summaryrefslogtreecommitdiff
path: root/openvpn/doc
diff options
context:
space:
mode:
Diffstat (limited to 'openvpn/doc')
-rw-r--r--openvpn/doc/openvpn.826
1 files changed, 26 insertions, 0 deletions
diff --git a/openvpn/doc/openvpn.8 b/openvpn/doc/openvpn.8
index 868fb841..573d6a80 100644
--- a/openvpn/doc/openvpn.8
+++ b/openvpn/doc/openvpn.8
@@ -1895,6 +1895,13 @@ It is also possible to tag a single directive so as not to trigger
a fatal error if the directive isn't recognized. To do this,
prepend the following before the directive:
.B setenv opt
+
+Versions prior to OpenVPN 2.3.3 will always ignore options set with the
+.B setenv opt
+directive.
+
+See also
+.B \-\-ignore-unknown-option
.\"*********************************************************
.TP
.B \-\-setenv-safe name value
@@ -1908,6 +1915,25 @@ is a safety precaution to prevent a LD_PRELOAD style attack
from a malicious or compromised server.
.\"*********************************************************
.TP
+.B \-\-ignore-unknown-option opt1 opt2 opt3 ... optN
+When one of options
+.B opt1 ... optN
+is encountered in the configuration file the configuration
+file parsing does not fail if this OpenVPN version does not
+support the option. Multiple
+.B \-\-ignore-unknown-option
+options can be given to support a larger number of options to ignore.
+
+This option should be used with caution, as there are good security
+reasons for having OpenVPN fail if it detects problems in a
+config file. Having said that, there are valid reasons for wanting
+new software features to gracefully degrade when encountered by
+older software versions.
+
+.B \-\-ignore-unknown-option
+is available since OpenVPN 2.3.3.
+.\"*********************************************************
+.TP
.B \-\-script-security level
This directive offers policy-level control over OpenVPN's usage of external programs
and scripts. Lower