Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / openbmc / b48b7b4109868a8c0ddda090992e936e821c7ea6 / . / import-layers / meta-openembedded / meta-networking / recipes-connectivity / vpnc / vpnc / long-help
blob: fbec2541441005778d889f7e83586b5c80657ea2 [file] [log] [blame]
Patrick Williamsb48b7b42016-08-17 15:04:38 -0500[diff] [blame^]1Usage: vpnc [--version] [--print-config] [--help] [--long-help] [options] [config files]
2
3Options:
4 --gateway <ip/hostname>
5 IP/name of your IPSec gateway
6 conf-variable: IPSec gateway <ip/hostname>
7
8 --id <ASCII string>
9 your group name
10 conf-variable: IPSec ID <ASCII string>
11
12 (configfile only option)
13 your group password (cleartext)
14 conf-variable: IPSec secret <ASCII string>
15
16 (configfile only option)
17 your group password (obfuscated)
18 conf-variable: IPSec obfuscated secret <hex string>
19
20 --username <ASCII string>
21 your username
22 conf-variable: Xauth username <ASCII string>
23
24 (configfile only option)
25 your password (cleartext)
26 conf-variable: Xauth password <ASCII string>
27
28 (configfile only option)
29 your password (obfuscated)
30 conf-variable: Xauth obfuscated password <hex string>
31
32 --domain <ASCII string>
33 (NT-) Domain name for authentication
34 conf-variable: Domain <ASCII string>
35
36 --xauth-inter
37 enable interactive extended authentication (for challenge response auth)
38 conf-variable: Xauth interactive
39
40 --vendor <cisco/netscreen>
41 vendor of your IPSec gateway
42 Default: cisco
43 conf-variable: Vendor <cisco/netscreen>
44
45 --natt-mode <natt/none/force-natt/cisco-udp>
46 Which NAT-Traversal Method to use:
47 * natt -- NAT-T as defined in RFC3947
48 * none -- disable use of any NAT-T method
49 * force-natt -- always use NAT-T encapsulation even
50 without presence of a NAT device
51 (useful if the OS captures all ESP traffic)
52 * cisco-udp -- Cisco proprietary UDP encapsulation, commonly over Port 10000
53 Note: cisco-tcp encapsulation is not yet supported
54 Default: natt
55 conf-variable: NAT Traversal Mode <natt/none/force-natt/cisco-udp>
56
57 --script <command>
58 command is executed using system() to configure the interface,
59 routing and so on. Device name, IP, etc. are passed using enviroment
60 variables, see README. This script is executed right after ISAKMP is
61 done, but before tunneling is enabled. It is called when vpnc
62 terminates, too
63 Default: /etc/vpnc/vpnc-script
64 conf-variable: Script <command>
65
66 --dh <dh1/dh2/dh5>
67 name of the IKE DH Group
68 Default: dh2
69 conf-variable: IKE DH Group <dh1/dh2/dh5>
70
71 --pfs <nopfs/dh1/dh2/dh5/server>
72 Diffie-Hellman group to use for PFS
73 Default: server
74 conf-variable: Perfect Forward Secrecy <nopfs/dh1/dh2/dh5/server>
75
76 --enable-1des
77 enables weak single DES encryption
78 conf-variable: Enable Single DES
79
80 --enable-no-encryption
81 enables using no encryption for data traffic (key exchanged must be encrypted)
82 conf-variable: Enable no encryption
83
84 --application-version <ASCII string>
85 Application Version to report. Note: Default string is generated at runtime.
86 Default: Cisco Systems VPN Client 0.5.3-394:Linux
87 conf-variable: Application version <ASCII string>
88
89 --ifname <ASCII string>
90 visible name of the TUN/TAP interface
91 conf-variable: Interface name <ASCII string>
92
93 --ifmode <tun/tap>
94 mode of TUN/TAP interface:
95 * tun: virtual point to point interface (default)
96 * tap: virtual ethernet interface
97 Default: tun
98 conf-variable: Interface mode <tun/tap>
99
100 --debug <0/1/2/3/99>
101 Show verbose debug messages
102 * 0: Do not print debug information.
103 * 1: Print minimal debug information.
104 * 2: Show statemachine and packet/payload type information.
105 * 3: Dump everything exluding authentication data.
106 * 99: Dump everything INCLUDING AUTHENTICATION data (e.g. PASSWORDS).
107 conf-variable: Debug <0/1/2/3/99>
108
109 --no-detach
110 Don't detach from the console after login
111 conf-variable: No Detach
112
113 --pid-file <filename>
114 store the pid of background process in <filename>
115 Default: /var/run/vpnc/pid
116 conf-variable: Pidfile <filename>
117
118 --local-addr <ip/hostname>
119 local IP to use for ISAKMP / ESP / ... (0.0.0.0 == automatically assign)
120 Default: 0.0.0.0
121 conf-variable: Local Addr <ip/hostname>
122
123 --local-port <0-65535>
124 local ISAKMP port number to use (0 == use random port)
125 Default: 500
126 conf-variable: Local Port <0-65535>
127
128 --udp-port <0-65535>
129 Local UDP port number to use (0 == use random port).
130 This is only relevant if cisco-udp nat-traversal is used.
131 This is the _local_ port, the remote udp port is discovered automatically.
132 It is especially not the cisco-tcp port.
133 Default: 10000
134 conf-variable: Cisco UDP Encapsulation Port <0-65535>
135
136 --dpd-idle <0,10-86400>
137 Send DPD packet after not receiving anything for <idle> seconds.
138 Use 0 to disable DPD completely (both ways).
139 Default: 300
140 conf-variable: DPD idle timeout (our side) <0,10-86400>
141
142 --non-inter
143 Don't ask anything, exit on missing options
144 conf-variable: Noninteractive
145
146 --auth-mode <psk/cert/hybrid>
147 Authentication mode:
148 * psk: pre-shared key (default)
149 * cert: server + client certificate (not implemented yet)
150 * hybrid: server certificate + xauth (if built with openssl support)
151 Default: psk
152 conf-variable: IKE Authmode <psk/cert/hybrid>
153
154 --ca-file <filename>
155 filename and path to the CA-PEM-File
156 conf-variable: CA-File <filename>
157
158 --ca-dir <directory>
159 path of the trusted CA-Directory
160 Default: /etc/ssl/certs
161 conf-variable: CA-Dir <directory>
162
163 --target-network <target network/netmask>
164 Target network in dotted decimal or CIDR notation
165 Default: 0.0.0.0/0.0.0.0
166 conf-variable: IPSEC target network <target network/netmask>
167
168Report bugs to vpnc@unix-ag.uni-kl.de