Provided by: grml-vpn_0.15_all bug

NAME

       grml-vpn  -  program to establish encrypted communication channels in a
       network

SYNOPSIS

       grml-vpn [OPTIONS] <ACTION> <SPI> [IPs]

DESCRIPTION

       grml-vpn is a program that provides an easy wrapper  around  ipsec  and
       setkey (without any ike daemon). With this program you can create a vpn
       based uppon ipsec to any number of computers. It’s intended purpose  is
       for  example  for  wlan sessions to create an encrypted network between
       all computers on the wlan. It is also possible to create  a  standalone
       shellscript which only needs the setkey command to setup the vpn (using
       the -x option).

ACTIONS

       add    Add an ipsec entry

       del    Delete an specific ipsec entry

       clear  Delete  all  ipsec  entries  (attention,  really  deletes  _all_
              entrys, even from other setkey commands and isakmpd).

       show   Show all infos about ipsec entrys.

       info   Give infos about ciphers and there allowed keysizes.

       help   Show the help message.

OPTIONS

       -h, help
              Show summary of options.

       -v     Show what is going on (more v => more out).

       -a <IP>
              Your IP (currently necessary for vpns with more than 2 computers
              given in file or on stdin). If IPs are given on commandline, the
              script tries hard to guess your IP.

       -e <ciphername> (default=rijndael-cbc, better known as AES)
              Cipher name. Will be matched against ciphers available for ipsec
              (all ciphers not only the available ciphers on  your  box).  eg.
              "-e  two"  will  match  twofish-cbc.  If  more  then one ciphers
              matches your regexp than the matches are  printed  and  grml-vpn
              aborts.

       -b <keysize> (default=256 bit)
              Keysize used for your encryption.

       -k <key>
              Your key/password for the vpn (will be hashed).

       -K <raw-key>
              Set raw key (you determine the keysize, not -b).

       -f <input-file>
              Read  IPs  for  encrypted  connections  from  file (same as from
              stdin).

       -c     Read IPs from stdin (setkey commands are not written until _all_
              IPs are read from stdin).

       -p     Only print the setkey commands (eg. grml-vpn -p ... |setkey -c).
              USE THIS if you create a vpn with many computers,  because  this
              is a bit faster).

       -x     Print  a standalone shellscript which only needs setkey to setup
              the vpn.

EXAMPLES

       grml-vpn -k testpw -b 128 add 1000 192.168.0.1 192.168.0.2
              Creates encrypted connections between the two IPs possible, with
              the  pre  shared  key  (PSK) testpw and 128bit rijndael-cbc. You
              have to execute this command on both computers (if you type this
              command  only on one computer, then it’s impossible to create an
              connection  between  the  two  computers).  NOTE:  with  only  2
              computers it’s not necessary to specify your own ip with -a.

       fakeroot grml-vpn -p -k testpw -b 128 add 1000 192.168.0.1 192.168.0.2
              Same  as  above, but also possible as user. Use -x instead of -p
              if you want a full  functional  shellscript  to  be  printed  to
              stdout.

       grml-vpn  -e  bl -b 255 -a 192.168.0.2 add 2000 192.168.0.1 192.168.0.2
       192.168.0.3
              Encrypted  connections  between  all  3  computers. This command
              should be executed on 192.168.0.2 (-a)  and  on  the  other  two
              computers   with   the   appropriate  -a  <IP>.  The  cipher  is
              blowfisch-cbc (no, -e bl is NO typo ;).

       grml-vpn -a 192.168.0.2 del 2000 192.168.0.1 192.168.0.2 192.168.0.3
              This command deletes the previous created encrypted  connections
              on  192.168.0.2 (after this command it’s impossible to send data
              to 192.168.0.{1,3} until you delete the vpn entrys on them  (no,
              even ssh does not work anymore). You should execute this command
              on all computers of  the  vpn  (with  the  appropriate  -a  <IP>
              option).  You  could  also use grml-crypt clear to clear all vpn
              settings.

SEE ALSO

       setkey(8)

AUTHOR

       grml-vpn was written by Michael Gebetsroither <michael.geb@gmx.at>.

       This manual page was written by Michael Gebetsroither  <gebi@grml.org>.

                                                                   GRML-VPN(8)