From 8e924e2c919e6fbeae0045b67ac54b9697306d7d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=B6rg=20Frings-F=C3=BCrst?=
Date: Wed, 9 Feb 2022 16:35:02 +0100
Subject: New upstream version 2.5.5
---
doc/openvpn.8.html | 128 +++++++++++++++++++++++++++--------------------------
1 file changed, 66 insertions(+), 62 deletions(-)
(limited to 'doc/openvpn.8.html')
diff --git a/doc/openvpn.8.html b/doc/openvpn.8.html
index 1c0c65e..1dec6f7 100644
--- a/doc/openvpn.8.html
+++ b/doc/openvpn.8.html
@@ -1436,6 +1436,69 @@ reconnect, unless multiple remotes are specified and connection to the
next remote succeeds. To silently ignore an option pushed by the server,
use ignore
.
+
+--push-peer-info |
+
+ | Push additional information about the client to server. The following
+data is always pushed to the server:
+
+IV_VER=<version>
+- The client OpenVPN version
+IV_PLAT=[linux|solaris|openbsd|mac|netbsd|freebsd|win]
+- The client OS platform
+IV_LZO_STUB=1
+- If client was built with LZO stub capability
+IV_LZ4=1
+- If the client supports LZ4 compressions.
+IV_PROTO
+Details about protocol extensions that the peer supports. The
+variable is a bitfield and the bits are defined as follows
+(starting a bit 0 for the first (unused) bit:
+
+- bit 1: The peer supports peer-id floating mechanism
+- bit 2: The client expects a push-reply and the server may
+send this reply without waiting for a push-request first.
+- bit 3: The client is capable of doing key derivation using
+RFC5705 key material exporter.
+- bit 4: The client is capable of accepting additional arguments
+to the AUTH_PENDING message.
+
+
+IV_NCP=2
+- Negotiable ciphers, client supports --cipher pushed by
+the server, a value of 2 or greater indicates client supports
+AES-GCM-128 and AES-GCM-256.
+IV_CIPHERS=<ncp-ciphers>
+- The client announces the list of supported ciphers configured with the
+--data-ciphers option to the server.
+IV_GUI_VER=<gui_id> <version>
+- The UI version of a UI if one is running, for example
+
de.blinkt.openvpn 0.5.47 for the Android app.
+IV_SSO=[crtext,][openurl,][proxy_url]
+- Additional authentication methods supported by the client.
+This may be set by the client UI/GUI using --setenv
+
+When --push-peer-info is enabled the additional information consists
+of the following data:
+
+IV_HWADDR=<string>
+- This is intended to be a unique and persistent ID of the client.
+The string value can be any readable ASCII string up to 64 bytes.
+OpenVPN 2.x and some other implementations use the MAC address of
+the client's interface used to reach the default gateway. If this
+string is generated by the client, it should be consistent and
+preserved across independent session and preferably
+re-installations and upgrades.
+IV_SSL=<version string>
+- The ssl version used by the client, e.g.
+
OpenSSL 1.0.2f 28 Jan 2016 .
+IV_PLAT_VER=x.y
+- The version of the operating system, e.g. 6.1 for Windows 7.
+UV_<name>=<value>
+- Client environment variables whose names start with
+
UV_
+
+ |
--remote args |
Remote host name or IP address, port and protocol.
@@ -2058,65 +2121,6 @@ server can be initiated.
--rcvbuf
|
---push-peer-info |
-
- | Push additional information about the client to server. The following
-data is always pushed to the server:
-
-IV_VER=<version>
-- The client OpenVPN version
-IV_PLAT=[linux|solaris|openbsd|mac|netbsd|freebsd|win]
-- The client OS platform
-IV_LZO_STUB=1
-- If client was built with LZO stub capability
-IV_LZ4=1
-- If the client supports LZ4 compressions.
-IV_PROTO
-Details about protocol extensions that the peer supports. The
-variable is a bitfield and the bits are defined as follows
-(starting a bit 0 for the first (unused) bit:
-
-- bit 1: The peer supports peer-id floating mechanism
-- bit 2: The client expects a push-reply and the server may
-send this reply without waiting for a push-request first.
-
-
-IV_NCP=2
-- Negotiable ciphers, client supports --cipher pushed by
-the server, a value of 2 or greater indicates client supports
-AES-GCM-128 and AES-GCM-256.
-IV_CIPHERS=<ncp-ciphers>
-- The client announces the list of supported ciphers configured with the
---data-ciphers option to the server.
-IV_GUI_VER=<gui_id> <version>
-- The UI version of a UI if one is running, for example
-
de.blinkt.openvpn 0.5.47 for the Android app.
-IV_SSO=[crtext,][openurl,][proxy_url]
-- Additional authentication methods supported by the client.
-This may be set by the client UI/GUI using --setenv
-
-When --push-peer-info is enabled the additional information consists
-of the following data:
-
-IV_HWADDR=<string>
-- This is intended to be a unique and persistent ID of the client.
-The string value can be any readable ASCII string up to 64 bytes.
-OpenVPN 2.x and some other implementations use the MAC address of
-the client's interface used to reach the default gateway. If this
-string is generated by the client, it should be consistent and
-preserved across independent session and preferably
-re-installations and upgrades.
-IV_SSL=<version string>
-- The ssl version used by the client, e.g.
-
OpenSSL 1.0.2f 28 Jan 2016 .
-IV_PLAT_VER=x.y
-- The version of the operating system, e.g. 6.1 for Windows 7.
-UV_<name>=<value>
-- Client environment variables whose names start with
-
UV_
-
- |
-
--push-remove opt |
| Selectively remove all --push options matching "opt" from the option
@@ -3602,7 +3606,7 @@ data is exchanged.
remote.
This option is useful in cases where the remote peer has a dynamic IP
address and a low-TTL DNS name is used to track the IP address using a
-service such as http://dyndns.org/ + a dynamic DNS client such as
+service such as https://www.nsupdate.info/ + a dynamic DNS client such as
ddclient.
If the peer cannot be reached, a restart will be triggered, causing the
hostname used with --remote to be re-resolved (if --resolv-retry
@@ -3888,7 +3892,7 @@ handled by the tap-windows6wintun driver is in use. The
OpenVPN for Android client also handles them internally.
On all other platforms these options are only saved in the client's
-environment under the name foreign_options_{n} before the
+environment under the name foreign_option_{n} before the
--up script is called. A plugin or an --up script must be used to
pick up and interpret these as required. Many Linux distributions include
such scripts and some third-party user interfaces such as tunnelblick also
@@ -5415,7 +5419,7 @@ the IP address 192.168.4.0 to use as the virtual DHCP
server address. In --dev tun mode, OpenVPN will cause the DHCP
server to masquerade as if it were coming from the remote endpoint.
The optional offset parameter is an integer which is > -256
-and < 256 and which defaults to -1. If offset is positive,
+and < 256 and which defaults to 0. If offset is positive,
the DHCP server will masquerade as the IP address at network
address + offset. If offset is negative, the DHCP server will
masquerade as the IP address at broadcast address + offset.
--
cgit v1.2.3
|