summaryrefslogtreecommitdiff
path: root/doc/man-sections/advanced-options.rst
diff options
context:
space:
mode:
authorBernhard Schmidt <berni@debian.org>2020-08-15 21:29:50 +0200
committerBernhard Schmidt <berni@debian.org>2020-08-15 21:29:50 +0200
commit1079962e4c06f88a54e50d997c1b7e84303d30b4 (patch)
tree4d019426928435425214ccedd6f89b70dbdf035d /doc/man-sections/advanced-options.rst
parent620785fe268a1221c1ba7a9cb5a70f3140a4f1ca (diff)
New upstream version 2.5~beta1upstream/2.5_beta1
Diffstat (limited to 'doc/man-sections/advanced-options.rst')
-rw-r--r--doc/man-sections/advanced-options.rst107
1 files changed, 107 insertions, 0 deletions
diff --git a/doc/man-sections/advanced-options.rst b/doc/man-sections/advanced-options.rst
new file mode 100644
index 0000000..9b96e40
--- /dev/null
+++ b/doc/man-sections/advanced-options.rst
@@ -0,0 +1,107 @@
+Standalone Debug Options
+------------------------
+
+--show-gateway args
+ (Standalone) Show current IPv4 and IPv6 default gateway and interface
+ towards the gateway (if the protocol in question is enabled).
+
+ Valid syntax:
+ ::
+
+ --show-gateway
+ --show-gateway IPv6-target
+
+ If an IPv6 target address is passed as argument, the IPv6 route for this
+ host is reported.
+
+
+Advanced Expert Options
+-----------------------
+These are options only required when special tweaking is needed, often
+used when debugging or testing out special usage scenarios.
+
+--hash-size args
+ Set the size of the real address hash table to ``r`` and the virtual
+ address table to ``v``.
+
+ Valid syntax:
+ ::
+
+ hash-size r v
+
+ By default, both tables are sized at 256 buckets.
+
+--bcast-buffers n
+ Allocate ``n`` buffers for broadcast datagrams (default :code:`256`).
+
+--persist-local-ip
+ Preserve initially resolved local IP address and port number across
+ ``SIGUSR1`` or ``--ping-restart`` restarts.
+
+--persist-remote-ip
+ Preserve most recently authenticated remote IP address and port number
+ across :code:`SIGUSR1` or ``--ping-restart`` restarts.
+
+--prng args
+ *(Advanced)* Change the PRNG (Pseudo-random number generator) parameters
+
+ Valid syntaxes:
+ ::
+
+ prng alg
+ prng alg nsl
+
+ Changes the PRNG to use digest algorithm **alg** (default :code:`sha1`),
+ and set ``nsl`` (default :code:`16`) to the size in bytes of the nonce
+ secret length (between 16 and 64).
+
+ Set ``alg`` to :code:`none` to disable the PRNG and use the OpenSSL
+ RAND\_bytes function instead for all of OpenVPN's pseudo-random number
+ needs.
+
+--rcvbuf size
+ Set the TCP/UDP socket receive buffer size. Defaults to operating system
+ default.
+
+--shaper n
+ Limit bandwidth of outgoing tunnel data to ``n`` bytes per second on the
+ TCP/UDP port. Note that this will only work if mode is set to
+ :code:`p2p`. If you want to limit the bandwidth in both directions, use
+ this option on both peers.
+
+ OpenVPN uses the following algorithm to implement traffic shaping: Given
+ a shaper rate of ``n`` bytes per second, after a datagram write of ``b``
+ bytes is queued on the TCP/UDP port, wait a minimum of ``(b / n)``
+ seconds before queuing the next write.
+
+ It should be noted that OpenVPN supports multiple tunnels between the
+ same two peers, allowing you to construct full-speed and reduced
+ bandwidth tunnels at the same time, routing low-priority data such as
+ off-site backups over the reduced bandwidth tunnel, and other data over
+ the full-speed tunnel.
+
+ Also note that for low bandwidth tunnels (under 1000 bytes per second),
+ you should probably use lower MTU values as well (see above), otherwise
+ the packet latency will grow so large as to trigger timeouts in the TLS
+ layer and TCP connections running over the tunnel.
+
+ OpenVPN allows ``n`` to be between 100 bytes/sec and 100 Mbytes/sec.
+
+--sndbuf size
+ Set the TCP/UDP socket send buffer size. Defaults to operating system
+ default.
+
+--tcp-queue-limit n
+ Maximum number of output packets queued before TCP (default :code:`64`).
+
+ When OpenVPN is tunneling data from a TUN/TAP device to a remote client
+ over a TCP connection, it is possible that the TUN/TAP device might
+ produce data at a faster rate than the TCP connection can support. When
+ the number of output packets queued before sending to the TCP socket
+ reaches this limit for a given client connection, OpenVPN will start to
+ drop outgoing packets directed at this client.
+
+--txqueuelen n
+ *(Linux only)* Set the TX queue length on the TUN/TAP interface.
+ Currently defaults to operating system default.
+