diff options
Diffstat (limited to 'doc/man-sections')
| -rw-r--r-- | doc/man-sections/client-options.rst | 69 | ||||
| -rw-r--r-- | doc/man-sections/link-options.rst | 2 | ||||
| -rw-r--r-- | doc/man-sections/server-options.rst | 65 | ||||
| -rw-r--r-- | doc/man-sections/vpn-network-options.rst | 2 | ||||
| -rw-r--r-- | doc/man-sections/windows-options.rst | 2 |
5 files changed, 72 insertions, 68 deletions
diff --git a/doc/man-sections/client-options.rst b/doc/man-sections/client-options.rst index c5b7ad9..92a02e2 100644 --- a/doc/man-sections/client-options.rst +++ b/doc/man-sections/client-options.rst @@ -251,6 +251,75 @@ configuration. next remote succeeds. To silently ignore an option pushed by the server, use :code:`ignore`. +--push-peer-info + Push additional information about the client to server. The following + data is always pushed to the server: + + :code:`IV_VER=<version>` + The client OpenVPN version + + :code:`IV_PLAT=[linux|solaris|openbsd|mac|netbsd|freebsd|win]` + The client OS platform + + :code:`IV_LZO_STUB=1` + If client was built with LZO stub capability + + :code:`IV_LZ4=1` + If the client supports LZ4 compressions. + + :code:`IV_PROTO` + Details about protocol extensions that the peer supports. The + variable is a bitfield and the bits are defined as follows + (starting a bit 0 for the first (unused) bit: + + - bit 1: The peer supports peer-id floating mechanism + - bit 2: The client expects a push-reply and the server may + send this reply without waiting for a push-request first. + - bit 3: The client is capable of doing key derivation using + RFC5705 key material exporter. + - bit 4: The client is capable of accepting additional arguments + to the `AUTH_PENDING` message. + + :code:`IV_NCP=2` + Negotiable ciphers, client supports ``--cipher`` pushed by + the server, a value of 2 or greater indicates client supports + *AES-GCM-128* and *AES-GCM-256*. + + :code:`IV_CIPHERS=<ncp-ciphers>` + The client announces the list of supported ciphers configured with the + ``--data-ciphers`` option to the server. + + :code:`IV_GUI_VER=<gui_id> <version>` + The UI version of a UI if one is running, for example + :code:`de.blinkt.openvpn 0.5.47` for the Android app. + + :code:`IV_SSO=[crtext,][openurl,][proxy_url]` + Additional authentication methods supported by the client. + This may be set by the client UI/GUI using ``--setenv`` + + When ``--push-peer-info`` is enabled the additional information consists + of the following data: + + :code:`IV_HWADDR=<string>` + This is intended to be a unique and persistent ID of the client. + The string value can be any readable ASCII string up to 64 bytes. + OpenVPN 2.x and some other implementations use the MAC address of + the client's interface used to reach the default gateway. If this + string is generated by the client, it should be consistent and + preserved across independent session and preferably + re-installations and upgrades. + + :code:`IV_SSL=<version string>` + The ssl version used by the client, e.g. + :code:`OpenSSL 1.0.2f 28 Jan 2016`. + + :code:`IV_PLAT_VER=x.y` + The version of the operating system, e.g. 6.1 for Windows 7. + + :code:`UV_<name>=<value>` + Client environment variables whose names start with + :code:`UV_` + --remote args Remote host name or IP address, port and protocol. diff --git a/doc/man-sections/link-options.rst b/doc/man-sections/link-options.rst index c132a62..ff581cf 100644 --- a/doc/man-sections/link-options.rst +++ b/doc/man-sections/link-options.rst @@ -213,7 +213,7 @@ the local and the remote host. This option is useful in cases where the remote peer has a dynamic IP address and a low-TTL DNS name is used to track the IP address using a - service such as http://dyndns.org/ + a dynamic DNS client such as + service such as https://www.nsupdate.info/ + a dynamic DNS client such as ``ddclient``. If the peer cannot be reached, a restart will be triggered, causing the diff --git a/doc/man-sections/server-options.rst b/doc/man-sections/server-options.rst index ac0df55..55c2c30 100644 --- a/doc/man-sections/server-options.rst +++ b/doc/man-sections/server-options.rst @@ -449,71 +449,6 @@ fast hardware. SSL/TLS authentication must be used in this mode. ``--echo``, ``--comp-lzo``, ``--socket-flags``, ``--sndbuf``, ``--rcvbuf`` ---push-peer-info - Push additional information about the client to server. The following - data is always pushed to the server: - - :code:`IV_VER=<version>` - The client OpenVPN version - - :code:`IV_PLAT=[linux|solaris|openbsd|mac|netbsd|freebsd|win]` - The client OS platform - - :code:`IV_LZO_STUB=1` - If client was built with LZO stub capability - - :code:`IV_LZ4=1` - If the client supports LZ4 compressions. - - :code:`IV_PROTO` - Details about protocol extensions that the peer supports. The - variable is a bitfield and the bits are defined as follows - (starting a bit 0 for the first (unused) bit: - - - bit 1: The peer supports peer-id floating mechanism - - bit 2: The client expects a push-reply and the server may - send this reply without waiting for a push-request first. - - :code:`IV_NCP=2` - Negotiable ciphers, client supports ``--cipher`` pushed by - the server, a value of 2 or greater indicates client supports - *AES-GCM-128* and *AES-GCM-256*. - - :code:`IV_CIPHERS=<ncp-ciphers>` - The client announces the list of supported ciphers configured with the - ``--data-ciphers`` option to the server. - - :code:`IV_GUI_VER=<gui_id> <version>` - The UI version of a UI if one is running, for example - :code:`de.blinkt.openvpn 0.5.47` for the Android app. - - :code:`IV_SSO=[crtext,][openurl,][proxy_url]` - Additional authentication methods supported by the client. - This may be set by the client UI/GUI using ``--setenv`` - - When ``--push-peer-info`` is enabled the additional information consists - of the following data: - - :code:`IV_HWADDR=<string>` - This is intended to be a unique and persistent ID of the client. - The string value can be any readable ASCII string up to 64 bytes. - OpenVPN 2.x and some other implementations use the MAC address of - the client's interface used to reach the default gateway. If this - string is generated by the client, it should be consistent and - preserved across independent session and preferably - re-installations and upgrades. - - :code:`IV_SSL=<version string>` - The ssl version used by the client, e.g. - :code:`OpenSSL 1.0.2f 28 Jan 2016`. - - :code:`IV_PLAT_VER=x.y` - The version of the operating system, e.g. 6.1 for Windows 7. - - :code:`UV_<name>=<value>` - Client environment variables whose names start with - :code:`UV_` - --push-remove opt Selectively remove all ``--push`` options matching "opt" from the option list for a client. ``opt`` is matched as a substring against the whole diff --git a/doc/man-sections/vpn-network-options.rst b/doc/man-sections/vpn-network-options.rst index 029834a..25a26b3 100644 --- a/doc/man-sections/vpn-network-options.rst +++ b/doc/man-sections/vpn-network-options.rst @@ -107,7 +107,7 @@ routing. ``OpenVPN for Android`` client also handles them internally. On all other platforms these options are only saved in the client's - environment under the name :code:`foreign_options_{n}` before the + environment under the name :code:`foreign_option_{n}` before the ``--up`` script is called. A plugin or an ``--up`` script must be used to pick up and interpret these as required. Many Linux distributions include such scripts and some third-party user interfaces such as tunnelblick also diff --git a/doc/man-sections/windows-options.rst b/doc/man-sections/windows-options.rst index eacb9af..c389fbc 100644 --- a/doc/man-sections/windows-options.rst +++ b/doc/man-sections/windows-options.rst @@ -93,7 +93,7 @@ Windows-Specific Options server to masquerade as if it were coming from the remote endpoint. The optional offset parameter is an integer which is > :code:`-256` - and < :code:`256` and which defaults to -1. If offset is positive, + and < :code:`256` and which defaults to 0. If offset is positive, the DHCP server will masquerade as the IP address at network address + offset. If offset is negative, the DHCP server will masquerade as the IP address at broadcast address + offset. |