diff options
Diffstat (limited to 'packages/vpnc/files/vpnc0.5.3--long-help')
-rw-r--r-- | packages/vpnc/files/vpnc0.5.3--long-help | 168 |
1 files changed, 168 insertions, 0 deletions
diff --git a/packages/vpnc/files/vpnc0.5.3--long-help b/packages/vpnc/files/vpnc0.5.3--long-help new file mode 100644 index 0000000000..fbec254144 --- /dev/null +++ b/packages/vpnc/files/vpnc0.5.3--long-help @@ -0,0 +1,168 @@ +Usage: vpnc [--version] [--print-config] [--help] [--long-help] [options] [config files] + +Options: + --gateway <ip/hostname> + IP/name of your IPSec gateway + conf-variable: IPSec gateway <ip/hostname> + + --id <ASCII string> + your group name + conf-variable: IPSec ID <ASCII string> + + (configfile only option) + your group password (cleartext) + conf-variable: IPSec secret <ASCII string> + + (configfile only option) + your group password (obfuscated) + conf-variable: IPSec obfuscated secret <hex string> + + --username <ASCII string> + your username + conf-variable: Xauth username <ASCII string> + + (configfile only option) + your password (cleartext) + conf-variable: Xauth password <ASCII string> + + (configfile only option) + your password (obfuscated) + conf-variable: Xauth obfuscated password <hex string> + + --domain <ASCII string> + (NT-) Domain name for authentication + conf-variable: Domain <ASCII string> + + --xauth-inter + enable interactive extended authentication (for challenge response auth) + conf-variable: Xauth interactive + + --vendor <cisco/netscreen> + vendor of your IPSec gateway + Default: cisco + conf-variable: Vendor <cisco/netscreen> + + --natt-mode <natt/none/force-natt/cisco-udp> + Which NAT-Traversal Method to use: + * natt -- NAT-T as defined in RFC3947 + * none -- disable use of any NAT-T method + * force-natt -- always use NAT-T encapsulation even + without presence of a NAT device + (useful if the OS captures all ESP traffic) + * cisco-udp -- Cisco proprietary UDP encapsulation, commonly over Port 10000 + Note: cisco-tcp encapsulation is not yet supported + Default: natt + conf-variable: NAT Traversal Mode <natt/none/force-natt/cisco-udp> + + --script <command> + command is executed using system() to configure the interface, + routing and so on. Device name, IP, etc. are passed using enviroment + variables, see README. This script is executed right after ISAKMP is + done, but before tunneling is enabled. It is called when vpnc + terminates, too + Default: /etc/vpnc/vpnc-script + conf-variable: Script <command> + + --dh <dh1/dh2/dh5> + name of the IKE DH Group + Default: dh2 + conf-variable: IKE DH Group <dh1/dh2/dh5> + + --pfs <nopfs/dh1/dh2/dh5/server> + Diffie-Hellman group to use for PFS + Default: server + conf-variable: Perfect Forward Secrecy <nopfs/dh1/dh2/dh5/server> + + --enable-1des + enables weak single DES encryption + conf-variable: Enable Single DES + + --enable-no-encryption + enables using no encryption for data traffic (key exchanged must be encrypted) + conf-variable: Enable no encryption + + --application-version <ASCII string> + Application Version to report. Note: Default string is generated at runtime. + Default: Cisco Systems VPN Client 0.5.3-394:Linux + conf-variable: Application version <ASCII string> + + --ifname <ASCII string> + visible name of the TUN/TAP interface + conf-variable: Interface name <ASCII string> + + --ifmode <tun/tap> + mode of TUN/TAP interface: + * tun: virtual point to point interface (default) + * tap: virtual ethernet interface + Default: tun + conf-variable: Interface mode <tun/tap> + + --debug <0/1/2/3/99> + Show verbose debug messages + * 0: Do not print debug information. + * 1: Print minimal debug information. + * 2: Show statemachine and packet/payload type information. + * 3: Dump everything exluding authentication data. + * 99: Dump everything INCLUDING AUTHENTICATION data (e.g. PASSWORDS). + conf-variable: Debug <0/1/2/3/99> + + --no-detach + Don't detach from the console after login + conf-variable: No Detach + + --pid-file <filename> + store the pid of background process in <filename> + Default: /var/run/vpnc/pid + conf-variable: Pidfile <filename> + + --local-addr <ip/hostname> + local IP to use for ISAKMP / ESP / ... (0.0.0.0 == automatically assign) + Default: 0.0.0.0 + conf-variable: Local Addr <ip/hostname> + + --local-port <0-65535> + local ISAKMP port number to use (0 == use random port) + Default: 500 + conf-variable: Local Port <0-65535> + + --udp-port <0-65535> + Local UDP port number to use (0 == use random port). + This is only relevant if cisco-udp nat-traversal is used. + This is the _local_ port, the remote udp port is discovered automatically. + It is especially not the cisco-tcp port. + Default: 10000 + conf-variable: Cisco UDP Encapsulation Port <0-65535> + + --dpd-idle <0,10-86400> + Send DPD packet after not receiving anything for <idle> seconds. + Use 0 to disable DPD completely (both ways). + Default: 300 + conf-variable: DPD idle timeout (our side) <0,10-86400> + + --non-inter + Don't ask anything, exit on missing options + conf-variable: Noninteractive + + --auth-mode <psk/cert/hybrid> + Authentication mode: + * psk: pre-shared key (default) + * cert: server + client certificate (not implemented yet) + * hybrid: server certificate + xauth (if built with openssl support) + Default: psk + conf-variable: IKE Authmode <psk/cert/hybrid> + + --ca-file <filename> + filename and path to the CA-PEM-File + conf-variable: CA-File <filename> + + --ca-dir <directory> + path of the trusted CA-Directory + Default: /etc/ssl/certs + conf-variable: CA-Dir <directory> + + --target-network <target network/netmask> + Target network in dotted decimal or CIDR notation + Default: 0.0.0.0/0.0.0.0 + conf-variable: IPSEC target network <target network/netmask> + +Report bugs to vpnc@unix-ag.uni-kl.de |