Configuring clients with configuration files
There are several configuration files that provide the parameters used by the SafeLinx Client program to establish a connection with the SafeLinx Server.
About this task
The files consist of lines of the form: parameter-name = parameter-value. Parameter names are alphanumeric strings. Parameter values can be textual or numerical. Parameters that take Boolean values use 1 for true and 0 for false.
An effort was made to find sensible default values for most of the available parameters, and it is rarely necessary to manually edit this file. If no value is specified, the SafeLinx Client either uses a default value, an attempt to negotiate a value for the parameter at connect time, or a prompt to the user.
There is one configuration for global parameters called client services and two or more files for each connection icon that is created. The one file, wclientd.conf, that affects client services is in the installation directory. The installation directory is /opt/HCL/SafeLinxClient/.
There are two or more files for each connection, depending on how many interfaces are defined for the connection. Connection definitions created with the SafeLinx Client are in the home directory of the user in the .wclient subdirectory. There are two file types for each connection: the main connection file which contains settings that affect all interfaces and also one or more interface definition files.
The naming convention is:
- conn<connection_number>.conf for the main connection file
- conn<connection_number>_<interface_number>_device.conf for interface definition files
The connection number is unique among all the connections for the user and the interface number is unique for the particular connection.
In previous versions, the connection name that displayed in the SafeLinx Client interface was used to name the connection file. The naming convention was <connection_name>.conf for the main connection file and <connection_name>_device.conf for the interface definition. Connections migrated from previous versions keep the previous naming convention. But if new interface definitions are added for a migrated connection, they are created as <connection_name>_<interface_number>_device.conf.
For a description of these parameters, see the following tables:
- Parameters that affect client services for parameters that affect client services
- Parameters that affect each connection for parameters that affect each connection
- Parameters that affect only IP-LAN interfaces for parameters that affect only IP-LAN interfaces
- Parameters that affect only RAS/PPP interfaces for parameters that affect only PPP/RAS interfaces
Note: When you change the value of any of these parameters, the two services,
wclientd and wcstatusd, must be stopped, then started for the
change to take effect. Make sure that you are logged in as root. To stop the services: enter
/etc/init.d/wclient stop. To start the services:
/etc/init.d/wclient start.
| Parameter name | Description |
|---|---|
| APITcpListenPort | Specifies the TCP port on which the wclientd service listens. The default value is 10555. |
| AutoRefreshDHCP | If either of the following conditions are detected:
then the status daemon requests a new DHCP address from the network servers (not the
SafeLinx Server address, but public network address). Note: If installed adapters are configured for
static IP addresses, turn off this feature. Leaving it on overwrites the static IP configuration if
one of the preceding conditions is detected. Switching this value to off requires the
user to manually renew addresses for adapters configured for DHCP if the system roams out of the
configured subnet. The default value is 1 (on). Note: If the ifplugd or
netplugd services are running, this feature is automatically
disabled. |
| EnableAccountId | When this boolean option is set to 1, the User ID input field displays on the Connect panel. By default, this boolean option is 1. |
| EnableChangePassword | When this boolean option is set to 1, a change password entry displays in the SafeLinx Client Context menu of the currently connected connection. By default, this boolean option is 1. |
| EnableDomain | When this boolean option is set to 1, the Organizational unit input field displays on the Connect panel. By default, this boolean option is 1. |
| EnablePassword | When this boolean option is set to 1, the Password input field displays on the Connect panel. By default, this boolean option is 1. |
| EnableSavePassword | When this boolean option is set to 1, the Save password check box displays on the Connect panel. By default, this boolean option is 1. |
| Group | When this string is null, any system group can access the API. If this string matches a system group name, then only users that are members of that group can access the API. The default value is null. |
| HiddenAdapters | Specifies a space-delimited or comma-delimited list of adapters to ignore when querying the system for installed adapters. The default value is lo, sit0, wc0, usbd0, vmnet1, mn0, mn1, mn2, mn3. To list all interfaces, from the /sbin directory, enter ifconfig -a. Evaluate the list of interfaces to determine whether the installed adapter can be ignored and if so, add it to this parameter. |
| LogFile | The name of the file used by the SafeLinx Client for writing log messages. The default value is /var/log/wc.log. |
| LogFlush | If this boolean parameter is set to 1, messages are flushed to the log file as they are written rather than being buffered. This option slows performance and is generally only useful for debugging. The default value is 0. |
| LogGroup | When this string is null, any system group can access the trace settings. If this string matches a system group name, then only users that are members of that group can access the trace settings. The default value is null. |
| LogLevel | This text parameter determines the verbosity of the SafeLinx Client's logging.
The more verbose logging levels can cause a dramatic decrease in performance and are only useful for
debugging purposes. Use the default level of error. Multiple values can be specified separated by
commas. Allowable values are:
|
| LogMaxSize | Specifies the maximum size, in bytes, of the trace file stored in /var/log/wc.log. The default value is 1,400,000 bytes. The range of values is 0 - 2147483647 inclusive. |
| LogRootOnly | If this boolean parameter is set to 1, only the root user ID can change the trace log settings. A value of 0 indicates that any user can access the trace settings, depending on the value of the LogGroup parameter. The default value is 0. |
| LogSubSystems | This text parameter is used to suppress messages from some SafeLinx Client
subsystems. In most cases, use the default value. Multiple values can be specified separated by
commas. Allowable values are:
|
| RootOnly | If this boolean parameter is set to 1, only the root user ID can access the API. A value of 0 indicates that any user can access the API, depending on the value of the Group parameter. The default value is 0. |
| SaveAccountId | When this boolean option is set to 1, the SafeLinx Client saves the value entered for user ID in the connection file. By default, this boolean option is 1. |
| StatusLogFile | The default location of the log file: /var/log/wcstatus.log. |
| StatusLogFlush | If this boolean parameter is set to 1, messages for wcstatusd are flushed to the log file as they are written rather than being buffered. This option slows performance and is generally only useful for debugging. The default value is 0. |
| StatusLogLevel | Allowable values are:
|
| StatusLogMaxSize | Specifies the maximum size of the trace file stored in /var/log/wcstatus.log. The default value for x86 systems is 1400 KB. The range of values is 0 - 2147483647 inclusive. |
| StatusLogSubSystems | Allowable values are:
The default value is device. |
| StatusPollInterval | The system is periodically queried for network hardware adapter changes. This value controls the query period. The default value is 2 seconds. |
| StatusServerPort | UDP port that the client core uses to contact the status daemon. The default value is 8979. |
| TraceWhileConnecting | Enables the trace facility during a connection attempt. The trace information is saved to the file /var/log/wc.log. Set this parameter to 0 to disable tracing. By default, this parameter is 1. |
| WirelessLinkQualityCutOff | Sets the minimum signal strength that is required for an 802.11b adapter to show up in the list of adapters. The link quality varies from 0 - 92, with greater being better. This value sets a minimum cutoff value under which the adapter is removed from the adapter list. To disable the link quality check, set the value to -1. The default value is 0. |
| Parameter name | Description |
|---|---|
| AccountId | The login account name to use when establishing the connection. This parameter does not include the organizational unit of the account. |
| AuthMethod | Method that the SafeLinx Server uses to validate the SafeLinx Client.
Do not change this value from the default value of 1 unless instructed by your administrator.
Allowable values are:
|
| Autostart1...Autostartn | One Autostart for each application to be automatically started after a successful logon to the SafeLinx Server. The application name includes the complete path, without parameters. The order of which application is started first is determined by its numerical order in the configuration file. |
| AutostartDisabled | If AutostartDisabled is set to 1, then the applications are ignored and no checking is done. |
| AutostartParams1 ... AutostartParamsn | One AutostartParams for each parameter required for the corresponding Autostartn application. Must be present, but blank, if no parameters are required for a specific application. The order of which parameters are checked first is determined by the numerical order in the configuration file. |
| BlackHoleDecrement | The value used to decrement padded configure requests when performing black hole detection. The default value is 100 bytes. |
| BroadcastPgmName | Name of the broadcast program to start at completion of logon. This program receives broadcast messages from the SafeLinx Server. The default value is null. |
| BroadcastPort | The UDP port number on which the SafeLinx Client broadcast program listens for broadcast messages from the SafeLinx Server. The default port is 9999. |
| CertAuthP12File | Stores the last fully qualified PKCS 12 file name when certificate-based authentication is required by the SafeLinx Server. This file name is the default the next time certificate-based authentication is requested. |
| CertAuthP12PW | Password for the PKCS 12 file specified under CertAuthP12File. Otherwise, the user is always prompted for the password. |
| ConnectionTimeout | Specifies the amount of time in seconds from when the SafeLinx Client starts attempting to connect to the SafeLinx Server until a message displays indicating that the connection is still being attempted. The default value is 60. Setting this value to zero (0) disables the timer. |
| DetectBlackHoles | 1= an advertised speed of network connection is 10 Mbps or greater. Clients
pad configuration requests sent to the gateway to the maximum network MTU size in an effort to
detect black holes. If the configuration request times out, then the next attempt is decremented by
using BlackHoleDecrement before being retransmitted. Set
BlackHoleDecrement to 0 in the case where the client is using a high speed
adapter, but there is a slow or inefficient intermediate link between the client and the gateway.
The default value is 1. |
| DisableRoaming | 1= prevents the automatic cross-network roaming from occurring for use of custom applications that are using the SafeLinx Client Toolkit. The default value is 0. |
| DNSDomainName | The DNS domain name supplied by the SafeLinx Server for the current connection. It is not necessary to supply a value for this parameter, as it is set by the SafeLinx Server at the time the connection is established. |
| EchoTimeoutThreshold | Specifies the number of consecutive echo timeouts processed before the SafeLinx Client displays an error to indicate that the SafeLinx Server is not responding. The default value is 3. |
| Encryption | This parameter determines the type of encryption that the SafeLinx Client
attempts to negotiate with the SafeLinx Server. Use a value that is one of the SafeLinx Server
encryption minor type numbers. The available type numbers are:
The default value is 14. |
| GatewaySuppliesDNS | When this boolean option is set to 1, DNS information negotiated with the SafeLinx Server is set in the system environment at connect time. The DNS information typically includes primary and secondary DNS servers and the local domain name. This results in the backup and editing of the /etc/resolv.conf file. When the SafeLinx Client is not shut down cleanly, /etc/resolv.conf might not be restored properly. If it is not restored properly, the original DNS configuration can be restored by entering the /etc directory and renaming resolv.conf.ibmwc<pid> back up to resolv.conf. The default value is 1. |
| GWMNIAddress | The SafeLinx Server's address on the private network. This parameter is negotiated with the SafeLinx Server at connect time. |
| HiSpeedWLPRetryCount | SafeLinx Client retry value for connections 10Mbps or faster. This parameter is used only when UseSpeedForWLPSettings=1 and UDP is the protocol used to connect to the SafeLinx Server. The default value is 4. |
| HiSpeedWLPTimeout | SafeLinx Client timeout value used for connections 10 Mbps or faster. This parameter is used only when UseSpeedForWLPSettings=1 and UDP is the protocol used to connect to the SafeLinx Server. The default value is 4. |
| InterfaceList | A list of interfaces that are associated with a connection. |
| IPStackMTU | The maximum transmission unit for the IP stack interface. The default value is
1400 bytes. When RequestTransportProfile=1, this entry is ignored. |
| LowSpeedWLPRetryCount | SafeLinx Client retry value used for connections 57600 bps or slower. This parameter is used only when UseSpeedForWLPSettings=1 and UDP is the protocol used to connect to the SafeLinx Server. |
| LowSpeedWLPTimeout | SafeLinx Client timeout value used for connection 57600 bps or slower. This parameter is used only when UseSpeedForWLPSettings=1 and UDP is the protocol used to connect to the SafeLinx Server. |
| MedSpeedWLPRetryCount | SafeLinx Client retry value used for connections greater than 57600 and slower than 10Mbps. This parameter is used only when UseSpeedForWLPSettings=1 and UDP is the protocol used to connect to the SafeLinx Server. |
| MedSpeedWLPTimeout | SafeLinx Client timeout value used for connections greater than 57600 bps and slower than 10 Mbps. This parameter is used only when UseSpeedForWLPSettings=1 and UDP is the protocol used to connect to the SafeLinx Server. |
| MobileAddress | The address assigned to the client interface by the SafeLinx Server. It is negotiated at logon time and does not need to be manually configured. |
| Mod | Modification level number of the configuration file. |
| OneButtonConnect | When this boolean option is set to 1, the Connect panel is bypassed and instead the connection progress indicator is displayed. This action occurs only if accountID (user ID), Domain (Organizational unit), and Password were previously saved in the configuration file. |
| OrgUnit | The LDAP organizational unit corresponding to the SafeLinx Server user ID specified by the AccountId parameter. |
| Password | The password for the current account. It is best to leave the password blank and allow the SafeLinx Client prompt for it, if needed. If the SavePassword parameter is set to 1, the SafeLinx Client uses an exclusive-OR (XOR) algorithm to alter the password and save it to the configuration file. For security reasons, this method is preferable to entering in plain text form. If the password is entered in plain text in the configuration file and the PreserveConfigFile is set to 0, the SafeLinx Client saves the password by using the XOR algorithm form on exit. |
| PasswordPort | The SafeLinx Server port that the SafeLinx Client connects to for password changes. The default value is 8888. |
| PreferredInterface | The default interface to start for this connection. |
| PrereqAppName1 ... PrereqApplicationName16 | Where PrereqAppName1 is the name of the first process that must be running before the SafeLinx Client attempts to connect. And, PrereqAppProcessn is the last process that must be running before the SafeLinx Client attempts to connect. The application name includes the complete path. The order of which application is checked first is determined by the numerical order in the configuration file. |
| PrereqAppProcess1 ... PrereqAppProcess16 | One PrereqAppProcess for the process name of each application to check before logon. When a process is running, t values are found by typing ps -e from a shell prompt. The order of which process is checked first is determined by the numerical order in the configuration file. |
| PrerequisiteDisabled | If PrerequisiteDisabled is set to 1, then the applications are ignored and no checking is done. |
| PrimaryDNS | The primary DNS server as supplied by the SafeLinx Server at connect time. |
| RadiusRetryAttempts . | This parameter indicates how many times the client reattempts RADIUS authentication attempts after timeout failures. Default value is 2 |
| RadiusTimeout | This parameter indicates the time in seconds that the client waits for a response from a radius authentication request. Default value is 15. |
| Release | Release number of the configuration file. |
| RequestTransportProfile | 1= The SafeLinx Client sends the name and the speed of the adapter when it logs in and roams from one network to another. 0= The transport profile is not requested. The default value is 1. |
| Routes | The set of routes to be configured which were sent to the SafeLinx Client from the SafeLinx Server the last time a connection was established. |
| SavePassword | When this boolean option is set to 1, the SafeLinx Client stores the password by using an XOR algorithm. The default value is 1. |
| SecondaryDNS | The secondary DNS server as supplied by the SafeLinx Server at connect time. |
| SetDefaultRoute | When this boolean option is set to 1, the SafeLinx Client sets the default route for IP traffic to flow through the SafeLinx Client. Except for any individual routes that are previously set in the routing table. The default value is 0. |
| SubnetMask | The subnet mask to use for the SafeLinx Client network interface. This parameter is supplied by the SafeLinx Server at connect time. |
| UseSpeedForWLPSettings | Sets the speed to use to determine SafeLinx Client retry count and timeout. If
this value is set to 0 or if UDP is not the protocol used to connect to the SafeLinx Server,
ALPRetries and ALPTimeout are used. If this value 1 and
UDP is the protocol used to connect to the SafeLinx Server, the value used depends on the
network speed detected. One of the following sets of parameters is used for the retry count and
timeout:
|
| Version | Version number of the configuration file. |
| Parameter name | Description |
|---|---|
| AdapterNameOverrideString | Allows for the adapter name string sent to the SafeLinx Server for transport profile selection to be overridden. The default value is null, and the parameter is not used. |
| AdapterSpeedOverride | Allows for the connection speed sent to the SafeLinx Server for transport profile selection to be overridden. The default value is null, and the parameter is not used. |
| ALPRetries | The number of times to reattempt a failed logon negotiation with the SafeLinx Server. The default value is 3. Used if UseSpeedForWLPSettings is set to 0 or when the UDP protocol is not used to connect to the SafeLinx Server. |
| ALPTimeout | The number of seconds to wait for a logon attempt to complete before timing out and closing the connection. The default value is 10. Used if UseSpeedForWLPSettings is set to 0 or when the UDP protocol is not used to connect to the SafeLinx Server. |
| AlternateGatewayAddress | The list of alternative gateway addresses used by the SafeLinx Client when
roaming. The list is saved in the following format: AlternateGatewayAddress=9.27.0.0
255.255.0.0 9.27.27.136,9.47.0.0 255.255.0.0 9.27.27.136 Each alternative gateway entry consists of 3 values. The first is the local IP address. The second is the mask. The third is the alternative IP address for the SafeLinx Server. The 3 values for an alternative gateway entry are separated by a space. Each alternative gateway definition is separated by a comma. |
| BindPort | Specifies the port number on which the SafeLinx Client listens for data sent from the SafeLinx Server. This parameter is used only for UDP connections. |
| Compression | When this boolean parameter is set to 1, the SafeLinx Client attempts to negotiate a compressed connection with the SafeLinx Server. The only form of compression that is currently supported is BSD LZW compression as provided by the zlib library. This parameter is useful for low-bandwidth connections, but is not recommended in cases where the transmission speed is largely processor bound. For example, an encrypted broadband connection. The default value is 0. |
| DeviceLib | A library that contains functionality and options specific to the type of network device used to make the connection. Device libraries are installed in the /opt/hcl/SafeLinxClient/lib/devices directory. |
| EnablePktJoining | When this boolean option is set to 1, the SafeLinx Client attempts to combine
small packets in order to deliver larger packets to the SafeLinx Server. The maximum size for
joined packets is determined by the NetworkMTU option. This option is only
recommended for low-bandwidth connections. The default value is 0. When RequestTransportProfile=1, this entry is ignored. |
| EncryptedProxyPassword | When a connection is established that uses a proxy server, the SafeLinx Client must supply credentials for the proxy server to authenticate. This field is the password. |
| FilterOtherSourceAddresses | When this boolean option is set to 1, then outbound packets whose source
address does not match the address of the SafeLinx Client as assigned by the SafeLinx Server are
discarded. The default value is 0. When RequestTransportProfile=1, this entry is ignored. |
| GatewayAddress | The physical IP address of the SafeLinx Server. |
| GatewayAddressDec | The IP address of the SafeLinx Server in dotted decimal format. This entry is for internal use and any value entered is ignored. |
| HeaderReduction | When this boolean parameter is set to 1, the SafeLinx Client attempts to
negotiate IP header reduction with the SafeLinx Server. IP header reduction can reduce the
amount of traffic sent over the network interface, but is generally useful only for low-bandwidth
connections. The default value is 0. When RequestTransportProfile=1, this entry is ignored. |
| HttpProxyAddr | Specifies either the IP address or the host name of the proxy server. This parameter is used only if you enable proxy authentication on the SafeLinx Server. |
| HttpProxyPort | Specifies the port number used to communicate with the proxy server. This parameter is used only if you enable proxy authentication on the SafeLinx Server. |
| HttpSendPort | Specifies the port number used to send data to the SafeLinx Server for an HTTP connection. The default value is 80. |
| HttpsSSLKeyRingFile | This option is used only when HTTPS is a supported protocol. It specifies the file used to store the certificates used when the client connects to the SafeLinx Server by using HTTPS, if the user chooses to store the certificates. The default value is <user's_home_directory>/.wclient/wc.kdb. |
| HttpsSSLTimeout | This option is used only when HTTPS is a supported protocol. It sets the time in seconds to wait for the secure socket layer (SSL) packets when connecting to the SafeLinx Server. |
| InRangeConnFailedRetryTimeout | Specifies the time in seconds for the SafeLinx Client to wait while roaming and unable to connect to a network that is in range. The default is 120. |
| KeepAliveInterval | The time in seconds to wait before sending a keepalive packet to the SafeLinx
Server. If this parameter is set to a nonzero value, the SafeLinx Client sends an LCP echo packet to
the SafeLinx Server at this interval. This parameter is useful for preventing the SafeLinx Server
from dropping a connection due to excessive idle time. The amount of idle time before a client
connection is dropped differs between SafeLinx Servers. But, 600 - 1200 seconds is a reasonable
setting in most cases. The default value is 10. When RequestTransportProfile=1, this entry is ignored. |
| Mod | Modification level number of the configuration file. |
| NetworkAverageBPS | Connection throughput in bits per second. If greater than 33600, header reduction and other TCP optimizations are disabled. The default value is 10000000. |
| NetworkMTU | The maximum transmission unit specified in bytes for the network used to
connect to the SafeLinx Server. The valid range is 128-4092. The default value is 1500. When RequestTransportProfile=1, this entry is ignored. |
| PktCompressThreshold | When compression is enabled and this parameter is nonzero, the SafeLinx Client uses this value to determine the size of the smallest packet (in bytes) that it attempts to compress. Small packets often cannot be compressed. This parameter can be used to prevent wasting valuable processor cycle attempts. The default value is 50. |
| PktTimeout | The time specified in seconds used by the link layer to terminate a connection
if the SafeLinx Server does not respond to a request sent by the SafeLinx Client. The
default value is 20. When RequestTransportProfile=1, this entry is ignored. |
| PreferredAdapter | Specifies the network adapter that is used for roaming, if it is available. There is no default value. |
| ProxyUsername | When a connection is established by using a proxy server the SafeLinx Client must supply credentials for the proxy server to authenticate. This field is the user name. |
| Release | Release number of the configuration file. |
| RoamFromThreshold | Specifies the number of seconds that the SafeLinx Client connection to a
network is in Active status. The parameter acts as a threshold value for determining which Wait
interval to use when roaming from this connection to a lesser-priority network, if the status
changes to out of range or unavailable. This setting helps determine whether you are moving into or out of the coverage area of a network. If you are moving into coverage area, you might want to delay roaming from the network quickly. Delay roaming because there can be a period when the status flips back and forth between active and inactive. This delay gives the network a chance to stabilize and establish the actual status. However, if you are moving out of a coverage area, as indicated that the network status was active for a specific period and then becomes inactive, then you might want to roam from that network more quickly. The default value is 0. |
| RoamFromWaitOverThreshold | Specifies the number of seconds that the SafeLinx Client waits before
roaming from this connection to another available lesser-priority network. When the network status
is Active for less than the amount of time specified in the RoamFromThreshold
setting, then the connection might be in the periphery of a network coverage area and might need
additional time to establish its actual status. This setting determines the number of seconds the
SafeLinx Client waits until it will roam from this network to another lesser-priority network. .
Set the value of this setting to be more than the value of the RoamFromWaitUnderThreshold setting. The default value is 0. |
| RoamToWait | Specifies the number of seconds that the SafeLinx Client waits after the network is available before the SafeLinx Client roams to it and makes it the Active connection. If the connection is being established on the periphery of a network coverage area, this setting allows a period for the SafeLinx Client to make sure that the connection status does not go out of Range or unavailable before it attempts to roam to it. The default value is 0. |
| SaveProxyPassword | When a connection is established by using a proxy server the SafeLinx Client must supply credentials for the proxy server to authenticate. When this boolean option is set to 1, the SafeLinx Client stores the password. |
| SendPort | The port used to send data to the SafeLinx Server. This parameter is used only for UDP connections. The default value is 8889. |
| SocketConnectionTimeout | Specifies the timeout used when establishing a UDP, HTTP, or HTTPS connection with the SafeLinx Server. This timeout is the number of seconds to wait before the SafeLinx Client attempts to connect by using another protocol. |
| SupportedProtocols | Specifies the protocols that can be supported on the SafeLinx Client. The
value for this parameter can be one or more of the following, in a comma-separated list:
|
| TCPIP_Ports2Filter | This entry can exist for a connection or for an interface. The interface
section is checked first, and if no entry is found, then the connection section is used. List of TCP ports, separated by spaces, from which to filter packets. When RequestTransportProfile=1, this entry is ignored. |
| TcpOptEnable | When this boolean option is set to 1, TCP optimization is enabled. The default
value is 0. When RequestTransportProfile=1, this entry is ignored. |
| TcpOptMaxBurst | Maximum number of unacknowledged TCP packets transmitted. The optimization
engine withholds packets to keep from overloading a directional channel of a wireless network. The
range of values is 5-16, inclusive. The default value is 8. When RequestTransportProfile=1, this entry is ignored. |
| TcpOptMaxWindowSize | Maximum size of the TCP sliding window in bytes. The optimization engine
adjusts the TCP window on-the-fly as a means of performing network latency-specific flow control.
The range of values is 2048-65535, inclusive. A value of zero disables this function. The default
value is 0. When RequestTransportProfile=1, this entry is ignored. |
| TcpOptRetransmitTTL | Length of time in milliseconds to suppress TCP retransmit packets. A value of
0 disables TCP retransmit suppression. The default value is 1000. When RequestTransportProfile=1, this entry is ignored. |
| TrayUpdateInterval | Minimum time in seconds that the client waits between sending eMsg_PacketReceived events or eMsg_PacketTransmitted events. A value less than or equal to 0 disables sending these events. The default value is 2. |
| UDPIP_Ports2Filter | This entry can exist for a connection or for an interface. The interface
section is checked first, and if no entry is found, then the connection section is used. List of UDP ports, separated by spaces, from which to filter packets When RequestTransportProfile=1, this entry is ignored. |
| UseBindPort | Specifies whether the SafeLinx Client listens on a specific port number for data sent from the SafeLinx Server. This parameter is used only for UDP connections. |
| UseHttpProxy | Enables or disables the use of a proxy for the SafeLinx Client to connect to the SafeLinx Server for connection-oriented (HTTP or HTTPS) connections. The default value of 0 disables proxy authentication. If you enter 1 to enable proxy authentication, you must also provide the proxy server address and port number. Use the HttpProxyAddr parameter to specify the address and HttpProxyPort for the port number, as provided by the system administrator. |
| UseUDPEcho | This boolean parameter determines whether the UDP echo function for the
SafeLinx Client and SafeLinx Server is used during the logon sequence when connecting over UDP. If
UseUDPEcho=1, the UDP echo function uses a test packet to check whether the
SafeLinx Client can reach the gateway and what the Maximum Transmission Unit (MTU) should be. If
UseUDPEcho=0, then the UDP echo function is not used. This parameter is updated
after each logon, based on whether the SafeLinx Server to which the SafeLinx Client is connected
supports the function. For migrated connections, the default value is 0. For new connections, the default value is 0 if only the UDP protocol is enabled or 1 if http, https, or both are selected in addition to the UDP protocol. |
| Version | Version number of the configuration file. |
| Parameter name | Description |
|---|---|
| AdapterNameOverrideString | Allows for the adapter name string sent to the SafeLinx Server for transport profile selection to be overridden. The default value is null, and the parameter is not used. |
| AdapterSpeedOverride | Allows for the connection speed sent to the SafeLinx Server for transport profile selection to be overridden. The default value is null, and the parameter is not used. |
| ALPRetries | The number of times to reattempt a failed logon negotiation with the SafeLinx Server. The default value is 3. Used only if UseSpeedForWLPSettings is set to 0 or when the UDP protocol is not used to connect to the SafeLinx Server. |
| ALPTimeout | The number of seconds to wait for a logon attempt to complete before timing out and closing the connection. The default value is 10. Used only if UseSpeedForWLPSettings is set to 0 or when the UDP protocol is not used to connect to the SafeLinx Server. |
| AlternateGatewayAddress | The list of alternative gateway addresses used by the SafeLinx Client when
roaming. The list is saved in the following format: AlternateGatewayAddress=9.27.0.0
255.255.0.0 9.27.27.136,9.47.0.0 255.255.0.0 9.27.27.136 Each alternative gateway entry consists of 3 values. The first is the local IP address. The second is the mask. The third is the alternative IP address for the SafeLinx Server. The 3 values for an alternative gateway entry are separated by a space. Each alternative gateway definition is separated by a comma. |
| auto-reconnect | When this boolean option is set to 1, the SafeLinx Client attempts to reconnect to the PPP server on connection failure, even though the SafeLinx Client has no data to send. This option is useful if you want to maintain a continuous connection. When the option equals 0, the SafeLinx Client enters short-hold mode on connection failure. |
| BindPort | Specifies the port number on which the SafeLinx Client listens for data sent from the SafeLinx Server. This parameter is used only for UDP connections. |
| Compression | When this boolean parameter is set to 1, the SafeLinx Client attempts to
negotiate a compressed connection with the SafeLinx Server. The only form of compression that is
currently supported is BSD LZW compression as provided by the zlib library.
This parameter is useful for low-bandwidth connections, but is not recommended in cases where the
transmission speed is largely processor bound (for example, an encrypted broadband connection). The
default value is 0. When RequestTransportProfile=1, this entry is ignored. |
| connect-retries | Specifies the number of times the SafeLinx Client attempts to reconnect to the PPP server after the initial connect attempt fails. Connection retries also occur when the SafeLinx Client comes out of short-hold mode and the initial dial attempt fails to connect to the PPP server. The default value is 0. |
| connect-retry-interval | Specifies the amount of time, in seconds, the SafeLinx Client waits after an unsuccessful attempt to connect to the PPP server before attempting to reconnect. The default value is 60. |
| connection-timeout | The amount of time, in seconds, the SafeLinx Client waits to connect to the PPP server before timing out. |
| DeviceLib | A library that contains functionality and options specific to the type of network device used to make the connection. Devices libraries are installed in /opt/hcl/SafeLinxClient/lib/devices/. |
| DriverSpecificData | Contains driver-specific information that should not be edited. |
| EnablePktJoining | When this boolean option is set to 1, the SafeLinx Client attempts to combine
small packets in order to deliver larger packets to the SafeLinx Server. The maximum size for
joined packets is determined by the NetworkMTU option. This option is only
recommended for low-bandwidth connections. The default value is 0. When RequestTransportProfile=1, this entry is ignored. |
| EncryptedProxyPassword | When a connection is established by using a proxy server the SafeLinx Client must supply credentials for the proxy server to authenticate. This field is the password. |
| FilterOtherSourceAddresses | When this boolean option is set to 1, then outbound packets whose source
address does not match the address of the SafeLinx Client as assigned by the SafeLinx Server are
discarded. The default value is 0. When RequestTransportProfile=1, this entry is ignored. |
| GatewayAddress | The physical IP address of the SafeLinx Server. |
| GatewayAddressDec | The IP address of the SafeLinx Server in dotted decimal format. This entry is for internal use and any value entered is ignored. |
| HeaderReduction | When this boolean parameter is set to 1, the SafeLinx Client attempts to
negotiate IP header reduction with the SafeLinx Server. IP header reduction can reduce the
amount of traffic sent over the network interface, but is generally only useful for low-bandwidth
connections. The default value is 0. When RequestTransportProfile=1, this entry is ignored. |
| HttpProxyAddr | Specifies either the IP address or the host name of the authentication proxy server. This parameter is used only if the proxy authentication on the SafeLinx Server is enabled. |
| HttpProxyPort | Specifies the port number used to communicate with the authentication proxy server. This parameter is used only if the proxy authentication on the SafeLinx Server is enabled. |
| HttpSendPort | Specifies the port number used to send data to the SafeLinx Server for an HTTP connection. The default value is 80. |
| HttpsSendPort | Specifies the port number used to send data to the SafeLinx Server for a secure HTTP connection. The default value is 443. |
| HttpsSSLKeyRingFile | This option is used only when HTTPS is a supported protocol. It specifies the file used to store the certificates used when the client connects to the SafeLinx Server by using HTTPS, if the user chooses to store the certificates. The default value is HttpsSSLKeyRingFile This option is used only when HTTPS is a supported protocol. The default value is <user's_home_directory>/.wclient/wc.kdb. |
| HttpsSSLTimeout | This option is used only when HTTPS is a supported protocol. It sets the time in seconds to wait for the secure socket layer (SSL) packets when connecting to the SafeLinx Server. |
| InRangeConnFailedRetryTimeout | Specifies the time in seconds for the SafeLinx Client to wait while roaming and unable to connect to a network that is in range. The default is 120. |
| KeepAliveInterval | The time in seconds to wait before sending a keepalive packet to the SafeLinx
Server. If this parameter is set to a nonzero value, the SafeLinx Client sends an LCP echo packet to
the SafeLinx Server at this interval. This parameter is useful for preventing the SafeLinx Server
from dropping a connection due to excessive idle time. The amount of idle time before a client
connection is dropped differs between SafeLinx Servers But, 600 - 1200 seconds is a reasonable
setting in most cases. The default value is 10. When RequestTransportProfile=1, this entry is ignored. |
| manage-card-modem | When this boolean option is set to 1, the SafeLinx Client turns on the modem before attempting to establish a PPP connection when you are using a PCMCIA or CF modem. By default the modem is turned off by the operating system. The default value is 1. |
| Mod | Modification level number of the configuration file. |
| NetworkAverageBPS | Connection throughput in bits per second. If greater than 33600, header reduction and other TCP optimizations are disabled. The default value is 10000000. |
| NetworkMTU | The maximum transmission unit specified in bytes for the network used to
connect to the SafeLinx Server. The valid range is 128-4092. The default value is 1500. When RequestTransportProfile=1, this entry is ignored. |
| PktCompressThreshold | When compression is enabled and this parameter is nonzero, the SafeLinx Client uses this value to determine the size of the smallest packet (in bytes) that it should attempt to compress. Small packets often cannot be compressed. This parameter can be used to prevent wasting valuable processor cycle attempts. The default value is 50. |
| PktTimeout | The time specified in seconds used by the link layer to terminate a connection
if the SafeLinx Server does not respond to a request sent by the SafeLinx Client. The
default value is 20. When RequestTransportProfile=1, this entry is ignored. |
| PreferredAdapter | Specifies the network adapter that is used for roaming, if it is available. There is no default value. |
| RasPhoneBookEntry | Specifies the name of the PPP daemon script to use to connect to the PPP server. PPP daemon scripts are in /etc/ppp/peers. |
| ProxyUsername | When a connection is established by using a proxy server the SafeLinx Client must supply credentials for the proxy server to authenticate. This field is the user name. |
| Release | Release number of the configuration file. |
| RoamFromThreshold | Specifies the number of seconds that the SafeLinx Client connection to a
network has been in Active status. This parameter acts as a threshold value for determining which
Wait interval to use when roaming from this connection to a lesser-priority network, if the status
changes to out of range or unavailable. This setting helps determine whether you are moving into or out of the coverage area of a network. If you are moving into coverage area, you might want to delay roaming from the network quickly. Delay roaming because there can be a period when the status flips back and forth between active and inactive. This delay gives the network a chance to stabilize and establish the actual status. However, if you are moving out of a coverage area, as indicated that the network status has been active for a specified period and then becomes inactive, then you might want to roam from that network more quickly. The default value is 0. |
| RoamFromWaitOverThreshold | Specifies the number of seconds that the SafeLinx Client waits before
roaming from this connection to another available lesser-priority network. When the network status
is Active for less than the amount of time specified in theRoamFromThreshold
setting, then the connection might be in the periphery of a network coverage area and might need
additional time to establish its actual status. This setting determines the number of seconds the
SafeLinx Client waits until it will roam from this network to another lesser-priority network.
Set the value of this setting to be more than the value of the RoamFromWaitUnderThreshold setting. The default value is 0. |
| RoamFromWaitUnderThreshold | Specifies the number of seconds that the SafeLinx Client waits before roaming
from this connection to another available lesser-priority network. When the network status is Active
for more than the amount of time specified in the RoamFromThreshold setting and
then becomes unavailable, this setting determines the number of seconds the SafeLinx Client waits
until it will roam from this network to another lesser-priority network. Set the value of this setting to be less than the value of the RoamFromWaitOverThreshold setting. The default value is 0. |
| RoamSuspendInactive | When an interface supports suspend/resume (short-hold mode), this value determines whether to suspend the connection when it is not the active interface. A value of 0 = do not suspend, and a value of 1 = suspend. The default value is 1. |
| RoamToWait | Specifies the number of seconds that the SafeLinx Client waits after the network is available before the SafeLinx Client roams to it and makes it the Active connection. If the connection is being established on the periphery of a network coverage area, this setting allows a period for the SafeLinx Client to make sure that the connection status does not go out of range or unavailable before it attempts to roam to it. The default value is 0. |
| SaveProxyPassword | When a connection is established by using a proxy server the SafeLinx Client must supply credentials for the proxy server to authenticate. When this boolean option is set to 1, the SafeLinx Client stores the password. |
| SendPort | The port used to send data to the SafeLinx Server. This parameter is used only for UDP connections. The default value is 8889. |
| short-hold-timeout | The amount of time, in seconds, that the connection waits before entering short-hold mode. If there is no network traffic over the connection after the specified number of seconds, the connection is placed in short-hold mode. A setting of 0 disables short-hold mode. |
| SocketConnectionTimeout | Specifies the timeout used when establishing a UDP, HTTP, or HTTPS connection with the SafeLinx Server. This timeout is the number of seconds to wait before the SafeLinx Client attempts to connect by using another protocol. |
| SupportedProtocols | Specifies the protocols that can be supported on the SafeLinx Client. The
value for this parameter can be one or more of the following, in a comma-separated list:
|
| TCPIP_Ports2Filter | This entry can exist for a connection or for an interface. The interface
section is checked first, and if no entry is found, then the connection section is used. List of TCP ports, separated by spaces, from which to filter packets. When RequestTransportProfile=1, this entry is ignored. |
| TcpOptEnable | When this boolean option is set to 1, TCP optimization is enabled. The default
value is 0. When RequestTransportProfile=1, this entry is ignored. |
| TcpOptMaxBurst | Maximum number of unacknowledged TCP packets transmitted. The optimization
engine withholds packets to keep from overloading a directional channel of a wireless network. The
range of values is 5-16, inclusive. The default value is 8. When RequestTransportProfile=1, this entry is ignored. |
| TcpOptMaxWindowSize | Maximum size of the TCP sliding window in bytes. The optimization engine
adjusts the TCP window on-the-fly as a means of performing network latency-specific flow control.
The range of values is 2048-65535, inclusive. A value of zero disables this function. The default
value is 0. When RequestTransportProfile=1, this entry is ignored. |
| TcpOptRetransmitTTL | Length of time in milliseconds to suppress TCP retransmit packets. A value of
zero disables TCP retransmit suppression. The default value is 1000. When RequestTransportProfile=1, this entry is ignored. |
| TrayUpdateInterval | Minimum time in seconds that the client waits between sending eMsg_PacketReceived events or eMsg_PacketTransmitted events. A value less than or equal to 0 disables sending these events. The default value is 2. |
| UDPIP_Ports2Filter | This entry can exist for a connection or for an interface. The interface
section is checked first, and if no entry is found, then the connection section is used. List of UDP ports, separated by spaces, from which to filter packets. When RequestTransportProfile=1, this entry is ignored. |
| UseBindPort | Specifies whether the SafeLinx Client listens on a specific port number for data sent from the SafeLinx Server. This parameter is used only for UDP connections. |
| UseHttpProxy | This parameter is used to enable or disable proxy authentication on the SafeLinx Client for connection-oriented (HTTP or HTTPS) connections. The default value of 0 disables proxy authentication. If you enter 1 to enable proxy authentication, you must also provide the proxy server address and port number. Use the HttpProxyAddr parameter to specify the address and HttpProxyPort for the port number, as provided by the system administrator. |
| UseUDPEcho | This boolean parameter determines whether the UDP echo function for the
SafeLinx Client and SafeLinx Server is used during the logon sequence when connecting over UDP. If
UseUDPEcho=1, the UDP echo function uses a test packet to check whether the
SafeLinx Client can reach the gateway and what the Maximum Transmission Unit (MTU) should be. If
UseUDPEcho=0, then the UDP echo function is not used. This parameter is updated
after each logon, based on whether the SafeLinx Server to which the SafeLinx Client is connected
supports the function. For migrated connections, the default value is 0. For new connections, the default value is 0 if only the UDP protocol is enabled or 1 if http, https, or both are selected in addition to the UDP protocol. |
| Version | Version number of the configuration file. |