table of contents
| OPENFORTIVPN(1) | General Commands Manual | OPENFORTIVPN(1) |
NAME¶
openfortivpn - Client for PPP+SSL VPN tunnel services
SYNOPSIS¶
openfortivpn [<host>:<port>]
[-u <user>] [-p <pass>]
[--no-routes] [--no-dns]
[--trusted-cert=<digest>]
[--pppd-log=<file>]
[--pppd-plugin=<file>] [-c <file>]
[-v|-q]
openfortivpn --help
openfortivpn --version
DESCRIPTION¶
openfortivpn connects to a VPN by setting up a tunnel to the gateway at <host>:<port>.
OPTIONS¶
- --help
- Show this help message and exit.
- --version
- Show version and exit.
- -c <file>, --config=<file>
- Specify a custom config file (default: /etc/openfortivpn/config).
- -u <user>, --username=<user>
- VPN account username.
- -p <pass>, --password=<pass>
- VPN account password.
- --realm=<realm>
- Connect to the specified authentication realm. Defaults to empty, which is usually what you want.
- --no-routes
- Do not try to configure IP routes through the VPN when tunnel is up.
- --no-dns
- Do not add VPN nameservers in /etc/resolv.conf when tunnel is up.
- --ca-file=<file>
- Use specified PEM-encoded certificate bundle instead of system-wide store to verify the gateway certificate.
- --user-cert=<file>
- Use specified PEM-encoded certificate if the server requires authentication with a certificate.
- --user-key=<file>
- Use specified PEM-encoded key if the server requires authentication with a certificate.
- --trusted-cert=<digest>
- Trust a given gateway. If classical SSL certificate validation fails, the gateway certificate will be matched against this value. <digest> is the X509 certificate's sha256 sum. This option can be used multiple times to trust several certificates.
- --pppd-log=<file>
- Set pppd in debug mode and save its logs into <file>.
- --pppd-plugin=<file>
- Use specified pppd plugin instead of configuring the resolver and routes directly.
- -v
- Increase verbosity. Can be used multiple times to be even more verbose.
- -q
- Decrease verbosity. Can be used multiple times to be even less verbose.
CONFIG FILE¶
Options can be taken from a configuration file. Options passed in the command line will override those from the config file, though. The default config file is /etc/openfortivpn/config, but this can be set using the -c option.
- A config file looks like:
- # this is a comment
host = vpn-gateway
port = 8443
username = foo
password = bar
trusted-cert = certificatedigest4daa8c5fe6c...
trusted-cert = othercertificatedigest6631bf...
set-dns = 1
set-routes = 1
| January 26, 2015 |