diff options
author | arne <arne@gaia.fritz.box> | 2012-12-25 23:22:13 +0100 |
---|---|---|
committer | arne <arne@gaia.fritz.box> | 2012-12-25 23:22:13 +0100 |
commit | c9dc454f4ec38f075f951fbf32935054023eed94 (patch) | |
tree | 33d36c8bfb68db406e3ae90237b145077efecda5 /openvpn/doc/openvpn.8 | |
parent | e57c7dd4a792d02897140d0c5e2d014bcd1147c0 (diff) | |
parent | b2b8b3da3f501543338fc5065519ab778379c274 (diff) |
Merge local changes with repository
Diffstat (limited to 'openvpn/doc/openvpn.8')
-rw-r--r-- | openvpn/doc/openvpn.8 | 82 |
1 files changed, 51 insertions, 31 deletions
diff --git a/openvpn/doc/openvpn.8 b/openvpn/doc/openvpn.8 index da1c0f9e..d66bd665 100644 --- a/openvpn/doc/openvpn.8 +++ b/openvpn/doc/openvpn.8 @@ -456,13 +456,9 @@ possess a built-in reliability layer. .\"********************************************************* .TP .B \-\-connect-retry n -For -.B \-\-proto tcp-client, -take +Wait .B n -as the -number of seconds to wait -between connection retries (default=5). +seconds between connection attempts (default=5). .\"********************************************************* .TP .B \-\-connect-timeout n @@ -474,12 +470,15 @@ seconds (default=10). .\"********************************************************* .TP .B \-\-connect-retry-max n -For -.B \-\-proto tcp-client, -take .B n -as the -number of retries of connection attempt (default=infinite). +specifies the number of times all +.B \-\-remote +respectively +.B <connection> +statements are tried. Specifiying +.B n +as one would try each entry exactly once. A sucessful connection +resets the counter. (default=umlimited). .\"********************************************************* .TP .B \-\-show-proxy-settings @@ -651,18 +650,18 @@ peer on its new IP address. .\"********************************************************* .TP .B \-\-port port -TCP/UDP port number for both local and remote. The current +TCP/UDP port number or port name for both local and remote. The current default of 1194 represents the official IANA port number assignment for OpenVPN and has been used since version 2.0-beta17. Previous versions used port 5000 as the default. .\"********************************************************* .TP .B \-\-lport port -TCP/UDP port number for bind. +TCP/UDP port number or name for bind. .\"********************************************************* .TP .B \-\-rport port -TCP/UDP port number for remote. +TCP/UDP port number or name for remote. .\"********************************************************* .TP .B \-\-bind @@ -1886,7 +1885,7 @@ is a safety precaution to prevent a LD_PRELOAD style attack from a malicious or compromised server. .\"********************************************************* .TP -.B \-\-script-security level [method] +.B \-\-script-security level This directive offers policy-level control over OpenVPN's usage of external programs and scripts. Lower .B level @@ -1905,24 +1904,40 @@ Allow calling of built-in executables and user-defined scripts. .B 3 \-\- Allow passwords to be passed to scripts via environmental variables (potentially unsafe). -The +OpenVPN releases before v2.3 also supported a .B method -parameter indicates how OpenVPN should call external commands and scripts. -Settings for -.B method: +flag which indicated how OpenVPN should call external commands and scripts. This +could be either +.B execve +or +.B system. +As of OpenVPN v2.3, this flag is no longer accepted. In most *nix environments the execve() +approach has been used without any issues. + +To run scripts in Windows in earlier OpenVPN +versions you needed to either add a full path to the script interpreter which can parse the +script or use the +.B system +flag to run these scripts. As of OpenVPN v2.3 it is now a strict requirement to have +full path to the script interpreter when running non-executables files. +This is not needed for executable files, such as .exe, .com, .bat or .cmd files. For +example, if you have a Visual Basic script, you must use this syntax now: -.B execve \-\- -(default) Use execve() function on Unix family OSes and CreateProcess() on Windows. -.br -.B system \-\- -Use system() function (deprecated and less safe since the external program command -line is subject to shell expansion). +.nf +.ft 3 +.in +4 +\-\-up 'C:\\\\Windows\\\\System32\\\\wscript.exe C:\\\\Program\\ Files\\\\OpenVPN\\\\config\\\\my-up-script.vbs' +.in -4 +.ft +.fi -The -.B \-\-script-security -option was introduced in OpenVPN 2.1_rc9. For configuration file compatibility -with previous OpenVPN versions, use: -.B \-\-script-security 3 system +Please note the single quote marks and the escaping of the backslashes (\\) and +the space character. + +The reason the support for the +.B system +flag was removed is due to the security implications with shell expansions +when executing scripts via the system() call. .\"********************************************************* .TP .B \-\-disable-occ @@ -2464,6 +2479,11 @@ Allow management interface to override .B \-\-remote directives (client-only). .\"********************************************************* +.B \-\-management-external-key +Allows usage for external private key file instead of +.B \-\-key +option (client-only). +.\"********************************************************* .TP .B \-\-management-forget-disconnect Make OpenVPN forget passwords when management session @@ -5675,7 +5695,7 @@ Set on program initiation and reset on SIGHUP. .\"********************************************************* .TP .B local_port -The local port number, specified by +The local port number or name, specified by .B \-\-port or .B \-\-lport. |