1Usage: vpnc [--version] [--print-config] [--help] [--long-help] [options] [config files] 2 3Options: 4 --gateway <ip/hostname> 5 IP/name of your IPSec gateway 6 conf-variable: IPSec gateway <ip/hostname> 7 8 --id <ASCII string> 9 your group name 10 conf-variable: IPSec ID <ASCII string> 11 12 (configfile only option) 13 your group password (cleartext) 14 conf-variable: IPSec secret <ASCII string> 15 16 (configfile only option) 17 your group password (obfuscated) 18 conf-variable: IPSec obfuscated secret <hex string> 19 20 --username <ASCII string> 21 your username 22 conf-variable: Xauth username <ASCII string> 23 24 (configfile only option) 25 your password (cleartext) 26 conf-variable: Xauth password <ASCII string> 27 28 (configfile only option) 29 your password (obfuscated) 30 conf-variable: Xauth obfuscated password <hex string> 31 32 --domain <ASCII string> 33 (NT-) Domain name for authentication 34 conf-variable: Domain <ASCII string> 35 36 --xauth-inter 37 enable interactive extended authentication (for challenge response auth) 38 conf-variable: Xauth interactive 39 40 --vendor <cisco/netscreen> 41 vendor of your IPSec gateway 42 Default: cisco 43 conf-variable: Vendor <cisco/netscreen> 44 45 --natt-mode <natt/none/force-natt/cisco-udp> 46 Which NAT-Traversal Method to use: 47 * natt -- NAT-T as defined in RFC3947 48 * none -- disable use of any NAT-T method 49 * force-natt -- always use NAT-T encapsulation even 50 without presence of a NAT device 51 (useful if the OS captures all ESP traffic) 52 * cisco-udp -- Cisco proprietary UDP encapsulation, commonly over Port 10000 53 Note: cisco-tcp encapsulation is not yet supported 54 Default: natt 55 conf-variable: NAT Traversal Mode <natt/none/force-natt/cisco-udp> 56 57 --script <command> 58 command is executed using system() to configure the interface, 59 routing and so on. Device name, IP, etc. are passed using enviroment 60 variables, see README. This script is executed right after ISAKMP is 61 done, but before tunneling is enabled. It is called when vpnc 62 terminates, too 63 Default: /etc/vpnc/vpnc-script 64 conf-variable: Script <command> 65 66 --dh <dh1/dh2/dh5> 67 name of the IKE DH Group 68 Default: dh2 69 conf-variable: IKE DH Group <dh1/dh2/dh5> 70 71 --pfs <nopfs/dh1/dh2/dh5/server> 72 Diffie-Hellman group to use for PFS 73 Default: server 74 conf-variable: Perfect Forward Secrecy <nopfs/dh1/dh2/dh5/server> 75 76 --enable-1des 77 enables weak single DES encryption 78 conf-variable: Enable Single DES 79 80 --enable-no-encryption 81 enables using no encryption for data traffic (key exchanged must be encrypted) 82 conf-variable: Enable no encryption 83 84 --application-version <ASCII string> 85 Application Version to report. Note: Default string is generated at runtime. 86 Default: Cisco Systems VPN Client 0.5.3-394:Linux 87 conf-variable: Application version <ASCII string> 88 89 --ifname <ASCII string> 90 visible name of the TUN/TAP interface 91 conf-variable: Interface name <ASCII string> 92 93 --ifmode <tun/tap> 94 mode of TUN/TAP interface: 95 * tun: virtual point to point interface (default) 96 * tap: virtual ethernet interface 97 Default: tun 98 conf-variable: Interface mode <tun/tap> 99 100 --debug <0/1/2/3/99> 101 Show verbose debug messages 102 * 0: Do not print debug information. 103 * 1: Print minimal debug information. 104 * 2: Show statemachine and packet/payload type information. 105 * 3: Dump everything exluding authentication data. 106 * 99: Dump everything INCLUDING AUTHENTICATION data (e.g. PASSWORDS). 107 conf-variable: Debug <0/1/2/3/99> 108 109 --no-detach 110 Don't detach from the console after login 111 conf-variable: No Detach 112 113 --pid-file <filename> 114 store the pid of background process in <filename> 115 Default: /var/run/vpnc/pid 116 conf-variable: Pidfile <filename> 117 118 --local-addr <ip/hostname> 119 local IP to use for ISAKMP / ESP / ... (0.0.0.0 == automatically assign) 120 Default: 0.0.0.0 121 conf-variable: Local Addr <ip/hostname> 122 123 --local-port <0-65535> 124 local ISAKMP port number to use (0 == use random port) 125 Default: 500 126 conf-variable: Local Port <0-65535> 127 128 --udp-port <0-65535> 129 Local UDP port number to use (0 == use random port). 130 This is only relevant if cisco-udp nat-traversal is used. 131 This is the _local_ port, the remote udp port is discovered automatically. 132 It is especially not the cisco-tcp port. 133 Default: 10000 134 conf-variable: Cisco UDP Encapsulation Port <0-65535> 135 136 --dpd-idle <0,10-86400> 137 Send DPD packet after not receiving anything for <idle> seconds. 138 Use 0 to disable DPD completely (both ways). 139 Default: 300 140 conf-variable: DPD idle timeout (our side) <0,10-86400> 141 142 --non-inter 143 Don't ask anything, exit on missing options 144 conf-variable: Noninteractive 145 146 --auth-mode <psk/cert/hybrid> 147 Authentication mode: 148 * psk: pre-shared key (default) 149 * cert: server + client certificate (not implemented yet) 150 * hybrid: server certificate + xauth (if built with openssl support) 151 Default: psk 152 conf-variable: IKE Authmode <psk/cert/hybrid> 153 154 --ca-file <filename> 155 filename and path to the CA-PEM-File 156 conf-variable: CA-File <filename> 157 158 --ca-dir <directory> 159 path of the trusted CA-Directory 160 Default: /etc/ssl/certs 161 conf-variable: CA-Dir <directory> 162 163 --target-network <target network/netmask> 164 Target network in dotted decimal or CIDR notation 165 Default: 0.0.0.0/0.0.0.0 166 conf-variable: IPSEC target network <target network/netmask> 167 168Report bugs to vpnc@unix-ag.uni-kl.de 169