1 Usage: vpnc [--version] [--print-config] [--help] [--long-help] [options] [config files]
4 --gateway <ip/hostname>
5 IP/name of your IPSec gateway
6 conf-variable: IPSec gateway <ip/hostname>
10 conf-variable: IPSec ID <ASCII string>
12 (configfile only option)
13 your group password (cleartext)
14 conf-variable: IPSec secret <ASCII string>
16 (configfile only option)
17 your group password (obfuscated)
18 conf-variable: IPSec obfuscated secret <hex string>
20 --username <ASCII string>
22 conf-variable: Xauth username <ASCII string>
24 (configfile only option)
25 your password (cleartext)
26 conf-variable: Xauth password <ASCII string>
28 (configfile only option)
29 your password (obfuscated)
30 conf-variable: Xauth obfuscated password <hex string>
32 --domain <ASCII string>
33 (NT-) Domain name for authentication
34 conf-variable: Domain <ASCII string>
37 enable interactive extended authentication (for challenge response auth)
38 conf-variable: Xauth interactive
40 --vendor <cisco/netscreen>
41 vendor of your IPSec gateway
43 conf-variable: Vendor <cisco/netscreen>
45 --natt-mode <natt/none/force-natt/cisco-udp>
46 Which NAT-Traversal Method to use:
47 * natt -- NAT-T as defined in RFC3947
48 * none -- disable use of any NAT-T method
49 * force-natt -- always use NAT-T encapsulation even
50 without presence of a NAT device
51 (useful if the OS captures all ESP traffic)
52 * cisco-udp -- Cisco proprietary UDP encapsulation, commonly over Port 10000
53 Note: cisco-tcp encapsulation is not yet supported
55 conf-variable: NAT Traversal Mode <natt/none/force-natt/cisco-udp>
58 command is executed using system() to configure the interface,
59 routing and so on. Device name, IP, etc. are passed using enviroment
60 variables, see README. This script is executed right after ISAKMP is
61 done, but before tunneling is enabled. It is called when vpnc
63 Default: /etc/vpnc/vpnc-script
64 conf-variable: Script <command>
67 name of the IKE DH Group
69 conf-variable: IKE DH Group <dh1/dh2/dh5>
71 --pfs <nopfs/dh1/dh2/dh5/server>
72 Diffie-Hellman group to use for PFS
74 conf-variable: Perfect Forward Secrecy <nopfs/dh1/dh2/dh5/server>
77 enables weak single DES encryption
78 conf-variable: Enable Single DES
80 --enable-no-encryption
81 enables using no encryption for data traffic (key exchanged must be encrypted)
82 conf-variable: Enable no encryption
84 --application-version <ASCII string>
85 Application Version to report. Note: Default string is generated at runtime.
86 Default: Cisco Systems VPN Client 0.5.1:Linux
87 conf-variable: Application version <ASCII string>
89 --ifname <ASCII string>
90 visible name of the TUN/TAP interface
91 conf-variable: Interface name <ASCII string>
94 mode of TUN/TAP interface:
95 * tun: virtual point to point interface (default)
96 * tap: virtual ethernet interface
98 conf-variable: Interface mode <tun/tap>
101 Show verbose debug messages
102 * 0: Do not print debug information.
103 * 1: Print minimal debug information.
104 * 2: Show statemachine and packet/payload type information.
105 * 3: Dump everything exluding authentication data.
106 * 99: Dump everything including authentication data (e.g. passwords).
107 conf-variable: Debug <0/1/2/3/99>
110 Don't detach from the console after login
111 conf-variable: No Detach
113 --pid-file <filename>
114 store the pid of background process in <filename>
115 Default: /var/run/vpnc/pid
116 conf-variable: Pidfile <filename>
118 --local-addr <ip/hostname>
119 local IP to use for ISAKMP / ESP / ... (0.0.0.0 == automatically assign)
121 conf-variable: Local Addr <ip/hostname>
123 --local-port <0-65535>
124 local ISAKMP port number to use (0 == use random port)
126 conf-variable: Local Port <0-65535>
129 Local UDP port number to use (0 == use random port).
130 This is only relevant if cisco-udp nat-traversal is used.
131 This is the _local_ port, the remote udp port is discovered automatically.
132 It is especially not the cisco-tcp port.
134 conf-variable: Cisco UDP Encapsulation Port <0-65535>
136 --dpd-idle <0,10-86400>
137 Send DPD packet after not receiving anything for <idle> seconds.
138 Use 0 to disable DPD completely (both ways).
140 conf-variable: DPD idle timeout (our side) <0,10-86400>
143 Don't ask anything, exit on missing options
144 conf-variable: Noninteractive
146 --auth-mode <psk/cert/hybrid>
148 * psk: pre-shared key (default)
149 * cert: server + client certificate (not implemented yet)
150 * hybrid: server certificate + xauth (if built with openssl support)
152 conf-variable: IKE Authmode <psk/cert/hybrid>
155 filename and path to the CA-PEM-File
156 conf-variable: CA-File <filename>
159 path of the trusted CA-Directory
160 Default: /etc/ssl/certs
161 conf-variable: CA-Dir <directory>
164 DEPRECATED extension, see README.Debian for details
166 conf-variable: DNSUpdate
169 DEPRECATED extension, see README.Debian for details
171 conf-variable: Target Networks
173 Report bugs to vpnc@unix-ag.uni-kl.de