A support connection is a point to point IP tunnel that is initiated from the AMP to Aruba's support server. Although this tunnel itself is not encrypted, only encrypted protocols such as SSH and SSL are allowed through the tunnel.
By default, port 23 TCP is used. To accommodate security policies based on port/protocol, the support connection is configurable to be any one of the following TCP ports: 22, 23, 80, 443,2080(default) or 5000. The destination host for this communication is support-connection.airwave.com.
To configure another port, just change the PORT setting on line 6 of /var/airwave/support/make_conf.sh. For example, change
PORT=23
to
PORT=443
or whichever port we would want to use.
This port will be used to allow remote access to the server, however, we must also make sure that the port used in "get_support_config" is also allowed in the firewall.
we can run the below commands to verify the port.
# cd /var/airwave/support
# cat get_support_config | grep http
The output will be
# cat get_support_config | grep http
'http://support-connection.airwave.com:2080/connection';
This means that port 2080 will be used to get the configuration profile and then the port defined in var/airwave/support/make_conf.sh file will be used for remote access of the server.
If we are not comfortable with using port 2080 we can change this in /var/airwave/support/get_support_config file.
Then do this from the command line:
# service support_connection restart
Example content of make_conf.sh:
[root@snowwhite support]# cat make_conf.sh
#!/bin/sh
PROFILENAME=$1
PASSWORD=$2
TUNADDRESS=$3
PORT=23
cat << EOF > /var/airwave/support/vtun.conf
options {
port $PORT; # Listen on this port.
# Syslog facility
syslog daemon;
# Path to various programs
ppp /usr/sbin/pppd;
ifconfig /sbin/ifconfig;
route /sbin/route;
firewall /sbin/ipchains;
ip /sbin/ip;
}
$PROFILENAME {
type tun;
proto tcp;
keepalive 10:6;
compress no;
encrypt no;
password $PASSWORD;
up {
ifconfig "%% $TUNADDRESS netmask 255.255.255.252 mtu 1450";
};
}
EOF
Once the tunnel is established, Aruba TAC and Engineering resources with the proper credentials are provided with SSH and SSL access to the AMP for advanced troubleshooting and information gathering procedures.
A support connection is typically used when a standard desktop-sharing based support session is unfeasible due to the limitations in speed, latency and interactivity.
To start a support connection:
AirWave support will create a profile for you to connect to the Support Connection Server. You will be able to download the config for that profile like this:
# get_support_config <Name_of_Profile>
Once the unique config file has been downloaded you can start, stop, or check the status of the Support Connection with these commands:
# service support_connection restart
# service support_connection stop
# service support_connection status
Unless it's stopped with the stop command, it will remain open for 4 days. Note that to start a connection, the restart command is given. This does not imply that the support connection is always active. By using the restart commnand, if an existing support connection happens to be active, the script will close that one off before starting a new one and prevents duplicate connections from being opened.