About HOB About HOB HOB Offices Contact Us News Press Center Events Software Solutions Products Downloads Online Tests WebShop Service and Support Contact Service and Support HOB License Agreement HOB Partners Qualified HOBLink Distributors Qualified HOBLink Resellers HOB Technology Partners OEM Partners Satisfied Customers Search Website Overview Search the HOB Website International Worldwide USA/Canada Netherlands France Japan

HOB SSL Gateway IBIPGW08

Overview

If HOBLink Secure is to collaborate with applications that do not support SSL encryption, the IBIPGW08 gateway must be used.

The IBIPGW08 gateway uses SSL encryption at one end (the client side) and converts to unencrypted format at the other end (the server side). The IBIPGW08 gateway can be used only on the server side.

Prerequisites

The IBIPGW08 gateway runs under 32-bit Windows.

Usage

IBIPGW08 reads its configuration parameters from an .ini-file. The .ini-file can be edited with any usual ASCII-editor. Please obey the rules for Windows .ini-files.

When IBIPGW08 is started, the first parameter specifies the name of the .ini-file. Please note that Windows will not search the file in the path currently active. To start IBIPGW08 with an ini file in the current directory, use ./ to specify the current directory, or use the complete path name.

Example:

IBIPGW08 xyz.ini

The ini file can contain several sections whose name starts with SSLGATE and specify the parameters of the connections to the clients and to the servers.

Each section can contain the following parameters:

FUNCTION	RDP/ICA/WTSGATE Special built-in function for usage on Windows Terminal Servers. When the IBIPGW08 gateway is used on a Windows Terminal Server, the FUNCTION parameter can be used. If the RDP or ICA value is used, the GATEPORT, SERVERINETA and SERVERPORT parameters cannot be specified.
GATEPORT	Port of the gateway.
SERVERINETA	IP address of the server to be connected.
SERVERPORT	Port of the server to be connected.
RECLENCLIENT1	Receive length from client 1. This value contains the buffer size that is used when the IBIPGW08 gateway receives from the port. When the buffer length is not sufficient for the amount of data that is received, the value of RECLENCLIENT2 will be used. If this mechanism is not to be used, you can use the same value for both parameters . Details about buffers
RECLENCLIENT2	Receive length from client 2 (see RECLENCLIENT1).
RECLENSERVER1	Receive length from server 1 (see RECLENCLIENT1).
RECLENSERVER2	Receive length from server 2 (see RECLENCLIENT1).
GATE_IN_INETA	IP address for input to gateway that comes from the client side (for use on multihomed systems, i.e. on systems that have several IP addresses). This parameter is optional.
GATE_OUT_INETA	IP address for output from gateway that is sent on the server side (for use on multihomed systems, i.e. on systems that have several IP addresses). This parameter is optional.
WTSINETAnnn	URL (IP address and port) of Load Balancing function
WTS_BR_PORT	Port for broadcast Load Balancing function
WTS_CHECK_NAME	YES/NO, optional, check name SSL/WTS
TIMEOUT	Timeout (value 0 up to nnn seconds of inactivity). Note: As IP is a connectionless protocol a timeout should be set. We recommend a timeout from one hour to one day. If the value 0 is used, the connection will not be watched.
CONFIG-FILE	Name of SSL configuration file.
CERTDB-FILE	Name of SSL certificate database file.
PASSWORD-FILE	Name of SSL password file (password encrypted)

Example1:

The first example shows the usage as gateway with SSL and without the Load Balancing function.

[SSLGATE001]
GATEPORT=4029
SERVERINETA=hob6000.hob.de
SERVERPORT=23
TIMEOUT=900
CONFIG-FILE=d:\akbi21\tempTCPT\Sslsettings_hobrd\hserver.cfg
CERTDB-FILE=d:\akbi21\tempTCPT\Sslsettings_hobrd\hserver.cdb
PASSWORD-FILE=d:\akbi21\tempTCPT\Sslsettings_hobrd\hserver.pwd

Example2:

The second example shows the usage as gateway with SSL and the Load Balancing function - server list. The servers may be entered as names or numerically.

[SSLGATE001]
FUNCTION=WTSGATE
GATEPORT=4029
WTSINETA001=01BZ01T.hob.de:4300
WTSINETA002=02BZ01T.hob.de:4300
TIMEOUT=900
CONFIG-FILE=d:\akbi21\tempTCPT\Sslsettings_hobrd\hserver.cfg
CERTDB-FILE=d:\akbi21\tempTCPT\Sslsettings_hobrd\hserver.cdb
PASSWORD-FILE=d:\akbi21\tempTCPT\Sslsettings_hobrd\hserver.pwd

Example3:

This example shows the usage as gateway with SSL and the Load Balancing function - broadcast.

[SSLGATE001]
FUNCTION=WTSGATE
GATEPORT=4029
WTS_BR_PORT=4300
TIMEOUT=900
CONFIG-FILE=d:\akbi21\tempTCPT\Sslsettings_hobrd\hserver.cfg
CERTDB-FILE=d:\akbi21\tempTCPT\Sslsettings_hobrd\hserver.cdb
PASSWORD-FILE=d:\akbi21\tempTCPT\Sslsettings_hobrd\hserver.pwd

Example4:

[SSLGATE001]
FUNCTION=RDP
GATE_IN_INETA=hobz01f.hob.de
TIMEOUT=900
CONFIG-FILE=d:\akbi21\tempTCPT\Sslsettings_hobrd\hserver.cfg
CERTDB-FILE=d:\akbi21\tempTCPT\Sslsettings_hobrd\hserver.cdb
PASSWORD-FILE=d:\akbi21\tempTCPT\Sslsettings_hobrd\hserver.pwd

Example5:

[SSLGATE001]
FUNCTION=WTSGATE
GATEPORT=4029
WTSINETA001=01BZ01T.hob.de:4300
WTSINETA002=02BZ01T.hob.de:4300
WTS_CHECK_NAME=YES
TIMEOUT=900
CONFIG-FILE=d:\akbi21\tempTCPT\Sslsettings_hobrd\hserver.cfg
CERTDB-FILE=d:\akbi21\tempTCPT\Sslsettings_hobrd\hserver.cdb
PASSWORD-FILE=d:\akbi21\tempTCPT\Sslsettings_hobrd\hserver.pwd

Example6:

This example shows the usage as a "mixed" gateway with both functions (including and without load balancing).

[SSLGATE001]
FUNCTION=WTSGATE
GATEPORT=4029
WTSINETA001=127.22.0.11:4300
WTSINETA002=127.22.0.11:4300
TIMEOUT=900
CONFIG-FILE=d:\akbi21\tempTCPT\Sslsettings_hobrd\hserver.cfg
CERTDB-FILE=d:\akbi21\tempTCPT\Sslsettings_hobrd\hserver.cdb
PASSWORD-FILE=d:\akbi21\tempTCPT\Sslsettings_hobrd\hserver.pwd
[SSLGATE002]
GATEPORT=4097
SERVERINETA=hob6000.hob.de
SERVERPORT=23
GATE_IN_INETA=hobz01g.hob.de
TIMEOUT=900
CONFIG-FILE=d:\akbi21\tempTCPT\Sslsettings_hobrd\hserver.cfg
CERTDB-FILE=d:\akbi21\tempTCPT\Sslsettings_hobrd\hserver.cdb
PASSWORD-FILE=d:\akbi21\tempTCPT\Sslsettings_hobrd\hserver.pwd

webmaster@hobsoft.com, Last Updated: 03. Jul 07

Imprint