68.13. How to configure a VPN tunnel between two Abilis

The Abilis IP Tunnel (AIPT) is used to transport data and voice packets. The configuration varies depending on:

The AIPT tunnel supports two options:

Refer to Section 68.14, “How to configure a voice tunnel between two Abilis” to configure a tunnel for voice communication only.

68.13.1. How to configure a VPN tunnel where both Abilis have a static public IP address

  • ABILIS 1:

    Enter into the Abilis control-program or open the configuration file with the Console configurator and type the following commands.

    a res:ip-5 subtype:aiptAdd an “IP over IP (Abilis tunnel)” resource (e.g. IP-5).
    s p ip-5 mode:extConfigure the EXTENDED operating mode.
    s p ip-5 mask:255.255.255.0 neigh:192.168.2.1Configure the subnet mask and in the NEIGH parameter the private IP address of the remote Abilis.
    s p ip-5 frag:frf12 fragsize:800Configure the link fragmentation type and the maximum size of link frames fragments.
    s p ip-5 lcr:dataActivate the data encryption.
    s p ip-5 locipadd:80.80.80.80Configure the Local IP address for incoming/outgoing UDP pakets.
    s p ip-5 remipadd:81.81.81.81 remport:2105Configure the Remote IP address and port for incoming/outgoing UDP packets.
    s p ip-5 descr:VPN_to_Abilis_2Configure the description of the IP resource.
    save confSave the configuration.

    On a working Abilis, a system restart is required to make the IP-5 resource running.

  • ABILIS 2:

    Enter into the Abilis control-program or open the configuration file with the Console configurator and type the following commands.

    a res:ip-5 subtype:aiptAdd an “IP over IP (Abilis tunnel)” resource (e.g. IP-5).
    s p ip-5 mode:extConfigure the EXTENDED operating mode.
    s p ip-5 mask:255.255.255.0 neigh:192.168.1.1Configure the subnet mask and in the NEIGH parameter the private IP address of the remote Abilis.
    s p ip-5 frag:frf12 fragsize:800Configure the link fragmentation type and the maximum size of link frames fragments.
    s p ip-5 lcr:dataActivate the data encryption.
    s p ip-5 locipadd:81.81.81.81Configure the Local IP address for incoming/outgoing UDP pakets.
    s p ip-5 remipadd:80.80.80.80 remport:2105Configure the Remote IP address and port for incoming/outgoing UDP packets.
    s p ip-5 descr:VPN_to_Abilis_1Configure the description of the IP resource.
    save confSave the configuration.

    On a working Abilis, a system restart is required to make the IP-5 resource running.

[Tip]Tip

Remember to configure NAT settings.

68.13.2. How to configure a VPN tunnel where one Abilis has a dynamic public IP address or is placed behind a router doing NAT/PAT

The combination EXT-SERVER and EXT-CLIENT is used when one side (the server) has a static public IP address and the other side (the client) has a dynamic public IP address (it could have also 2 Internet accesses) or is placed behind a router doing NAT/PAT.

  • ABILIS 1:

    Enter into the Abilis control-program or open the configuration file with the Console configurator and type the following commands.

    a res:ip-5 subtype:aiptAdd an “IP over IP (Abilis tunnel)” resource (e.g. IP-5).
    s p ip-5 mode:ext-serverConfigure the EXTENDED-SERVER operating mode.
    s p ip-5 mask:255.255.255.0 neigh:192.168.2.1Configure the subnet mask and in the NEIGH parameter the private IP address of the remote Abilis.
    s p ip-5 frag:frf12 fragsize:800Configure the link fragmentation type and the maximum size of link frames fragments.
    s p ip-5 lcr:dataActivate the data encryption.
    s p ip-5 locipadd:80.80.80.80Configure the Local IP address for incoming/outgoing UDP pakets.
    s p ip-5 remport:2105 cli-id:192.168.2.1Configure the Remote port for incoming/outgoing UDP packets and the Client identification IP address.
    s p ip-5 descr:VPN_to_Abilis_2Configure the description of the IP resource.
    save confSave the configuration.

    On a working Abilis, a system restart is required to make the IP-5 resource running.

  • ABILIS 2:

    Enter into the Abilis control-program or open the configuration file with the Console configurator and type the following commands.

    a res:ip-5 subtype:aiptAdd an “IP over IP (Abilis tunnel)” resource (e.g. IP-5).
    s p ip-5 mode:ext-clientConfigure the EXTENDED-CLIENT operating mode.
    s p ip-5 mask:255.255.255.0 neigh:192.168.1.1Configure the subnet mask and in the NEIGH parameter the private IP address of the remote Abilis.
    s p ip-5 frag:frf12 fragsize:800Configure the link fragmentation type and the maximum size of link frames fragments.
    s p ip-5 lcr:dataActivate the data encryption.
    s p ip-5 locipadd:out-ip id:192.168.2.1Configure the Local IP address for incoming/outgoing UDP pakets and the Identification IP address sent by the Client to the Server.
    s p ip-5 remipadd:80.80.80.80 remport:2105Configure the Remote IP address and port for incoming/outgoing UDP packets.
    s p ip-5 descr:VPN_to_Abilis_1Configure the description of the IP resource.
    save confSave the configuration.

    On a working Abilis, a system restart is required to make the IP-5 resource running.

[Tip]Tip

Remember to configure NAT settings.

68.13.3. How to configure a VPN tunnel with the “backup over ISDN” option

With the “backup over ISDN” option, in case of failure of the permanent VPN connection, the Abilis tunnel is instantaneously switched onto ISDN backup lines.

  • ABILIS 1:

    Enter into the Abilis control-program or open the configuration file with the Console configurator and type the following commands.

    a res:ip-5 subtype:aipt-bckAdd an “IP over IP (Abilis tunnel) with Abilis Back-up” resource (e.g. IP-5).
    s p ip-5 mode:extConfigure the EXTENDED operating mode.
    s p ip-5 mask:255.255.255.0 neigh:192.168.2.1Configure the subnet mask and in the NEIGH parameter the private IP address of the remote Abilis.
    s p ip-5 frag:frf12 fragsize:800Configure the link fragmentation type and the maximum size of link frames fragments.
    s p ip-5 lcr:dataActivate the data encryption.
    s p ip-5 locipadd:80.80.80.80Configure the Local IP address for incoming/outgoing UDP pakets.
    s p ip-5 remipadd:81.81.81.81 remport:2105Configure the Remote IP address and port for incoming/outgoing UDP packets.
    s p ip-5 brty:us bnrty:30 btb:10Configure the Retry law type, the maximum number of consecutive calls and the Time base for delay between calls.
    s p ip-5 sgi:abilis2-abilis1 sgo:abilis1-abilis2 cdo:01765432Configure the input and output calling sub-addresses and the output called number.
    s p ip-5 descr:VPN_to_Abilis_2Configure the description of the IP resource.
    save confSave the configuration.

    On a working Abilis, a system restart is required to make the IP-5 resource running.

  • ABILIS 2:

    Enter into the Abilis control-program or open the configuration file with the Console configurator and type the following commands.

    a res:ip-5 subtype:aipt-bckAdd an “IP over IP (Abilis tunnel) with Abilis Back-up” resource (e.g. IP-5).
    s p ip-5 mode:extConfigure the EXTENDED operating mode.
    s p ip-5 mask:255.255.255.0 neigh:192.168.1.1Configure the subnet mask and in the NEIGH parameter the private IP address of the remote Abilis.
    s p ip-5 frag:frf12 fragsize:800Configure the link fragmentation type and the maximum size of link frames fragments.
    s p ip-5 lcr:dataActivate the data encryption.
    s p ip-5 locipadd:81.81.81.81Configure the Local IP address for incoming/outgoing UDP pakets.
    s p ip-5 remipadd:80.80.80.80 remport:2105Configure the Remote IP address and port for incoming/outgoing UDP packets.
    s p ip-5 brty:us bnrty:30 btb:10Configure the Retry law type, the maximum number of consecutive calls and the Time base for delay between calls.
    s p ip-5 sgi:abilis1-abilis2 sgo:abilis2-abilis1 cdo:01234567Configure the input and output calling sub-addresses and the output called number.
    s p ip-5 descr:VPN_to_Abilis_2Configure the description of the IP resource.
    save confSave the configuration.

    On a working Abilis, a system restart is required to make the IP-5 resource running.

[Tip]Tip

Remember to configure NAT settings.

68.13.4. How to configure a VPN tunnel with the “double path” option

With the “double path option” (also called “ART - Abilis Redundant Tunneling”), the same information is sent on two different lines. The receiving Abilis discards the packet which arrives second (out-of sequence). The probability that the same packet is lost on both links equals the product of the original probabilities. For example, two links with 10% failure rate (a very high one!) ends up with 1%, which is normally negligible.

[Tip]Tip

It is advisable to use ART ONLY with lines with the same speed. In case of lines with different speeds, the packets are sent with the maximum speed of the slower line.

  • ABILIS 1:

    Enter into the Abilis control-program or open the configuration file with the Console configurator and type the following commands.

    a res:ip-5 subtype:aiptAdd an “IP over IP (Abilis tunnel)” resource (e.g. IP-5).
    s p ip-5 mode:extConfigure the EXTENDED operating mode.
    s p ip-5 path:doubleActivate the Double Path.
    s p ip-5 mask:255.255.255.0 neigh:192.168.2.1Configure the subnet mask and the IP address of the neighbour router.
    s p ip-5 frag:frf12 fragsize:800Configure the link fragmentation type and the maximum size of link frames fragments.
    s p ip-5 lcr:dataActivate the data encryption.
    s p ip-5 locipadd:80.80.80.80 locipadd2:90.90.90.90Configure the first and the second Local IP address for incoming/outgoing UDP pakets.
    s p ip-5 out-ip:auto out-ip2:4Configure the first and the second Output IP resource.
    s p ip-5 remipadd:81.81.81.81 remipadd2:91.91.91.91 remport:2105Configure the first and the second Remote IP address and port for incoming/outgoing UDP.
    s p ip-5 descr:VPN_to_Abilis_2Configure the description of the IP resource.
    save confSave the configuration.

    On a working Abilis, a system restart is required to make the IP-5 resource running.

  • ABILIS 2:

    Enter into the Abilis control-program or open the configuration file with the Console configurator and type the following commands.

    a res:ip-5 subtype:aiptAdd an “IP over IP (Abilis tunnel)” resource (e.g. IP-5).
    s p ip-5 mode:extConfigure the EXTENDED operating mode.
    s p ip-5 path:doubleActivate the Double Path.
    s p ip-5 mask:255.255.255.0 neigh:192.168.1.1Configure the subnet mask and the IP address of the neighbour router.
    s p ip-5 frag:frf12 fragsize:800Configure the link fragmentation type and the maximum size of link frames fragments.
    s p ip-5 lcr:dataActivate the data encryption.
    s p ip-5 locipadd:81.81.81.81 locipadd2:91.91.91.91Configure the first and the second Local IP address for incoming/outgoing UDP pakets.
    s p ip-5 out-ip:auto out-ip2:4Configure the first and the second Output IP resource.
    s p ip-5 remipadd:80.80.80.80 remipadd2:90.90.90.90 remport:2105Configure the first and the second Remote IP address and port for incoming/outgoing UDP.
    s p ip-5 descr:VPN_to_Abilis_1Configure the description of the IP resource.
    save confSave the configuration.

    On a working Abilis, a system restart is required to make the IP-5 resource running.

[Tip]Tip

Remember to configure NAT settings.

68.13.4.1. How to view extended statistics for each path

Enter into the Abilis control-program and type the following commands.

d se ip-5 path:1Shows the statistics of the Aipt resource ip-5 about path number 1 in extended mode.
d se ip-5 path:2Shows the statistics of the Aipt resource ip-5 about path number 2 in extended mode.

Refer to chapter Section 38.4.2, “Tunneling statistics” to view more examples.