1VPNC(8)                              vpnc                              VPNC(8)
2
3
4

NAME

6       vpnc - client for Cisco VPN3000 Concentrator, IOS and PIX
7

SYNOPSIS

9       see vpnc --long-help
10
11

DESCRIPTION

13       This  manual  page  documents briefly the vpnc and vpnc-disconnect com‐
14       mands.
15
16       vpnc is a VPN client for the Cisco 3000 VPN  Concentrator,  creating  a
17       IPSec-like  connection as a tunneling network device for the local sys‐
18       tem. It uses the TUN/TAP driver in  Linux  kernel  2.4  and  above  and
19       device  tun(4) on BSD. The created connection is presented as a tunnel‐
20       ing network device to the local system.
21
22       The vpnc daemon by itself  does  not  set  any  routes,  but  it  calls
23       vpnc-script  to  do this job. vpnc-script displays a connect banner. If
24       the concentrator supplies a network list for split-tunneling these net‐
25       works are added to the routing table.  Otherwise the default-route will
26       be modified to point to the tunnel.  Further a host route to  the  con‐
27       centrator  is  added in the later case.  If the client host needs DHCP,
28       care must be taken to add another host route to the DHCP-Server  around
29       the tunnel.
30
31       The  vpnc-disconnect command is used to terminate the connection previ‐
32       ously created by vpnc and restore the previous routing configuration.
33
34

CONFIGURATION

36       The daemon reads configuration data from the following places:
37       - command line options
38       - config file(s) specified on the command line
39       - /etc/vpnc/default.conf
40       - /etc/vpnc.conf
41       - prompting the user if not found above
42
43       vpnc can parse options and configuration files in  any  order.  However
44       the  first  place to set an option wins.  configuration filenames which
45       do not contain  a  /  will  be  searched  at  /etc/vpnc/<filename>  and
46       /etc/vpnc/<filename>.conf.   Otherwise  <filename>  and <filename>.conf
47       will be used.  If no configuration file is specified  on  the  command-
48       line  at  all,  both  /etc/vpnc/default.conf and /etc/vpnc.conf will be
49       loaded.
50

OPTIONS

52       The program options can be either given as argument  (but  not  all  of
53       them for security reasons) or be stored in a configuration file.
54
55
56       --print-config
57               Prints your configuration; output can be used as vpnc.conf
58
59              See output of vpnc --long-help for a complete description
60

FILES

62       /etc/vpnc.conf /etc/vpnc/default.conf
63              The  default configuration file. You can specify the same config
64              directives as with command line options  and  additionaly  IPSec
65              secret  and  Xauth password both supplying a cleartext password.
66              Scrambled passwords from the Cisco configuration profiles can be
67              used with IPSec obfuscated secret and Xauth obfuscated password.
68
69              See EXAMPLES for further details.
70
71       /etc/vpnc/*.conf
72              vpnc  will  read  configuration files in this directory when the
73              config filename (with or without .conf) is specified on the com‐
74              mand line.
75
76

EXAMPLES

78       This is an example vpnc.conf:
79
80              IPSec gateway vpn.rwth-aachen.de
81              IPSec ID MoPS
82              IPSec secret mopsWLAN
83              Xauth username abcdef
84              Xauth password 123456
85
86       The  lines begin with a keyword (no leading spaces!).  The values start
87       exactly one space after the keywords, and run to the end of line.  This
88       lets  you  put  any  kind of weird character (except CR, LF and NUL) in
89       your strings, but it does mean you can't add comments after  a  string,
90       or spaces before them.
91
92       See  also  the --print-config option to generate a config file, and the
93       example file in the package documentation directory where more advanced
94       usage is demonstrated.
95
96       Advanced  features  like  manual  setting of multiple target routes and
97       disabling /etc/resolv.conf rewriting is documented in the README of the
98       vpnc package.
99
100

TODO

102       Certificate support (Pre-Shared-Key + XAUTH is known to be insecure).
103       Further points can be found in the TODO file.
104
105

AUTHOR

107       This  man-page  has  been written by Eduard Bloch <blade(at)debian.org>
108       and Christian Lackas <delta(at)lackas.net>, based  on  vpnc  README  by
109       Maurice  Massar  <vpnc(at)unix-ag.uni-kl.de>.  Permission is granted to
110       copy, distribute and/or modify this document under the terms of the GNU
111       General  Public  License,  Version 2 any later version published by the
112       Free Software Foundation.
113
114       On Debian systems, the complete text of the GNU General Public  License
115       can be found in /usr/share/common-licenses/GPL.
116

SEE ALSO

118       ip(8),    ifconfig(8),   route(1),   http://www.unix-ag.uni-kl.de/~mas‐
119       sar/vpnc/
120
121
122
123
124Debian                            13 Mai 2004                          VPNC(8)
Impressum