1 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
\r
2 "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
\r
3 <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
\r
5 <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
\r
6 <meta name="generator" content="AsciiDoc 7.1.2" />
\r
7 <style type="text/css">
\r
9 p, li, dt, dd, div, pre, h1, h2, h3, h4, h5, h6 {
\r
11 border: 1px solid red;
\r
16 margin: 1em 5% 1em 5%;
\r
21 text-decoration: underline;
\r
39 h1, h2, h3, h4, h5, h6 {
\r
41 font-family: sans-serif;
\r
43 margin-bottom: 0.5em;
\r
48 border-bottom: 2px solid silver;
\r
51 border-bottom: 2px solid silver;
\r
61 border: 1px solid silver;
\r
66 margin-bottom: 0.5em;
\r
76 font-family: sans-serif;
\r
83 font-family: sans-serif;
\r
87 font-family: sans-serif;
\r
89 border-top: 2px solid silver;
\r
95 padding-bottom: 0.5em;
\r
99 padding-bottom: 0.5em;
\r
103 div.tableblock, div.imageblock, div.exampleblock, div.verseblock,
\r
104 div.quoteblock, div.literalblock, div.listingblock, div.sidebarblock,
\r
105 div.admonitionblock {
\r
108 margin-bottom: 1.5em;
\r
110 div.admonitionblock {
\r
112 margin-bottom: 2.5em;
\r
115 div.content { /* Block element content. */
\r
119 /* Block element titles. */
\r
120 div.title, caption.title {
\r
121 font-family: sans-serif;
\r
125 margin-bottom: 0.5em;
\r
131 td div.title:first-child {
\r
134 div.content div.title:first-child {
\r
137 div.content + div.title {
\r
141 div.sidebarblock > div.content {
\r
142 background: #ffffee;
\r
143 border: 1px solid silver;
\r
147 div.listingblock > div.content {
\r
148 border: 1px solid silver;
\r
149 background: #f4f4f4;
\r
153 div.quoteblock > div.content {
\r
154 padding-left: 2.0em;
\r
160 div.verseblock + div.attribution {
\r
164 div.admonitionblock .icon {
\r
165 vertical-align: top;
\r
168 text-decoration: underline;
\r
170 padding-right: 0.5em;
\r
172 div.admonitionblock td.content {
\r
173 padding-left: 0.5em;
\r
174 border-left: 2px solid silver;
\r
177 div.exampleblock > div.content {
\r
178 border-left: 2px solid silver;
\r
182 div.verseblock div.content {
\r
186 div.imageblock div.content { padding-left: 0; }
\r
187 div.imageblock img { border: 1px solid silver; }
\r
188 span.image img { border-style: none; }
\r
192 margin-bottom: 0.8em;
\r
197 font-style: italic;
\r
199 dd > *:first-child {
\r
204 list-style-position: outside;
\r
207 list-style-type: lower-alpha;
\r
210 div.tableblock > table {
\r
211 border: 3px solid #527bbd;
\r
214 font-family: sans-serif;
\r
223 margin-bottom: 0.8em;
\r
226 vertical-align: top;
\r
227 font-style: italic;
\r
228 padding-right: 0.8em;
\r
231 vertical-align: top;
\r
235 div#footer-badges { display: none; }
\r
237 /* Workarounds for IE6's broken and incomplete CSS2. */
\r
239 div.sidebar-content {
\r
240 background: #ffffee;
\r
241 border: 1px solid silver;
\r
244 div.sidebar-title, div.image-title {
\r
245 font-family: sans-serif;
\r
248 margin-bottom: 0.5em;
\r
251 div.listingblock div.content {
\r
252 border: 1px solid silver;
\r
253 background: #f4f4f4;
\r
257 div.quoteblock-content {
\r
258 padding-left: 2.0em;
\r
261 div.exampleblock-content {
\r
262 border-left: 2px solid silver;
\r
263 padding-left: 0.5em;
\r
266 <title>GRML-VPN(8)</title>
\r
270 <h1>GRML-VPN(8)</h1>
\r
271 <span id="author">Michael Gebetsroither</span><br />
\r
272 <span id="email"><tt><<a href="mailto:michael.geb@gmx.at">michael.geb@gmx.at</a>></tt></span><br />
\r
275 <div class="sectionbody">
\r
276 <p>grml-vpn - program to establish encrypted communication channels in a network</p>
\r
279 <div class="sectionbody">
\r
280 <p><strong>grml-vpn</strong> [OPTIONS] <em><ACTION></em> <em><SPI></em> [IPs]</p>
\r
282 <h2>DESCRIPTION</h2>
\r
283 <div class="sectionbody">
\r
284 <p><strong>grml-vpn</strong> is a program that
\r
285 provides an easy wrapper around ipsec and setkey (without any ike daemon).
\r
286 With this program you can create a vpn based uppon ipsec to any number of computers.
\r
287 It's intended purpose is for example for wlan sessions to create an encrypted network between all computers on the wlan.
\r
288 It is also possible to create a standalone shellscript which only needs the setkey command to setup the vpn (using the -x option).</p>
\r
291 <div class="sectionbody">
\r
294 <strong>add</strong>
\r
302 <strong>del</strong>
\r
306 Delete an specific ipsec entry
\r
310 <strong>clear</strong>
\r
314 Delete all ipsec entries (attention, really deletes _all_ entrys, even from other setkey commands and isakmpd).
\r
318 <strong>show</strong>
\r
322 Show all infos about ipsec entrys.
\r
326 <strong>info</strong>
\r
330 Give infos about ciphers and there allowed keysizes.
\r
334 <strong>help</strong>
\r
338 Show the help message.
\r
344 <div class="sectionbody">
\r
347 <strong>-h, help</strong>
\r
351 Show summary of options.
\r
355 <strong>-v</strong>
\r
359 Show what is going on (more v => more out).
\r
363 <strong>-a <IP></strong>
\r
367 Your IP (currently necessary for vpns with more than 2 computers given in file or on stdin). If IPs are given on commandline, the script tries hard to guess your IP.
\r
371 <strong>-e <ciphername> (default=rijndael-cbc, better known as AES)</strong>
\r
375 Cipher name. Will be matched against ciphers available for ipsec (all ciphers not only the available ciphers on your box).
\r
376 eg. "-e two" will match twofish-cbc. If more then one ciphers matches your regexp than the matches are printed and grml-vpn aborts.
\r
380 <strong>-b <keysize> (default=256 bit)</strong>
\r
384 Keysize used for your encryption.
\r
388 <strong>-k <key></strong>
\r
392 Your key/password for the vpn (will be hashed).
\r
396 <strong>-K <raw-key></strong>
\r
400 Set raw key (you determine the keysize, not -b).
\r
404 <strong>-f <input-file></strong>
\r
408 Read IPs for encrypted connections from file (same as from stdin).
\r
412 <strong>-c</strong>
\r
416 Read IPs from stdin (setkey commands are not written until _all_ IPs are read from stdin).
\r
420 <strong>-p</strong>
\r
424 Only print the setkey commands (eg. grml-vpn -p … |setkey -c).
\r
425 USE THIS if you create a vpn with many computers, because this is a bit faster).
\r
429 <strong>-x</strong>
\r
433 Print a standalone shellscript which only needs setkey to setup the vpn.
\r
439 <div class="sectionbody">
\r
442 <strong>grml-vpn -k testpw -b 128 add 1000 192.168.0.1 192.168.0.2</strong>
\r
446 Creates encrypted connections between the two IPs possible, with the pre shared key (PSK) testpw and 128bit rijndael-cbc. You have to execute this command on both computers (if you type this command only on one computer, then it's impossible to create an connection between the two computers).
\r
447 NOTE: with only 2 computers it's not necessary to specify your own ip with -a.
\r
451 <strong>fakeroot grml-vpn -p -k testpw -b 128 add 1000 192.168.0.1 192.168.0.2</strong>
\r
455 Same as above, but also possible as user.
\r
456 Use -x instead of -p if you want a full functional shellscript to be printed to stdout.
\r
460 <strong>grml-vpn -e bl -b 255 -a 192.168.0.2 add 2000 192.168.0.1 192.168.0.2 192.168.0.3</strong>
\r
464 Encrypted connections between all 3 computers. This command should be executed on 192.168.0.2 (-a) and on the other two computers with the appropriate -a <IP>.
\r
465 The cipher is blowfisch-cbc (no, -e bl is NO typo ;).
\r
469 <strong>grml-vpn -a 192.168.0.2 del 2000 192.168.0.1 192.168.0.2 192.168.0.3</strong>
\r
473 This command deletes the previous created encrypted connections on 192.168.0.2 (after this command it's impossible to send data to 192.168.0.{1,3} until you delete the vpn entrys on them (no, even ssh does not work anymore).
\r
474 You should execute this command on all computers of the vpn (with the appropriate -a <IP> option). You could also use grml-crypt clear to clear all vpn settings.
\r
480 <div class="sectionbody">
\r
484 <div class="sectionbody">
\r
485 <p>grml-vpn was written by Michael Gebetsroither <michael.geb@gmx.at>.</p>
\r
486 <p>This manual page was written by Michael Gebetsroither <gebi@grml.org>.</p>
\r
489 <div id="footer-text">
\r
490 Last updated 16-Sep-2007 02:51:42 CEST
\r