Field

Description

Active

Tick the box to activate the service.

Source

Shows the listening IP address and port.

Source Cert

Shows whether the connection to the tunnel should be SSL encrypted and whether a certificate should be used.

Destination

Shows the destination of the tunnel.

Dest Cert

Shows whether the connection to the destination should be SSL encrypted and whether a certificate should be used.

Description

A free-form field where you can describe this tunnel.

Active

Shows whether this tunnel is currently usable.

Add

Click the button to define a new tunnel. The SSL Tunnel dialog opens.

Edit

Select a tunnel and click the button to edit this tunnel. The SSL Tunnel dialog opens.

Delete

Select a tunnel and click the button to remove this tunnel.

Edit File

Opens a plain text editor showing the tunnel definitions file content.

Syntax and examples are given in the file.

Field

Description

Active

Tick the box to have this tunnel active.

Source

Where IceWarp Server will listen.

Syntax:

[IP]:port

IP - optional, the listening IP address.

:port - mandatory, the listening port

Examples:

:5001;SSL

Listens on all interfaces on port 5001 as an SSL server

127.0.0.1:5001

Listens on IP 127.0.0.1 port 5001

Source Certificate

Use this field to specify whether the connection to the tunnel should be SSL encrypted and whether a certificate should be used.

• Leave Blank to define this connection as an un-encrypted TCP/IP tunnel.
• Enter SSL to have this connection encrypted without checking a certificate.
• Enter a path to a certificate to have this connection encrypted and the specified certificate used for verification. A full path or relative to the certificate file can be used and you can use IceWarp Server's main certificate file by just typing "cert.pem".

Destination

Where IceWarp Server will send received data.

Syntax:

[IP]:port

IP - optional, the IP address

:port - mandatory, the port

Examples:

gate.icewarpdemo.com:80

Sends data to gate.icewarpdemo.com port 80

194.213.224.2:25

sends data to 194.213.224.2 port 25

Destination Certificate

Use this field to specify whether the connection to the tunnel destination should be SSL encrypted and whether a certificate should be used.

• Leave Blank to define this connection as an un-encrypted TCP/IP tunnel.
• Enter SSL to have this connection encrypted without checking a certificate.
• Enter a path to a certificate to have this connection encrypted and the specified certificate used for verification. A full path or relative to the certificate file can be used and you can use IceWarp Server's main certificate file by just typing "cert.pem".

Description

Enter a free-form text description so you can easily identify this tunnel.

Rules

Here you can specify rules as to which IP addresses are allowed to establish incoming connections.

Syntax:

[Rights]:[IP Range];[Rights]:[IP Range]

Rights - 1 to allow, 0 to deny

IP Range - IP address or mask

Examples:

1:192.*.*.*;0:*.*.*.*

Allows connections only from 192.*.*.*

0:192.068.6.*

Deny connections from 192.068.6.*

NOTE: Using of these rules is not recommended. We recommend to use certificates to control access.

Require and verify Peer Certificate

Check this box to force all connections for this tunnel to have a peer certificate.

Any connection that does not supply a certificate will be dropped.

Any connection that connects with SSL but has no certificate will be dropped.

If a certificate is supplied then it will be checked against the CA file specified in the next field. If no CA file is specified then the file defined in Certificates - CA will be used for verification.

CA file (optional)

You can enter a path to a specific certificate file here if you need to.

This can be useful if you want to use a highly secure certificate for certain protocols or tunnels.