diff options
Diffstat (limited to 'openvpn/doc')
-rw-r--r-- | openvpn/doc/Makefile.am | 5 | ||||
-rw-r--r-- | openvpn/doc/README.plugins | 47 | ||||
-rw-r--r-- | openvpn/doc/management-notes.txt | 31 | ||||
-rw-r--r-- | openvpn/doc/openvpn.8 | 18 |
4 files changed, 88 insertions, 13 deletions
diff --git a/openvpn/doc/Makefile.am b/openvpn/doc/Makefile.am index 46687b29..d33e1edd 100644 --- a/openvpn/doc/Makefile.am +++ b/openvpn/doc/Makefile.am @@ -17,8 +17,11 @@ CLEANFILES = openvpn.8.html dist_doc_DATA = \ management-notes.txt +dist_noinst_DATA = \ + README.plugins + if WIN32 -dist_noinst_DATA = openvpn.8 +dist_noinst_DATA += openvpn.8 nodist_html_DATA = openvpn.8.html openvpn.8.html: $(srcdir)/openvpn.8 $(MAN2HTML) < $(srcdir)/openvpn.8 > openvpn.8.html diff --git a/openvpn/doc/README.plugins b/openvpn/doc/README.plugins new file mode 100644 index 00000000..6e490c5a --- /dev/null +++ b/openvpn/doc/README.plugins @@ -0,0 +1,47 @@ +OpenVPN Plugins +--------------- + +Starting with OpenVPN 2.0-beta17, compiled plugin modules are +supported on any *nix OS which includes libdl or on Windows. +One or more modules may be loaded into OpenVPN using +the --plugin directive, and each plugin module is capable of +intercepting any of the script callbacks which OpenVPN supports: + +(1) up +(2) down +(3) route-up +(4) ipchange +(5) tls-verify +(6) auth-user-pass-verify +(7) client-connect +(8) client-disconnect +(9) learn-address + +See the openvpn-plugin.h file in the top-level directory of the +OpenVPN source distribution for more detailed information +on the plugin interface. + +Included Plugins +---------------- + +auth-pam -- Authenticate using PAM and a split privilege + execution model which functions even if + root privileges or the execution environment + have been altered with --user/--group/--chroot. + Tested on Linux only. + +down-root -- Enable the running of down scripts with root privileges + even if --user/--group/--chroot have been used + to drop root privileges or change the execution + environment. Not applicable on Windows. + +examples -- A simple example that demonstrates a portable + plugin, i.e. one which can be built for *nix + or Windows from the same source. + +Building Plugins +---------------- + +cd to the top-level directory of a plugin, and use the +"make" command to build it. The examples plugin is +built using a build script, not a makefile. diff --git a/openvpn/doc/management-notes.txt b/openvpn/doc/management-notes.txt index 785eb881..a07a5142 100644 --- a/openvpn/doc/management-notes.txt +++ b/openvpn/doc/management-notes.txt @@ -719,6 +719,37 @@ use this command: remote SKIP +COMMAND -- proxy (OpenVPN 2.3 or higher) +-------------------------------------------- + +Provide proxy server host/port and flags in response to a >PROXY +notification (client only). Requires that the --management-query-proxy +directive is used. + + proxy TYPE HOST PORT ["nct"] + +The "proxy" command must only be given in response to a >PROXY +notification. Use the "nct" flag if you only want to allow +non-cleartext auth with the proxy server. The following >PROXY +notification indicates that the client config file would ordinarily +connect to the first --remote configured, vpn.example.com using TCP: + + >PROXY:1,TCP,vpn.example.com + +Now, suppose we want to connect to the remote host using the proxy server +proxy.intranet port 8080 with secure authentication only, if required. +After receiving the above notification, use this command: + + proxy HTTP proxy.intranet 8080 nct + +You can also use the SOCKS keyword to pass a SOCKS server address, like: + + proxy SOCKS fe00::1 1080 + +To accept connecting to the host and port directly, use this command: + + proxy NONE + OUTPUT FORMAT ------------- diff --git a/openvpn/doc/openvpn.8 b/openvpn/doc/openvpn.8 index f420d584..56be29ec 100644 --- a/openvpn/doc/openvpn.8 +++ b/openvpn/doc/openvpn.8 @@ -482,18 +482,6 @@ as the number of retries of connection attempt (default=infinite). .\"********************************************************* .TP -.B \-\-auto-proxy -Try to sense HTTP or SOCKS proxy settings automatically. -If no settings are present, a direct connection will be attempted. -If both HTTP and SOCKS settings are present, HTTP will be preferred. -If the HTTP proxy server requires a password, it will be queried from -stdin or the management interface. If the underlying OS doesn't support an API for -returning proxy settings, a direct connection will be attempted. -Currently, only Windows clients support this option via the -InternetQueryOption API. -This option exists in OpenVPN 2.1 or higher. -.\"********************************************************* -.TP .B \-\-show-proxy-settings Show sensed HTTP or SOCKS proxy settings. Currently, only Windows clients support this option. @@ -2458,6 +2446,12 @@ for inputs which ordinarily would have been queried from the console. .\"********************************************************* .TP +.B \-\-management-query-proxy +Query management channel for proxy server information for a specific +.B \-\-remote +(client-only). +.\"********************************************************* +.TP .B \-\-management-query-remote Allow management interface to override .B \-\-remote |