bionic (5) connman-vpn-provider.config.5.gz

Provided by: connman_1.35-6_amd64 bug

NAME

       connection_name.config - ConnMan vpn connection provisioning file

SYNOPSIS

       /var/lib/connman-vpn/connection-name.config

DESCRIPTION

       ConnMan's  vpn  connections  are  configured  with  so  called  "provisioning  files"  which reside under
       /var/lib/connman-vpn/.  The files can be named anything, as long as they  contain  only  printable  ascii
       characters,  for  example  letters,  numbers  and  underscores.  The file must end with .config. Each VPN
       connection requires a provisioning file, but multiple connections can be specified in the same file.

FILE FORMAT

       The configuration file format is key file format.  It consists of sections (groups) of  key-value  pairs.
       Lines  beginning  with  a  '#' and blank lines are considered comments.  Sections are started by a header
       line containing the section enclosed in '[' and ']', and ended  implicitly  by  the  start  of  the  next
       section or the end of the file. Each key-value pair must be contained in a section.

       Description of sections and available keys follows:

   [global]
       This  section  is  optional, and can be used to describe the actual file. The two allowed fields for this
       section are:

       Name=name
              Name of the network.

       Description=description
              Description of the network.

   [provider_*]
       Each provisioned connection must start with a [provider_*] tag, with * replaced by an unique name  within
       the file.  The following fields are mandatory:

       Type=OpenConnect | OpenVPN | VPNC | L2TP | PPTP
              Specifies the VPN type.

       Host=IP
              VPN server IP address.

       Domain=domain
              Domain name for the VPN service.

       The following field is optional:

       Networks=network/netmask/gateway[,...]
              Networks behind the VPN. If all traffic should go through the VPN, this field can be left out. The
              gateway can be left out. For IPv6 addresses, only the prefix length is accepted as the netmask.

   OpenConnect
       The following keys can be used for openconnect(8) networks:

       OpenConnect.ServerCert=cert
              SHA1 fingerprint of the VPN server's certificate.

       OpenConnect.CACert=cert
              File containing  additional  CA  certificates  in  addition  to  the  system  trusted  certificate
              authorities.

       OpenConnect.ClientCert=cert
              Client certificate, if needed by web authentication.

       OpenConnect.MTU=mtu
              Request mtu from the server as the MTU of the tunnel.

       OpenConnect.Cookie=cookie
              The resulting cookie of the authentication process. As the cookie lifetime can be very limited, it
              does not usually make sense to add it into the configuration file.

       OpenConnect.VPNHost=host
              The final VPN server to use after completing the web authentication.  Only  usable  for  extremely
              simple VPN configurations and should normally be set only via the VPN Agent API.

       If  OpenConnect.Cookie,  OpenConnect.VPNHost or OpenConnect.ServerCert are missing, the VPN Agent will be
       contacted to supply the information.

   OpenVPN
       The following keys are mandatory for openvpn(8) networks:

       OpenVPN.CACert=cert
              Certificate authority file.

       OpenVPN.Cert=cert
              Local peer's signed certificate.

       OpenVPN.Cert=cert
              Local peer's signed certificate.

       OpenVPN.Key=key
              Local peer's private key.

       The following keys are optional for openvpn(8) networks:

       OpenVPN.MTU=mtu
              MTU of the tunnel.

       OpenVPN.NSCertType=client | server
              Peer certificate type, either client or server.

       OpenVPN.Protocol=protocol
              Use protocol.

       OpenVPN.Port=port
              TCP/UDP port number.

       OpenVPN.AuthUserPass=true | false
              Authenticate on the server using username/password.

       OpenVPN.AskPass=file
              Get certificate password from file.

       OpenVPN.AuthNoCache=true | false
              Don't cache AskPass or AuthUserPass value.

       OpenVPN.TLSRemote=name
              Accept connections only from a host with X509 name or common name equal to name.

       OpenVPN.TLSAuth=file
              Use file for HMAC authentication.

       OpenVPN.TLSAuthDir=direction
              Use direction for HMAC authentication direction.

       OpenVPN.Cipher=cipher
              Use cipher as the cipher.

       OpenVPN.Auth=true | false
              Use HMAC authentication.

       OpenVPN.CompLZO=yes | no | adaptive
              Use fast LZO compression.

       OpenVPN.RemoteCertTls=client | server
              Require that remote certificate is signed based on RFC3280 TLS rules.

       OpenVPN.ConfigFile=file
              OpenVPN config file for extra options not supported by the OpenVPN plugin.

       OpenVPN.DeviceType=tun|tap
              Whether the VPN should use a tun (OSI layer 3) or tap (OSI layer 2) device.  Defaults  to  tun  if
              omitted.

   VPNC
       The following key is mandatory for vpnc(8) networks:

       VPNC.IPSec.ID=id
              Group username.

       The following keys are optional for vpnc(8) networks:

       VPNC.IPSec.Secret=secret
              Group password.

       VPNC.XAuth.Username=username
              Username.

       VPNC.XAuth.Password=password
              Password.

       VPNC.IKE.Authmode=mode
              IKE authentication mode.

       VPNC.IKE.DHGroup=group
              IKE DH group name.

       VPNC.PFS=group
              Diffie-Hellman group for perfect forward secrecy.

       VPNC.Domain=domain
              Domain name for authentication.

       VPNC.Vendor=vendor
              Vendor of the IPSec gateway.

       VPNC.LocalPort=port
              Local ISAKMP port number to use.

       VPNC.CiscoPort=port
              Cisco UDP Encapsulation Port.

       VPNC.AppVersion=version
              Application version to report.

       VPNC.NATTMode=mode
              NAT-Traversal Method to use.

       VPNC.DPDTimeout=timeout
              DPD idle timeout.

       VPNC.SingleDES=true | false
              Enable single DES encryption.

       VPNC.NoEncryption=true | false
              Enable usage of no encryption for data traffic.

       VPNC.DeviceType=tun|tap
              Whether  the  VPN  should use a tun (OSI layer 3) or tap (OSI layer 2) device.  Defaults to tun if
              omitted.

   L2TP
       The following keys are optional for l2tp (xl2tp.conf(5), pppd(8)) networks:

       L2TP.User=user
              L2TP username.

       L2TP.Password=password
              L2TP password.

       L2TP.BPS=bps
              Max bandwidth to use.

       L2TP.TXBPS=bps
              Max transmit bandwidth to use.

       L2TP.RXBPS=bps
              Max receive bandwidth to use.

       L2TP.LengthBit=yes | no
              Use length bit.

       L2TP.Challenge=yes | no
              Use challenge authentication.

       L2TP.DefaultRoute=route
              Add route to the routing tables.

       L2TP.FlowBit=yes | no
              Use seq numbers.

       L2TP.TunnelRWS=size
              Window size.

       L2TP.Exclusive=yes | no
              Use only one control channel.

       L2TP.Redial=yes | no
              Redial if disconnected.

       L2TP.RedialTimeout=timeout
              Redial timeout.

       L2TP.MaxRedials=count
              Maximum amount of redial tries.

       L2TP.RequirePAP=yes | no
              Require PAP.

       L2TP.RequireCHAP=yes | no
              Require CHAP.

       L2TP.ReqAuth=yes | no
              Require authentication.

       L2TP.AccessControl=yes | no
              Use access control.

       L2TP.AuthFile=file
              Authentication file location.

       L2TP.ListenAddr=address
              Listen address.

       L2TP.IPSecSaref=yes | no
              Listen address.

       L2TP.Port=port
              UDP port used.

       PPPD.EchoFailure=count
              Echo failure count.

       PPPD.EchoFailure=count
              Dead peer check count.

       PPPD.EchoInterval=interval
              Dead peer check interval.

       PPPD.Debug=level
              Debug level.

       PPPD.RefuseEAP=true | false
              Refuse EAP authentication.

       PPPD.RefusePAP=true | false
              Refuse PAP authentication.

       PPPD.RefuseCHAP=true | false
              Refuse CHAP authentication.

       PPPD.RefuseMSCHAP=true | false
              Refuse MSCHAP authentication.

       PPPD.RefuseMSCHAP2=true | false
              Refuse MSCHAPv2 authentication.

       PPPD.NoBSDComp=true | false
              Disable BSD compression.

       PPPD.NoPcomp=true | false
              Disable protocol compression.

       PPPD.UseAccomp=true | false
              Disable Access/Control compression.

       PPPD.NoDeflate=true | false
              Disable deflate compression.

       PPPD.ReqMPPE=true | false
              Require the use of MPPE.

       PPPD.ReqMPPE40=true | false
              Require the use of MPPE 40 bit.

       PPPD.ReqMPPE128=true | false
              Require the use of MPPE 128 bit.

       PPPD.ReqMPPEStateful=true | false
              Allow MPPE to use stateful mode.

       PPPD.NoVJ=true | false
              No Van Jacobson compression.

   PPTP
       The following keys are optional for pptp(8) (see also pppd(8)) networks:

       PPTP.User=username
              Username.

       PPTP.Password=password
              Password.

       PPPD.EchoFailure=count
              Echo failure count.

       PPPD.EchoFailure=count
              Dead peer check count.

       PPPD.EchoInterval=interval
              Dead peer check interval.

       PPPD.Debug=level
              Debug level.

       PPPD.RefuseEAP=true | false
              Refuse EAP authentication.

       PPPD.RefusePAP=true | false
              Refuse PAP authentication.

       PPPD.RefuseCHAP=true | false
              Refuse CHAP authentication.

       PPPD.RefuseMSCHAP=true | false
              Refuse MSCHAP authentication.

       PPPD.RefuseMSCHAP2=true | false
              Refuse MSCHAPv2 authentication.

       PPPD.NoBSDComp=true | false
              Disable BSD compression.

       PPPD.NoPcomp=true | false
              Disable protocol compression.

       PPPD.UseAccomp=true | false
              Disable Access/Control compression.

       PPPD.NoDeflate=true | false
              Disable deflate compression.

       PPPD.ReqMPPE=true | false
              Require the use of MPPE.

       PPPD.ReqMPPE40=true | false
              Require the use of MPPE 40 bit.

       PPPD.ReqMPPE128=true | false
              Require the use of MPPE 128 bit.

       PPPD.ReqMPPEStateful=true | false
              Allow MPPE to use stateful mode.

       PPPD.NoVJ=true | false
              No Van Jacobson compression.

EXAMPLE

       This is a configuration file for a VPN providing L2TP, OpenVPN and OpenConnect services.  It  could,  for
       example, be in the file /var/lib/connman-vpn/example.config.

       [global]
       Name = Example
       Description = Example VPN configuration

       [provider_l2tp]
       Type = L2TP
       Name = Connection to corporate network
       Host = 1.2.3.4
       Domain = corporate.com
       Networks = 10.10.30.0/24
       L2TP.User = username

       [provider_openconnect]
       Type = OpenConnect
       Name = Connection to corporate network using Cisco VPN
       Host = 7.6.5.4
       Domain = corporate.com
       Networks = 10.10.20.0/255.255.255.0/10.20.1.5,192.168.99.1/24,2001:db8::1/64
       OpenConnect.ServerCert = 263AFAB4CB2E6621D12E90182008AEF44AEFA031
       OpenConnect.CACert = /etc/certs/certificate.p12

       [provider_openvpn]
       Type = OpenVPN
       Name = Connection to corporate network using OpenVPN
       Host = 3.2.5.6
       Domain = my.home.network
       OpenVPN.CACert = /etc/certs/cacert.pem
       OpenVPN.Cert = /etc/certs/cert.pem
       OpenVPN.Key = /etc/certs/cert.key

SEE ALSO

       connmanctl(1), connman(8), connman-vpn(8)

                                                   2015-10-15                          connection_name.config(5)