Usage: vpnc [--version] [--print-config] [--help] [--long-help] [options] [config files] Options: --gateway IP/name of your IPSec gateway conf-variable: IPSec gateway --id your group name conf-variable: IPSec ID (configfile only option) your group password (cleartext) conf-variable: IPSec secret (configfile only option) your group password (obfuscated) conf-variable: IPSec obfuscated secret --username your username conf-variable: Xauth username (configfile only option) your password (cleartext) conf-variable: Xauth password (configfile only option) your password (obfuscated) conf-variable: Xauth obfuscated password --domain (NT-) Domain name for authentication conf-variable: Domain --xauth-inter enable interactive extended authentication (for challenge response auth) conf-variable: Xauth interactive --vendor vendor of your IPSec gateway Default: cisco conf-variable: Vendor --natt-mode Which NAT-Traversal Method to use: * natt -- NAT-T as defined in RFC3947 * none -- disable use of any NAT-T method * force-natt -- always use NAT-T encapsulation even without presence of a NAT device (useful if the OS captures all ESP traffic) * cisco-udp -- Cisco proprietary UDP encapsulation, commonly over Port 10000 Note: cisco-tcp encapsulation is not yet supported Default: natt conf-variable: NAT Traversal Mode --script command is executed using system() to configure the interface, routing and so on. Device name, IP, etc. are passed using enviroment variables, see README. This script is executed right after ISAKMP is done, but before tunneling is enabled. It is called when vpnc terminates, too Default: /etc/vpnc/vpnc-script conf-variable: Script --dh name of the IKE DH Group Default: dh2 conf-variable: IKE DH Group --pfs Diffie-Hellman group to use for PFS Default: server conf-variable: Perfect Forward Secrecy --enable-1des enables weak single DES encryption conf-variable: Enable Single DES --enable-no-encryption enables using no encryption for data traffic (key exchanged must be encrypted) conf-variable: Enable no encryption --application-version Application Version to report. Note: Default string is generated at runtime. Default: Cisco Systems VPN Client 0.5.1:Linux conf-variable: Application version --ifname visible name of the TUN/TAP interface conf-variable: Interface name --ifmode mode of TUN/TAP interface: * tun: virtual point to point interface (default) * tap: virtual ethernet interface Default: tun conf-variable: Interface mode --debug <0/1/2/3/99> Show verbose debug messages * 0: Do not print debug information. * 1: Print minimal debug information. * 2: Show statemachine and packet/payload type information. * 3: Dump everything exluding authentication data. * 99: Dump everything including authentication data (e.g. passwords). conf-variable: Debug <0/1/2/3/99> --no-detach Don't detach from the console after login conf-variable: No Detach --pid-file store the pid of background process in Default: /var/run/vpnc/pid conf-variable: Pidfile --local-addr local IP to use for ISAKMP / ESP / ... (0.0.0.0 == automatically assign) Default: 0.0.0.0 conf-variable: Local Addr --local-port <0-65535> local ISAKMP port number to use (0 == use random port) Default: 500 conf-variable: Local Port <0-65535> --udp-port <0-65535> Local UDP port number to use (0 == use random port). This is only relevant if cisco-udp nat-traversal is used. This is the _local_ port, the remote udp port is discovered automatically. It is especially not the cisco-tcp port. Default: 10000 conf-variable: Cisco UDP Encapsulation Port <0-65535> --dpd-idle <0,10-86400> Send DPD packet after not receiving anything for seconds. Use 0 to disable DPD completely (both ways). Default: 300 conf-variable: DPD idle timeout (our side) <0,10-86400> --non-inter Don't ask anything, exit on missing options conf-variable: Noninteractive --auth-mode Authentication mode: * psk: pre-shared key (default) * cert: server + client certificate (not implemented yet) * hybrid: server certificate + xauth (if built with openssl support) Default: psk conf-variable: IKE Authmode --ca-file filename and path to the CA-PEM-File conf-variable: CA-File --ca-dir path of the trusted CA-Directory Default: /etc/ssl/certs conf-variable: CA-Dir --dns-update DEPRECATED extension, see README.Debian for details Default: Yes conf-variable: DNSUpdate --target-networks DEPRECATED extension, see README.Debian for details Default: conf-variable: Target Networks Report bugs to vpnc@unix-ag.uni-kl.de