaduz
Europe/Vatican = Time zone Europe/Vatican
Europe/Vienna = Time zone Europe/Vienna
Europe/Vilnius = Time zone Europe/Vilnius
Europe/Warsaw = Time zone Europe/Warsaw
Europe/Zagreb = Time zone Europe/Zagreb
Europe/Zaporozhye = Time zone Europe/Zaporozhye
Europe/Zurich = Time zone Europe/Zurich ntp_server Address of used NTP time server start_ntp_client 0 = No clock synchronisation via NTP time server
1 = Clock synchronisation via NTP time server (default) daily_sync_hour Hour of daily time synchronisation (00-24) daily_sync_min Minute of daily time synchronisation (00-59) daily_sync 0 = No daily time synchronisation (default)
1 = Daily time synchronisation at specified time [ reset daily ] reset_daily 0 = Daily restart disabled (default)
1 = Daily restart enabled hour Daily restart at (hour; 00-23) min Daily restart at (minute; 00-59)
70
MoRoS / MLR / SDSL Reference for the ASCII Configuration File
71
[ update ] start_update 0 = Automatic daily update disabled (default)
1 = Automatic daily update enabled timing_type mac = Update time depending on MAC (default)
manual = Update at user-defined time time_hour Update at (hour; 00-23) time_min Update at (minute; 00-59) protocol http = Download via HTTP protocol (default)
ftp = Download via FTP protocol uri IP address or domain name of download server port Port of download server (default: 80) username User name for download server access
The object value must be passed in single quotes! password Password for download server access
The object value must be passed in single quotes! [ sandbox ] start_sandbox 0 = Sandbox disabled (default)
1 = Sandbox enabled serial 0 = RS232 interface not reserved for sandbox (default)
1 = RS232 interface reserved for sandbox install 0 = Do not install stored sandbox image (default)
1 = Install stored sandbox image password Password for the sandbox user "user"
The object value must be passed in single quotes!