summaryrefslogtreecommitdiff
path: root/main/openvpn/doc
diff options
context:
space:
mode:
Diffstat (limited to 'main/openvpn/doc')
-rw-r--r--main/openvpn/doc/android.txt24
1 files changed, 15 insertions, 9 deletions
diff --git a/main/openvpn/doc/android.txt b/main/openvpn/doc/android.txt
index cf8b3c79..137edfc5 100644
--- a/main/openvpn/doc/android.txt
+++ b/main/openvpn/doc/android.txt
@@ -55,6 +55,21 @@ To set the DNS server and search domain.
The GUI will then respond with a "needok 'command' ok' or "needok
'command' cancel', e.g. "needok 'IFCONFIG' ok".
+PERSIST_TUN_ACTION
+
+In Android 4.4-4.4.2 a bug exists that does not allow to open a new tun fd
+while a tun fd is still open. When OpenVPN wants to open an fd it will do
+this query. The UI should compare the last configuration of
+the tun device with the current tun configuration and reply with either (or
+always respond with OPEN_AFTER_BEFORE/OPEN_BEFORE_CLOSE)
+
+- NOACTION: Keep using the old fd
+- OPEN_AFTER_CLOSE: First close the old fd and then open a new to workaround the bug
+- OPEN_BEFORE_CLOSE: the normal behaviour when the VPN configuration changed
+
+For example the UI could respond with
+needok 'PERSIST_TUN_ACTION' OPEN_AFTER_CLOSE
+
To protect a socket the OpenVPN will send a PROTECTFD to the UI.
When sending the PROTECTFD command command to the UI it will send
the fd of the socket as ancillary message over the UNIX socket.
@@ -74,12 +89,3 @@ are not specific to Android but are rarely used on other platform.
For example using SIGUSR1 and management-hold to restart, pause,
continue the VPN on network changes or the external key management
--management-external-key option and inline files.
-
-Due to a bug in Android 4.4-4.4.2 there the Android Control will also
-query what action the daemon should take when opening the fd. The GUI
-should compare the last configuration of the tun device with the current
-tun configuration and reply with either
-
-- NOACTION: Keep using the old fd
-- OPEN_AFTER_CLOSE: First close the old fd and then open a new to workaround the bug
-- OPEN_BEFORE_CLOSE: the normal behaviour when the VPN configuration changed