summaryrefslogtreecommitdiff
path: root/openvpn/doc/openvpn.8
diff options
context:
space:
mode:
authorArne Schwabe <arne@rfc2549.org>2013-08-10 22:39:39 +0200
committerArne Schwabe <arne@rfc2549.org>2013-08-10 22:39:39 +0200
commit3cdb12b7fc8c5c1b8697697258dca0deb3124e05 (patch)
tree557c1c9bd6a7ab07f0ac96279a94060b149e7ae9 /openvpn/doc/openvpn.8
parenta7063d0d69ca7445216a24dd347fea73e43974b5 (diff)
Update openvpn source code
Diffstat (limited to 'openvpn/doc/openvpn.8')
-rw-r--r--openvpn/doc/openvpn.835
1 files changed, 35 insertions, 0 deletions
diff --git a/openvpn/doc/openvpn.8 b/openvpn/doc/openvpn.8
index 42c7bf6e..868fb841 100644
--- a/openvpn/doc/openvpn.8
+++ b/openvpn/doc/openvpn.8
@@ -804,6 +804,17 @@ also specify
or
.B \-\-dev-type tap.
+Under Mac OS X this option can be used to specify the default tun
+implementation. Using
+.B \-\-dev\-node utun
+forces usage of the native Darwin tun kernel support. Use
+.B \-\-dev\-node utunN
+to select a specific utun instance. To force using the tun.kext (/dev/tunX) use
+.B \-\-dev\-node tun
+. When not specifying a
+.B \-\-dev\-node
+option openvpn will first try to open utun, and fall back to tun.kext.
+
On Windows systems, select the TAP-Win32 adapter which
is named
.B node
@@ -1879,6 +1890,11 @@ reasons for having OpenVPN fail if it detects problems in a
config file. Having said that, there are valid reasons for wanting
new software features to gracefully degrade when encountered by
older software versions.
+
+It is also possible to tag a single directive so as not to trigger
+a fatal error if the directive isn't recognized. To do this,
+prepend the following before the directive:
+.B setenv opt
.\"*********************************************************
.TP
.B \-\-setenv-safe name value
@@ -4234,6 +4250,15 @@ when you built your peer's certificate (see
above).
.\"*********************************************************
.TP
+.B \-\-tls-version-min version ['or-highest']
+Sets the minimum
+TLS version we will accept from the peer (default is "1.0").
+Examples for version
+include "1.0", "1.1", or "1.2". If 'or-highest' is specified
+and version is not recognized, we will only accept the highest TLS
+version supported by the local SSL implementation.
+.\"*********************************************************
+.TP
.B \-\-pkcs12 file
Specify a PKCS #12 file containing local private key,
local certificate, and root CA certificate.
@@ -5965,6 +5990,16 @@ Set prior to execution of the
script.
.\"*********************************************************
.TP
+.B tls_digest_{n}
+Contains the certificate SHA1 fingerprint/digest hash value,
+where
+.B n
+is the verification level. Only set for TLS connections. Set prior
+to execution of
+.B \-\-tls-verify
+script.
+.\"*********************************************************
+.TP
.B tls_id_{n}
A series of certificate fields from the remote peer,
where