The remote execution of SSH commands is the recommended method to control DPI from another computer. Billing systems typically have the built in support of this control method.
The alternative remote control methods are: remote execution of fdpi_ctrl utility and installation of an additional remote control SW on DPI server, like telnet server and similar. You can use the snmp agent to remotely monitor the operation of CentOS and VEOS.
We advise to authenticate users by public keys to execute command on DPI server remotely by SSH with no need to enter password.
To use this method: on the control server:
ssh-keygen -t rsa
Default values should be selected in the dialogue. Passphrase should be left empty for convenience1)
ssh-copy-id dpi_user@dpi_host or manually: cat ~/.ssh/id_rsa.pub | ssh dpi_user@dpi_host "mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys"
Then we check and fix the rights on file authorized_keys on DPI server:
chmod 700 ~dpi_user/.ssh/ chmod 600 ~dpi_user/.ssh/authorized_keys restorecon -Rv ~dpi_user/.ssh/
Next, we check the operation of the remote execution of fdpi_ctrl from the control server:
ssh dpi_user@dpi_host "fdpi_ctrl load --service 6 --login test"
In case this instruction does not work, try to find some hints in the log file /var/log/secure on DPI server. One can also switch the diagnostic mode on SSH: ssh -v …
To execute fdpi_ctrl utility remotely one has to make the following actions:
ctrl_dev=eth0
-A INPUT -m state --state NEW -m tcp -s 192.168.0.2 -p tcp --dport 2900 -j ACCEPT
fdpi_ctrl load --service 6 --login test -r 192.168.0.1:2900
Please take care to update fdpi_ctrl on the control server on each DPI update.