1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
|
$NetBSD: patch-ae,v 1.2 2011/03/05 17:46:41 cegger Exp $
--- vpnc.8.template.orig 2008-11-19 20:36:12.000000000 +0000
+++ vpnc.8.template
@@ -48,9 +48,9 @@ command line options
.IP \(bu
config file(s) specified on the command line
.IP \(bu
-/etc/vpnc/default.conf
+@PKG_SYSCONFDIR@/vpnc/default.conf
.IP \(bu
-/etc/vpnc.conf
+@PKG_SYSCONFDIR@/vpnc.conf
.IP \(bu
prompting the user if not found above
@@ -63,9 +63,9 @@ place to set an option wins.
configuration filenames
which do not contain a /
will be searched at
-.B /etc/vpnc/<filename>
+.B @PKG_SYSCONFDIR@/vpnc/<filename>
and
-.B /etc/vpnc/<filename>.conf.
+.B @PKG_SYSCONFDIR@/vpnc/<filename>.conf.
Otherwise
.B <filename>
and
@@ -74,9 +74,9 @@ will be used.
If no configuration file
is specified on the command-line
at all, both
-.B /etc/vpnc/default.conf
+.B @PKG_SYSCONFDIR@/vpnc/default.conf
and
-.B /etc/vpnc.conf
+.B @PKG_SYSCONFDIR@/vpnc.conf
will be loaded.
.SH OPTIONS
@@ -91,8 +91,8 @@ for security reasons) or be stored in a
Prints your configuration; output can be used as vpnc.conf
.SH FILES
-.I /etc/vpnc.conf
-.I /etc/vpnc/default.conf
+.I @PKG_SYSCONFDIR@/vpnc.conf
+.I @PKG_SYSCONFDIR@/vpnc/default.conf
.RS
The default configuration file. You can specify the same config
directives as with command line options and additionaly
@@ -110,7 +110,7 @@ See
for further details.
.RE
-.I /etc/vpnc/*.conf
+.I @PKG_SYSCONFDIR@/vpnc/*.conf
.RS
vpnc will read configuration files in this directory when
the config filename (with or without .conf) is specified on the command line.
@@ -149,11 +149,11 @@ IKE Authmode hybrid
.P
.P
-CA-Dir /etc/vpnc
+CA-Dir @PKG_SYSCONFDIR@/vpnc
.P
\fBor\fR
.P
-CA-File /etc/vpnc/vpn-example-com.pem
+CA-File @PKG_SYSCONFDIR@/vpnc/vpn-example-com.pem
.P
.P
@@ -176,7 +176,7 @@ named something like 722d15bd.X, where X
make sure that files with colliding hashes have different names. The number
can be derived from the certificate file itself:
.P
-openssl x509 -subject_hash -noout -in /etc/vpnc/vpn-example-com.pem
+openssl x509 -subject_hash -noout -in @PKG_SYSCONFDIR@/vpnc/vpn-example-com.pem
See also the
.B \-\-print\-config
@@ -187,6 +187,40 @@ Advanced features like manual setting of
disabling /etc/resolv.conf rewriting is documented in the README of the
vpnc package.
+.SH ADVANCED USAGE
+The vpnc-connect script shipped with this package some additional
+features:
+.IP "Custom route setting"
+By default, the default route is deleted after connection and replaced
+with the new one (going trough the VPN tunnel device). However, some
+people wish to limit the target address range to few IP ranges.
+This can be done using the config directive
+.B Target networks
+in the config file. For example:
+.RS
+.PD 0
+Target networks 123.234.210.0/24 10.1.0.0/16
+.PD
+.RE
+.IP "Multiple config profiles management"
+You can have multiple config files and select one on connection by
+specifying a short profile name instead of a config file path. In this
+case, the file
+.I @PKG_SYSCONFDIR@/vpnc/PROFILE.conf
+is used as config file (where PROFILE is the short profile name).
+.IP "/etc/resolv.conf update"
+If the package
+.B resolvconf
+is installed and the VPN gateway sends some DNS server data, the
+script will use resolution to integrate the received data into
+.I /etc/resolv.conf.
+To disable this behaviour, set the config directive
+.I DNSUpdate
+to the
+.I "no"
+value.
+
+
.SH TODO
.PD 0
Certificate support (Pre-Shared-Key + XAUTH is known to be insecure).
|
