openfortivpn man page

openfortivpn — Client for PPP+SSL VPN tunnel services

Synopsis

openfortivpn [<host>:<port>] [-u <user>] [-p <pass>] [--no-routes] [--no-dns] [--trusted-cert=<digest>] [--pppd-log=<file>] [--pppd-plugin=<file>] [-c <file>] [-v|-q]
openfortivpn --help
openfortivpn --version

Description

openfortivpn connects to a VPN by setting up a tunnel to the gateway at <host>:<port>.

Options

--help
Show this help message and exit.
--version
Show version and exit.
-c <file>, --config=<file>
Specify a custom config file (default: /etc/openfortivpn/config).
-u <user>, --username=<user>
VPN account username.
-p <pass>, --password=<pass>
VPN account password.
--realm=<realm>
Connect to the specified authentication realm. Defaults to empty, which is usually what you want.
--no-routes
Do not try to configure IP routes through the VPN when tunnel is up.
--no-dns
Do not add VPN nameservers in /etc/resolv.conf when tunnel is up.
--ca-file=<file>
Use specified PEM-encoded certificate bundle instead of system-wide store to verify the gateway certificate.
--user-cert=<file>
Use specified PEM-encoded certificate if the server requires authentication with a certificate.
--user-key=<file>
Use specified PEM-encoded key if the server requires authentication with a certificate.
--trusted-cert=<digest>
Trust a given gateway. If classical SSL certificate validation fails, the gateway certificate will be matched against this value. <digest> is the X509 certificate's sha256 sum. This option can be used multiple times to trust several certificates.
--pppd-log=<file>
Set pppd in debug mode and save its logs into <file>.
--pppd-plugin=<file>
Use specified pppd plugin instead of configuring the resolver and routes directly.
-v
Increase verbosity. Can be used multiple times to be even more verbose.
-q
Decrease verbosity. Can be used multiple times to be even less verbose.

Config File

Options can be taken from a configuration file. Options passed in the command line will override those from the config file, though. The default config file is /etc/openfortivpn/config, but this can be set using the -c option.

A config file looks like:
# this is a comment
host = vpn-gateway
port = 8443
username = foo
password = bar
trusted-cert = certificatedigest4daa8c5fe6c...
trusted-cert = othercertificatedigest6631bf...
set-dns = 1
set-routes = 1

Info

January 26, 2015