From b7968faa2a6dac1bd9641309ccf4c9a387bca26c Mon Sep 17 00:00:00 2001 From: Arne Schwabe Date: Tue, 21 Jan 2014 20:37:31 +0100 Subject: Add to code that allows excluding routes from the VPN --HG-- extra : rebase_source : 7e20e643cb0949520b92f7ab7b623d6856ea4ef7 --- openvpn/doc/openvpn.8 | 10 ++++++++++ 1 file changed, 10 insertions(+) (limited to 'openvpn/doc') diff --git a/openvpn/doc/openvpn.8 b/openvpn/doc/openvpn.8 index 0235c2c8..9eebf93e 100644 --- a/openvpn/doc/openvpn.8 +++ b/openvpn/doc/openvpn.8 @@ -2097,6 +2097,16 @@ In many cases, the parameter can point to an empty directory, however complications can result when scripts or restarts are executed after the chroot operation. + +Note: if OpenVPN is built using the PolarSSL SSL +library, +.B \-\-chroot +will only work if a /dev/urandom device node is available +inside the chroot directory +.B dir. +This is due to the way PolarSSL works (it wants to open +/dev/urandom every time randomness is needed, not just once +at startup) and nothing OpenVPN can influence. .\"********************************************************* .TP .B \-\-setcon context -- cgit v1.2.3