"Fossies" - the Fresh Open Source Software Archive

Member "vpnc-0.5.3/vpnc.8.template" (19 Nov 2008, 5846 Bytes) of package /linux/privat/old/vpnc-0.5.3.tar.gz:


As a special service "Fossies" has tried to format the requested text file into HTML format (style: standard) with prefixed line numbers. Alternatively you can here view or download the uninterpreted source code file.

    1 .\" Template to generate the vpnc-manpage
    2 .\" $Id: vpnc.8.template 312 2008-06-15 18:09:42Z Joerg Mayer $
    3 .\"
    4 .TH VPNC "8" "Warning: Just a template!" "vpnc man-template" "Warning: Just a template!"
    5 .\" Fake header just to make this file viewable with man.
    6 .\" ###makeman.pl: Replace header here!
    7 .SH NAME
    8 vpnc \- client for Cisco VPN3000 Concentrator, IOS and PIX
    9 .SH SYNOPSIS
   10 .B vpnc
   11 [\fI--version\fR] [\fI--print-config\fR] [\fI--help\fR] [\fI--long-help\fR] [\fIoptions\fR] [\fIconfig files\fR]
   12 .SH "DESCRIPTION"
   13 .PP
   14 This manual page documents briefly the
   15 \fBvpnc\fR and
   16 \fBvpnc\-disconnect\fR commands.
   17 .PP
   18 \fBvpnc\fR is a 
   19 VPN client for the Cisco 3000 VPN  Concentrator,  creating  a IPSec-like
   20 connection as a tunneling network device for the local system. It uses
   21 the TUN/TAP driver in  Linux  kernel  2.4  and  above  and device tun(4)
   22 on BSD. The created connection is presented as a tunneling network
   23 device to the local system.
   24 .PP
   25 OBLIGATORY WARNING: the most used configuration (XAUTH authentication
   26 with pre-shared keys and password authentication) is insecure by design,
   27 be aware of this fact when you use vpnc to exchange sensitive data like
   28 passwords!
   29 .PP
   30 The vpnc daemon by itself does not set any routes, but it calls
   31 \fBvpnc\-script\fR to do this job. \fBvpnc\-script\fR displays
   32 a connect banner. If the concentrator supplies a network list
   33 for split-tunneling these networks are added to the routing table.
   34 Otherwise the default-route will be modified to point to the tunnel.
   35 Further a host route to the concentrator is added in the later case.
   36 If the client host needs DHCP, care must be taken to add another
   37 host route to the DHCP-Server around the tunnel.
   38 .PP
   39 The \fBvpnc\-disconnect\fR command is used to terminate
   40 the connection previously created by \fBvpnc\fR
   41 and restore the previous routing configuration.
   42 
   43 .SH CONFIGURATION
   44 The daemon reads configuration data from the following places:
   45 .PD 0
   46 .IP \(bu
   47 command line options
   48 .IP \(bu
   49 config file(s) specified on the command line
   50 .IP \(bu
   51 /etc/vpnc/default.conf
   52 .IP \(bu
   53 /etc/vpnc.conf
   54 .IP \(bu
   55 prompting the user if not found above
   56 
   57 .PP
   58 
   59 vpnc can parse options and
   60 .B configuration files
   61 in any order. However the first
   62 place to set an option wins.
   63 configuration filenames
   64 which do not contain a /
   65 will be searched at
   66 .B /etc/vpnc/<filename>
   67 and
   68 .B /etc/vpnc/<filename>.conf.
   69 Otherwise
   70 .B <filename>
   71 and
   72 .B <filename>.conf
   73 will be used.
   74 If no configuration file
   75 is specified on the command-line
   76 at all, both
   77 .B /etc/vpnc/default.conf
   78 and
   79 .B /etc/vpnc.conf
   80 will be loaded.
   81 
   82 .SH OPTIONS
   83 The program options can be either given as arguments (but not all of them
   84 for security reasons) or be stored in a configuration file.
   85 .PD 0
   86 .\" ###makeman.pl: Insert options from help-output here!
   87 
   88 .HP 
   89 \fB\-\-print\-config\fR
   90 .IP
   91 Prints your configuration; output can be used as vpnc.conf
   92 
   93 .SH FILES
   94 .I /etc/vpnc.conf
   95 .I /etc/vpnc/default.conf
   96 .RS
   97 The default configuration file. You can specify the same config
   98 directives as with command line options and additionaly
   99 .B IPSec secret
  100 and
  101 .B Xauth password
  102 both supplying a cleartext password. Scrambled passwords from the Cisco
  103 configuration profiles can be used with
  104 .B IPSec obfuscated secret
  105 and
  106 .B Xauth obfuscated password.
  107 
  108 See
  109 .BR EXAMPLES
  110 for further details.
  111 .RE
  112 
  113 .I /etc/vpnc/*.conf
  114 .RS
  115 vpnc will read configuration files in this directory when
  116 the config filename (with or without .conf) is specified on the command line.
  117 .RE
  118 
  119 
  120 .SH EXAMPLES
  121 This is an example vpnc.conf with pre-shared keys:
  122 
  123 .RS
  124 .PD 0
  125 IPSec gateway vpn.example.com
  126 .P
  127 IPSec ID ExampleVpnPSK
  128 .P
  129 IKE Authmode psk
  130 .P
  131 IPSec secret PskS3cret!
  132 .P
  133 Xauth username user@example.com
  134 .P
  135 Xauth password USecr3t
  136 .PD
  137 .RE
  138 
  139 And another one with hybrid authentication (requires that vpnc was
  140 built with openssl support):
  141 
  142 .RS
  143 .PD 0
  144 IPSec gateway vpn.example.com
  145 .P
  146 IPSec ID ExampleVpnHybrid
  147 .P
  148 IKE Authmode hybrid
  149 .P
  150 
  151 .P
  152 CA-Dir /etc/vpnc
  153 .P
  154 \fBor\fR
  155 .P
  156 CA-File /etc/vpnc/vpn-example-com.pem
  157 .P
  158 
  159 .P
  160 IPSec secret HybS3cret?
  161 .P
  162 Xauth username user@example.com
  163 .P
  164 Xauth password 123456
  165 .PD
  166 .RE
  167 
  168 The lines begin with a keyword (no leading spaces!).
  169 The values start exactly one space after the keywords, and run to the end of
  170 line. This lets you put any kind of weird character (except CR, LF and NUL) in
  171 your strings, but it does mean you can't add comments after a string, or spaces
  172 before them.
  173 
  174 In case the the \fBCA-Dir\fR option is used, your certificate needs to be
  175 named something like 722d15bd.X, where X is a manually assigned number to
  176 make sure that files with colliding hashes have different names. The number
  177 can be derived from the certificate file itself:
  178 .P
  179 openssl x509 -subject_hash -noout -in /etc/vpnc/vpn-example-com.pem
  180 
  181 See also the
  182 .B \-\-print\-config
  183 option to generate a config file, and the example file in the package
  184 documentation directory where more advanced usage is demonstrated.
  185 
  186 Advanced features like manual setting of multiple target routes and
  187 disabling /etc/resolv.conf rewriting is documented in the README of the
  188 vpnc package.
  189 
  190 .SH TODO
  191 .PD 0
  192 Certificate support (Pre-Shared-Key + XAUTH is known to be insecure).
  193 .P
  194 Further points can be found in the TODO file.
  195 .PD
  196 
  197 .SH AUTHOR
  198 This man-page has been written by Eduard Bloch <blade(at)debian.org> and
  199 Christian Lackas <delta(at)lackas.net>, based on vpnc README by
  200 Maurice Massar <vpnc(at)unix\-ag.uni\-kl.de>.
  201 Permission is
  202 granted to copy, distribute and/or modify this document under
  203 the terms of the GNU General Public License, Version 2 any 
  204 later version published by the Free Software Foundation.
  205 .PP
  206 On Debian systems, the complete text of the GNU General Public
  207 License can be found in /usr/share/common\-licenses/GPL.
  208 .SH "SEE ALSO"
  209 .BR pcf2vpnc (1),
  210 .BR cisco-decrypt (1),
  211 .BR ip (8),
  212 .BR ifconfig (8),
  213 .BR route (1),
  214 .BR http://www.unix\-ag.uni\-kl.de/~massar/vpnc/