The vpnc client expects to be configured using the uci interface.
To setup a VPN connection, add the following to /etc/config/network:
config interface 'MYVPN'
option proto 'vpnc'
option interface 'wan'
option server 'vpn.example.com'
option username 'test'
option password 'secret' # or:
option hexpasswd 'AE7FF6A0426F0A0CD0A02EB9EC3C5066FAEB0B25'
option authgroup 'DEFAULT'
option passgroup 'groupsecret' # or:
option hexpassgroup '52B0BEAF6605C3CE9BE20A0DC0A0F6240A6FF7EA'
option domain 'WORKGROUP'
option vendor 'cisco' # or 'netscreen'
option natt_mode 'natt' # or 'none' or 'force-natt' or 'cisco-udp'
option dh_group 'dh2' # or 'dh1' or 'dh5'
option pfs 'server' # or 'nopfs' or 'dh1' or 'dh2' or 'dh5'
option enable_single_des '0'
option enable_no_enc '0' # '1' to enable unencrypted VPN
option mtu '0'
option local_addr '0.0.0.0'
option local_port '500' # '0' to use a random port
option udp_port '10000' # '0' to use a random port
option dpd_idle '300'
option auth_mode 'psk' # or 'hybrid'
option target_network '0.0.0.0/0.0.0.0' # network/netmask or CIDR
The additional file(s) are also used:
/etc/vpnc/ca-vpn-MYVPN.pem: The server's CA certificate (for auth_mode 'hybrid')
After these are setup you can initiate the VPN using "ifup MYVPN", and
deinitialize it using ifdown. You may also use the luci web interface
(Network -> Interfaces -> MYVPN Connect).
Note that you need to configure the firewall to allow communication between
the MYVPN interface and lan.
If you install this package via opkg, there are reports that you must reboot
before it can be used.
ba8efcc27f