| 1234567891011121314151617181920212223242526272829303132333435363738394041 |
- The vpnc client expects to be configured using the uci interface.
- To setup a VPN connection, add the following to /etc/config/network:
- config interface 'MYVPN'
- option proto 'vpnc'
- option interface 'wan'
- option server 'vpn.example.com'
- option username 'test'
- option password 'secret' # or:
- option hexpasswd 'AE7FF6A0426F0A0CD0A02EB9EC3C5066FAEB0B25'
- option authgroup 'DEFAULT'
- option passgroup 'groupsecret' # or:
- option hexpassgroup '52B0BEAF6605C3CE9BE20A0DC0A0F6240A6FF7EA'
- option domain 'WORKGROUP'
- option vendor 'cisco' # or 'netscreen'
- option natt_mode 'natt' # or 'none' or 'force-natt' or 'cisco-udp'
- option dh_group 'dh2' # or 'dh1' or 'dh5'
- option pfs 'server' # or 'nopfs' or 'dh1' or 'dh2' or 'dh5'
- option enable_single_des '0'
- option enable_no_enc '0' # '1' to enable unencrypted VPN
- option mtu '0'
- option local_addr '0.0.0.0'
- option local_port '500' # '0' to use a random port
- option udp_port '10000' # '0' to use a random port
- option dpd_idle '300'
- option auth_mode 'psk' # or 'hybrid'
- option target_network '0.0.0.0/0.0.0.0' # network/netmask or CIDR
- The additional file(s) are also used:
- /etc/vpnc/ca-vpn-MYVPN.pem: The server's CA certificate (for auth_mode 'hybrid')
- After these are setup you can initiate the VPN using "ifup MYVPN", and
- deinitialize it using ifdown. You may also use the luci web interface
- (Network -> Interfaces -> MYVPN Connect).
- Note that you need to configure the firewall to allow communication between
- the MYVPN interface and lan.
- If you install this package via opkg, there are reports that you must reboot
- before it can be used.
|
