Quick Navigator

Search Site

Unix VPS
A - Starter
B - Basic
C - Preferred
D - Commercial
MPS - Dedicated
Previous VPSs
* Sign Up! *

Contact Us
Online Help
Domain Status
Man Pages

Virtual Servers

Topology Map

Server Agreement
Year 2038

USA Flag



Man Pages

Manual Reference Pages  -  SSLTUNNELRC (5)


ssltunnelrc - SSL Tunnel client configuration file


Network Options :
PPP Options:
SSL Options:
Misc Options:
See Also


ssltunnelrc file contains configuration information for pppclient, the ssltunnel client software.

The ssltunnelrc file is a free-form ASCII text file, parsed by pppclient. The file may contain extra tabs and newlines for formating purpose. Keywords should be written in lowercase, and separated from value by at least one space or tab character.

Lines beginning with # are ignored.

Options commented out or not present have default values, incorrect options are reported on STDERR when pppclient read the file. Boolean parameters are hardcoded as 0 for false and 1 for true.

Upon startup, if no option is given on command line, pppclient reads the $HOME/.ssltunnelrc configuration file.


The following parameters can be set :

Network Options :

remotehost (str) IP Address or DNS name of remote host running ssltunnel server.
port (int) Port on which the remote ssltunnel server is listening. Defaults to 443.
useproxy (bool) If set, pppclient should connect using an HTTP Proxy. Defaults to 0.
proxy (str) IP Address or DNS name of HTTP Proxy to use. No default.
proxyport (int) Proxy port, defaults to 8080.
proxyuser (str) Username to send for authentication on proxy. Defaults to none.
proxypass (str) Password to send for authentication on proxy. Defaults to none.
autoreconnect (bool) If set to 1, if link goes down (ppp exit), pppclient will try to reconnect to server after waiting for 10 seconds.
timeout (int) Timeout in seconds used in many operations such as reading banner, reading proxy response, ... Defaults to 10.

PPP Options:

localppp (str) pppd local path on client. Defaults to /usr/sbin/pppd.
bsdppp (bool) If set to 1, launches ppp program with options suitable for BSD userland ppp(1) program. Defaults to 0.
localproxyarp (bool) If set to 1, pppd will be launched with proxyarp option, allowing remote host to have a local LAN address and be seen on the LAN without routing changes. Defaults to 0.
localechoint (int) Number of seconds between LCP-Echo requests sent to the remote peer. This is used to monitor link and exit if peer does not respond anymore. See also next option. Defaults to 10.
localechofail (int) Number of LCP-Echo requests lost (no LCP-Echoreply received) before declaring link dead. Defaults to 10.
peer (str) Name of ppp peer. If set, pppd will look for options in /etc/ppp/peers. If not set, you will probably need to set noauth option in /etc/ppp/options. When using BSD Userland ppp, this is the label name used (ppp is launched with ppp -direct peer command line). Defaults to none.
ipparam (str) Set the pppd ipparam parameter, which is passed to /etc/ppp/ip-up script when link goes up. This can be used for example to set different routes automatically depending on your target. Defaults to none.

SSL Options:

cacertfile (str) File containing in PEM format the CA authorities trusted by the client. Beware that if you put unsecure or unknown certs in this file, someone can hijack your connexion.
certfile (str) File containing in PEM format your certificate, signed by a CA authority trusted by the server.
keyfile (str) File containing the private RSA key used with the certificate. If the key is protected by a passphrase, it will be asked during initialization of OpenSSL layer.

Misc Options:

verbose (bool) If set, pppclient will log on STDERR server responses and print a line for every packet sent or received. Defaults to 1. You probably want to turn this off if using pppclient in daemon mode.
daemon (bool) If set, pppclient will fork and detach from terminal after reading configuration file. Defaults to 0.
logfile (str) When started in daemon mode, pppclient will normally log with syslog (local6 facility). If set, then log are appended to this file.


Example below of a configuration file will connect to port 443, by using proxy (port 3128) with rominet user and fubar password. pppd will be called with ssltunnel peer name.

autoreconnect 1
verbose 1
# Target
port 443
# My Certificates
cacertfile /home/demo/certs/ca-cert.pem
certfile /home/demo/certs/client.crt
keyfile /home/demo/certs/client.key
ipparam tunnel
peer ssltunnel
useproxy 1
# My Proxy configuration
proxyport 3128
proxyuser rominet
proxypass fubar

The file /etc/ppp/peers/ssltunnel will simply be, assuming remote host will not ask for PAP or CHAP authentication :


and /etc/ppp/ip-up will place some routes to hosts and inside the tunnel (example is for FreeBSD, see route(8) for your system) :

if [ $6 = ’tunnel’ ]; then
/sbin/route add -host -iface $1
/sbin/route add -host -iface $1


$HOME/.ssltunnelrc Default configuration file.
/etc/ppp/options pppd Configuration
/etc/ppp/ppp.conf BSD Userland ppp Configuration
/etc/ppp/ip-up Script run when interface goes up


Please report them !


pppclient(1), gpppclient(1)


Alain Thivillon <>
Search for    or go to Top of page |  Section 5 |  Main Index

SSLTUNNELRC (5) September 06, 2003

Powered by GSP Visit the GSP FreeBSD Man Page Interface.
Output converted with manServer 1.07.