Provided by: connman_1.35-6_amd64 bug

NAME

       connection_name.config - ConnMan vpn connection provisioning file

SYNOPSIS

       /var/lib/connman-vpn/connection-name.config

DESCRIPTION

       ConnMan's  vpn connections are configured with so called "provisioning files" which reside
       under /var/lib/connman-vpn/.  The files can be named anything, as  long  as  they  contain
       only  printable  ascii  characters, for example letters, numbers and underscores. The file
       must end with .config. Each VPN connection requires  a  provisioning  file,  but  multiple
       connections can be specified in the same file.

FILE FORMAT

       The  configuration  file  format  is key file format.  It consists of sections (groups) of
       key-value pairs.  Lines beginning with a '#' and  blank  lines  are  considered  comments.
       Sections  are started by a header line containing the section enclosed in '[' and ']', and
       ended implicitly by the start of the next section or the end of the file.  Each  key-value
       pair must be contained in a section.

       Description of sections and available keys follows:

   [global]
       This  section  is  optional,  and can be used to describe the actual file. The two allowed
       fields for this section are:

       Name=name
              Name of the network.

       Description=description
              Description of the network.

   [provider_*]
       Each provisioned connection must start with a [provider_*] tag,  with  *  replaced  by  an
       unique name within the file.  The following fields are mandatory:

       Type=OpenConnect | OpenVPN | VPNC | L2TP | PPTP
              Specifies the VPN type.

       Host=IP
              VPN server IP address.

       Domain=domain
              Domain name for the VPN service.

       The following field is optional:

       Networks=network/netmask/gateway[,...]
              Networks  behind  the VPN. If all traffic should go through the VPN, this field can
              be left out. The gateway can be left out.  For  IPv6  addresses,  only  the  prefix
              length is accepted as the netmask.

   OpenConnect
       The following keys can be used for openconnect(8) networks:

       OpenConnect.ServerCert=cert
              SHA1 fingerprint of the VPN server's certificate.

       OpenConnect.CACert=cert
              File  containing  additional  CA  certificates  in  addition  to the system trusted
              certificate authorities.

       OpenConnect.ClientCert=cert
              Client certificate, if needed by web authentication.

       OpenConnect.MTU=mtu
              Request mtu from the server as the MTU of the tunnel.

       OpenConnect.Cookie=cookie
              The resulting cookie of the authentication process. As the cookie lifetime  can  be
              very limited, it does not usually make sense to add it into the configuration file.

       OpenConnect.VPNHost=host
              The  final  VPN  server to use after completing the web authentication. Only usable
              for extremely simple VPN configurations and should normally be set only via the VPN
              Agent API.

       If  OpenConnect.Cookie, OpenConnect.VPNHost or OpenConnect.ServerCert are missing, the VPN
       Agent will be contacted to supply the information.

   OpenVPN
       The following keys are mandatory for openvpn(8) networks:

       OpenVPN.CACert=cert
              Certificate authority file.

       OpenVPN.Cert=cert
              Local peer's signed certificate.

       OpenVPN.Cert=cert
              Local peer's signed certificate.

       OpenVPN.Key=key
              Local peer's private key.

       The following keys are optional for openvpn(8) networks:

       OpenVPN.MTU=mtu
              MTU of the tunnel.

       OpenVPN.NSCertType=client | server
              Peer certificate type, either client or server.

       OpenVPN.Protocol=protocol
              Use protocol.

       OpenVPN.Port=port
              TCP/UDP port number.

       OpenVPN.AuthUserPass=true | false
              Authenticate on the server using username/password.

       OpenVPN.AskPass=file
              Get certificate password from file.

       OpenVPN.AuthNoCache=true | false
              Don't cache AskPass or AuthUserPass value.

       OpenVPN.TLSRemote=name
              Accept connections only from a host with X509 name or common name equal to name.

       OpenVPN.TLSAuth=file
              Use file for HMAC authentication.

       OpenVPN.TLSAuthDir=direction
              Use direction for HMAC authentication direction.

       OpenVPN.Cipher=cipher
              Use cipher as the cipher.

       OpenVPN.Auth=true | false
              Use HMAC authentication.

       OpenVPN.CompLZO=yes | no | adaptive
              Use fast LZO compression.

       OpenVPN.RemoteCertTls=client | server
              Require that remote certificate is signed based on RFC3280 TLS rules.

       OpenVPN.ConfigFile=file
              OpenVPN config file for extra options not supported by the OpenVPN plugin.

       OpenVPN.DeviceType=tun|tap
              Whether the VPN should use a tun (OSI  layer  3)  or  tap  (OSI  layer  2)  device.
              Defaults to tun if omitted.

   VPNC
       The following key is mandatory for vpnc(8) networks:

       VPNC.IPSec.ID=id
              Group username.

       The following keys are optional for vpnc(8) networks:

       VPNC.IPSec.Secret=secret
              Group password.

       VPNC.XAuth.Username=username
              Username.

       VPNC.XAuth.Password=password
              Password.

       VPNC.IKE.Authmode=mode
              IKE authentication mode.

       VPNC.IKE.DHGroup=group
              IKE DH group name.

       VPNC.PFS=group
              Diffie-Hellman group for perfect forward secrecy.

       VPNC.Domain=domain
              Domain name for authentication.

       VPNC.Vendor=vendor
              Vendor of the IPSec gateway.

       VPNC.LocalPort=port
              Local ISAKMP port number to use.

       VPNC.CiscoPort=port
              Cisco UDP Encapsulation Port.

       VPNC.AppVersion=version
              Application version to report.

       VPNC.NATTMode=mode
              NAT-Traversal Method to use.

       VPNC.DPDTimeout=timeout
              DPD idle timeout.

       VPNC.SingleDES=true | false
              Enable single DES encryption.

       VPNC.NoEncryption=true | false
              Enable usage of no encryption for data traffic.

       VPNC.DeviceType=tun|tap
              Whether  the  VPN  should  use  a  tun  (OSI  layer 3) or tap (OSI layer 2) device.
              Defaults to tun if omitted.

   L2TP
       The following keys are optional for l2tp (xl2tp.conf(5), pppd(8)) networks:

       L2TP.User=user
              L2TP username.

       L2TP.Password=password
              L2TP password.

       L2TP.BPS=bps
              Max bandwidth to use.

       L2TP.TXBPS=bps
              Max transmit bandwidth to use.

       L2TP.RXBPS=bps
              Max receive bandwidth to use.

       L2TP.LengthBit=yes | no
              Use length bit.

       L2TP.Challenge=yes | no
              Use challenge authentication.

       L2TP.DefaultRoute=route
              Add route to the routing tables.

       L2TP.FlowBit=yes | no
              Use seq numbers.

       L2TP.TunnelRWS=size
              Window size.

       L2TP.Exclusive=yes | no
              Use only one control channel.

       L2TP.Redial=yes | no
              Redial if disconnected.

       L2TP.RedialTimeout=timeout
              Redial timeout.

       L2TP.MaxRedials=count
              Maximum amount of redial tries.

       L2TP.RequirePAP=yes | no
              Require PAP.

       L2TP.RequireCHAP=yes | no
              Require CHAP.

       L2TP.ReqAuth=yes | no
              Require authentication.

       L2TP.AccessControl=yes | no
              Use access control.

       L2TP.AuthFile=file
              Authentication file location.

       L2TP.ListenAddr=address
              Listen address.

       L2TP.IPSecSaref=yes | no
              Listen address.

       L2TP.Port=port
              UDP port used.

       PPPD.EchoFailure=count
              Echo failure count.

       PPPD.EchoFailure=count
              Dead peer check count.

       PPPD.EchoInterval=interval
              Dead peer check interval.

       PPPD.Debug=level
              Debug level.

       PPPD.RefuseEAP=true | false
              Refuse EAP authentication.

       PPPD.RefusePAP=true | false
              Refuse PAP authentication.

       PPPD.RefuseCHAP=true | false
              Refuse CHAP authentication.

       PPPD.RefuseMSCHAP=true | false
              Refuse MSCHAP authentication.

       PPPD.RefuseMSCHAP2=true | false
              Refuse MSCHAPv2 authentication.

       PPPD.NoBSDComp=true | false
              Disable BSD compression.

       PPPD.NoPcomp=true | false
              Disable protocol compression.

       PPPD.UseAccomp=true | false
              Disable Access/Control compression.

       PPPD.NoDeflate=true | false
              Disable deflate compression.

       PPPD.ReqMPPE=true | false
              Require the use of MPPE.

       PPPD.ReqMPPE40=true | false
              Require the use of MPPE 40 bit.

       PPPD.ReqMPPE128=true | false
              Require the use of MPPE 128 bit.

       PPPD.ReqMPPEStateful=true | false
              Allow MPPE to use stateful mode.

       PPPD.NoVJ=true | false
              No Van Jacobson compression.

   PPTP
       The following keys are optional for pptp(8) (see also pppd(8)) networks:

       PPTP.User=username
              Username.

       PPTP.Password=password
              Password.

       PPPD.EchoFailure=count
              Echo failure count.

       PPPD.EchoFailure=count
              Dead peer check count.

       PPPD.EchoInterval=interval
              Dead peer check interval.

       PPPD.Debug=level
              Debug level.

       PPPD.RefuseEAP=true | false
              Refuse EAP authentication.

       PPPD.RefusePAP=true | false
              Refuse PAP authentication.

       PPPD.RefuseCHAP=true | false
              Refuse CHAP authentication.

       PPPD.RefuseMSCHAP=true | false
              Refuse MSCHAP authentication.

       PPPD.RefuseMSCHAP2=true | false
              Refuse MSCHAPv2 authentication.

       PPPD.NoBSDComp=true | false
              Disable BSD compression.

       PPPD.NoPcomp=true | false
              Disable protocol compression.

       PPPD.UseAccomp=true | false
              Disable Access/Control compression.

       PPPD.NoDeflate=true | false
              Disable deflate compression.

       PPPD.ReqMPPE=true | false
              Require the use of MPPE.

       PPPD.ReqMPPE40=true | false
              Require the use of MPPE 40 bit.

       PPPD.ReqMPPE128=true | false
              Require the use of MPPE 128 bit.

       PPPD.ReqMPPEStateful=true | false
              Allow MPPE to use stateful mode.

       PPPD.NoVJ=true | false
              No Van Jacobson compression.

EXAMPLE

       This is a configuration file for a VPN providing L2TP, OpenVPN and  OpenConnect  services.
       It could, for example, be in the file /var/lib/connman-vpn/example.config.

       [global]
       Name = Example
       Description = Example VPN configuration

       [provider_l2tp]
       Type = L2TP
       Name = Connection to corporate network
       Host = 1.2.3.4
       Domain = corporate.com
       Networks = 10.10.30.0/24
       L2TP.User = username

       [provider_openconnect]
       Type = OpenConnect
       Name = Connection to corporate network using Cisco VPN
       Host = 7.6.5.4
       Domain = corporate.com
       Networks = 10.10.20.0/255.255.255.0/10.20.1.5,192.168.99.1/24,2001:db8::1/64
       OpenConnect.ServerCert = 263AFAB4CB2E6621D12E90182008AEF44AEFA031
       OpenConnect.CACert = /etc/certs/certificate.p12

       [provider_openvpn]
       Type = OpenVPN
       Name = Connection to corporate network using OpenVPN
       Host = 3.2.5.6
       Domain = my.home.network
       OpenVPN.CACert = /etc/certs/cacert.pem
       OpenVPN.Cert = /etc/certs/cert.pem
       OpenVPN.Key = /etc/certs/cert.key

SEE ALSO

       connmanctl(1), connman(8), connman-vpn(8)

                                            2015-10-15                  connection_name.config(5)