Add to code that allows excluding routes from the VPN

--HG-- extra : rebase_source : 7e20e643cb0949520b92f7ab7b623d6856ea4ef7
author: Arne Schwabe <arne@rfc2549.org> 2014-01-21 20:37:31 +0100
committer: Arne Schwabe <arne@rfc2549.org> 2014-01-21 20:37:31 +0100
commit: b7968faa2a6dac1bd9641309ccf4c9a387bca26c (patch)
tree: b73b91ede0a7b3257dda85c056873ceb8ef0db07 /openvpn/doc
parent: f3957386eb230ab85fa7d727c96d9ca6fe122ee3 (diff)
1 files changed, 10 insertions, 0 deletions
diff --git a/openvpn/doc/openvpn.8 b/openvpn/doc/openvpn.8
index 0235c2c8..9eebf93e 100644
--- a/openvpn/doc/openvpn.8
+++ b/openvpn/doc/openvpn.8
@@ -2097,6 +2097,16 @@ In many cases, the
 parameter can point to an empty directory, however
 complications can result when scripts or restarts
 are executed after the chroot operation.
+
+Note: if OpenVPN is built using the PolarSSL SSL
+library,
+.B \-\-chroot
+will only work if a /dev/urandom device node is available
+inside the chroot directory
+.B dir.
+This is due to the way PolarSSL works (it wants to open
+/dev/urandom every time randomness is needed, not just once
+at startup) and nothing OpenVPN can influence.
 .\"*********************************************************
 .TP
 .B \-\-setcon context
author	Arne Schwabe <arne@rfc2549.org>	2014-01-21 20:37:31 +0100
committer	Arne Schwabe <arne@rfc2549.org>	2014-01-21 20:37:31 +0100
commit	b7968faa2a6dac1bd9641309ccf4c9a387bca26c (patch)
tree	b73b91ede0a7b3257dda85c056873ceb8ef0db07 /openvpn/doc
parent	f3957386eb230ab85fa7d727c96d9ca6fe122ee3 (diff)