summaryrefslogtreecommitdiff
path: root/doc/openvpn.8.html
diff options
context:
space:
mode:
authorJörg Frings-Fürst <debian@jff.email>2022-02-09 16:35:02 +0100
committerJörg Frings-Fürst <debian@jff.email>2022-02-09 16:35:02 +0100
commit8e924e2c919e6fbeae0045b67ac54b9697306d7d (patch)
tree2ddb2a40fd70018ada5fbab576002199771f67c5 /doc/openvpn.8.html
parentf2b3dda12a731c2e0971cb7889728edaf23f6cb0 (diff)
New upstream version 2.5.5upstream/2.5.5upstream
Diffstat (limited to 'doc/openvpn.8.html')
-rw-r--r--doc/openvpn.8.html128
1 files changed, 66 insertions, 62 deletions
diff --git a/doc/openvpn.8.html b/doc/openvpn.8.html
index 1c0c65e..1dec6f7 100644
--- a/doc/openvpn.8.html
+++ b/doc/openvpn.8.html
@@ -1436,6 +1436,69 @@ reconnect, unless multiple remotes are specified and connection to the
next remote succeeds. To silently ignore an option pushed by the server,
use <code>ignore</code>.</p>
</td></tr>
+<tr><td class="option-group" colspan="2">
+<kbd><span class="option">--push-peer-info</span></kbd></td>
+</tr>
+<tr><td>&nbsp;</td><td><p class="first">Push additional information about the client to server. The following
+data is always pushed to the server:</p>
+<dl class="docutils">
+<dt><code>IV_VER=&lt;version&gt;</code></dt>
+<dd>The client OpenVPN version</dd>
+<dt><code>IV_PLAT=[linux|solaris|openbsd|mac|netbsd|freebsd|win]</code></dt>
+<dd>The client OS platform</dd>
+<dt><code>IV_LZO_STUB=1</code></dt>
+<dd>If client was built with LZO stub capability</dd>
+<dt><code>IV_LZ4=1</code></dt>
+<dd>If the client supports LZ4 compressions.</dd>
+<dt><code>IV_PROTO</code></dt>
+<dd><p class="first">Details about protocol extensions that the peer supports. The
+variable is a bitfield and the bits are defined as follows
+(starting a bit 0 for the first (unused) bit:</p>
+<ul class="last simple">
+<li>bit 1: The peer supports peer-id floating mechanism</li>
+<li>bit 2: The client expects a push-reply and the server may
+send this reply without waiting for a push-request first.</li>
+<li>bit 3: The client is capable of doing key derivation using
+RFC5705 key material exporter.</li>
+<li>bit 4: The client is capable of accepting additional arguments
+to the <cite>AUTH_PENDING</cite> message.</li>
+</ul>
+</dd>
+<dt><code>IV_NCP=2</code></dt>
+<dd>Negotiable ciphers, client supports <tt class="docutils literal"><span class="pre">--cipher</span></tt> pushed by
+the server, a value of 2 or greater indicates client supports
+<em>AES-GCM-128</em> and <em>AES-GCM-256</em>.</dd>
+<dt><code>IV_CIPHERS=&lt;ncp-ciphers&gt;</code></dt>
+<dd>The client announces the list of supported ciphers configured with the
+<tt class="docutils literal"><span class="pre">--data-ciphers</span></tt> option to the server.</dd>
+<dt><code>IV_GUI_VER=&lt;gui_id&gt; &lt;version&gt;</code></dt>
+<dd>The UI version of a UI if one is running, for example
+<code>de.blinkt.openvpn 0.5.47</code> for the Android app.</dd>
+<dt><code>IV_SSO=[crtext,][openurl,][proxy_url]</code></dt>
+<dd>Additional authentication methods supported by the client.
+This may be set by the client UI/GUI using <tt class="docutils literal"><span class="pre">--setenv</span></tt></dd>
+</dl>
+<p>When <tt class="docutils literal"><span class="pre">--push-peer-info</span></tt> is enabled the additional information consists
+of the following data:</p>
+<dl class="last docutils">
+<dt><code>IV_HWADDR=&lt;string&gt;</code></dt>
+<dd>This is intended to be a unique and persistent ID of the client.
+The string value can be any readable ASCII string up to 64 bytes.
+OpenVPN 2.x and some other implementations use the MAC address of
+the client's interface used to reach the default gateway. If this
+string is generated by the client, it should be consistent and
+preserved across independent session and preferably
+re-installations and upgrades.</dd>
+<dt><code>IV_SSL=&lt;version string&gt;</code></dt>
+<dd>The ssl version used by the client, e.g.
+<code>OpenSSL 1.0.2f 28 Jan 2016</code>.</dd>
+<dt><code>IV_PLAT_VER=x.y</code></dt>
+<dd>The version of the operating system, e.g. 6.1 for Windows 7.</dd>
+<dt><code>UV_&lt;name&gt;=&lt;value&gt;</code></dt>
+<dd>Client environment variables whose names start with
+<code>UV_</code></dd>
+</dl>
+</td></tr>
<tr><td class="option-group">
<kbd><span class="option">--remote <var>args</var></span></kbd></td>
<td><p class="first">Remote host name or IP address, port and protocol.</p>
@@ -2058,65 +2121,6 @@ server can be initiated.</p>
<tt class="docutils literal"><span class="pre">--rcvbuf</span></tt></p>
</td></tr>
<tr><td class="option-group" colspan="2">
-<kbd><span class="option">--push-peer-info</span></kbd></td>
-</tr>
-<tr><td>&nbsp;</td><td><p class="first">Push additional information about the client to server. The following
-data is always pushed to the server:</p>
-<dl class="docutils">
-<dt><code>IV_VER=&lt;version&gt;</code></dt>
-<dd>The client OpenVPN version</dd>
-<dt><code>IV_PLAT=[linux|solaris|openbsd|mac|netbsd|freebsd|win]</code></dt>
-<dd>The client OS platform</dd>
-<dt><code>IV_LZO_STUB=1</code></dt>
-<dd>If client was built with LZO stub capability</dd>
-<dt><code>IV_LZ4=1</code></dt>
-<dd>If the client supports LZ4 compressions.</dd>
-<dt><code>IV_PROTO</code></dt>
-<dd><p class="first">Details about protocol extensions that the peer supports. The
-variable is a bitfield and the bits are defined as follows
-(starting a bit 0 for the first (unused) bit:</p>
-<ul class="last simple">
-<li>bit 1: The peer supports peer-id floating mechanism</li>
-<li>bit 2: The client expects a push-reply and the server may
-send this reply without waiting for a push-request first.</li>
-</ul>
-</dd>
-<dt><code>IV_NCP=2</code></dt>
-<dd>Negotiable ciphers, client supports <tt class="docutils literal"><span class="pre">--cipher</span></tt> pushed by
-the server, a value of 2 or greater indicates client supports
-<em>AES-GCM-128</em> and <em>AES-GCM-256</em>.</dd>
-<dt><code>IV_CIPHERS=&lt;ncp-ciphers&gt;</code></dt>
-<dd>The client announces the list of supported ciphers configured with the
-<tt class="docutils literal"><span class="pre">--data-ciphers</span></tt> option to the server.</dd>
-<dt><code>IV_GUI_VER=&lt;gui_id&gt; &lt;version&gt;</code></dt>
-<dd>The UI version of a UI if one is running, for example
-<code>de.blinkt.openvpn 0.5.47</code> for the Android app.</dd>
-<dt><code>IV_SSO=[crtext,][openurl,][proxy_url]</code></dt>
-<dd>Additional authentication methods supported by the client.
-This may be set by the client UI/GUI using <tt class="docutils literal"><span class="pre">--setenv</span></tt></dd>
-</dl>
-<p>When <tt class="docutils literal"><span class="pre">--push-peer-info</span></tt> is enabled the additional information consists
-of the following data:</p>
-<dl class="last docutils">
-<dt><code>IV_HWADDR=&lt;string&gt;</code></dt>
-<dd>This is intended to be a unique and persistent ID of the client.
-The string value can be any readable ASCII string up to 64 bytes.
-OpenVPN 2.x and some other implementations use the MAC address of
-the client's interface used to reach the default gateway. If this
-string is generated by the client, it should be consistent and
-preserved across independent session and preferably
-re-installations and upgrades.</dd>
-<dt><code>IV_SSL=&lt;version string&gt;</code></dt>
-<dd>The ssl version used by the client, e.g.
-<code>OpenSSL 1.0.2f 28 Jan 2016</code>.</dd>
-<dt><code>IV_PLAT_VER=x.y</code></dt>
-<dd>The version of the operating system, e.g. 6.1 for Windows 7.</dd>
-<dt><code>UV_&lt;name&gt;=&lt;value&gt;</code></dt>
-<dd>Client environment variables whose names start with
-<code>UV_</code></dd>
-</dl>
-</td></tr>
-<tr><td class="option-group" colspan="2">
<kbd><span class="option">--push-remove <var>opt</var></span></kbd></td>
</tr>
<tr><td>&nbsp;</td><td><p class="first">Selectively remove all <tt class="docutils literal"><span class="pre">--push</span></tt> options matching &quot;opt&quot; from the option
@@ -3602,7 +3606,7 @@ data is exchanged.</p>
remote.</p>
<p>This option is useful in cases where the remote peer has a dynamic IP
address and a low-TTL DNS name is used to track the IP address using a
-service such as <a class="reference external" href="http://dyndns.org/">http://dyndns.org/</a> + a dynamic DNS client such as
+service such as <a class="reference external" href="https://www.nsupdate.info/">https://www.nsupdate.info/</a> + a dynamic DNS client such as
<tt class="docutils literal">ddclient</tt>.</p>
<p>If the peer cannot be reached, a restart will be triggered, causing the
hostname used with <tt class="docutils literal"><span class="pre">--remote</span></tt> to be re-resolved (if <tt class="docutils literal"><span class="pre">--resolv-retry</span></tt>
@@ -3888,7 +3892,7 @@ handled by the <tt class="docutils literal"><span class="pre">tap-windows6</span
if dhcp is disabled or the <tt class="docutils literal">wintun</tt> driver is in use. The
<tt class="docutils literal">OpenVPN for Android</tt> client also handles them internally.</p>
<p>On all other platforms these options are only saved in the client's
-environment under the name <code>foreign_options_{n}</code> before the
+environment under the name <code>foreign_option_{n}</code> before the
<tt class="docutils literal"><span class="pre">--up</span></tt> script is called. A plugin or an <tt class="docutils literal"><span class="pre">--up</span></tt> script must be used to
pick up and interpret these as required. Many Linux distributions include
such scripts and some third-party user interfaces such as tunnelblick also
@@ -5415,7 +5419,7 @@ the IP address <code>192.168.4.0</code> to use as the virtual DHCP
server address. In <tt class="docutils literal"><span class="pre">--dev</span> tun</tt> mode, OpenVPN will cause the DHCP
server to masquerade as if it were coming from the remote endpoint.</p>
<p>The optional offset parameter is an integer which is &gt; <code>-256</code>
-and &lt; <code>256</code> and which defaults to -1. If offset is positive,
+and &lt; <code>256</code> and which defaults to 0. If offset is positive,
the DHCP server will masquerade as the IP address at network
address + offset. If offset is negative, the DHCP server will
masquerade as the IP address at broadcast address + offset.</p>