From 0393ba6656ce6cf679a2c4663275b3ed0f1a34b9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Parm=C3=A9nides=20GV?= Date: Thu, 31 Jul 2014 12:09:49 +0200 Subject: Updated ics-openvpn to rev 859 + no 2nd notification. --- app/openvpn/doc/openvpn.8 | 57 ++++++++++++++++++++++++++++++++++++++--------- 1 file changed, 46 insertions(+), 11 deletions(-) (limited to 'app/openvpn/doc') diff --git a/app/openvpn/doc/openvpn.8 b/app/openvpn/doc/openvpn.8 index 34894e5a..aee0bc83 100644 --- a/app/openvpn/doc/openvpn.8 +++ b/app/openvpn/doc/openvpn.8 @@ -1621,7 +1621,7 @@ and in server mode configurations. The server timeout is set twice the value of the second argument. -This ensures that a timeout is dectected on client side +This ensures that a timeout is detected on client side before the server side drops the connection. For example, @@ -2502,7 +2502,7 @@ Normally, adaptive compression is enabled with .B \-\-comp-lzo. Adaptive compression tries to optimize the case where you have -compression enabled, but you are sending predominantly uncompressible +compression enabled, but you are sending predominantly incompressible (or pre-compressed) packets over the tunnel, such as an FTP or rsync transfer of a large, compressed file. With adaptive compression, OpenVPN will periodically sample the compression process to measure its @@ -2704,7 +2704,7 @@ on sufficiently fast hardware. SSL/TLS authentication must be used in this mode. .\"********************************************************* .TP -.B \-\-server network netmask +.B \-\-server network netmask ['nopool'] A helper directive designed to simplify the configuration of OpenVPN's server mode. This directive will set up an OpenVPN server which will allocate addresses to clients @@ -2739,6 +2739,9 @@ expands as follows: if !nopool: ifconfig-pool 10.8.0.2 10.8.0.254 255.255.255.0 push "route-gateway 10.8.0.1" + if route-gateway unset: + route-gateway 10.8.0.2 + .in -4 .ft .fi @@ -3542,7 +3545,7 @@ like this: .B /C=US/L=Somewhere/CN=John Doe/emailAddress=john@example.com .IP -In addition the old behavivour was to remap any character other than +In addition the old behaviour was to remap any character other than alphanumeric, underscore ('_'), dash ('-'), dot ('.'), and slash ('/') to underscore ('_'). The X.509 Subject string as returned by the .B tls_id @@ -4399,7 +4402,7 @@ A different mode can be specified for each provider. Mode is encoded as hex number, and can be a mask one of the following: .B 0 -(default) \-\- Try to determind automatically. +(default) \-\- Try to determine automatically. .br .B 1 \-\- Use sign. @@ -4790,12 +4793,44 @@ the tls-verify script returns. The file name used for the certificate is available via the peer_cert environment variable. .\"********************************************************* .TP -.B \-\-x509-username-field fieldname -Field in x509 certificate subject to be used as username (default=CN). -.B Fieldname -will be uppercased before matching. When this option is used, the -.B \-\-verify-x509-username -option will match against the chosen fieldname instead of the CN. +.B \-\-x509-username-field [ext:\]fieldname +Field in the X.509 certificate subject to be used as the username (default=CN). +Typically, this option is specified with +.B fieldname +as either of the following: + +.B \-\-x509-username-field +emailAddress +.br +.B \-\-x509-username-field ext:\fRsubjectAltName + +The first example uses the value of the "emailAddress" attribute in the +certificate's Subject field as the username. The second example uses +the +.B ext: +prefix to signify that the X.509 extension +.B fieldname +"subjectAltName" be searched for an rfc822Name (email) field to be used +as the username. In cases where there are multiple email addresses +in +.B ext:fieldname\fR, +the last occurrence is chosen. + +When this option is used, the +.B \-\-verify-x509-name +option will match against the chosen +.B fieldname +instead of the Common Name. + +.B Please note: +This option has a feature which will convert an all-lowercase +.B fieldname +to uppercase characters, e.g., ou -> OU. A mixed-case +.B fieldname +or one having the +.B ext: +prefix will be left as-is. This automatic upcasing feature +is deprecated and will be removed in a future release. .\"********************************************************* .TP .B \-\-tls-remote name (DEPRECATED) -- cgit v1.2.3