diff options
author | Bernhard Schmidt <berni@debian.org> | 2020-10-28 19:46:08 +0100 |
---|---|---|
committer | Bernhard Schmidt <berni@debian.org> | 2020-10-28 19:46:08 +0100 |
commit | 8231554c9f1ba25cb4e698ad5cfb3a56b258610a (patch) | |
tree | 029108888123856ca13e34c612d4dd4845c2b6c3 /doc/man-sections/client-options.rst | |
parent | 5bac5f7608a14e0989e95db1a1da2e65d9322127 (diff) | |
parent | 76fee93e6fe89e5575bae2840b585d2f025b9050 (diff) |
Merge tag 'debian/2.5.0-1' into buster-backports
openvpn Debian release 2.5.0-1
Diffstat (limited to 'doc/man-sections/client-options.rst')
-rw-r--r-- | doc/man-sections/client-options.rst | 60 |
1 files changed, 34 insertions, 26 deletions
diff --git a/doc/man-sections/client-options.rst b/doc/man-sections/client-options.rst index ec1e3b1..af21fbc 100644 --- a/doc/man-sections/client-options.rst +++ b/doc/man-sections/client-options.rst @@ -244,43 +244,51 @@ configuration. use :code:`ignore`. --remote args - Remote host name or IP address. It supports two additional optional - arguments: ``port`` and ``proto``. On the client, multiple ``--remote`` - options may be specified for redundancy, each referring to a different - OpenVPN server. Specifying multiple ``--remote`` options for this - purpose is a special case of the more general connection-profile - feature. See the ``<connection>`` documentation below. + Remote host name or IP address, port and protocol. - The OpenVPN client will try to connect to a server at ``host:port`` in - the order specified by the list of ``--remote`` options. - - Examples: + Valid syntaxes: :: - remote server.example.net - remote server.example.net 1194 - remote server.example.net tcp + remote host + remote host port + remote host port proto - ``proto`` indicates the protocol to use when connecting with the remote, - and may be :code:`tcp` or :code:`udp`. + The ``port`` and ``proto`` arguments are optional. The OpenVPN client + will try to connect to a server at ``host:port``. The ``proto`` argument + indicates the protocol to use when connecting with the remote, and may be + :code:`tcp` or :code:`udp`. To enforce IPv4 or IPv6 connections add a + :code:`4` or :code:`6` suffix; like :code:`udp4` / :code:`udp6` + / :code:`tcp4` / :code:`tcp6`. - For forcing IPv4 or IPv6 connection suffix tcp or udp with 4/6 like - udp4/udp6/tcp4/tcp6. + On the client, multiple ``--remote`` options may be specified for + redundancy, each referring to a different OpenVPN server, in the order + specified by the list of ``--remote`` options. Specifying multiple + ``--remote`` options for this purpose is a special case of the more + general connection-profile feature. See the ``<connection>`` + documentation below. The client will move on to the next host in the list, in the event of connection failure. Note that at any given time, the OpenVPN client will at most be connected to one server. - Note that since UDP is connectionless, connection failure is defined by - the ``--ping`` and ``--ping-restart`` options. + Examples: + :: - Note the following corner case: If you use multiple ``--remote`` - options, AND you are dropping root privileges on the client with - ``--user`` and/or ``--group`` AND the client is running a non-Windows - OS, if the client needs to switch to a different server, and that server - pushes back different TUN/TAP or route settings, the client may lack the - necessary privileges to close and reopen the TUN/TAP interface. This - could cause the client to exit with a fatal error. + remote server1.example.net + remote server1.example.net 1194 + remote server2.example.net 1194 tcp + + *Note:* + Since UDP is connectionless, connection failure is defined by + the ``--ping`` and ``--ping-restart`` options. + + Also, if you use multiple ``--remote`` options, AND you are dropping + root privileges on the client with ``--user`` and/or ``--group`` AND + the client is running a non-Windows OS, if the client needs to switch + to a different server, and that server pushes back different TUN/TAP + or route settings, the client may lack the necessary privileges to + close and reopen the TUN/TAP interface. This could cause the client + to exit with a fatal error. If ``--remote`` is unspecified, OpenVPN will listen for packets from any IP address, but will not act on those packets unless they pass all |