$NetBSD: patch-ae,v 1.2 2011/03/05 17:46:41 cegger Exp $ --- vpnc.8.template.orig 2008-11-19 20:36:12.000000000 +0000 +++ vpnc.8.template @@ -48,9 +48,9 @@ command line options .IP \(bu config file(s) specified on the command line .IP \(bu -/etc/vpnc/default.conf +@PKG_SYSCONFDIR@/vpnc/default.conf .IP \(bu -/etc/vpnc.conf +@PKG_SYSCONFDIR@/vpnc.conf .IP \(bu prompting the user if not found above @@ -63,9 +63,9 @@ place to set an option wins. configuration filenames which do not contain a / will be searched at -.B /etc/vpnc/ +.B @PKG_SYSCONFDIR@/vpnc/ and -.B /etc/vpnc/.conf. +.B @PKG_SYSCONFDIR@/vpnc/.conf. Otherwise .B and @@ -74,9 +74,9 @@ will be used. If no configuration file is specified on the command-line at all, both -.B /etc/vpnc/default.conf +.B @PKG_SYSCONFDIR@/vpnc/default.conf and -.B /etc/vpnc.conf +.B @PKG_SYSCONFDIR@/vpnc.conf will be loaded. .SH OPTIONS @@ -91,8 +91,8 @@ for security reasons) or be stored in a Prints your configuration; output can be used as vpnc.conf .SH FILES -.I /etc/vpnc.conf -.I /etc/vpnc/default.conf +.I @PKG_SYSCONFDIR@/vpnc.conf +.I @PKG_SYSCONFDIR@/vpnc/default.conf .RS The default configuration file. You can specify the same config directives as with command line options and additionaly @@ -110,7 +110,7 @@ See for further details. .RE -.I /etc/vpnc/*.conf +.I @PKG_SYSCONFDIR@/vpnc/*.conf .RS vpnc will read configuration files in this directory when the config filename (with or without .conf) is specified on the command line. @@ -149,11 +149,11 @@ IKE Authmode hybrid .P .P -CA-Dir /etc/vpnc +CA-Dir @PKG_SYSCONFDIR@/vpnc .P \fBor\fR .P -CA-File /etc/vpnc/vpn-example-com.pem +CA-File @PKG_SYSCONFDIR@/vpnc/vpn-example-com.pem .P .P @@ -176,7 +176,7 @@ named something like 722d15bd.X, where X make sure that files with colliding hashes have different names. The number can be derived from the certificate file itself: .P -openssl x509 -subject_hash -noout -in /etc/vpnc/vpn-example-com.pem +openssl x509 -subject_hash -noout -in @PKG_SYSCONFDIR@/vpnc/vpn-example-com.pem See also the .B \-\-print\-config @@ -187,6 +187,40 @@ Advanced features like manual setting of disabling /etc/resolv.conf rewriting is documented in the README of the vpnc package. +.SH ADVANCED USAGE +The vpnc-connect script shipped with this package some additional +features: +.IP "Custom route setting" +By default, the default route is deleted after connection and replaced +with the new one (going trough the VPN tunnel device). However, some +people wish to limit the target address range to few IP ranges. +This can be done using the config directive +.B Target networks +in the config file. For example: +.RS +.PD 0 +Target networks 123.234.210.0/24 10.1.0.0/16 +.PD +.RE +.IP "Multiple config profiles management" +You can have multiple config files and select one on connection by +specifying a short profile name instead of a config file path. In this +case, the file +.I @PKG_SYSCONFDIR@/vpnc/PROFILE.conf +is used as config file (where PROFILE is the short profile name). +.IP "/etc/resolv.conf update" +If the package +.B resolvconf +is installed and the VPN gateway sends some DNS server data, the +script will use resolution to integrate the received data into +.I /etc/resolv.conf. +To disable this behaviour, set the config directive +.I DNSUpdate +to the +.I "no" +value. + + .SH TODO .PD 0 Certificate support (Pre-Shared-Key + XAUTH is known to be insecure).