vpnc

Connect with a defined configuration file

$ sudo vpnc [config_file]

$ sudo vpnc-disconnect

vpnc [OPTION...] [CONFIG_FILE]
vpnc [OPTION...] [KEYWORD VALUE...]

-c , --config
    Specifies an alternative configuration file to use. If omitted, /etc/vpnc/default.conf is used.

--no-detach
    Prevents vpnc from forking into the background. Useful for debugging or running within a script.

--no-route
    Prevents vpnc from adding routes. Useful if you want to manage routing manually.

--script
    Specifies an external script to handle network configuration. By default, /etc/vpnc/vpnc-script is used.

--pid-file
    Writes the process ID (PID) of the vpnc daemon to the specified file.

--debug
    Enables verbose debugging output, showing more details about the connection process.

--non-interact
    Prevents vpnc from interactively asking for passwords. It will only use passwords found in the configuration.

-h, --help
    Displays a help message and exits.

-v, --version
    Displays the version information and exits.

The vpnc command is an open-source VPN client designed to connect to Cisco-compatible VPN Concentrators and other IPSec VPN servers that support IKEv1 with XAuth (Extended Authentication). It provides a secure way to access private networks, commonly used for corporate VPNs. When connected, vpnc establishes a virtual network interface (e.g., tun0) and configures routing to direct traffic through the encrypted tunnel. It supports various authentication methods, including group passwords, Xauth username/password, and certificate-based authentication. Configuration is typically managed through a configuration file (like /etc/vpnc/default.conf) or by passing parameters directly on the command line.

vpnc primarily supports Cisco-compatible IPSec/IKEv1 with XAuth VPNs and does not support newer protocols like IKEv2 or Cisco AnyConnect (SSL VPNs, for which openconnect is the preferred client). It requires root privileges to configure network interfaces and routing. Configuration can sometimes be complex, and conflicts with other network managers might occur. The project's active development might be less frequent compared to more modern VPN solutions.

vpnc can be configured using a dedicated configuration file (e.g., /etc/vpnc/default.conf) or by passing key-value pairs directly on the command line. Common configuration parameters include:
IPSec ID: The IPSec group name.
IPSec secret: The shared secret for the IPSec group.
Xauth username: Your username for Xauth authentication.
Xauth password: Your password for Xauth authentication.
Local Port: Specifies the local UDP port to use for IPSec negotiations (default 500 or 4500).
IKE Authmode: Specifies the IKE authentication mode (e.g., hybrid, psk).
Enable IP forwarding: Can be set to 1 to enable IP forwarding on the client.
These parameters are often read from the config file but can be overridden by command-line arguments.

After a successful connection, vpnc executes a script (by default, /etc/vpnc/vpnc-script) to configure the network interface, add routes, set DNS servers, and manage other network-related settings derived from the VPN server. This script is crucial for the VPN connection to function correctly on the client machine and can be customized for specific network setups.

vpnc originated as a pioneering open-source client designed to reverse-engineer and provide a Linux-compatible solution for Cisco VPN Concentrator connections. Before its development, Linux users often relied on proprietary or less stable alternatives. It quickly became a crucial tool for accessing corporate networks, filling a significant gap in open-source VPN capabilities. While still maintained, its usage has somewhat decreased with the rise of other VPN protocols and clients (like OpenConnect for Cisco AnyConnect VPNs), but it remains a robust option for its specific niche of IKEv1/XAuth compatible VPNs.

openconnect(8), ip(8), route(8), nmcli(1), nmtui(1), strongswan(8), libreswan(8)