summaryrefslogtreecommitdiff
path: root/doc/management-notes.txt
diff options
context:
space:
mode:
authorAlberto Gonzalez Iniesta <agi@inittab.org>2016-11-21 09:37:33 +0100
committerAlberto Gonzalez Iniesta <agi@inittab.org>2016-11-21 09:37:33 +0100
commit93b77cacdbb7e6f310c4e20f85c3a24ed5ba18ba (patch)
tree55a7688c9969ef4d01625caa58c7f679098c76eb /doc/management-notes.txt
parentdaa9ef0efeb5e10a1b43820fbab3a4ff5fbd22f1 (diff)
parent20c8675ba46bda97330a4117c459a59a9f1c465e (diff)
Merge tag 'upstream/2.4_beta1'
Upstream version 2.4~beta1
Diffstat (limited to 'doc/management-notes.txt')
-rw-r--r--doc/management-notes.txt46
1 files changed, 40 insertions, 6 deletions
diff --git a/doc/management-notes.txt b/doc/management-notes.txt
index ef39b85..dd870eb 100644
--- a/doc/management-notes.txt
+++ b/doc/management-notes.txt
@@ -168,9 +168,12 @@ be reset by restarts.
OpenVPN will indicate that it is in a hold state by
sending a real-time notification to the management
-client:
+client, the parameter indicates how long OpenVPN would
+wait without UI (as influenced by connect-retry exponential
+backoff). The UI needs to wait for releasing the hold if it
+wants similar behavior:
- >HOLD:Waiting for hold release
+ >HOLD:Waiting for hold release:10
Command examples:
@@ -366,14 +369,23 @@ Command examples:
same time enable real-time state notification
of future state transitions.
-The output format consists of 4 comma-separated parameters:
+The output format consists of up to 9 comma-separated parameters:
(a) the integer unix date/time,
(b) the state name,
(c) optional descriptive string (used mostly on RECONNECTING
and EXITING to show the reason for the disconnect),
- (d) optional TUN/TAP local IP address (shown for ASSIGN_IP
- and CONNECTED), and
- (e) optional address of remote server (OpenVPN 2.1 or higher).
+ (d) optional TUN/TAP local IPv4 address
+ (e) optional address of remote server,
+ (f) optional port of remote server,
+ (g) optional local address,
+ (h) optional local port, and
+ (i) optional TUN/TAP local IPv6 address.
+
+Fields (e)-(h) are shown for CONNECTED state,
+(d) and (i) are shown for ASSIGN_IP and CONNECTED states.
+
+(e) is available starting from OpenVPN 2.1
+(f)-(i) are available starting from OpenVPN 2.4
Real-time state notifications will have a ">STATE:" prefix
prepended to them.
@@ -777,6 +789,28 @@ correct signature.
This capability is intended to allow the use of arbitrary cryptographic
service providers with OpenVPN via the management interface.
+COMMAND -- certificate (OpenVPN 2.4 or higher)
+----------------------------------------------
+Provides support for external storage of the certificate. Requires the
+--management-external-cert option. This option can be used instead of "cert"
+in client mode. On SSL protocol initialization a notification will be sent
+to the management interface with a hint as follows:
+
+>NEED-CERTIFICATE:macosx-keychain:subject:o=OpenVPN-TEST
+
+The management interface client should use the hint to obtain the specific
+SSL certificate and then return base64 encoded certificate as follows:
+
+certificate
+[BASE64_CERT_LINE]
+.
+.
+.
+END
+
+This capability is intended to allow the use of certificates
+stored outside of the filesystem (e.g. in Mac OS X Keychain)
+with OpenVPN via the management interface.
OUTPUT FORMAT
-------------