Configuring clients with configuration files

There are several configuration files that provide the parameters used by the SafeLinx Client program to establish a connection with the SafeLinx Server.

About this task

After a connection is established, values are saved at logoff to client configuration files. Rewriting the files is desirable because it often shortens the negotiation process on subsequent connection attempts. The PreserveConfigFile parameter overrides this behavior.

The files consist of lines of the form: parameter-name = parameter-value. Parameter names are alphanumeric strings. Parameter values can be textual or numerical. Parameters that take Boolean values use 1 for true and 0 for false.

An effort was made to find sensible default values for most of the available parameters, and it is rarely necessary to manually edit this file. If no value is specified, the SafeLinx Client either uses a default value, an attempt to negotiate a value for the parameter at connect time, or a prompt to the user.

There is one configuration for global parameters called client services and two or more files for each connection icon that is created. The one file, wclientd.conf, that affects client services is in the installation directory. The installation directory is /opt/HCL/SafeLinxClient/.

There are two or more files for each connection, depending on how many interfaces are defined for the connection. Connection definitions created with the SafeLinx Client are in the home directory of the user in the .wclient subdirectory. There are two file types for each connection: the main connection file which contains settings that affect all interfaces and also one or more interface definition files.

The naming convention is:
  • conn<connection_number>.conf for the main connection file
  • conn<connection_number>_<interface_number>_device.conf for interface definition files

The connection number is unique among all the connections for the user and the interface number is unique for the particular connection.

In previous versions, the connection name that displayed in the SafeLinx Client interface was used to name the connection file. The naming convention was <connection_name>.conf for the main connection file and <connection_name>_device.conf for the interface definition. Connections migrated from previous versions keep the previous naming convention. But if new interface definitions are added for a migrated connection, they are created as <connection_name>_<interface_number>_device.conf.

For a description of these parameters, see the following tables:
Note: When you change the value of any of these parameters, the two services, wclientd and wcstatusd, must be stopped, then started for the change to take effect. Make sure that you are logged in as root. To stop the services: enter /etc/init.d/wclient stop. To start the services: /etc/init.d/wclient start.
Table 1. Parameters that affect client services

Parameters that affect client services

Parameter name Description
APITcpListenPort Specifies the TCP port on which the wclientd service listens. The default value is 10555.
AutoRefreshDHCP If either of the following conditions are detected:
  • Wireless Access Point hardware address change
  • Ethernet cable is newly plugged in
then the status daemon requests a new DHCP address from the network servers (not the SafeLinx Server address, but public network address).
Note: If installed adapters are configured for static IP addresses, turn off this feature. Leaving it on overwrites the static IP configuration if one of the preceding conditions is detected.
Switching this value to off requires the user to manually renew addresses for adapters configured for DHCP if the system roams out of the configured subnet. The default value is 1 (on).
Note: If the ifplugd or netplugd services are running, this feature is automatically disabled.
EnableAccountId When this boolean option is set to 1, the User ID input field displays on the Connect panel. By default, this boolean option is 1.
EnableChangePassword When this boolean option is set to 1, a change password entry displays in the SafeLinx Client Context menu of the currently connected connection. By default, this boolean option is 1.
EnableDomain When this boolean option is set to 1, the Organizational unit input field displays on the Connect panel. By default, this boolean option is 1.
EnablePassword When this boolean option is set to 1, the Password input field displays on the Connect panel. By default, this boolean option is 1.
EnableSavePassword When this boolean option is set to 1, the Save password check box displays on the Connect panel. By default, this boolean option is 1.
Group When this string is null, any system group can access the API. If this string matches a system group name, then only users that are members of that group can access the API. The default value is null.
HiddenAdapters Specifies a space-delimited or comma-delimited list of adapters to ignore when querying the system for installed adapters. The default value is lo, sit0, wc0, usbd0, vmnet1, mn0, mn1, mn2, mn3. To list all interfaces, from the /sbin directory, enter ifconfig -a. Evaluate the list of interfaces to determine whether the installed adapter can be ignored and if so, add it to this parameter.
LogFile The name of the file used by the SafeLinx Client for writing log messages. The default value is /var/log/wc.log.
LogFlush If this boolean parameter is set to 1, messages are flushed to the log file as they are written rather than being buffered. This option slows performance and is generally only useful for debugging. The default value is 0.
LogGroup When this string is null, any system group can access the trace settings. If this string matches a system group name, then only users that are members of that group can access the trace settings. The default value is null.
LogLevel This text parameter determines the verbosity of the SafeLinx Client's logging. The more verbose logging levels can cause a dramatic decrease in performance and are only useful for debugging purposes. Use the default level of error. Multiple values can be specified separated by commas. Allowable values are:
error
Messages about unexpected events on which you need to act on
warn
Messages about events on which you might need to act on
debug
Data used for problem analysis
all
All statements and messages
none
Turns all logging off
LogMaxSize Specifies the maximum size, in bytes, of the trace file stored in /var/log/wc.log. The default value is 1,400,000 bytes. The range of values is 0 - 2147483647 inclusive.
LogRootOnly If this boolean parameter is set to 1, only the root user ID can change the trace log settings. A value of 0 indicates that any user can access the trace settings, depending on the value of the LogGroup parameter. The default value is 0.
LogSubSystems This text parameter is used to suppress messages from some SafeLinx Client subsystems. In most cases, use the default value. Multiple values can be specified separated by commas. Allowable values are:
main
Messages logged in the main client code
common
Messages logged in libwgcmn.so and do not have a specific category
ip_stack
Messages logged in libipstack.so
compress
Messages logged in libwgcompress.so
hdr_reduct
Messages logged in libipreduct.so
port
Messages logged by the port subsystem (for example, UDP or TCP)
device
Messages logged in the process of sending and receiving data from the SafeLinx Server
timer
Messages logged from the timer subsystem
alp
Messages logged by the Link Control Protocol
API
Messages logged by the application programming interface
socket_api
Messages logged by the TCP sockets used by the API
adapter_monitor
Messages logged when IP interfaces change state
api_user
Messages logged through the SafeLinx Client API
all
Everything
none
Turns all logging off
RootOnly If this boolean parameter is set to 1, only the root user ID can access the API. A value of 0 indicates that any user can access the API, depending on the value of the Group parameter. The default value is 0.
SaveAccountId When this boolean option is set to 1, the SafeLinx Client saves the value entered for user ID in the connection file. By default, this boolean option is 1.
StatusLogFile The default location of the log file: /var/log/wcstatus.log.
StatusLogFlush If this boolean parameter is set to 1, messages for wcstatusd are flushed to the log file as they are written rather than being buffered. This option slows performance and is generally only useful for debugging. The default value is 0.
StatusLogLevel Allowable values are:
all
All statements and messages
debug
Data used for problem analysis
none
Turns all logging off
StatusLogMaxSize Specifies the maximum size of the trace file stored in /var/log/wcstatus.log. The default value for x86 systems is 1400 KB. The range of values is 0 - 2147483647 inclusive.
StatusLogSubSystems Allowable values are:
device
Logs adapter status changes
main
Messages logged in the main client code
port
Messages logged by the port subsystem (for example, UDP or TCP)

The default value is device.

StatusPollInterval The system is periodically queried for network hardware adapter changes. This value controls the query period. The default value is 2 seconds.
StatusServerPort UDP port that the client core uses to contact the status daemon. The default value is 8979.
TraceWhileConnecting Enables the trace facility during a connection attempt. The trace information is saved to the file /var/log/wc.log. Set this parameter to 0 to disable tracing. By default, this parameter is 1.
WirelessLinkQualityCutOff Sets the minimum signal strength that is required for an 802.11b adapter to show up in the list of adapters. The link quality varies from 0 - 92, with greater being better. This value sets a minimum cutoff value under which the adapter is removed from the adapter list. To disable the link quality check, set the value to -1. The default value is 0.
Table 2. Parameters that affect each connection

Parameters that affect each connection

Parameter name Description
AccountId The login account name to use when establishing the connection. This parameter does not include the organizational unit of the account.
AuthMethod Method that the SafeLinx Server uses to validate the SafeLinx Client. Do not change this value from the default value of 1 unless instructed by your administrator. Allowable values are:
0
The SafeLinx Server does not require any authentication.
1
The SafeLinx Server requires user ID and password authentication.
2
The SafeLinx Server requires Diffie-Hellman authentication.
Autostart1...Autostartn One Autostart for each application to be automatically started after a successful logon to the SafeLinx Server. The application name includes the complete path, without parameters. The order of which application is started first is determined by its numerical order in the configuration file.
AutostartDisabled If AutostartDisabled is set to 1, then the applications are ignored and no checking is done.
AutostartParams1 ... AutostartParamsn One AutostartParams for each parameter required for the corresponding Autostartn application. Must be present, but blank, if no parameters are required for a specific application. The order of which parameters are checked first is determined by the numerical order in the configuration file.
BlackHoleDecrement The value used to decrement padded configure requests when performing black hole detection. The default value is 100 bytes.
BroadcastPgmName Name of the broadcast program to start at completion of logon. This program receives broadcast messages from the SafeLinx Server. The default value is null.
BroadcastPort The UDP port number on which the SafeLinx Client broadcast program listens for broadcast messages from the SafeLinx Server. The default port is 9999.
CertAuthP12File Stores the last fully qualified PKCS 12 file name when certificate-based authentication is required by the SafeLinx Server. This file name is the default the next time certificate-based authentication is requested.
CertAuthP12PW Password for the PKCS 12 file specified under CertAuthP12File. Otherwise, the user is always prompted for the password.
ConnectionTimeout Specifies the amount of time in seconds from when the SafeLinx Client starts attempting to connect to the SafeLinx Server until a message displays indicating that the connection is still being attempted. The default value is 60. Setting this value to zero (0) disables the timer.
DetectBlackHoles 1= an advertised speed of network connection is 10 Mbps or greater. Clients pad configuration requests sent to the gateway to the maximum network MTU size in an effort to detect black holes. If the configuration request times out, then the next attempt is decremented by using BlackHoleDecrement before being retransmitted. Set BlackHoleDecrement to 0 in the case where the client is using a high speed adapter, but there is a slow or inefficient intermediate link between the client and the gateway.

The default value is 1.

DisableRoaming 1= prevents the automatic cross-network roaming from occurring for use of custom applications that are using the SafeLinx Client Toolkit. The default value is 0.
DNSDomainName The DNS domain name supplied by the SafeLinx Server for the current connection. It is not necessary to supply a value for this parameter, as it is set by the SafeLinx Server at the time the connection is established.
EchoTimeoutThreshold Specifies the number of consecutive echo timeouts processed before the SafeLinx Client displays an error to indicate that the SafeLinx Server is not responding. The default value is 3.
Encryption This parameter determines the type of encryption that the SafeLinx Client attempts to negotiate with the SafeLinx Server. Use a value that is one of the SafeLinx Server encryption minor type numbers. The available type numbers are:
14
AES 256-bit CBC (cipher block chaining) mode
12
AES 192-bit CBC mode
10
AES 128-bit CBC mode
1
DES CBC
0
No encryption

The default value is 14.

GatewaySuppliesDNS When this boolean option is set to 1, DNS information negotiated with the SafeLinx Server is set in the system environment at connect time. The DNS information typically includes primary and secondary DNS servers and the local domain name. This results in the backup and editing of the /etc/resolv.conf file. When the SafeLinx Client is not shut down cleanly, /etc/resolv.conf might not be restored properly. If it is not restored properly, the original DNS configuration can be restored by entering the /etc directory and renaming resolv.conf.ibmwc<pid> back up to resolv.conf. The default value is 1.
GWMNIAddress The SafeLinx Server's address on the private network. This parameter is negotiated with the SafeLinx Server at connect time.
HiSpeedWLPRetryCount SafeLinx Client retry value for connections 10Mbps or faster. This parameter is used only when UseSpeedForWLPSettings=1 and UDP is the protocol used to connect to the SafeLinx Server. The default value is 4.
HiSpeedWLPTimeout SafeLinx Client timeout value used for connections 10 Mbps or faster. This parameter is used only when UseSpeedForWLPSettings=1 and UDP is the protocol used to connect to the SafeLinx Server. The default value is 4.
InterfaceList A list of interfaces that are associated with a connection.
IPStackMTU The maximum transmission unit for the IP stack interface. The default value is 1400 bytes.

When RequestTransportProfile=1, this entry is ignored.

LowSpeedWLPRetryCount SafeLinx Client retry value used for connections 57600 bps or slower. This parameter is used only when UseSpeedForWLPSettings=1 and UDP is the protocol used to connect to the SafeLinx Server.
LowSpeedWLPTimeout SafeLinx Client timeout value used for connection 57600 bps or slower. This parameter is used only when UseSpeedForWLPSettings=1 and UDP is the protocol used to connect to the SafeLinx Server.
MedSpeedWLPRetryCount SafeLinx Client retry value used for connections greater than 57600 and slower than 10Mbps. This parameter is used only when UseSpeedForWLPSettings=1 and UDP is the protocol used to connect to the SafeLinx Server.
MedSpeedWLPTimeout SafeLinx Client timeout value used for connections greater than 57600 bps and slower than 10 Mbps. This parameter is used only when UseSpeedForWLPSettings=1 and UDP is the protocol used to connect to the SafeLinx Server.
MobileAddress The address assigned to the client interface by the SafeLinx Server. It is negotiated at logon time and does not need to be manually configured.
Mod Modification level number of the configuration file.
OneButtonConnect When this boolean option is set to 1, the Connect panel is bypassed and instead the connection progress indicator is displayed. This action occurs only if accountID (user ID), Domain (Organizational unit), and Password were previously saved in the configuration file.
OrgUnit The LDAP organizational unit corresponding to the SafeLinx Server user ID specified by the AccountId parameter.
Password The password for the current account. It is best to leave the password blank and allow the SafeLinx Client prompt for it, if needed. If the SavePassword parameter is set to 1, the SafeLinx Client uses an exclusive-OR (XOR) algorithm to alter the password and save it to the configuration file. For security reasons, this method is preferable to entering in plain text form. If the password is entered in plain text in the configuration file and the PreserveConfigFile is set to 0, the SafeLinx Client saves the password by using the XOR algorithm form on exit.
PasswordPort The SafeLinx Server port that the SafeLinx Client connects to for password changes. The default value is 8888.
PreferredInterface The default interface to start for this connection.
PrereqAppName1 ... PrereqApplicationName16 Where PrereqAppName1 is the name of the first process that must be running before the SafeLinx Client attempts to connect. And, PrereqAppProcessn is the last process that must be running before the SafeLinx Client attempts to connect. The application name includes the complete path. The order of which application is checked first is determined by the numerical order in the configuration file.
PrereqAppProcess1 ... PrereqAppProcess16 One PrereqAppProcess for the process name of each application to check before logon. When a process is running, t values are found by typing ps -e from a shell prompt. The order of which process is checked first is determined by the numerical order in the configuration file.
PrerequisiteDisabled If PrerequisiteDisabled is set to 1, then the applications are ignored and no checking is done.
PrimaryDNS The primary DNS server as supplied by the SafeLinx Server at connect time.
RadiusRetryAttempts . This parameter indicates how many times the client reattempts RADIUS authentication attempts after timeout failures. Default value is 2
RadiusTimeout This parameter indicates the time in seconds that the client waits for a response from a radius authentication request. Default value is 15.
Release Release number of the configuration file.
RequestTransportProfile 1= The SafeLinx Client sends the name and the speed of the adapter when it logs in and roams from one network to another. 0= The transport profile is not requested. The default value is 1.
Routes The set of routes to be configured which were sent to the SafeLinx Client from the SafeLinx Server the last time a connection was established.
SavePassword When this boolean option is set to 1, the SafeLinx Client stores the password by using an XOR algorithm. The default value is 1.
SecondaryDNS The secondary DNS server as supplied by the SafeLinx Server at connect time.
SetDefaultRoute When this boolean option is set to 1, the SafeLinx Client sets the default route for IP traffic to flow through the SafeLinx Client. Except for any individual routes that are previously set in the routing table. The default value is 0.
SubnetMask The subnet mask to use for the SafeLinx Client network interface. This parameter is supplied by the SafeLinx Server at connect time.
UseSpeedForWLPSettings Sets the speed to use to determine SafeLinx Client retry count and timeout. If this value is set to 0 or if UDP is not the protocol used to connect to the SafeLinx Server, ALPRetries and ALPTimeout are used.
If this value 1 and UDP is the protocol used to connect to the SafeLinx Server, the value used depends on the network speed detected. One of the following sets of parameters is used for the retry count and timeout:
network detected speed is <57600 bps
LowSpeedWLPTimeout
LowSpeedWLPRetryCount
network detected speed is >=57600 bps and <10,000,000 bps
MedSpeedWLPTimeout
MedSpeedWLPRetryCount
network detected speed is >= 10,000,000 bps
HiSpeedWLPTimeout
HiSpeedWLPRetryCount
Version Version number of the configuration file.
Table 3. Parameters that affect only IP-LAN interfaces

Parameters that affect only IP-LAN interfaces

Parameter name Description
AdapterNameOverrideString Allows for the adapter name string sent to the SafeLinx Server for transport profile selection to be overridden. The default value is null, and the parameter is not used.
AdapterSpeedOverride Allows for the connection speed sent to the SafeLinx Server for transport profile selection to be overridden. The default value is null, and the parameter is not used.
ALPRetries The number of times to reattempt a failed logon negotiation with the SafeLinx Server. The default value is 3. Used if UseSpeedForWLPSettings is set to 0 or when the UDP protocol is not used to connect to the SafeLinx Server.
ALPTimeout The number of seconds to wait for a logon attempt to complete before timing out and closing the connection. The default value is 10. Used if UseSpeedForWLPSettings is set to 0 or when the UDP protocol is not used to connect to the SafeLinx Server.
AlternateGatewayAddress The list of alternative gateway addresses used by the SafeLinx Client when roaming. The list is saved in the following format: AlternateGatewayAddress=9.27.0.0 255.255.0.0 9.27.27.136,9.47.0.0 255.255.0.0 9.27.27.136

Each alternative gateway entry consists of 3 values. The first is the local IP address. The second is the mask. The third is the alternative IP address for the SafeLinx Server. The 3 values for an alternative gateway entry are separated by a space. Each alternative gateway definition is separated by a comma.

BindPort Specifies the port number on which the SafeLinx Client listens for data sent from the SafeLinx Server. This parameter is used only for UDP connections.
Compression When this boolean parameter is set to 1, the SafeLinx Client attempts to negotiate a compressed connection with the SafeLinx Server. The only form of compression that is currently supported is BSD LZW compression as provided by the zlib library. This parameter is useful for low-bandwidth connections, but is not recommended in cases where the transmission speed is largely processor bound. For example, an encrypted broadband connection. The default value is 0.
DeviceLib A library that contains functionality and options specific to the type of network device used to make the connection. Device libraries are installed in the /opt/hcl/SafeLinxClient/lib/devices directory.
EnablePktJoining When this boolean option is set to 1, the SafeLinx Client attempts to combine small packets in order to deliver larger packets to the SafeLinx Server. The maximum size for joined packets is determined by the NetworkMTU option. This option is only recommended for low-bandwidth connections. The default value is 0.

When RequestTransportProfile=1, this entry is ignored.

EncryptedProxyPassword When a connection is established that uses a proxy server, the SafeLinx Client must supply credentials for the proxy server to authenticate. This field is the password.
FilterOtherSourceAddresses When this boolean option is set to 1, then outbound packets whose source address does not match the address of the SafeLinx Client as assigned by the SafeLinx Server are discarded. The default value is 0.

When RequestTransportProfile=1, this entry is ignored.

GatewayAddress The physical IP address of the SafeLinx Server.
GatewayAddressDec The IP address of the SafeLinx Server in dotted decimal format. This entry is for internal use and any value entered is ignored.
HeaderReduction When this boolean parameter is set to 1, the SafeLinx Client attempts to negotiate IP header reduction with the SafeLinx Server. IP header reduction can reduce the amount of traffic sent over the network interface, but is generally useful only for low-bandwidth connections. The default value is 0.

When RequestTransportProfile=1, this entry is ignored.

HttpProxyAddr Specifies either the IP address or the host name of the proxy server. This parameter is used only if you enable proxy authentication on the SafeLinx Server.
HttpProxyPort Specifies the port number used to communicate with the proxy server. This parameter is used only if you enable proxy authentication on the SafeLinx Server.
HttpSendPort Specifies the port number used to send data to the SafeLinx Server for an HTTP connection. The default value is 80.
HttpsSSLKeyRingFile This option is used only when HTTPS is a supported protocol. It specifies the file used to store the certificates used when the client connects to the SafeLinx Server by using HTTPS, if the user chooses to store the certificates. The default value is <user's_home_directory>/.wclient/wc.kdb.
HttpsSSLTimeout This option is used only when HTTPS is a supported protocol. It sets the time in seconds to wait for the secure socket layer (SSL) packets when connecting to the SafeLinx Server.
InRangeConnFailedRetryTimeout Specifies the time in seconds for the SafeLinx Client to wait while roaming and unable to connect to a network that is in range. The default is 120.
KeepAliveInterval The time in seconds to wait before sending a keepalive packet to the SafeLinx Server. If this parameter is set to a nonzero value, the SafeLinx Client sends an LCP echo packet to the SafeLinx Server at this interval. This parameter is useful for preventing the SafeLinx Server from dropping a connection due to excessive idle time. The amount of idle time before a client connection is dropped differs between SafeLinx Servers. But, 600 - 1200 seconds is a reasonable setting in most cases. The default value is 10.

When RequestTransportProfile=1, this entry is ignored.

Mod Modification level number of the configuration file.
NetworkAverageBPS Connection throughput in bits per second. If greater than 33600, header reduction and other TCP optimizations are disabled. The default value is 10000000.
NetworkMTU The maximum transmission unit specified in bytes for the network used to connect to the SafeLinx Server. The valid range is 128-4092. The default value is 1500.

When RequestTransportProfile=1, this entry is ignored.

PktCompressThreshold When compression is enabled and this parameter is nonzero, the SafeLinx Client uses this value to determine the size of the smallest packet (in bytes) that it attempts to compress. Small packets often cannot be compressed. This parameter can be used to prevent wasting valuable processor cycle attempts. The default value is 50.
PktTimeout The time specified in seconds used by the link layer to terminate a connection if the SafeLinx Server does not respond to a request sent by the SafeLinx Client. The default value is 20.

When RequestTransportProfile=1, this entry is ignored.

PreferredAdapter Specifies the network adapter that is used for roaming, if it is available. There is no default value.
ProxyUsername When a connection is established by using a proxy server the SafeLinx Client must supply credentials for the proxy server to authenticate. This field is the user name.
Release Release number of the configuration file.
RoamFromThreshold Specifies the number of seconds that the SafeLinx Client connection to a network is in Active status. The parameter acts as a threshold value for determining which Wait interval to use when roaming from this connection to a lesser-priority network, if the status changes to out of range or unavailable.

This setting helps determine whether you are moving into or out of the coverage area of a network. If you are moving into coverage area, you might want to delay roaming from the network quickly. Delay roaming because there can be a period when the status flips back and forth between active and inactive. This delay gives the network a chance to stabilize and establish the actual status. However, if you are moving out of a coverage area, as indicated that the network status was active for a specific period and then becomes inactive, then you might want to roam from that network more quickly.

The default value is 0.

RoamFromWaitOverThreshold Specifies the number of seconds that the SafeLinx Client waits before roaming from this connection to another available lesser-priority network. When the network status is Active for less than the amount of time specified in the RoamFromThreshold setting, then the connection might be in the periphery of a network coverage area and might need additional time to establish its actual status. This setting determines the number of seconds the SafeLinx Client waits until it will roam from this network to another lesser-priority network. .

Set the value of this setting to be more than the value of the RoamFromWaitUnderThreshold setting.

The default value is 0.

RoamToWait Specifies the number of seconds that the SafeLinx Client waits after the network is available before the SafeLinx Client roams to it and makes it the Active connection. If the connection is being established on the periphery of a network coverage area, this setting allows a period for the SafeLinx Client to make sure that the connection status does not go out of Range or unavailable before it attempts to roam to it. The default value is 0.
SaveProxyPassword When a connection is established by using a proxy server the SafeLinx Client must supply credentials for the proxy server to authenticate. When this boolean option is set to 1, the SafeLinx Client stores the password.
SendPort The port used to send data to the SafeLinx Server. This parameter is used only for UDP connections. The default value is 8889.
SocketConnectionTimeout Specifies the timeout used when establishing a UDP, HTTP, or HTTPS connection with the SafeLinx Server. This timeout is the number of seconds to wait before the SafeLinx Client attempts to connect by using another protocol.
SupportedProtocols Specifies the protocols that can be supported on the SafeLinx Client. The value for this parameter can be one or more of the following, in a comma-separated list:
Connectionless
Use UDP as a protocol to connect to the SafeLinx Server.
ConnectionOriented
Use HTTP as a protocol to connect to the SafeLinx Server.
ConnectionOrientedSecure
Use HTTPS as a protocol to connect to the SafeLinx Server.
TCPIP_Ports2Filter This entry can exist for a connection or for an interface. The interface section is checked first, and if no entry is found, then the connection section is used.

List of TCP ports, separated by spaces, from which to filter packets.

When RequestTransportProfile=1, this entry is ignored.

TcpOptEnable When this boolean option is set to 1, TCP optimization is enabled. The default value is 0.

When RequestTransportProfile=1, this entry is ignored.

TcpOptMaxBurst Maximum number of unacknowledged TCP packets transmitted. The optimization engine withholds packets to keep from overloading a directional channel of a wireless network. The range of values is 5-16, inclusive. The default value is 8.

When RequestTransportProfile=1, this entry is ignored.

TcpOptMaxWindowSize Maximum size of the TCP sliding window in bytes. The optimization engine adjusts the TCP window on-the-fly as a means of performing network latency-specific flow control. The range of values is 2048-65535, inclusive. A value of zero disables this function. The default value is 0.

When RequestTransportProfile=1, this entry is ignored.

TcpOptRetransmitTTL Length of time in milliseconds to suppress TCP retransmit packets. A value of 0 disables TCP retransmit suppression. The default value is 1000.

When RequestTransportProfile=1, this entry is ignored.

TrayUpdateInterval Minimum time in seconds that the client waits between sending eMsg_PacketReceived events or eMsg_PacketTransmitted events. A value less than or equal to 0 disables sending these events. The default value is 2.
UDPIP_Ports2Filter This entry can exist for a connection or for an interface. The interface section is checked first, and if no entry is found, then the connection section is used.

List of UDP ports, separated by spaces, from which to filter packets

When RequestTransportProfile=1, this entry is ignored.

UseBindPort Specifies whether the SafeLinx Client listens on a specific port number for data sent from the SafeLinx Server. This parameter is used only for UDP connections.
UseHttpProxy Enables or disables the use of a proxy for the SafeLinx Client to connect to the SafeLinx Server for connection-oriented (HTTP or HTTPS) connections. The default value of 0 disables proxy authentication. If you enter 1 to enable proxy authentication, you must also provide the proxy server address and port number. Use the HttpProxyAddr parameter to specify the address and HttpProxyPort for the port number, as provided by the system administrator.
UseUDPEcho This boolean parameter determines whether the UDP echo function for the SafeLinx Client and SafeLinx Server is used during the logon sequence when connecting over UDP. If UseUDPEcho=1, the UDP echo function uses a test packet to check whether the SafeLinx Client can reach the gateway and what the Maximum Transmission Unit (MTU) should be. If UseUDPEcho=0, then the UDP echo function is not used. This parameter is updated after each logon, based on whether the SafeLinx Server to which the SafeLinx Client is connected supports the function.

For migrated connections, the default value is 0. For new connections, the default value is 0 if only the UDP protocol is enabled or 1 if http, https, or both are selected in addition to the UDP protocol.

Version Version number of the configuration file.
Table 4. Parameters that affect only RAS/PPP interfaces

Parameters that affect only RAS/PPP interfaces

Parameter name Description
AdapterNameOverrideString Allows for the adapter name string sent to the SafeLinx Server for transport profile selection to be overridden. The default value is null, and the parameter is not used.
AdapterSpeedOverride Allows for the connection speed sent to the SafeLinx Server for transport profile selection to be overridden. The default value is null, and the parameter is not used.
ALPRetries The number of times to reattempt a failed logon negotiation with the SafeLinx Server. The default value is 3. Used only if UseSpeedForWLPSettings is set to 0 or when the UDP protocol is not used to connect to the SafeLinx Server.
ALPTimeout The number of seconds to wait for a logon attempt to complete before timing out and closing the connection. The default value is 10. Used only if UseSpeedForWLPSettings is set to 0 or when the UDP protocol is not used to connect to the SafeLinx Server.
AlternateGatewayAddress The list of alternative gateway addresses used by the SafeLinx Client when roaming. The list is saved in the following format: AlternateGatewayAddress=9.27.0.0 255.255.0.0 9.27.27.136,9.47.0.0 255.255.0.0 9.27.27.136

Each alternative gateway entry consists of 3 values. The first is the local IP address. The second is the mask. The third is the alternative IP address for the SafeLinx Server. The 3 values for an alternative gateway entry are separated by a space. Each alternative gateway definition is separated by a comma.

auto-reconnect When this boolean option is set to 1, the SafeLinx Client attempts to reconnect to the PPP server on connection failure, even though the SafeLinx Client has no data to send. This option is useful if you want to maintain a continuous connection. When the option equals 0, the SafeLinx Client enters short-hold mode on connection failure.
BindPort Specifies the port number on which the SafeLinx Client listens for data sent from the SafeLinx Server. This parameter is used only for UDP connections.
Compression When this boolean parameter is set to 1, the SafeLinx Client attempts to negotiate a compressed connection with the SafeLinx Server. The only form of compression that is currently supported is BSD LZW compression as provided by the zlib library. This parameter is useful for low-bandwidth connections, but is not recommended in cases where the transmission speed is largely processor bound (for example, an encrypted broadband connection). The default value is 0.

When RequestTransportProfile=1, this entry is ignored.

connect-retries Specifies the number of times the SafeLinx Client attempts to reconnect to the PPP server after the initial connect attempt fails. Connection retries also occur when the SafeLinx Client comes out of short-hold mode and the initial dial attempt fails to connect to the PPP server. The default value is 0.
connect-retry-interval Specifies the amount of time, in seconds, the SafeLinx Client waits after an unsuccessful attempt to connect to the PPP server before attempting to reconnect. The default value is 60.
connection-timeout The amount of time, in seconds, the SafeLinx Client waits to connect to the PPP server before timing out.
DeviceLib A library that contains functionality and options specific to the type of network device used to make the connection. Devices libraries are installed in /opt/hcl/SafeLinxClient/lib/devices/.
DriverSpecificData Contains driver-specific information that should not be edited.
EnablePktJoining When this boolean option is set to 1, the SafeLinx Client attempts to combine small packets in order to deliver larger packets to the SafeLinx Server. The maximum size for joined packets is determined by the NetworkMTU option. This option is only recommended for low-bandwidth connections. The default value is 0.

When RequestTransportProfile=1, this entry is ignored.

EncryptedProxyPassword When a connection is established by using a proxy server the SafeLinx Client must supply credentials for the proxy server to authenticate. This field is the password.
FilterOtherSourceAddresses When this boolean option is set to 1, then outbound packets whose source address does not match the address of the SafeLinx Client as assigned by the SafeLinx Server are discarded. The default value is 0.

When RequestTransportProfile=1, this entry is ignored.

GatewayAddress The physical IP address of the SafeLinx Server.
GatewayAddressDec The IP address of the SafeLinx Server in dotted decimal format. This entry is for internal use and any value entered is ignored.
HeaderReduction When this boolean parameter is set to 1, the SafeLinx Client attempts to negotiate IP header reduction with the SafeLinx Server. IP header reduction can reduce the amount of traffic sent over the network interface, but is generally only useful for low-bandwidth connections. The default value is 0.

When RequestTransportProfile=1, this entry is ignored.

HttpProxyAddr Specifies either the IP address or the host name of the authentication proxy server. This parameter is used only if the proxy authentication on the SafeLinx Server is enabled.
HttpProxyPort Specifies the port number used to communicate with the authentication proxy server. This parameter is used only if the proxy authentication on the SafeLinx Server is enabled.
HttpSendPort Specifies the port number used to send data to the SafeLinx Server for an HTTP connection. The default value is 80.
HttpsSendPort Specifies the port number used to send data to the SafeLinx Server for a secure HTTP connection. The default value is 443.
HttpsSSLKeyRingFile This option is used only when HTTPS is a supported protocol. It specifies the file used to store the certificates used when the client connects to the SafeLinx Server by using HTTPS, if the user chooses to store the certificates. The default value is HttpsSSLKeyRingFile This option is used only when HTTPS is a supported protocol. The default value is <user's_home_directory>/.wclient/wc.kdb.
HttpsSSLTimeout This option is used only when HTTPS is a supported protocol. It sets the time in seconds to wait for the secure socket layer (SSL) packets when connecting to the SafeLinx Server.
InRangeConnFailedRetryTimeout Specifies the time in seconds for the SafeLinx Client to wait while roaming and unable to connect to a network that is in range. The default is 120.
KeepAliveInterval The time in seconds to wait before sending a keepalive packet to the SafeLinx Server. If this parameter is set to a nonzero value, the SafeLinx Client sends an LCP echo packet to the SafeLinx Server at this interval. This parameter is useful for preventing the SafeLinx Server from dropping a connection due to excessive idle time. The amount of idle time before a client connection is dropped differs between SafeLinx Servers But, 600 - 1200 seconds is a reasonable setting in most cases. The default value is 10.

When RequestTransportProfile=1, this entry is ignored.

manage-card-modem When this boolean option is set to 1, the SafeLinx Client turns on the modem before attempting to establish a PPP connection when you are using a PCMCIA or CF modem. By default the modem is turned off by the operating system. The default value is 1.
Mod Modification level number of the configuration file.
NetworkAverageBPS Connection throughput in bits per second. If greater than 33600, header reduction and other TCP optimizations are disabled. The default value is 10000000.
NetworkMTU The maximum transmission unit specified in bytes for the network used to connect to the SafeLinx Server. The valid range is 128-4092. The default value is 1500.

When RequestTransportProfile=1, this entry is ignored.

PktCompressThreshold When compression is enabled and this parameter is nonzero, the SafeLinx Client uses this value to determine the size of the smallest packet (in bytes) that it should attempt to compress. Small packets often cannot be compressed. This parameter can be used to prevent wasting valuable processor cycle attempts. The default value is 50.
PktTimeout The time specified in seconds used by the link layer to terminate a connection if the SafeLinx Server does not respond to a request sent by the SafeLinx Client. The default value is 20.

When RequestTransportProfile=1, this entry is ignored.

PreferredAdapter Specifies the network adapter that is used for roaming, if it is available. There is no default value.
RasPhoneBookEntry Specifies the name of the PPP daemon script to use to connect to the PPP server. PPP daemon scripts are in /etc/ppp/peers.
ProxyUsername When a connection is established by using a proxy server the SafeLinx Client must supply credentials for the proxy server to authenticate. This field is the user name.
Release Release number of the configuration file.
RoamFromThreshold Specifies the number of seconds that the SafeLinx Client connection to a network has been in Active status. This parameter acts as a threshold value for determining which Wait interval to use when roaming from this connection to a lesser-priority network, if the status changes to out of range or unavailable.

This setting helps determine whether you are moving into or out of the coverage area of a network. If you are moving into coverage area, you might want to delay roaming from the network quickly. Delay roaming because there can be a period when the status flips back and forth between active and inactive. This delay gives the network a chance to stabilize and establish the actual status. However, if you are moving out of a coverage area, as indicated that the network status has been active for a specified period and then becomes inactive, then you might want to roam from that network more quickly.

The default value is 0.

RoamFromWaitOverThreshold Specifies the number of seconds that the SafeLinx Client waits before roaming from this connection to another available lesser-priority network. When the network status is Active for less than the amount of time specified in theRoamFromThreshold setting, then the connection might be in the periphery of a network coverage area and might need additional time to establish its actual status. This setting determines the number of seconds the SafeLinx Client waits until it will roam from this network to another lesser-priority network.

Set the value of this setting to be more than the value of the RoamFromWaitUnderThreshold setting.

The default value is 0.

RoamFromWaitUnderThreshold Specifies the number of seconds that the SafeLinx Client waits before roaming from this connection to another available lesser-priority network. When the network status is Active for more than the amount of time specified in the RoamFromThreshold setting and then becomes unavailable, this setting determines the number of seconds the SafeLinx Client waits until it will roam from this network to another lesser-priority network.

Set the value of this setting to be less than the value of the RoamFromWaitOverThreshold setting.

The default value is 0.

RoamSuspendInactive When an interface supports suspend/resume (short-hold mode), this value determines whether to suspend the connection when it is not the active interface. A value of 0 = do not suspend, and a value of 1 = suspend. The default value is 1.
RoamToWait Specifies the number of seconds that the SafeLinx Client waits after the network is available before the SafeLinx Client roams to it and makes it the Active connection. If the connection is being established on the periphery of a network coverage area, this setting allows a period for the SafeLinx Client to make sure that the connection status does not go out of range or unavailable before it attempts to roam to it. The default value is 0.
SaveProxyPassword When a connection is established by using a proxy server the SafeLinx Client must supply credentials for the proxy server to authenticate. When this boolean option is set to 1, the SafeLinx Client stores the password.
SendPort The port used to send data to the SafeLinx Server. This parameter is used only for UDP connections. The default value is 8889.
short-hold-timeout The amount of time, in seconds, that the connection waits before entering short-hold mode. If there is no network traffic over the connection after the specified number of seconds, the connection is placed in short-hold mode. A setting of 0 disables short-hold mode.
SocketConnectionTimeout Specifies the timeout used when establishing a UDP, HTTP, or HTTPS connection with the SafeLinx Server. This timeout is the number of seconds to wait before the SafeLinx Client attempts to connect by using another protocol.
SupportedProtocols Specifies the protocols that can be supported on the SafeLinx Client. The value for this parameter can be one or more of the following, in a comma-separated list:
Connectionless
Use UDP as a protocol to connect to the SafeLinx Server.
ConnectionOriented
Use HTTP as a protocol to connect to the SafeLinx Server.
ConnectionOrientedSecure
Use HTTPS as a protocol to connect to the SafeLinx Server.
TCPIP_Ports2Filter This entry can exist for a connection or for an interface. The interface section is checked first, and if no entry is found, then the connection section is used.

List of TCP ports, separated by spaces, from which to filter packets.

When RequestTransportProfile=1, this entry is ignored.

TcpOptEnable When this boolean option is set to 1, TCP optimization is enabled. The default value is 0.

When RequestTransportProfile=1, this entry is ignored.

TcpOptMaxBurst Maximum number of unacknowledged TCP packets transmitted. The optimization engine withholds packets to keep from overloading a directional channel of a wireless network. The range of values is 5-16, inclusive. The default value is 8.

When RequestTransportProfile=1, this entry is ignored.

TcpOptMaxWindowSize Maximum size of the TCP sliding window in bytes. The optimization engine adjusts the TCP window on-the-fly as a means of performing network latency-specific flow control. The range of values is 2048-65535, inclusive. A value of zero disables this function. The default value is 0.

When RequestTransportProfile=1, this entry is ignored.

TcpOptRetransmitTTL Length of time in milliseconds to suppress TCP retransmit packets. A value of zero disables TCP retransmit suppression. The default value is 1000.

When RequestTransportProfile=1, this entry is ignored.

TrayUpdateInterval Minimum time in seconds that the client waits between sending eMsg_PacketReceived events or eMsg_PacketTransmitted events. A value less than or equal to 0 disables sending these events. The default value is 2.
UDPIP_Ports2Filter This entry can exist for a connection or for an interface. The interface section is checked first, and if no entry is found, then the connection section is used.

List of UDP ports, separated by spaces, from which to filter packets.

When RequestTransportProfile=1, this entry is ignored.

UseBindPort Specifies whether the SafeLinx Client listens on a specific port number for data sent from the SafeLinx Server. This parameter is used only for UDP connections.
UseHttpProxy This parameter is used to enable or disable proxy authentication on the SafeLinx Client for connection-oriented (HTTP or HTTPS) connections. The default value of 0 disables proxy authentication. If you enter 1 to enable proxy authentication, you must also provide the proxy server address and port number. Use the HttpProxyAddr parameter to specify the address and HttpProxyPort for the port number, as provided by the system administrator.
UseUDPEcho This boolean parameter determines whether the UDP echo function for the SafeLinx Client and SafeLinx Server is used during the logon sequence when connecting over UDP. If UseUDPEcho=1, the UDP echo function uses a test packet to check whether the SafeLinx Client can reach the gateway and what the Maximum Transmission Unit (MTU) should be. If UseUDPEcho=0, then the UDP echo function is not used. This parameter is updated after each logon, based on whether the SafeLinx Server to which the SafeLinx Client is connected supports the function.

For migrated connections, the default value is 0. For new connections, the default value is 0 if only the UDP protocol is enabled or 1 if http, https, or both are selected in addition to the UDP protocol.

Version Version number of the configuration file.