summaryrefslogtreecommitdiff
path: root/openvpn/doc
diff options
context:
space:
mode:
Diffstat (limited to 'openvpn/doc')
-rw-r--r--openvpn/doc/Makefile.am5
-rw-r--r--openvpn/doc/README.plugins47
-rw-r--r--openvpn/doc/management-notes.txt31
-rw-r--r--openvpn/doc/openvpn.818
4 files changed, 88 insertions, 13 deletions
diff --git a/openvpn/doc/Makefile.am b/openvpn/doc/Makefile.am
index 46687b29..d33e1edd 100644
--- a/openvpn/doc/Makefile.am
+++ b/openvpn/doc/Makefile.am
@@ -17,8 +17,11 @@ CLEANFILES = openvpn.8.html
dist_doc_DATA = \
management-notes.txt
+dist_noinst_DATA = \
+ README.plugins
+
if WIN32
-dist_noinst_DATA = openvpn.8
+dist_noinst_DATA += openvpn.8
nodist_html_DATA = openvpn.8.html
openvpn.8.html: $(srcdir)/openvpn.8
$(MAN2HTML) < $(srcdir)/openvpn.8 > openvpn.8.html
diff --git a/openvpn/doc/README.plugins b/openvpn/doc/README.plugins
new file mode 100644
index 00000000..6e490c5a
--- /dev/null
+++ b/openvpn/doc/README.plugins
@@ -0,0 +1,47 @@
+OpenVPN Plugins
+---------------
+
+Starting with OpenVPN 2.0-beta17, compiled plugin modules are
+supported on any *nix OS which includes libdl or on Windows.
+One or more modules may be loaded into OpenVPN using
+the --plugin directive, and each plugin module is capable of
+intercepting any of the script callbacks which OpenVPN supports:
+
+(1) up
+(2) down
+(3) route-up
+(4) ipchange
+(5) tls-verify
+(6) auth-user-pass-verify
+(7) client-connect
+(8) client-disconnect
+(9) learn-address
+
+See the openvpn-plugin.h file in the top-level directory of the
+OpenVPN source distribution for more detailed information
+on the plugin interface.
+
+Included Plugins
+----------------
+
+auth-pam -- Authenticate using PAM and a split privilege
+ execution model which functions even if
+ root privileges or the execution environment
+ have been altered with --user/--group/--chroot.
+ Tested on Linux only.
+
+down-root -- Enable the running of down scripts with root privileges
+ even if --user/--group/--chroot have been used
+ to drop root privileges or change the execution
+ environment. Not applicable on Windows.
+
+examples -- A simple example that demonstrates a portable
+ plugin, i.e. one which can be built for *nix
+ or Windows from the same source.
+
+Building Plugins
+----------------
+
+cd to the top-level directory of a plugin, and use the
+"make" command to build it. The examples plugin is
+built using a build script, not a makefile.
diff --git a/openvpn/doc/management-notes.txt b/openvpn/doc/management-notes.txt
index 785eb881..a07a5142 100644
--- a/openvpn/doc/management-notes.txt
+++ b/openvpn/doc/management-notes.txt
@@ -719,6 +719,37 @@ use this command:
remote SKIP
+COMMAND -- proxy (OpenVPN 2.3 or higher)
+--------------------------------------------
+
+Provide proxy server host/port and flags in response to a >PROXY
+notification (client only). Requires that the --management-query-proxy
+directive is used.
+
+ proxy TYPE HOST PORT ["nct"]
+
+The "proxy" command must only be given in response to a >PROXY
+notification. Use the "nct" flag if you only want to allow
+non-cleartext auth with the proxy server. The following >PROXY
+notification indicates that the client config file would ordinarily
+connect to the first --remote configured, vpn.example.com using TCP:
+
+ >PROXY:1,TCP,vpn.example.com
+
+Now, suppose we want to connect to the remote host using the proxy server
+proxy.intranet port 8080 with secure authentication only, if required.
+After receiving the above notification, use this command:
+
+ proxy HTTP proxy.intranet 8080 nct
+
+You can also use the SOCKS keyword to pass a SOCKS server address, like:
+
+ proxy SOCKS fe00::1 1080
+
+To accept connecting to the host and port directly, use this command:
+
+ proxy NONE
+
OUTPUT FORMAT
-------------
diff --git a/openvpn/doc/openvpn.8 b/openvpn/doc/openvpn.8
index f420d584..56be29ec 100644
--- a/openvpn/doc/openvpn.8
+++ b/openvpn/doc/openvpn.8
@@ -482,18 +482,6 @@ as the
number of retries of connection attempt (default=infinite).
.\"*********************************************************
.TP
-.B \-\-auto-proxy
-Try to sense HTTP or SOCKS proxy settings automatically.
-If no settings are present, a direct connection will be attempted.
-If both HTTP and SOCKS settings are present, HTTP will be preferred.
-If the HTTP proxy server requires a password, it will be queried from
-stdin or the management interface. If the underlying OS doesn't support an API for
-returning proxy settings, a direct connection will be attempted.
-Currently, only Windows clients support this option via the
-InternetQueryOption API.
-This option exists in OpenVPN 2.1 or higher.
-.\"*********************************************************
-.TP
.B \-\-show-proxy-settings
Show sensed HTTP or SOCKS proxy settings. Currently, only Windows clients
support this option.
@@ -2458,6 +2446,12 @@ for inputs which ordinarily would have been queried from the
console.
.\"*********************************************************
.TP
+.B \-\-management-query-proxy
+Query management channel for proxy server information for a specific
+.B \-\-remote
+(client-only).
+.\"*********************************************************
+.TP
.B \-\-management-query-remote
Allow management interface to override
.B \-\-remote