The vpnc client expects to be configured using the uci interface.
To setup a VPN connection, add the following to /etc/config/network:
config interface 'MYVPN'
option proto 'vpnc'
option interface 'wan'
option server 'vpn.example.com'
option username 'test'
option password 'secret' # or:
option hexpasswd 'AE7FF6A0426F0A0CD0A02EB9EC3C5066FAEB0B25'
option authgroup 'DEFAULT'
option passgroup 'groupsecret' # or:
option hexpassgroup '52B0BEAF6605C3CE9BE20A0DC0A0F6240A6FF7EA'
option domain 'WORKGROUP'
option vendor 'cisco' # or 'netscreen'
option natt_mode 'natt' # or 'none' or 'force-natt' or 'cisco-udp'
option dh_group 'dh2' # or 'dh1' or 'dh5'
option pfs 'server' # or 'nopfs' or 'dh1' or 'dh2' or 'dh5'
option enable_single_des '0'
option enable_no_enc '0' # '1' to enable unencrypted VPN
option mtu '0'
option local_addr '0.0.0.0'
option local_port '500' # '0' to use a random port
option udp_port '10000' # '0' to use a random port
option dpd_idle '300'
option auth_mode 'psk' # or 'hybrid'
option target_network '0.0.0.0/0.0.0.0' # network/netmask or CIDR
The additional file(s) are also used:
/etc/vpnc/ca-vpn-MYVPN.pem: The server's CA certificate (for auth_mode 'hybrid')
After these are setup you can initiate the VPN using "ifup MYVPN", and
deinitialize it using ifdown. You may also use the luci web interface
(Network -> Interfaces -> MYVPN Connect).
Note that you need to configure the firewall to allow communication between
the MYVPN interface and lan.
b3c3ccc10a