diff options
Diffstat (limited to 'doc/openvpn.8.html')
| -rw-r--r-- | doc/openvpn.8.html | 128 |
1 files changed, 66 insertions, 62 deletions
diff --git a/doc/openvpn.8.html b/doc/openvpn.8.html index 1c0c65e..1dec6f7 100644 --- a/doc/openvpn.8.html +++ b/doc/openvpn.8.html @@ -1436,6 +1436,69 @@ reconnect, unless multiple remotes are specified and connection to the next remote succeeds. To silently ignore an option pushed by the server, use <code>ignore</code>.</p> </td></tr> +<tr><td class="option-group" colspan="2"> +<kbd><span class="option">--push-peer-info</span></kbd></td> +</tr> +<tr><td> </td><td><p class="first">Push additional information about the client to server. The following +data is always pushed to the server:</p> +<dl class="docutils"> +<dt><code>IV_VER=<version></code></dt> +<dd>The client OpenVPN version</dd> +<dt><code>IV_PLAT=[linux|solaris|openbsd|mac|netbsd|freebsd|win]</code></dt> +<dd>The client OS platform</dd> +<dt><code>IV_LZO_STUB=1</code></dt> +<dd>If client was built with LZO stub capability</dd> +<dt><code>IV_LZ4=1</code></dt> +<dd>If the client supports LZ4 compressions.</dd> +<dt><code>IV_PROTO</code></dt> +<dd><p class="first">Details about protocol extensions that the peer supports. The +variable is a bitfield and the bits are defined as follows +(starting a bit 0 for the first (unused) bit:</p> +<ul class="last simple"> +<li>bit 1: The peer supports peer-id floating mechanism</li> +<li>bit 2: The client expects a push-reply and the server may +send this reply without waiting for a push-request first.</li> +<li>bit 3: The client is capable of doing key derivation using +RFC5705 key material exporter.</li> +<li>bit 4: The client is capable of accepting additional arguments +to the <cite>AUTH_PENDING</cite> message.</li> +</ul> +</dd> +<dt><code>IV_NCP=2</code></dt> +<dd>Negotiable ciphers, client supports <tt class="docutils literal"><span class="pre">--cipher</span></tt> pushed by +the server, a value of 2 or greater indicates client supports +<em>AES-GCM-128</em> and <em>AES-GCM-256</em>.</dd> +<dt><code>IV_CIPHERS=<ncp-ciphers></code></dt> +<dd>The client announces the list of supported ciphers configured with the +<tt class="docutils literal"><span class="pre">--data-ciphers</span></tt> option to the server.</dd> +<dt><code>IV_GUI_VER=<gui_id> <version></code></dt> +<dd>The UI version of a UI if one is running, for example +<code>de.blinkt.openvpn 0.5.47</code> for the Android app.</dd> +<dt><code>IV_SSO=[crtext,][openurl,][proxy_url]</code></dt> +<dd>Additional authentication methods supported by the client. +This may be set by the client UI/GUI using <tt class="docutils literal"><span class="pre">--setenv</span></tt></dd> +</dl> +<p>When <tt class="docutils literal"><span class="pre">--push-peer-info</span></tt> is enabled the additional information consists +of the following data:</p> +<dl class="last docutils"> +<dt><code>IV_HWADDR=<string></code></dt> +<dd>This is intended to be a unique and persistent ID of the client. +The string value can be any readable ASCII string up to 64 bytes. +OpenVPN 2.x and some other implementations use the MAC address of +the client's interface used to reach the default gateway. If this +string is generated by the client, it should be consistent and +preserved across independent session and preferably +re-installations and upgrades.</dd> +<dt><code>IV_SSL=<version string></code></dt> +<dd>The ssl version used by the client, e.g. +<code>OpenSSL 1.0.2f 28 Jan 2016</code>.</dd> +<dt><code>IV_PLAT_VER=x.y</code></dt> +<dd>The version of the operating system, e.g. 6.1 for Windows 7.</dd> +<dt><code>UV_<name>=<value></code></dt> +<dd>Client environment variables whose names start with +<code>UV_</code></dd> +</dl> +</td></tr> <tr><td class="option-group"> <kbd><span class="option">--remote <var>args</var></span></kbd></td> <td><p class="first">Remote host name or IP address, port and protocol.</p> @@ -2058,65 +2121,6 @@ server can be initiated.</p> <tt class="docutils literal"><span class="pre">--rcvbuf</span></tt></p> </td></tr> <tr><td class="option-group" colspan="2"> -<kbd><span class="option">--push-peer-info</span></kbd></td> -</tr> -<tr><td> </td><td><p class="first">Push additional information about the client to server. The following -data is always pushed to the server:</p> -<dl class="docutils"> -<dt><code>IV_VER=<version></code></dt> -<dd>The client OpenVPN version</dd> -<dt><code>IV_PLAT=[linux|solaris|openbsd|mac|netbsd|freebsd|win]</code></dt> -<dd>The client OS platform</dd> -<dt><code>IV_LZO_STUB=1</code></dt> -<dd>If client was built with LZO stub capability</dd> -<dt><code>IV_LZ4=1</code></dt> -<dd>If the client supports LZ4 compressions.</dd> -<dt><code>IV_PROTO</code></dt> -<dd><p class="first">Details about protocol extensions that the peer supports. The -variable is a bitfield and the bits are defined as follows -(starting a bit 0 for the first (unused) bit:</p> -<ul class="last simple"> -<li>bit 1: The peer supports peer-id floating mechanism</li> -<li>bit 2: The client expects a push-reply and the server may -send this reply without waiting for a push-request first.</li> -</ul> -</dd> -<dt><code>IV_NCP=2</code></dt> -<dd>Negotiable ciphers, client supports <tt class="docutils literal"><span class="pre">--cipher</span></tt> pushed by -the server, a value of 2 or greater indicates client supports -<em>AES-GCM-128</em> and <em>AES-GCM-256</em>.</dd> -<dt><code>IV_CIPHERS=<ncp-ciphers></code></dt> -<dd>The client announces the list of supported ciphers configured with the -<tt class="docutils literal"><span class="pre">--data-ciphers</span></tt> option to the server.</dd> -<dt><code>IV_GUI_VER=<gui_id> <version></code></dt> -<dd>The UI version of a UI if one is running, for example -<code>de.blinkt.openvpn 0.5.47</code> for the Android app.</dd> -<dt><code>IV_SSO=[crtext,][openurl,][proxy_url]</code></dt> -<dd>Additional authentication methods supported by the client. -This may be set by the client UI/GUI using <tt class="docutils literal"><span class="pre">--setenv</span></tt></dd> -</dl> -<p>When <tt class="docutils literal"><span class="pre">--push-peer-info</span></tt> is enabled the additional information consists -of the following data:</p> -<dl class="last docutils"> -<dt><code>IV_HWADDR=<string></code></dt> -<dd>This is intended to be a unique and persistent ID of the client. -The string value can be any readable ASCII string up to 64 bytes. -OpenVPN 2.x and some other implementations use the MAC address of -the client's interface used to reach the default gateway. If this -string is generated by the client, it should be consistent and -preserved across independent session and preferably -re-installations and upgrades.</dd> -<dt><code>IV_SSL=<version string></code></dt> -<dd>The ssl version used by the client, e.g. -<code>OpenSSL 1.0.2f 28 Jan 2016</code>.</dd> -<dt><code>IV_PLAT_VER=x.y</code></dt> -<dd>The version of the operating system, e.g. 6.1 for Windows 7.</dd> -<dt><code>UV_<name>=<value></code></dt> -<dd>Client environment variables whose names start with -<code>UV_</code></dd> -</dl> -</td></tr> -<tr><td class="option-group" colspan="2"> <kbd><span class="option">--push-remove <var>opt</var></span></kbd></td> </tr> <tr><td> </td><td><p class="first">Selectively remove all <tt class="docutils literal"><span class="pre">--push</span></tt> options matching "opt" from the option @@ -3602,7 +3606,7 @@ data is exchanged.</p> remote.</p> <p>This option is useful in cases where the remote peer has a dynamic IP address and a low-TTL DNS name is used to track the IP address using a -service such as <a class="reference external" href="http://dyndns.org/">http://dyndns.org/</a> + a dynamic DNS client such as +service such as <a class="reference external" href="https://www.nsupdate.info/">https://www.nsupdate.info/</a> + a dynamic DNS client such as <tt class="docutils literal">ddclient</tt>.</p> <p>If the peer cannot be reached, a restart will be triggered, causing the hostname used with <tt class="docutils literal"><span class="pre">--remote</span></tt> to be re-resolved (if <tt class="docutils literal"><span class="pre">--resolv-retry</span></tt> @@ -3888,7 +3892,7 @@ handled by the <tt class="docutils literal"><span class="pre">tap-windows6</span if dhcp is disabled or the <tt class="docutils literal">wintun</tt> driver is in use. The <tt class="docutils literal">OpenVPN for Android</tt> client also handles them internally.</p> <p>On all other platforms these options are only saved in the client's -environment under the name <code>foreign_options_{n}</code> before the +environment under the name <code>foreign_option_{n}</code> before the <tt class="docutils literal"><span class="pre">--up</span></tt> script is called. A plugin or an <tt class="docutils literal"><span class="pre">--up</span></tt> script must be used to pick up and interpret these as required. Many Linux distributions include such scripts and some third-party user interfaces such as tunnelblick also @@ -5415,7 +5419,7 @@ the IP address <code>192.168.4.0</code> to use as the virtual DHCP server address. In <tt class="docutils literal"><span class="pre">--dev</span> tun</tt> mode, OpenVPN will cause the DHCP server to masquerade as if it were coming from the remote endpoint.</p> <p>The optional offset parameter is an integer which is > <code>-256</code> -and < <code>256</code> and which defaults to -1. If offset is positive, +and < <code>256</code> and which defaults to 0. If offset is positive, the DHCP server will masquerade as the IP address at network address + offset. If offset is negative, the DHCP server will masquerade as the IP address at broadcast address + offset.</p> |