NAME
secvpn - Control the Secure Virtual Private Network
SYNOPSIS
secvpn [-v][-n][-s][-r] start|stop|routedel|routeadd|test|status [Host]
DESCRIPTION
Secvpn builds a virtual private network (vpn) as defined in
/etc/network/secvpn.conf. The vpn uses encryption based on ssh
security.
Before svpn can be used you have to enable automatic ssh access for
user "secvpn" from the initiator secvpn pc to the target secvpn pc. Use
authorized_ keys or RhostsRSAAuthentication with the .shosts file. Have
a look to the ssh - manpages for more informations.
The following subcommands may be used with secvpn:
start is used to start the vpn. Secvpn will add new ppp interfaces
necessary to make the vpn work, but will not automatically add
routes (see the routeadd option below). If the recursive option
is set, secvpn will log into the passive hosts and run "secvpn
-r start" on them too.
stop is used to stop the vpn.
routeadd
is used to setup new routing entries based on secvpn.conf.
Secvpn will first add the route active->passive, then tell the
passive host to add the route back. The route in the passive
host will be added according to the configuration file there (in
the passive host), so if the configuration files differ, things
will not work.
routedel
will delete the routing entries built with routeadd.
test checks whether the ppp interface is used to reach O_CRYPT_IP.
status same as test, but checks all vpns if no host is named (instead
of only active vpns as ’test’ does).
OPTIONS
-v verbose output
-n do nothing
-s be silent
-r work recursive
EXAMPLES
There are 3 examples in /usr/share/doc/secvpn/examples:
Example1: secvpn acts as router connection 2 subnets
Example2: secvpn having one lan-card and connect 2 subnets
Example3: secvpn having one lan-card and connect 11 subnets in a tree
structure
OTHER
To have real security it is necessary to secure each secvpn host and to
have firewalls on each secvpn host allowing only selected IP-Adresses
and Ports to pass through the VPN.
AUTHOR
Bernd Schumacher, HP Consulting, HEWLETT-PACKARD GmbH, Bad Homburg,
2000-2005
COPYRIGHT
Copyright: Most recent version of the GPL.
On Debian GNU/Linux systems, the complete text of the GNU General
Public License can be found in "/usr/share/common-licenses/GPL".
SEE ALSO
secvpn(1) secvpnmon(1) ssh(1) timeout(1) secvpn.conf(4)