Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- vpnc: unknown option --nat-keepalive
- Usage: vpnc [--version] [--print-config] [--help] [--long-help] [options] [config files]
- Options:
- --gateway <ip/hostname>
- IP/name of your IPSec gateway
- conf-variable: IPSec gateway <ip/hostname>
- --id <ASCII string>
- your group name
- conf-variable: IPSec ID <ASCII string>
- (configfile only option)
- your group password (cleartext)
- conf-variable: IPSec secret <ASCII string>
- (configfile only option)
- your group password (obfuscated)
- conf-variable: IPSec obfuscated secret <hex string>
- --username <ASCII string>
- your username
- conf-variable: Xauth username <ASCII string>
- (configfile only option)
- your password (cleartext)
- conf-variable: Xauth password <ASCII string>
- (configfile only option)
- your password (obfuscated)
- conf-variable: Xauth obfuscated password <hex string>
- --domain <ASCII string>
- (NT-) Domain name for authentication
- conf-variable: Domain <ASCII string>
- --xauth-inter
- enable interactive extended authentication (for challenge response auth)
- conf-variable: Xauth interactive
- --vendor <cisco/netscreen>
- vendor of your IPSec gateway
- Default: cisco
- conf-variable: Vendor <cisco/netscreen>
- --natt-mode <natt/none/force-natt/cisco-udp>
- Which NAT-Traversal Method to use:
- * natt -- NAT-T as defined in RFC3947
- * none -- disable use of any NAT-T method
- * force-natt -- always use NAT-T encapsulation even
- without presence of a NAT device
- (useful if the OS captures all ESP traffic)
- * cisco-udp -- Cisco proprietary UDP encapsulation, commonly over Port 10000
- Note: cisco-tcp encapsulation is not yet supported
- Default: natt
- conf-variable: NAT Traversal Mode <natt/none/force-natt/cisco-udp>
- --script <command>
- command is executed using system() to configure the interface,
- routing and so on. Device name, IP, etc. are passed using enviroment
- variables, see README. This script is executed right after ISAKMP is
- done, but before tunneling is enabled. It is called when vpnc
- terminates, too
- Default: /etc/vpnc/vpnc-script
- conf-variable: Script <command>
- --dh <dh1/dh2/dh5>
- name of the IKE DH Group
- Default: dh2
- conf-variable: IKE DH Group <dh1/dh2/dh5>
- --pfs <nopfs/dh1/dh2/dh5/server>
- Diffie-Hellman group to use for PFS
- Default: server
- conf-variable: Perfect Forward Secrecy <nopfs/dh1/dh2/dh5/server>
- --enable-1des
- enables weak single DES encryption
- conf-variable: Enable Single DES
- --enable-no-encryption
- enables using no encryption for data traffic (key exchanged must be encrypted)
- conf-variable: Enable no encryption
- --application-version <ASCII string>
- Application Version to report. Note: Default string is generated at runtime.
- Default: Cisco Systems VPN Client 0.5.3:Linux
- conf-variable: Application version <ASCII string>
- --ifname <ASCII string>
- visible name of the TUN/TAP interface
- conf-variable: Interface name <ASCII string>
- --ifmode <tun/tap>
- mode of TUN/TAP interface:
- * tun: virtual point to point interface (default)
- * tap: virtual ethernet interface
- Default: tun
- conf-variable: Interface mode <tun/tap>
- --debug <0/1/2/3/99>
- Show verbose debug messages
- * 0: Do not print debug information.
- * 1: Print minimal debug information.
- * 2: Show statemachine and packet/payload type information.
- * 3: Dump everything exluding authentication data.
- * 99: Dump everything INCLUDING AUTHENTICATION data (e.g. PASSWORDS).
- conf-variable: Debug <0/1/2/3/99>
- --no-detach
- Don't detach from the console after login
- conf-variable: No Detach
- --pid-file <filename>
- store the pid of background process in <filename>
- Default: /var/run/vpnc/pid
- conf-variable: Pidfile <filename>
- --local-addr <ip/hostname>
- local IP to use for ISAKMP / ESP / ... (0.0.0.0 == automatically assign)
- Default: 0.0.0.0
- conf-variable: Local Addr <ip/hostname>
- --local-port <0-65535>
- local ISAKMP port number to use (0 == use random port)
- Default: 500
- conf-variable: Local Port <0-65535>
- --udp-port <0-65535>
- Local UDP port number to use (0 == use random port).
- This is only relevant if cisco-udp nat-traversal is used.
- This is the _local_ port, the remote udp port is discovered automatically.
- It is especially not the cisco-tcp port.
- Default: 10000
- conf-variable: Cisco UDP Encapsulation Port <0-65535>
- --dpd-idle <0,10-86400>
- Send DPD packet after not receiving anything for <idle> seconds.
- Use 0 to disable DPD completely (both ways).
- Default: 300
- conf-variable: DPD idle timeout (our side) <0,10-86400>
- --non-inter
- Don't ask anything, exit on missing options
- conf-variable: Noninteractive
- --auth-mode <psk/cert/hybrid>
- Authentication mode:
- * psk: pre-shared key (default)
- * cert: server + client certificate (not implemented yet)
- * hybrid: server certificate + xauth (if built with openssl support)
- Default: psk
- conf-variable: IKE Authmode <psk/cert/hybrid>
- --ca-file <filename>
- filename and path to the CA-PEM-File
- conf-variable: CA-File <filename>
- --ca-dir <directory>
- path of the trusted CA-Directory
- Default: /etc/ssl/certs
- conf-variable: CA-Dir <directory>
- --target-network <target network/netmask>
- Target network in dotted decimal or CIDR notation
- Default: 0.0.0.0/0.0.0.0
- conf-variable: IPSEC target network <target network/netmask>
- --dns-update
- DEPRECATED extension, see README.Debian for details
- Default: Yes
- conf-variable: DNSUpdate
- --target-networks
- DEPRECATED extension, see README.Debian for details
- Default:
- conf-variable: Target Networks
- Report bugs to vpnc@unix-ag.uni-kl.de
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement