secvpn(1) Control the Secure Virtual Private Network


secvpn [-v][-n][-s][-r] start|stop|routedel|routeadd|test|status [Host]


Secvpn builds a virtual private network (vpn) as defined in /etc/network/secvpn.conf. The vpn uses encryption based on ssh security.

Before secvpn can be used you have to create some prerequisites. See PREREQUISITES below.

The following subcommands may be used with secvpn:

is used to start the vpn. Secvpn will add new ppp interfaces necessary to make the vpn work, but will not automatically add routes (see the routeadd option below). If the recursive option is set, secvpn will log into the passive hosts and run "secvpn -r start" on them too.
is used to stop the vpn.
is used to setup new routing entries based on secvpn.conf. Secvpn will first add the route active->passive, then tell the passive host to add the route back. The route in the passive host will be added according to the configuration file there (in the passive host), so if the configuration files differ, things will not work.
will delete the routing entries built with routeadd.
checks whether the ppp interface is used to reach O_CRYPT_IP.
same as test, but checks all vpns if no host is named (instead of only active vpns as 'test' does).


verbose output
do nothing
be silent
work recursive


Before secvpn can be used you have to enable passwordless ssh access for user "secvpn" from the initiator secvpn pc to the target secvpn pc. Use authorized_ keys or RhostsRSAAuthentication with the .shosts file. Have a look to the ssh - manpages for more information.

Before secvpn can be used you have to give root rights for specific commands to the user "secvpn". This can be done with the followin command:

 echo "secvpn  ALL=NOPASSWD: /usr/sbin/secvpn, /usr/sbin/pppd" >>/etc/sudoers
Before secvpn can be used you have to edit /etc/secvon.conf. See secvpn.conf(4).


There are 3 examples in /usr/share/doc/secvpn/examples:

Example1: secvpn acts as router connection 2 subnets

Example2: secvpn having one lan-card and connect 2 subnets

Example3: secvpn having one lan-card and connect 11 subnets in a tree structure


To have real security it is necessary to secure each secvpn host and to have firewalls on each secvpn host allowing only selected IP-Adresses and Ports to pass through the VPN.


Bernd Schumacher, HP Consulting, HEWLETT-PACKARD GmbH, Bad Homburg, 2000-2005


Copyright: Most recent version of the GPL.

On Debian GNU/Linux systems, the complete text of the GNU General Public License can be found in "/usr/share/common-licenses/GPL".