.TH OPENFORTIVPN 1 "January 26, 2015" ""

.SH NAME
openfortivpn \- Client for PPP+SSL VPN tunnel services

.SH SYNOPSIS
.B openfortivpn
[\fI<host>\fR:\fI<port>\fR]
[\fB\-u\fR \fI<user>\fR]
[\fB\-p\fR \fI<pass>\fR]
[\fB\-\-no-routes\fR]
[\fB\-\-no-dns\fR]
[\fB\-\-trusted-cert=\fI<digest>\fR]
[\fB\-\-pppd-log=\fI<file>\fR]
[\fB\-\-pppd-plugin=\fI<file>\fR]
[\fB\-c\fR \fI<file>\fR]
[\fB\-v|\-q\fR]
.br
.B openfortivpn
\-\-help
.br
.B openfortivpn
\-\-version

.SH DESCRIPTION
.B openfortivpn
connects to a VPN by setting up a tunnel to the gateway at
\fI<host>\fR:\fI<port>\fR.

.SH OPTIONS
.TP
\fB\-\-help\fR
Show this help message and exit.
.TP
\fB\-\-version\fR
Show version and exit.
.TP
\fB\-c \fI<file>\fR, \fB\-\-config=\fI<file>\fR
Specify a custom config file (default: /etc/openfortivpn/config).
.TP
\fB\-u \fI<user>\fR, \fB\-\-username=\fI<user>\fR
VPN account username.
.TP
\fB\-p \fI<pass>\fR, \fB\-\-password=\fI<pass>\fR
VPN account password.
.TP
\fB\-\-realm=\fI<realm>\fR
Connect to the specified authentication realm. Defaults to empty, which
is usually what you want.
.TP
\fB\-\-no-routes\fR
Do not try to configure IP routes through the VPN when tunnel is up.
.TP
\fB\-\-no-dns\fR
Do not add VPN nameservers in /etc/resolv.conf when tunnel is up.
.TP
\fB\-\-ca-file=\fI<file>\fR
Use specified PEM-encoded certificate bundle instead of system-wide store to
verify the gateway certificate.
.TP
\fB\-\-user-cert=\fI<file>\fR
Use specified PEM-encoded certificate if the server requires authentication
with a certificate.
.TP
\fB\-\-user-key=\fI<file>\fR
Use specified PEM-encoded key if the server requires authentication with
a certificate.
.TP
\fB\-\-trusted-cert=\fI<digest>\fR
Trust a given gateway. If classical SSL certificate validation fails, the
gateway certificate will be matched against this value. \fI<digest>\fR is the
X509 certificate's sha256 sum. This option can be used multiple times to trust
several certificates.
.TP
\fB\-\-pppd-log=\fI<file>\fR
Set pppd in debug mode and save its logs into \fI<file>\fR.
.TP
\fB\-\-pppd-plugin=\fI<file>\fR
Use specified pppd plugin instead of configuring the resolver and routes
directly.
.TP
\fB\-v\fR
Increase verbosity. Can be used multiple times to be even more verbose.
.TP
\fB\-q\fR
Decrease verbosity. Can be used multiple times to be even less verbose.

.SH CONFIG FILE
Options can be taken from a configuration file. Options passed in the command
line will override those from the config file, though. The default config file
is /etc/openfortivpn/config, but this can be set using the \fB\-c\fR option.
.TP
A config file looks like:
# this is a comment
.br
host = vpn-gateway
.br
port = 8443
.br
username = foo
.br
password = bar
.br
trusted-cert = certificatedigest4daa8c5fe6c...
.br
trusted-cert = othercertificatedigest6631bf...
.br
set-dns = 1
.br
set-routes = 1