grml-vpn - program to establish encrypted communication channels in a network
grml-vpn [OPTIONS] <ACTION> <SPI> [IPs]
grml-vpn is a program that provides an easy wrapper around ipsec and setkey (without any ike daemon). With this program you can create a vpn based uppon ipsec to any number of computers. It's intended purpose is for example for wlan sessions to create an encrypted network between all computers on the wlan. It is also possible to create a standalone shellscript which only needs the setkey command to setup the vpn (using the -x option).
Add an ipsec entry
Delete an specific ipsec entry
Delete all ipsec entries (attention, really deletes _all_ entrys, even from other setkey commands and isakmpd).
Show all infos about ipsec entrys.
Give infos about ciphers and there allowed keysizes.
Show the help message.
Show summary of options.
Show what is going on (more v => more out).
Your IP (currently necessary for vpns with more than 2 computers given in file or on stdin). If IPs are given on commandline, the script tries hard to guess your IP.
Cipher name. Will be matched against ciphers available for ipsec (all ciphers not only the available ciphers on your box). eg. "-e two" will match twofish-cbc. If more then one ciphers matches your regexp than the matches are printed and grml-vpn aborts.
Keysize used for your encryption.
Your key/password for the vpn (will be hashed).
Set raw key (you determine the keysize, not -b).
Read IPs for encrypted connections from file (same as from stdin).
Read IPs from stdin (setkey commands are not written until _all_ IPs are read from stdin).
Only print the setkey commands (eg. grml-vpn -p … |setkey -c). USE THIS if you create a vpn with many computers, because this is a bit faster).
Print a standalone shellscript which only needs setkey to setup the vpn.
Creates encrypted connections between the two IPs possible, with the pre shared key (PSK) testpw and 128bit rijndael-cbc. You have to execute this command on both computers (if you type this command only on one computer, then it's impossible to create an connection between the two computers). NOTE: with only 2 computers it's not necessary to specify your own ip with -a.
Same as above, but also possible as user. Use -x instead of -p if you want a full functional shellscript to be printed to stdout.
Encrypted connections between all 3 computers. This command should be executed on 192.168.0.2 (-a) and on the other two computers with the appropriate -a <IP>. The cipher is blowfisch-cbc (no, -e bl is NO typo ;).
This command deletes the previous created encrypted connections on 192.168.0.2 (after this command it's impossible to send data to 192.168.0.{1,3} until you delete the vpn entrys on them (no, even ssh does not work anymore). You should execute this command on all computers of the vpn (with the appropriate -a <IP> option). You could also use grml-crypt clear to clear all vpn settings.
setkey(8)
grml-vpn was written by Michael Gebetsroither <michael.geb@gmx.at>.
This manual page was written by Michael Gebetsroither <gebi@grml.org>.