1connection_name.config(5) File Formats Manual connection_name.config(5)
2
3
4
6 connection_name.config - ConnMan vpn connection provisioning file
7
9 /var/lib/connman-vpn/connection-name.config
10
12 ConnMan's vpn connections are configured with so called "provisioning
13 files" which reside under /var/lib/connman-vpn/. The files can be
14 named anything, as long as they contain only printable ascii characers,
15 for example letters, numbers and underscores. The file must end with
16 .config. Each VPN connection requires a provisioning file, but multiple
17 connections can be specified in the same file.
18
20 The configuration file format is key file format. It consists of sec‐
21 tions (groups) of key-value pairs. Lines beginning with a '#' and
22 blank lines are considered comments. Sections are started by a header
23 line containing the section enclosed in '[' and ']', and ended implic‐
24 itly by the start of the next section or the end of the file. Each key-
25 value pair must be contained in a section.
26
27 Description of sections and available keys follows:
28
29 [global]
30 This section is optional, and can be used to describe the actual file.
31 The two allowed fields for this section are:
32
33 Name=name
34 Name of the network.
35
36 Description=description
37 Description of the network.
38
39 [provider_*]
40 Each provisioned connection must start with a [provider_*] tag, with *
41 replaced by an unique name within the file. The following fields are
42 mandatory:
43
44 Type=OpenConnect | OpenVPN | VPNC | L2TP | PPTP
45 Specifies the VPN type.
46
47 Host=IP
48 VPN server IP address.
49
50 Domain=domain
51 Domain name for the VPN service.
52
53 The following field is optional:
54
55 Networks=network/netmask/gateway[,...]
56 Networks behind the VPN. If all traffic should go through the
57 VPN, this field can be left out. The gateway can be left out.
58 For IPv6 addresses, only the prefix length is accepted as the
59 netmask.
60
61 OpenConnect
62 The following keys can be used for openconnect(8) networks:
63
64 OpenConnect.ServerCert=cert
65 SHA1 fingerprint of the VPN server's certificate.
66
67 OpenConnect.CACert=cert
68 File containing additional CA certificates in addition to the
69 system trusted certificate authorities.
70
71 OpenConnect.ClientCert=cert
72 Client certificate, if needed by web authentication.
73
74 OpenConnect.MTU=mtu
75 Request mtu from the server as the MTU of the tunnel.
76
77 OpenConnect.Cookie=cookie
78 The resulting cookie of the authentication process. As the
79 cookie lifetime can be very limited, it does not usually make
80 sense to add it into the configuration file.
81
82 OpenConnect.VPNHost=host
83 The final VPN server to use after completing the web authentica‐
84 tion. Only usable for extremely simple VPN configurations and
85 should normally be set only via the VPN Agent API.
86
87 If OpenConnect.Cookie, OpenConnect.VPNHost or OpenConnect.ServerCert
88 are missing, the VPN Agent will be contacted to supply the information.
89
90 OpenVPN
91 The following keys are mandatory for openvpn(8) networks:
92
93 OpenVPN.CACert=cert
94 Certificate authority file.
95
96 OpenVPN.Cert=cert
97 Local peer's signed certificate.
98
99 OpenVPN.Cert=cert
100 Local peer's signed certificate.
101
102 OpenVPN.Key=key
103 Local peer's private key.
104
105 The following keys are optional for openvpn(8) networks:
106
107 OpenVPN.MTU=mtu
108 MTU of the tunnel.
109
110 OpenVPN.NSCertType=client | server
111 Peer certificate type, either client or server.
112
113 OpenVPN.Protocol=protocol
114 Use protocol.
115
116 OpenVPN.Port=port
117 TCP/UDP port number.
118
119 OpenVPN.AuthUserPass=true | false
120 Authenticate on the server using username/password.
121
122 OpenVPN.AskPass=file
123 Get certificate password from file.
124
125 OpenVPN.AuthNoCache=true | false
126 Don't cache AskPass or AuthUserPass value.
127
128 OpenVPN.TLSRemote=name
129 Accept connections only from a host with X509 name or common
130 name equal to name.
131
132 OpenVPN.TLSAuth=file
133 Use file for HMAC authentication.
134
135 OpenVPN.TLSAuthDir=direction
136 Use direction for HMAC authentication direction.
137
138 OpenVPN.Cipher=cipher
139 Use cipher as the cipher.
140
141 OpenVPN.Auth=true | false
142 Use HMAC authentication.
143
144 OpenVPN.CompLZO=yes | no | adaptive
145 Use fast LZO compression.
146
147 OpenVPN.RemoteCertTls=client | server
148 Require that remote certificate is signed based on RFC3280 TLS
149 rules.
150
151 OpenVPN.ConfigFile=file
152 OpenVPN config file for extra options not supported by the Open‐
153 VPN plugin.
154
155 OpenVPN.DeviceType=tun|tap
156 Whether the VPN should use a tun (OSI layer 3) or tap (OSI layer
157 2) device. Defaults to tun if omitted.
158
159 VPNC
160 The following key is mandatory for vpnc(8) networks:
161
162 VPNC.IPSec.ID=id
163 Group username.
164
165 The following keys are optional for vpnc(8) networks:
166
167 VPNC.IPSec.Secret=secret
168 Group password.
169
170 VPNC.XAuth.Username=username
171 Username.
172
173 VPNC.XAuth.Password=password
174 Password.
175
176 VPNC.IKE.Authmode=mode
177 IKE authentication mode.
178
179 VPNC.IKE.DHGroup=group
180 IKE DH group name.
181
182 VPNC.PFS=group
183 Diffie-Hellman group for perfect forward secrecy.
184
185 VPNC.Domain=domain
186 Domain name for authentication.
187
188 VPNC.Vendor=vendor
189 Vendor of the IPSec gateway.
190
191 VPNC.LocalPort=port
192 Local ISAKMP port number to use.
193
194 VPNC.CiscoPort=port
195 Cisco UDP Encapsulation Port.
196
197 VPNC.AppVersion=version
198 Application version to report.
199
200 VPNC.NATTMode=mode
201 NAT-Traversal Method to use.
202
203 VPNC.DPDTimeout=timeout
204 DPD idle timeout.
205
206 VPNC.SingleDES=true | false
207 Enable single DES encryption.
208
209 VPNC.NoEncryption=true | false
210 Enable usage of no encryption for data traffic.
211
212 VPNC.DeviceType=tun|tap
213 Whether the VPN should use a tun (OSI layer 3) or tap (OSI layer
214 2) device. Defaults to tun if omitted.
215
216 L2TP
217 The following keys are optional for l2tp (xl2tp.conf(5), pppd(8)) net‐
218 works:
219
220 L2TP.User=user
221 L2TP username.
222
223 L2TP.Password=password
224 L2TP password.
225
226 L2TP.BPS=bps
227 Max bandwidth to use.
228
229 L2TP.TXBPS=bps
230 Max transmit bandwidth to use.
231
232 L2TP.RXBPS=bps
233 Max receive bandwidth to use.
234
235 L2TP.LengthBit=yes | no
236 Use length bit.
237
238 L2TP.Challenge=yes | no
239 Use challenge authentication.
240
241 L2TP.DefaultRoute=route
242 Add route to the routing tables.
243
244 L2TP.FlowBit=yes | no
245 Use seq numbers.
246
247 L2TP.TunnelRWS=size
248 Window size.
249
250 L2TP.Exclusive=yes | no
251 Use only one control channel.
252
253 L2TP.Redial=yes | no
254 Redial if disconnected.
255
256 L2TP.RedialTimeout=timeout
257 Redial timeout.
258
259 L2TP.MaxRedials=count
260 Maximum amount of redial tries.
261
262 L2TP.RequirePAP=yes | no
263 Require PAP.
264
265 L2TP.RequireCHAP=yes | no
266 Require CHAP.
267
268 L2TP.ReqAuth=yes | no
269 Require authentication.
270
271 L2TP.AccessControl=yes | no
272 Use access control.
273
274 L2TP.AuthFile=file
275 Authentication file location.
276
277 L2TP.ListenAddr=address
278 Listen address.
279
280 L2TP.IPSecSaref=yes | no
281 Listen address.
282
283 L2TP.Port=port
284 UDP port used.
285
286 PPPD.EchoFailure=count
287 Echo failure count.
288
289 PPPD.EchoFailure=count
290 Dead peer check count.
291
292 PPPD.EchoInterval=interval
293 Dead peer check interval.
294
295 PPPD.Debug=level
296 Debug level.
297
298 PPPD.RefuseEAP=true | false
299 Refuse EAP authentication.
300
301 PPPD.RefusePAP=true | false
302 Refuse PAP authentication.
303
304 PPPD.RefuseCHAP=true | false
305 Refuse CHAP authentication.
306
307 PPPD.RefuseMSCHAP=true | false
308 Refuse MSCHAP authentication.
309
310 PPPD.RefuseMSCHAP2=true | false
311 Refuse MSCHAPv2 authentication.
312
313 PPPD.NoBSDComp=true | false
314 Disable BSD compression.
315
316 PPPD.NoPcomp=true | false
317 Disable protocol compression.
318
319 PPPD.UseAccomp=true | false
320 Disable Access/Control compression.
321
322 PPPD.NoDeflate=true | false
323 Disable deflate compression.
324
325 PPPD.ReqMPPE=true | false
326 Require the use of MPPE.
327
328 PPPD.ReqMPPE40=true | false
329 Require the use of MPPE 40 bit.
330
331 PPPD.ReqMPPE128=true | false
332 Require the use of MPPE 128 bit.
333
334 PPPD.ReqMPPEStateful=true | false
335 Allow MPPE to use stateful mode.
336
337 PPPD.NoVJ=true | false
338 No Van Jacobson compression.
339
340 PPTP
341 The following keys are optional for pptp(8) (see also pppd(8)) net‐
342 works:
343
344 PPTP.User=username
345 Username.
346
347 PPTP.Password=password
348 Password.
349
350 PPPD.EchoFailure=count
351 Echo failure count.
352
353 PPPD.EchoFailure=count
354 Dead peer check count.
355
356 PPPD.EchoInterval=interval
357 Dead peer check interval.
358
359 PPPD.Debug=level
360 Debug level.
361
362 PPPD.RefuseEAP=true | false
363 Refuse EAP authentication.
364
365 PPPD.RefusePAP=true | false
366 Refuse PAP authentication.
367
368 PPPD.RefuseCHAP=true | false
369 Refuse CHAP authentication.
370
371 PPPD.RefuseMSCHAP=true | false
372 Refuse MSCHAP authentication.
373
374 PPPD.RefuseMSCHAP2=true | false
375 Refuse MSCHAPv2 authentication.
376
377 PPPD.NoBSDComp=true | false
378 Disable BSD compression.
379
380 PPPD.NoPcomp=true | false
381 Disable protocol compression.
382
383 PPPD.UseAccomp=true | false
384 Disable Access/Control compression.
385
386 PPPD.NoDeflate=true | false
387 Disable deflate compression.
388
389 PPPD.ReqMPPE=true | false
390 Require the use of MPPE.
391
392 PPPD.ReqMPPE40=true | false
393 Require the use of MPPE 40 bit.
394
395 PPPD.ReqMPPE128=true | false
396 Require the use of MPPE 128 bit.
397
398 PPPD.ReqMPPEStateful=true | false
399 Allow MPPE to use stateful mode.
400
401 PPPD.NoVJ=true | false
402 No Van Jacobson compression.
403
404
406 This is a configuration file for a VPN providing L2TP, OpenVPN and
407 OpenConnect services. It could, for example, be in the file
408 /var/lib/connman-vpn/example.config.
409
410 [global]
411 Name = Example
412 Description = Example VPN configuration
413
414 [provider_l2tp]
415 Type = L2TP
416 Name = Connection to corporate network
417 Host = 1.2.3.4
418 Domain = corporate.com
419 Networks = 10.10.30.0/24
420 L2TP.User = username
421
422 [provider_openconnect]
423 Type = OpenConnect
424 Name = Connection to corporate network using Cisco VPN
425 Host = 7.6.5.4
426 Domain = corporate.com
427 Networks = 10.10.20.0/255.255.255.0/10.20.1.5,192.168.99.1/24,2001:db8::1/64
428 OpenConnect.ServerCert = 263AFAB4CB2E6621D12E90182008AEF44AEFA031
429 OpenConnect.CACert = /etc/certs/certificate.p12
430
431 [provider_openvpn]
432 Type = OpenVPN
433 Name = Connection to corporate network using OpenVPN
434 Host = 3.2.5.6
435 Domain = my.home.network
436 OpenVPN.CACert = /etc/certs/cacert.pem
437 OpenVPN.Cert = /etc/certs/cert.pem
438 OpenVPN.Key = /etc/certs/cert.key
439
441 connmanctl(1), connman(8), connman-vpn(8)
442
443
444
445 2015-10-15 connection_name.config(5)