Merge tag 'upstream/2.3.8'

Upstream version 2.3.8
author: Alberto Gonzalez Iniesta <agi@inittab.org> 2015-08-10 16:45:51 +0200
committer: Alberto Gonzalez Iniesta <agi@inittab.org> 2015-08-10 16:45:51 +0200
commit: fd15a53c49ca01530665639f3711604c436601ee (patch)
tree: 452c73475f617631e23f13c4d176336939521ad7 /doc/openvpn.8
parent: d42fbdd9d8dc05868a9ce749fb43a37e6b75b143 (diff)
parent: 41ffafc126abd9af67061f4931b7614f3cb898b0 (diff)
1 files changed, 16 insertions, 0 deletions
diff --git a/doc/openvpn.8 b/doc/openvpn.8
index 9db6409..203dd46 100644
--- a/doc/openvpn.8
+++ b/doc/openvpn.8
@@ -2198,6 +2198,22 @@ openvpn command for a fairly reliable indication of whether the command
 has correctly initialized and entered the packet forwarding event loop.
 
 In OpenVPN, the vast majority of errors which occur after initialization are non-fatal.
+
+Note: as soon as OpenVPN has daemonized, it can not ask for usernames,
+passwords, or key pass phrases anymore.  This has certain consequences,
+namely that using a password-protected private key will fail unless the
+.B \-\-askpass
+option is used to tell OpenVPN to ask for the pass phrase (this
+requirement is new in 2.3.7, and is a consequence of calling daemon()
+before initializing the crypto layer).
+
+Further, using
+.B \-\-daemon
+together with
+.B \-\-auth-user-pass
+(entered on console) and
+.B \-\-auth-nocache
+will fail as soon as key renegotiation (and reauthentication) occurs.
 .\"*********************************************************
 .TP
 .B \-\-syslog [progname]
author	Alberto Gonzalez Iniesta <agi@inittab.org>	2015-08-10 16:45:51 +0200
committer	Alberto Gonzalez Iniesta <agi@inittab.org>	2015-08-10 16:45:51 +0200
commit	fd15a53c49ca01530665639f3711604c436601ee (patch)
tree	452c73475f617631e23f13c4d176336939521ad7 /doc/openvpn.8
parent	d42fbdd9d8dc05868a9ce749fb43a37e6b75b143 (diff)
parent	41ffafc126abd9af67061f4931b7614f3cb898b0 (diff)