Provided by: grml-vpn_0.15_all bug


       grml-vpn  -  program to establish encrypted communication channels in a


       grml-vpn [OPTIONS] <ACTION> <SPI> [IPs]


       grml-vpn is a program that provides an easy wrapper  around  ipsec  and
       setkey (without any ike daemon). With this program you can create a vpn
       based uppon ipsec to any number of computers. It’s intended purpose  is
       for  example  for  wlan sessions to create an encrypted network between
       all computers on the wlan. It is also possible to create  a  standalone
       shellscript which only needs the setkey command to setup the vpn (using
       the -x option).


       add    Add an ipsec entry

       del    Delete an specific ipsec entry

       clear  Delete  all  ipsec  entries  (attention,  really  deletes  _all_
              entrys, even from other setkey commands and isakmpd).

       show   Show all infos about ipsec entrys.

       info   Give infos about ciphers and there allowed keysizes.

       help   Show the help message.


       -h, help
              Show summary of options.

       -v     Show what is going on (more v => more out).

       -a <IP>
              Your IP (currently necessary for vpns with more than 2 computers
              given in file or on stdin). If IPs are given on commandline, the
              script tries hard to guess your IP.

       -e <ciphername> (default=rijndael-cbc, better known as AES)
              Cipher name. Will be matched against ciphers available for ipsec
              (all ciphers not only the available ciphers on  your  box).  eg.
              "-e  two"  will  match  twofish-cbc.  If  more  then one ciphers
              matches your regexp than the matches are  printed  and  grml-vpn

       -b <keysize> (default=256 bit)
              Keysize used for your encryption.

       -k <key>
              Your key/password for the vpn (will be hashed).

       -K <raw-key>
              Set raw key (you determine the keysize, not -b).

       -f <input-file>
              Read  IPs  for  encrypted  connections  from  file (same as from

       -c     Read IPs from stdin (setkey commands are not written until _all_
              IPs are read from stdin).

       -p     Only print the setkey commands (eg. grml-vpn -p ... |setkey -c).
              USE THIS if you create a vpn with many computers,  because  this
              is a bit faster).

       -x     Print  a standalone shellscript which only needs setkey to setup
              the vpn.


       grml-vpn -k testpw -b 128 add 1000
              Creates encrypted connections between the two IPs possible, with
              the  pre  shared  key  (PSK) testpw and 128bit rijndael-cbc. You
              have to execute this command on both computers (if you type this
              command  only on one computer, then it’s impossible to create an
              connection  between  the  two  computers).  NOTE:  with  only  2
              computers it’s not necessary to specify your own ip with -a.

       fakeroot grml-vpn -p -k testpw -b 128 add 1000
              Same  as  above, but also possible as user. Use -x instead of -p
              if you want a full  functional  shellscript  to  be  printed  to

       grml-vpn  -e  bl -b 255 -a add 2000
              Encrypted  connections  between  all  3  computers. This command
              should be executed on (-a)  and  on  the  other  two
              computers   with   the   appropriate  -a  <IP>.  The  cipher  is
              blowfisch-cbc (no, -e bl is NO typo ;).

       grml-vpn -a del 2000
              This command deletes the previous created encrypted  connections
              on (after this command it’s impossible to send data
              to 192.168.0.{1,3} until you delete the vpn entrys on them  (no,
              even ssh does not work anymore). You should execute this command
              on all computers of  the  vpn  (with  the  appropriate  -a  <IP>
              option).  You  could  also use grml-crypt clear to clear all vpn




       grml-vpn was written by Michael Gebetsroither <>.

       This manual page was written by Michael Gebetsroither  <>.