From 8e924e2c919e6fbeae0045b67ac54b9697306d7d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Frings-F=C3=BCrst?= Date: Wed, 9 Feb 2022 16:35:02 +0100 Subject: New upstream version 2.5.5 --- doc/openvpn.8.html | 128 +++++++++++++++++++++++++++-------------------------- 1 file changed, 66 insertions(+), 62 deletions(-) (limited to 'doc/openvpn.8.html') diff --git a/doc/openvpn.8.html b/doc/openvpn.8.html index 1c0c65e..1dec6f7 100644 --- a/doc/openvpn.8.html +++ b/doc/openvpn.8.html @@ -1436,6 +1436,69 @@ reconnect, unless multiple remotes are specified and connection to the next remote succeeds. To silently ignore an option pushed by the server, use ignore.

+ +--push-peer-info + + 

Push additional information about the client to server. The following +data is always pushed to the server:

+
+
IV_VER=<version>
+
The client OpenVPN version
+
IV_PLAT=[linux|solaris|openbsd|mac|netbsd|freebsd|win]
+
The client OS platform
+
IV_LZO_STUB=1
+
If client was built with LZO stub capability
+
IV_LZ4=1
+
If the client supports LZ4 compressions.
+
IV_PROTO
+

Details about protocol extensions that the peer supports. The +variable is a bitfield and the bits are defined as follows +(starting a bit 0 for the first (unused) bit:

+
    +
  • bit 1: The peer supports peer-id floating mechanism
    • +
  • bit 2: The client expects a push-reply and the server may +send this reply without waiting for a push-request first.
    • +
  • bit 3: The client is capable of doing key derivation using +RFC5705 key material exporter.
    • +
  • bit 4: The client is capable of accepting additional arguments +to the AUTH_PENDING message.
    • +
+
+
IV_NCP=2
+
Negotiable ciphers, client supports --cipher pushed by +the server, a value of 2 or greater indicates client supports +AES-GCM-128 and AES-GCM-256.
+
IV_CIPHERS=<ncp-ciphers>
+
The client announces the list of supported ciphers configured with the +--data-ciphers option to the server.
+
IV_GUI_VER=<gui_id> <version>
+
The UI version of a UI if one is running, for example +de.blinkt.openvpn 0.5.47 for the Android app.
+
IV_SSO=[crtext,][openurl,][proxy_url]
+
Additional authentication methods supported by the client. +This may be set by the client UI/GUI using --setenv
+
+

When --push-peer-info is enabled the additional information consists +of the following data:

+
+
IV_HWADDR=<string>
+
This is intended to be a unique and persistent ID of the client. +The string value can be any readable ASCII string up to 64 bytes. +OpenVPN 2.x and some other implementations use the MAC address of +the client's interface used to reach the default gateway. If this +string is generated by the client, it should be consistent and +preserved across independent session and preferably +re-installations and upgrades.
+
IV_SSL=<version string>
+
The ssl version used by the client, e.g. +OpenSSL 1.0.2f 28 Jan 2016.
+
IV_PLAT_VER=x.y
+
The version of the operating system, e.g. 6.1 for Windows 7.
+
UV_<name>=<value>
+
Client environment variables whose names start with +UV_
+
+ --remote args

Remote host name or IP address, port and protocol.

@@ -2058,65 +2121,6 @@ server can be initiated.

--rcvbuf

---push-peer-info - - 

Push additional information about the client to server. The following -data is always pushed to the server:

-
-
IV_VER=<version>
-
The client OpenVPN version
-
IV_PLAT=[linux|solaris|openbsd|mac|netbsd|freebsd|win]
-
The client OS platform
-
IV_LZO_STUB=1
-
If client was built with LZO stub capability
-
IV_LZ4=1
-
If the client supports LZ4 compressions.
-
IV_PROTO
-

Details about protocol extensions that the peer supports. The -variable is a bitfield and the bits are defined as follows -(starting a bit 0 for the first (unused) bit:

-
    -
  • bit 1: The peer supports peer-id floating mechanism
    • -
  • bit 2: The client expects a push-reply and the server may -send this reply without waiting for a push-request first.
    • -
-
-
IV_NCP=2
-
Negotiable ciphers, client supports --cipher pushed by -the server, a value of 2 or greater indicates client supports -AES-GCM-128 and AES-GCM-256.
-
IV_CIPHERS=<ncp-ciphers>
-
The client announces the list of supported ciphers configured with the ---data-ciphers option to the server.
-
IV_GUI_VER=<gui_id> <version>
-
The UI version of a UI if one is running, for example -de.blinkt.openvpn 0.5.47 for the Android app.
-
IV_SSO=[crtext,][openurl,][proxy_url]
-
Additional authentication methods supported by the client. -This may be set by the client UI/GUI using --setenv
-
-

When --push-peer-info is enabled the additional information consists -of the following data:

-
-
IV_HWADDR=<string>
-
This is intended to be a unique and persistent ID of the client. -The string value can be any readable ASCII string up to 64 bytes. -OpenVPN 2.x and some other implementations use the MAC address of -the client's interface used to reach the default gateway. If this -string is generated by the client, it should be consistent and -preserved across independent session and preferably -re-installations and upgrades.
-
IV_SSL=<version string>
-
The ssl version used by the client, e.g. -OpenSSL 1.0.2f 28 Jan 2016.
-
IV_PLAT_VER=x.y
-
The version of the operating system, e.g. 6.1 for Windows 7.
-
UV_<name>=<value>
-
Client environment variables whose names start with -UV_
-
- - --push-remove opt  

Selectively remove all --push options matching "opt" from the option @@ -3602,7 +3606,7 @@ data is exchanged.

remote.

This option is useful in cases where the remote peer has a dynamic IP address and a low-TTL DNS name is used to track the IP address using a -service such as http://dyndns.org/ + a dynamic DNS client such as +service such as https://www.nsupdate.info/ + a dynamic DNS client such as ddclient.

If the peer cannot be reached, a restart will be triggered, causing the hostname used with --remote to be re-resolved (if --resolv-retry @@ -3888,7 +3892,7 @@ handled by the tap-windows6wintun driver is in use. The OpenVPN for Android client also handles them internally.

On all other platforms these options are only saved in the client's -environment under the name foreign_options_{n} before the +environment under the name foreign_option_{n} before the --up script is called. A plugin or an --up script must be used to pick up and interpret these as required. Many Linux distributions include such scripts and some third-party user interfaces such as tunnelblick also @@ -5415,7 +5419,7 @@ the IP address 192.168.4.0 to use as the virtual DHCP server address. In --dev tun mode, OpenVPN will cause the DHCP server to masquerade as if it were coming from the remote endpoint.

The optional offset parameter is an integer which is > -256 -and < 256 and which defaults to -1. If offset is positive, +and < 256 and which defaults to 0. If offset is positive, the DHCP server will masquerade as the IP address at network address + offset. If offset is negative, the DHCP server will masquerade as the IP address at broadcast address + offset.

-- cgit v1.2.3