1connection_name.config(5)     File Formats Manual    connection_name.config(5)
2
3
4

NAME

6       connection_name.config - ConnMan vpn connection provisioning file
7

SYNOPSIS

9       /var/lib/connman-vpn/connection-name.config
10

DESCRIPTION

12       ConnMan's  vpn  connections are configured with so called "provisioning
13       files" which reside under  /var/lib/connman-vpn/.   The  files  can  be
14       named anything, as long as they contain only printable ascii characers,
15       for example letters, numbers and underscores. The file  must  end  with
16       .config. Each VPN connection requires a provisioning file, but multiple
17       connections can be specified in the same file.
18

FILE FORMAT

20       The configuration file format is key file format.  It consists of  sec‐
21       tions  (groups)  of  key-value  pairs.   Lines beginning with a '#' and
22       blank lines are considered comments.  Sections are started by a  header
23       line  containing the section enclosed in '[' and ']', and ended implic‐
24       itly by the start of the next section or the end of the file. Each key-
25       value pair must be contained in a section.
26
27       Description of sections and available keys follows:
28
29   [global]
30       This  section is optional, and can be used to describe the actual file.
31       The two allowed fields for this section are:
32
33       Name=name
34              Name of the network.
35
36       Description=description
37              Description of the network.
38
39   [provider_*]
40       Each provisioned connection must start with a [provider_*] tag, with  *
41       replaced  by  an unique name within the file.  The following fields are
42       mandatory:
43
44       Type=OpenConnect | OpenVPN | VPNC | L2TP | PPTP
45              Specifies the VPN type.
46
47       Host=IP
48              VPN server IP address.
49
50       Domain=domain
51              Domain name for the VPN service.
52
53       The following field is optional:
54
55       Networks=network/netmask/gateway[,...]
56              Networks behind the VPN. If all traffic should  go  through  the
57              VPN,  this  field  can be left out. The gateway can be left out.
58              For IPv6 addresses, only the prefix length is  accepted  as  the
59              netmask.
60
61   OpenConnect
62       The following keys can be used for openconnect(8) networks:
63
64       OpenConnect.ServerCert=cert
65              SHA1 fingerprint of the VPN server's certificate.
66
67       OpenConnect.CACert=cert
68              File  containing  additional  CA certificates in addition to the
69              system trusted certificate authorities.
70
71       OpenConnect.ClientCert=cert
72              Client certificate, if needed by web authentication.
73
74       OpenConnect.MTU=mtu
75              Request mtu from the server as the MTU of the tunnel.
76
77       OpenConnect.Cookie=cookie
78              The resulting cookie  of  the  authentication  process.  As  the
79              cookie  lifetime  can  be very limited, it does not usually make
80              sense to add it into the configuration file.
81
82       OpenConnect.VPNHost=host
83              The final VPN server to use after completing the web authentica‐
84              tion.  Only  usable  for extremely simple VPN configurations and
85              should normally be set only via the VPN Agent API.
86
87       If OpenConnect.Cookie,  OpenConnect.VPNHost  or  OpenConnect.ServerCert
88       are missing, the VPN Agent will be contacted to supply the information.
89
90   OpenVPN
91       The following keys are mandatory for openvpn(8) networks:
92
93       OpenVPN.CACert=cert
94              Certificate authority file.
95
96       OpenVPN.Cert=cert
97              Local peer's signed certificate.
98
99       OpenVPN.Cert=cert
100              Local peer's signed certificate.
101
102       OpenVPN.Key=key
103              Local peer's private key.
104
105       The following keys are optional for openvpn(8) networks:
106
107       OpenVPN.MTU=mtu
108              MTU of the tunnel.
109
110       OpenVPN.NSCertType=client | server
111              Peer certificate type, either client or server.
112
113       OpenVPN.Protocol=protocol
114              Use protocol.
115
116       OpenVPN.Port=port
117              TCP/UDP port number.
118
119       OpenVPN.AuthUserPass=true | false
120              Authenticate on the server using username/password.
121
122       OpenVPN.AskPass=file
123              Get certificate password from file.
124
125       OpenVPN.AuthNoCache=true | false
126              Don't cache AskPass or AuthUserPass value.
127
128       OpenVPN.TLSRemote=name
129              Accept  connections  only  from  a host with X509 name or common
130              name equal to name.
131
132       OpenVPN.TLSAuth=file
133              Use file for HMAC authentication.
134
135       OpenVPN.TLSAuthDir=direction
136              Use direction for HMAC authentication direction.
137
138       OpenVPN.Cipher=cipher
139              Use cipher as the cipher.
140
141       OpenVPN.Auth=true | false
142              Use HMAC authentication.
143
144       OpenVPN.CompLZO=yes | no | adaptive
145              Use fast LZO compression.
146
147       OpenVPN.RemoteCertTls=client | server
148              Require that remote certificate is signed based on  RFC3280  TLS
149              rules.
150
151       OpenVPN.ConfigFile=file
152              OpenVPN config file for extra options not supported by the Open‐
153              VPN plugin.
154
155       OpenVPN.DeviceType=tun|tap
156              Whether the VPN should use a tun (OSI layer 3) or tap (OSI layer
157              2) device.  Defaults to tun if omitted.
158
159   VPNC
160       The following key is mandatory for vpnc(8) networks:
161
162       VPNC.IPSec.ID=id
163              Group username.
164
165       The following keys are optional for vpnc(8) networks:
166
167       VPNC.IPSec.Secret=secret
168              Group password.
169
170       VPNC.XAuth.Username=username
171              Username.
172
173       VPNC.XAuth.Password=password
174              Password.
175
176       VPNC.IKE.Authmode=mode
177              IKE authentication mode.
178
179       VPNC.IKE.DHGroup=group
180              IKE DH group name.
181
182       VPNC.PFS=group
183              Diffie-Hellman group for perfect forward secrecy.
184
185       VPNC.Domain=domain
186              Domain name for authentication.
187
188       VPNC.Vendor=vendor
189              Vendor of the IPSec gateway.
190
191       VPNC.LocalPort=port
192              Local ISAKMP port number to use.
193
194       VPNC.CiscoPort=port
195              Cisco UDP Encapsulation Port.
196
197       VPNC.AppVersion=version
198              Application version to report.
199
200       VPNC.NATTMode=mode
201              NAT-Traversal Method to use.
202
203       VPNC.DPDTimeout=timeout
204              DPD idle timeout.
205
206       VPNC.SingleDES=true | false
207              Enable single DES encryption.
208
209       VPNC.NoEncryption=true | false
210              Enable usage of no encryption for data traffic.
211
212       VPNC.DeviceType=tun|tap
213              Whether the VPN should use a tun (OSI layer 3) or tap (OSI layer
214              2) device.  Defaults to tun if omitted.
215
216   L2TP
217       The following keys are optional for l2tp (xl2tp.conf(5), pppd(8))  net‐
218       works:
219
220       L2TP.User=user
221              L2TP username.
222
223       L2TP.Password=password
224              L2TP password.
225
226       L2TP.BPS=bps
227              Max bandwidth to use.
228
229       L2TP.TXBPS=bps
230              Max transmit bandwidth to use.
231
232       L2TP.RXBPS=bps
233              Max receive bandwidth to use.
234
235       L2TP.LengthBit=yes | no
236              Use length bit.
237
238       L2TP.Challenge=yes | no
239              Use challenge authentication.
240
241       L2TP.DefaultRoute=route
242              Add route to the routing tables.
243
244       L2TP.FlowBit=yes | no
245              Use seq numbers.
246
247       L2TP.TunnelRWS=size
248              Window size.
249
250       L2TP.Exclusive=yes | no
251              Use only one control channel.
252
253       L2TP.Redial=yes | no
254              Redial if disconnected.
255
256       L2TP.RedialTimeout=timeout
257              Redial timeout.
258
259       L2TP.MaxRedials=count
260              Maximum amount of redial tries.
261
262       L2TP.RequirePAP=yes | no
263              Require PAP.
264
265       L2TP.RequireCHAP=yes | no
266              Require CHAP.
267
268       L2TP.ReqAuth=yes | no
269              Require authentication.
270
271       L2TP.AccessControl=yes | no
272              Use access control.
273
274       L2TP.AuthFile=file
275              Authentication file location.
276
277       L2TP.ListenAddr=address
278              Listen address.
279
280       L2TP.IPSecSaref=yes | no
281              Listen address.
282
283       L2TP.Port=port
284              UDP port used.
285
286       PPPD.EchoFailure=count
287              Echo failure count.
288
289       PPPD.EchoFailure=count
290              Dead peer check count.
291
292       PPPD.EchoInterval=interval
293              Dead peer check interval.
294
295       PPPD.Debug=level
296              Debug level.
297
298       PPPD.RefuseEAP=true | false
299              Refuse EAP authentication.
300
301       PPPD.RefusePAP=true | false
302              Refuse PAP authentication.
303
304       PPPD.RefuseCHAP=true | false
305              Refuse CHAP authentication.
306
307       PPPD.RefuseMSCHAP=true | false
308              Refuse MSCHAP authentication.
309
310       PPPD.RefuseMSCHAP2=true | false
311              Refuse MSCHAPv2 authentication.
312
313       PPPD.NoBSDComp=true | false
314              Disable BSD compression.
315
316       PPPD.NoPcomp=true | false
317              Disable protocol compression.
318
319       PPPD.UseAccomp=true | false
320              Disable Access/Control compression.
321
322       PPPD.NoDeflate=true | false
323              Disable deflate compression.
324
325       PPPD.ReqMPPE=true | false
326              Require the use of MPPE.
327
328       PPPD.ReqMPPE40=true | false
329              Require the use of MPPE 40 bit.
330
331       PPPD.ReqMPPE128=true | false
332              Require the use of MPPE 128 bit.
333
334       PPPD.ReqMPPEStateful=true | false
335              Allow MPPE to use stateful mode.
336
337       PPPD.NoVJ=true | false
338              No Van Jacobson compression.
339
340   PPTP
341       The  following  keys  are  optional for pptp(8) (see also pppd(8)) net‐
342       works:
343
344       PPTP.User=username
345              Username.
346
347       PPTP.Password=password
348              Password.
349
350       PPPD.EchoFailure=count
351              Echo failure count.
352
353       PPPD.EchoFailure=count
354              Dead peer check count.
355
356       PPPD.EchoInterval=interval
357              Dead peer check interval.
358
359       PPPD.Debug=level
360              Debug level.
361
362       PPPD.RefuseEAP=true | false
363              Refuse EAP authentication.
364
365       PPPD.RefusePAP=true | false
366              Refuse PAP authentication.
367
368       PPPD.RefuseCHAP=true | false
369              Refuse CHAP authentication.
370
371       PPPD.RefuseMSCHAP=true | false
372              Refuse MSCHAP authentication.
373
374       PPPD.RefuseMSCHAP2=true | false
375              Refuse MSCHAPv2 authentication.
376
377       PPPD.NoBSDComp=true | false
378              Disable BSD compression.
379
380       PPPD.NoPcomp=true | false
381              Disable protocol compression.
382
383       PPPD.UseAccomp=true | false
384              Disable Access/Control compression.
385
386       PPPD.NoDeflate=true | false
387              Disable deflate compression.
388
389       PPPD.ReqMPPE=true | false
390              Require the use of MPPE.
391
392       PPPD.ReqMPPE40=true | false
393              Require the use of MPPE 40 bit.
394
395       PPPD.ReqMPPE128=true | false
396              Require the use of MPPE 128 bit.
397
398       PPPD.ReqMPPEStateful=true | false
399              Allow MPPE to use stateful mode.
400
401       PPPD.NoVJ=true | false
402              No Van Jacobson compression.
403
404

EXAMPLE

406       This is a configuration file for a  VPN  providing  L2TP,  OpenVPN  and
407       OpenConnect   services.   It   could,  for  example,  be  in  the  file
408       /var/lib/connman-vpn/example.config.
409
410       [global]
411       Name = Example
412       Description = Example VPN configuration
413
414       [provider_l2tp]
415       Type = L2TP
416       Name = Connection to corporate network
417       Host = 1.2.3.4
418       Domain = corporate.com
419       Networks = 10.10.30.0/24
420       L2TP.User = username
421
422       [provider_openconnect]
423       Type = OpenConnect
424       Name = Connection to corporate network using Cisco VPN
425       Host = 7.6.5.4
426       Domain = corporate.com
427       Networks = 10.10.20.0/255.255.255.0/10.20.1.5,192.168.99.1/24,2001:db8::1/64
428       OpenConnect.ServerCert = 263AFAB4CB2E6621D12E90182008AEF44AEFA031
429       OpenConnect.CACert = /etc/certs/certificate.p12
430
431       [provider_openvpn]
432       Type = OpenVPN
433       Name = Connection to corporate network using OpenVPN
434       Host = 3.2.5.6
435       Domain = my.home.network
436       OpenVPN.CACert = /etc/certs/cacert.pem
437       OpenVPN.Cert = /etc/certs/cert.pem
438       OpenVPN.Key = /etc/certs/cert.key
439

SEE ALSO

441       connmanctl(1), connman(8), connman-vpn(8)
442
443
444
445                                  2015-10-15         connection_name.config(5)
Impressum