ssltunnelrc(5) System Contributed Software Manual ssltunnelrc(5)NAMEssltunnelrc - SSL Tunnel client configuration file
DESCRIPTIONssltunnelrc file contains configuration information for pppclient, the
ssltunnel client software.
The ssltunnelrc file is a free-form ASCII text file, parsed by ppp‐
client. The file may contain extra tabs and newlines for formating
purpose. Keywords should be written in lowercase, and separated from
value by at least one space or tab character.
Lines beginning with # are ignored.
Options commented out or not present have default values, incorrect
options are reported on STDERR when pppclient read the file. Boolean
parameters are hardcoded as 0 for false and 1 for true.
Upon startup, if no option is given on command line, pppclient reads
the $HOME/.ssltunnelrc configuration file.
SETTINGS
The following parameters can be set :
Network Options :
remotehost (str) IP Address or DNS name of remote host running
ssltunnel server.
port (int) Port on which the remote ssltunnel server is lis‐
tening. Defaults to 443.
useproxy (bool) If set, pppclient should connect using an HTTP
Proxy. Defaults to 0.
proxy (str) IP Address or DNS name of HTTP Proxy to use. No
default.
proxyport (int) Proxy port, defaults to 8080.
proxyuser (str) Username to send for authentication on proxy.
Defaults to none.
proxypass (str) Password to send for authentication on proxy.
Defaults to none.
autoreconnect (bool) If set to 1, if link goes down (ppp exit), ppp‐
client will try to reconnect to server after waiting for
10 seconds.
timeout (int) Timeout in seconds used in many operations such as
reading banner, reading proxy response, ... Defaults to
10.
PPP Options:
localppp (str) pppd local path on client. Defaults to
/usr/sbin/pppd.
bsdppp (bool) If set to 1, launches ppp program with options
suitable for BSD userland ppp(1) program. Defaults to 0.
localproxyarp (bool) If set to 1, pppd will be launched with proxyarp
option, allowing remote host to have a local LAN address
and be seen on the LAN without routing changes. Defaults
to 0.
localechoint (int) Number of seconds between LCP-Echo requests sent
to the remote peer. This is used to monitor link and
exit if peer does not respond anymore. See also next
option. Defaults to 10.
localechofail (int) Number of LCP-Echo requests lost (no LCP-Echoreply
received) before declaring link dead. Defaults to 10.
peer (str) Name of ppp peer. If set, pppd will look for
options in /etc/ppp/peers. If not set, you will proba‐
bly need to set noauth option in /etc/ppp/options. When
using BSD Userland ppp, this is the label name used (ppp
is launched with ppp -direct peer command line).
Defaults to none.
ipparam (str) Set the pppd ipparam parameter, which is passed to
/etc/ppp/ip-up script when link goes up. This can be
used for example to set different routes automatically
depending on your target. Defaults to none.
SSL Options:
cacertfile (str) File containing in PEM format the CA authorities
trusted by the client. Beware that if you put unsecure
or unknown certs in this file, someone can hijack your
connexion.
certfile (str) File containing in PEM format your certificate,
signed by a CA authority trusted by the server.
keyfile (str) File containing the private RSA key used with the
certificate. If the key is protected by a passphrase, it
will be asked during initialization of OpenSSL layer.
Misc Options:
verbose (bool) If set, pppclient will log on STDERR server
responses and print a line for every packet sent or
received. Defaults to 1. You probably want to turn this
off if using pppclient in daemon mode.
daemon (bool) If set, pppclient will fork and detach from ter‐
minal after reading configuration file. Defaults to 0.
logfile (str) When started in daemon mode, pppclient will nor‐
mally log with syslog (local6 facility). If set, then
log are appended to this file.
EXAMPLE
Example below of a configuration file will connect to 192.168.200.1
port 443, by using proxy 192.168.10.1 (port 3128) with rominet user and
fubar password. pppd will be called with ssltunnel peer name.
autoreconnect 1
verbose 1
# Target
remotehost 192.168.200.1
port 443
# My Certificates
cacertfile /home/demo/certs/ca-cert.pem
certfile /home/demo/certs/client.crt
keyfile /home/demo/certs/client.key
ipparam tunnel
peer ssltunnel
useproxy 1
# My Proxy configuration
proxy 192.168.10.1
proxyport 3128
proxyuser rominet
proxypass fubar
The file /etc/ppp/peers/ssltunnel will simply be, assuming remote host
will not ask for PAP or CHAP authentication :
noauth
and /etc/ppp/ip-up will place some routes to hosts 192.168.200.10 and
192.168.200.11 inside the tunnel (example is for FreeBSD, see route(8)
for your system) :
#!/bin/sh
if [ $6 = 'tunnel' ]; then
/sbin/route add -host 192.168.200.10 -iface $1
/sbin/route add -host 192.168.200.11 -iface $1
fi
FILES
$HOME/.ssltunnelrc Default configuration file.
/etc/ppp/options pppd Configuration
/etc/ppp/ppp.conf BSD Userland ppp Configuration
/etc/ppp/ip-up Script run when interface goes up
BUGS
Please report them !
SEE ALSOpppclient(1), gpppclient(1)AUTHORS
Alain Thivillon <ssltunnel@rominet.net>
September 06, 2003 ssltunnelrc(5)
