This article lists the arguments that you can run on the Client for the Linux OS version 2.2.0 and higher.
These are the arguments that you can use for different features and settings when you run the Client.
|
Parameter |
Description |
|---|---|
|
--address _ip-address_ |
The Client connects to a specific Cato PoP (contact Support for the specific IP address). The default behavior is that the client automatically connects to the best PoP in the Cato Cloud. |
|
--append {head|tail} |
Preserves the existing configuration in /etc/resolv.conf. When connected, the Client replaces /etc/resolv.conf with the DNS configuration received from Cato. Using this parameter appends the Cato configuration to the existing configuration.
If Split Tunnel is enabled in the Cato Management Application, this parameter is ignored and the Client always replaces the contents of /etc/resolv.conf. |
|
--help |
Shows the help screen. |
|
--metric _metric_ |
The route created for VPN traffic (see --route). If not specified, this route has the highest priority on the system (identical to specifying --metric 0). |
|
--reconn _seconds_ |
Following a disconnect, the number of seconds the Client waits before attempting to reconnect. The Client attempts to reconnect at this interval until a connection is established or the client is stopped externally. If this parameter is not specified, the client attempts to reconnect once and if unsuccessful, exits immediately. |
|
--reg_code |
Uses a registration code to authenticate to the Client. |
|
--route |
A single subnet that is routed to the tunnel instead of the default route. For example: --route 10.24.0.0/16 creates a specific route so only this subnet is routed through VPN. If not specified, the Client adds a default route so all traffic is routed through the VPN on the device (identical to specifying --route 0.0.0.0/0). |
|
--status |
Displays the status of a running service. |
|
--user, --account, --password, --reset-password |
Cato user credentials. password is optional. When a password is required, the user is prompted to add a new one. Note: We don't recommend using the --password argument. |
|
--use-systemd-resolv |
Uses systemd-resolv (instead of editing /dev/resolv.conf directly). The values for this parameter are:
When using the --use-systemd-resolv parameter with the Client, do NOT use the append parameter. |
|
--version |
Shows information about the Client version. |
You can save the arguments for the Linux Client to a file, and then load the parameters when you start the Client. These are the arguments for the Client file:
|
Parameter |
Description |
|---|---|
|
--load_file_ |
Uses the parameter values stored in the file previously with --save. You can override any stored setting by specifying it on the command line. Since the credentials are also stored in this file, make sure you keep it private as anyone can use this file to connect with the saved credentials. The password is saved in hashed form (SHA-256 with salt). Alternately, you can store an empty or incorrect password in the file and specify the correct one on the command line. For example: --load _file_ --password '******' |
|
--save_file_ |
Saves all arguments passed on the command line to the given file for use with the --load parameter. |
|
--show_file_ |
Display the settings stored in the file using --save. |
This section contains arguments that are used for the Linux Clients that use Device Authentication with a device certificate. For more information, see Distributing Device Certificates.
|
Parameter |
Description |
|---|---|
|
--cert <certificate path> |
Path to the certificate file for Device Authentication. |
Comments
0 comments
Please sign in to leave a comment.