1 The vpnc client expects to be configured using the uci interface.
3 To setup a VPN connection, add the following to /etc/config/network:
5 config interface 'MYVPN'
8 option server 'vpn.example.com'
10 option password 'secret' # or:
11 option hexpasswd 'AE7FF6A0426F0A0CD0A02EB9EC3C5066FAEB0B25'
12 option authgroup 'DEFAULT'
13 option passgroup 'groupsecret' # or:
14 option hexpassgroup '52B0BEAF6605C3CE9BE20A0DC0A0F6240A6FF7EA'
15 option domain 'WORKGROUP'
16 option vendor 'cisco' # or 'netscreen'
17 option natt_mode 'natt' # or 'none' or 'force-natt' or 'cisco-udp'
18 option dh_group 'dh2' # or 'dh1' or 'dh5'
19 option pfs 'server' # or 'nopfs' or 'dh1' or 'dh2' or 'dh5'
20 option enable_single_des '0'
21 option enable_no_enc '0' # '1' to enable unencrypted VPN
23 option local_addr '0.0.0.0'
24 option local_port '500' # '0' to use a random port
25 option udp_port '10000' # '0' to use a random port
27 option auth_mode 'psk' # or 'hybrid'
28 option target_network '0.0.0.0/0.0.0.0' # network/netmask or CIDR
30 The additional file(s) are also used:
31 /etc/vpnc/ca-vpn-MYVPN.pem: The server's CA certificate (for auth_mode 'hybrid')
33 After these are setup you can initiate the VPN using "ifup MYVPN", and
34 deinitialize it using ifdown. You may also use the luci web interface
35 (Network -> Interfaces -> MYVPN Connect).
37 Note that you need to configure the firewall to allow communication between
38 the MYVPN interface and lan.
40 If you install this package via opkg, there are reports that you must reboot
41 before it can be used.