set socket_tunnel

Purpose

Configures a socket tunnel. A socket tunnel can be used to connect two network devices: one on the Digi device server's local network and the other on the remote network. This is especially useful for providing SSL data protection when the local devices do not support the SSL protocol.

One of the endpoint devices is configured to initiate the socket tunnel. The tunnel is initiated when that device opens a TCP socket to the Digi device server on the configured port number. The Digi device server then opens a separate connection to the specified destination host. Once the tunnel is established, the Digi device server acts as a proxy for the data between the remote network socket and the local network socket, regardless of which end initiated the tunnel.

The socket tunnel feature is most useful for devices with two interfaces. It could also be used as a connection proxy on a single-interface device, such as the Digi Connect ME. One way the socket tunnel feature would be very useful in a single interface device is when the device has the capability to use specified keys, and other devices connected to it do not have that capability. Using the socket tunnel feature, the device with the key capability basically becomes a security gatekeeper for simple devices that cannot use PKI certificates.

Required Permissions

For Digi products with two or more users, permissions must be set to set permissions s-socket-tunnel=read to display settings, and set permissions s-socket-tunnel=rw to display and configure settings. See set permissions for details on setting user permissions for commands.

Syntax

Configure a socket tunnel

set socket_tunnel [state={disabled|enabled}]
  [timeout={0|seconds}] {0 is no timeout}
  [from_hostname={name|ip address}
  [from_port=port number]
  [from_protocol={tcp|ssl}]
  [to_hostname={name|ip address}]
  [to_port=port number]
  [to_protocol={tcp|ssl}]

Display current socket tunnel settings

set socket_tunnel

Options

state={disabled|enabled

Enables or disables the configured socket tunnel.

timeout={0|seconds}] {0 is no timeout}

The timeout (specified in seconds) controls how long the tunnel remains connected when there is no tunnel traffic. If the timeout value is zero, then no timeout is in effect and the socket tunnel stays up until some other event causes it to close.

from_hostname={name|ip address}

The initiating host: the hostname or IP address of the network device that initiates the socket tunnel.

from_port=port number

The initiating port: the port number that the Digi device uses to listen for the initial socket tunnel connection.

from_protocol={tcp|ssl}

The initiating protocol: the protocol used between the device that initiates the socket tunnel and the Digi device. Currently, TCP and SSL are the two supported protocols.

to_hostname={name|ip address}

The destination host: The hostname or IP address of the destination network device.

to_port=port number

The destination port: the port number that the Digi device uses to make a connection to the destination device.

to_protocol={tcp|ssl}

The destination protocol: the protocol used between Digi device and the destination device. Currently, TCP and SSL are the two supported protocols. This protocol does not need to be the same for both connections.

See also

• revert: The revert socket_tunnel command reverts the settings configured by this command.
• show: The show socket_tunnel command shows the current socket tunnel settings in a Digi device.
• The section on socket tunnel settings in your Digi product’s User Guide.