openvpn.git/doc, branch release/2.3 Copy of the official OpenVPN git repo Document --daemon changes and consequences (--askpass, --auth-nocache). 2015-07-14T08:13:58+00:00 Gert Doering gert@greenie.muc.de 2015-07-14T07:09:54+00:00 dda40aedfb87d77afcef52376cd3e4778ba0370b Trac #574, #576 Signed-off-by: Gert Doering <gert@greenie.muc.de> Acked-by: Steffan Karger <steffan.karger@fox-it.com> Message-Id: <1436857794-29419-1-git-send-email-gert@greenie.muc.de> URL: http://article.gmane.org/gmane.network.openvpn.devel/9923 (cherry picked from commit b6ec7fbe96f4e200b8962ef6bb572bbb2228133e) 
Trac #574, #576

Signed-off-by: Gert Doering <gert@greenie.muc.de>
Acked-by: Steffan Karger <steffan.karger@fox-it.com>
Message-Id: <1436857794-29419-1-git-send-email-gert@greenie.muc.de>
URL: http://article.gmane.org/gmane.network.openvpn.devel/9923
(cherry picked from commit b6ec7fbe96f4e200b8962ef6bb572bbb2228133e)
Improve documentation in --script-security section of the man-page 2015-06-02T08:05:51+00:00 Samuli Seppänen samuli@openvpn.net 2015-06-02T07:59:42+00:00 9f1d4545049bb643bf214498709e2af001bbe106 Trac: #395 Signed-off-by: Samuli Seppänen <samuli@openvpn.net> Acked-by: Gert Doering <gert@greenie.muc.de> Message-Id: <1433231982-24945-1-git-send-email-samuli@openvpn.net> URL: http://article.gmane.org/gmane.network.openvpn.devel/9777 Signed-off-by: Gert Doering <gert@greenie.muc.de> (cherry picked from commit 001384e2952b54089e889edbda3196283b21641d) 
Trac: #395

Signed-off-by: Samuli Seppänen <samuli@openvpn.net>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <1433231982-24945-1-git-send-email-samuli@openvpn.net>
URL: http://article.gmane.org/gmane.network.openvpn.devel/9777
Signed-off-by: Gert Doering <gert@greenie.muc.de>
(cherry picked from commit 001384e2952b54089e889edbda3196283b21641d)
slightly enhance documentation about --cipher 2015-05-27T07:10:13+00:00 Gert Doering gert@greenie.muc.de 2015-05-26T21:01:03+00:00 7327e46c922e3cfe6b797b1f20ea9cffd6e6b522 point out that this is for "data channel" packets trac #463 Signed-off-by: Gert Doering <gert@greenie.muc.de> Acked-by: Steffan Karger <steffan.karger@fox-it.com> Message-Id: <1432674063-15916-1-git-send-email-gert@greenie.muc.de> URL: http://article.gmane.org/gmane.network.openvpn.devel/9746 (cherry picked from commit 0fe2498ef9326e301869c9e8a9e622a3996ae579) 
point out that this is for "data channel" packets

trac #463

Signed-off-by: Gert Doering <gert@greenie.muc.de>
Acked-by: Steffan Karger <steffan.karger@fox-it.com>
Message-Id: <1432674063-15916-1-git-send-email-gert@greenie.muc.de>
URL: http://article.gmane.org/gmane.network.openvpn.devel/9746
(cherry picked from commit 0fe2498ef9326e301869c9e8a9e622a3996ae579)
Disallow usage of --server-poll-timeout in --secret key mode. 2015-05-24T19:30:37+00:00 Gert Doering gert@greenie.muc.de 2015-05-24T13:02:34+00:00 7895590cf1f513f508132f8987fee8fef2759df7 The internal machinery wants TLS for this to work, so just add this to the (long) list of options not allowed unless either --tls-client or --tls-server is active. For added sanity, add an ASSERT() call to the place where this combination caused a NULL ptr reference, and document the restriction. Fix trac #373 Signed-off-by: Gert Doering <gert@greenie.muc.de> Acked-by: Steffan Karger <steffan.karger@fox-it.com> Message-Id: <1432472554-24666-1-git-send-email-gert@greenie.muc.de> URL: http://article.gmane.org/gmane.network.openvpn.devel/9736 (cherry picked from commit 6478c1f359e6b0ea2046d9e2801830753e53c06a) 
The internal machinery wants TLS for this to work, so just add this
to the (long) list of options not allowed unless either --tls-client
or --tls-server is active.  For added sanity, add an ASSERT() call
to the place where this combination caused a NULL ptr reference, and
document the restriction.

Fix trac #373

Signed-off-by: Gert Doering <gert@greenie.muc.de>
Acked-by: Steffan Karger <steffan.karger@fox-it.com>
Message-Id: <1432472554-24666-1-git-send-email-gert@greenie.muc.de>
URL: http://article.gmane.org/gmane.network.openvpn.devel/9736
(cherry picked from commit 6478c1f359e6b0ea2046d9e2801830753e53c06a)
Clarify --capath option in manpage 2015-05-24T11:43:02+00:00 Steffan Karger steffan@karger.me 2015-05-24T09:45:40+00:00 1009df7d51f3fb7f898b2155aa62b8f0336e49e6 Prevent confusion as described in trac #422 by better explaining the behaviour of --capath, and providing pointers to relevant openssl man pages. Attached are patches for the master and release/2.3 branches. The only difference is that in the master patch, a line referencing the requirement for OpenSSL 0.9.7 is removed, since master already requires OpenSSL >= 0.9.8. -Steffan >From 96e564e113cc26adf22e5d4b51d5754858610c3e Mon Sep 17 00:00:00 2001 From: Steffan Karger <steffan@karger.me> Date: Sun, 24 May 2015 11:20:11 +0200 Subject: [PATCH] Clarify --capath option in manpage Prevent confusion as described in trac #422 by better explaining the behaviour of --capath, and providing pointers to relevant openssl man pages. Signed-off-by: Steffan Karger <steffan@karger.me> Acked-by: Gert Doering <gert@greenie.muc.de> Message-Id: <55619DC4.2020108@karger.me> URL: http://article.gmane.org/gmane.network.openvpn.devel/9732 Signed-off-by: Gert Doering <gert@greenie.muc.de> 
Prevent confusion as described in trac #422 by better explaining the
behaviour of --capath, and providing pointers to relevant openssl man
pages.

Attached are patches for the master and release/2.3 branches.  The only
difference is that in the master patch, a line referencing the
requirement for OpenSSL 0.9.7 is removed, since master already requires
OpenSSL >= 0.9.8.

-Steffan

>From 96e564e113cc26adf22e5d4b51d5754858610c3e Mon Sep 17 00:00:00 2001
From: Steffan Karger <steffan@karger.me>
Date: Sun, 24 May 2015 11:20:11 +0200
Subject: [PATCH] Clarify --capath option in manpage

Prevent confusion as described in trac #422 by better explaining the
behaviour of --capath, and providing pointers to relevant openssl man
pages.

Signed-off-by: Steffan Karger <steffan@karger.me>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <55619DC4.2020108@karger.me>
URL: http://article.gmane.org/gmane.network.openvpn.devel/9732
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Correct note about DNS randomization in openvpn.8 2015-05-24T07:08:38+00:00 Gert Doering gert@greenie.muc.de 2015-05-23T20:47:27+00:00 1f5668671992dced602e89634e1890711877fdc4 Commit 4880739c17b502d00a removed DNS randomization, but this fact never made it into the man page. Trac #411 Signed-off-by: Gert Doering <gert@greenie.muc.de> Acked-by: Arne Schwabe <arne@rfc2549.org> Message-Id: <1432414047-28674-1-git-send-email-gert@greenie.muc.de> URL: http://article.gmane.org/gmane.network.openvpn.devel/9726 
Commit 4880739c17b502d00a removed DNS randomization, but this fact
never made it into the man page.

Trac #411

Signed-off-by: Gert Doering <gert@greenie.muc.de>
Acked-by: Arne Schwabe <arne@rfc2549.org>
Message-Id: <1432414047-28674-1-git-send-email-gert@greenie.muc.de>
URL: http://article.gmane.org/gmane.network.openvpn.devel/9726
Re-read auth-user-pass file on (re)connect if required 2015-05-23T19:21:33+00:00 Steffan Karger steffan@karger.me 2015-05-23T13:02:25+00:00 6f789d2ec6b6aacb46ab27f1482222c6981faab6 Fixes trac #225 ('--auth-user-pass FILE' and '--auth-nocache' problem). This patch is based on the changes suggested by ye_olde_iron in the trac ticket. Also added a note to the manpage to inform people to use absolute paths when combining --auth-user-pass file and --auth-nocache. Signed-off-by: Steffan Karger <steffan@karger.me> Acked-by: Gert Doering <gert@greenie.muc.de> Message-Id: <1432386145-15045-1-git-send-email-steffan@karger.me> URL: http://article.gmane.org/gmane.network.openvpn.devel/9717 Signed-off-by: Gert Doering <gert@greenie.muc.de> (cherry picked from commit ac1cb5bfbb9e09e79fd737bc57999d968d77c5ad) 
Fixes trac #225 ('--auth-user-pass FILE' and '--auth-nocache' problem).

This patch is based on the changes suggested by ye_olde_iron in the trac
ticket.  Also added a note to the manpage to inform people to use
absolute paths when combining --auth-user-pass file and --auth-nocache.

Signed-off-by: Steffan Karger <steffan@karger.me>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <1432386145-15045-1-git-send-email-steffan@karger.me>
URL: http://article.gmane.org/gmane.network.openvpn.devel/9717
Signed-off-by: Gert Doering <gert@greenie.muc.de>
(cherry picked from commit ac1cb5bfbb9e09e79fd737bc57999d968d77c5ad)
include ifconfig_ environment variables in --up-restart env set 2015-05-23T11:39:36+00:00 Jan Just Keijser janjust@nikhef.nl 2015-05-20T02:33:20+00:00 30256bede8f7ef6c82f1c2ed0d9f6c2177002926 here's my patch for bug #93: missing ifconfig_* env vars after up-restart. Tested with both IPv4, IPv6, topology subnet and topology net30 Document differences between --up-restart and --up in openvpn.8 See trac #93 and the discussion starting with <555BF270.3090706@nikhef.nl> on the openvpn-devel mailing list. fix trac #93 Acked-by: Gert Doering <gert@greenie.muc.de> Message-Id: <555BF270.3090706@nikhef.nl> URL: http://article.gmane.org/gmane.network.openvpn.devel/9705 Signed-off-by: Gert Doering <gert@greenie.muc.de> (cherry picked from commit db950be85d37eab40d8fffe0bc2060059f8a7e10) 
here's my patch for bug #93: missing ifconfig_* env vars after
up-restart. Tested with both IPv4, IPv6, topology subnet and topology net30

Document differences between --up-restart and --up in openvpn.8

See trac #93 and the discussion starting with <555BF270.3090706@nikhef.nl>
on the openvpn-devel mailing list.

fix trac #93

Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <555BF270.3090706@nikhef.nl>
URL: http://article.gmane.org/gmane.network.openvpn.devel/9705
Signed-off-by: Gert Doering <gert@greenie.muc.de>
(cherry picked from commit db950be85d37eab40d8fffe0bc2060059f8a7e10)
Updated manpage for --rport and --lport 2015-05-18T19:30:14+00:00 Robert Fischer ml-openvpn@trispace.org 2015-05-18T19:21:09+00:00 f1fa7e35cf7c7a11c27031c7eb35c3e730a450b6 [SK: v2, patch taken from trac #127 and updated to current master branch] Signed-off-by: Robert Fischer <ml-openvpn@trispace.org> Signed-off-by: Steffan Karger <steffan@karger.me> Acked-by: Gert Doering <gert@greenie.muc.de> Message-Id: <1431976869-4948-1-git-send-email-steffan@karger.me> URL: http://article.gmane.org/gmane.network.openvpn.devel/9701 Signed-off-by: Gert Doering <gert@greenie.muc.de> (cherry picked from commit d3eacb2d6ebb8a42506343c54e00c72252d683f8) 
[SK: v2, patch taken from trac #127 and updated to current master branch]

Signed-off-by: Robert Fischer <ml-openvpn@trispace.org>
Signed-off-by: Steffan Karger <steffan@karger.me>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <1431976869-4948-1-git-send-email-steffan@karger.me>
URL: http://article.gmane.org/gmane.network.openvpn.devel/9701
Signed-off-by: Gert Doering <gert@greenie.muc.de>
(cherry picked from commit d3eacb2d6ebb8a42506343c54e00c72252d683f8)
Improve --tls-cipher and --show-tls man page description 2015-05-09T13:47:52+00:00 Steffan Karger steffan@karger.me 2015-05-05T15:47:37+00:00 98e8dbbe3d0f8489fee0e814c57122097b16da20 As reported in trac tickets #304, #358 and #359 (and possibly more), the usage and interpretation of --tls-cipher (and --show-tls) is tricky. This patch extends the man page to explain those a bit better and point out that --tls-cipher is an expert feature (i.e. easy to get wrong). Also add a notice to the --show-tls output, referring to the man page explanation. Signed-off-by: Steffan Karger <steffan@karger.me> Acked-by: Arne Schwabe <arne@rfc2549.org> Message-Id: <1430840857-6123-1-git-send-email-steffan@karger.me> URL: http://article.gmane.org/gmane.network.openvpn.devel/9651 Signed-off-by: Gert Doering <gert@greenie.muc.de> (cherry picked from commit 5f66f907cfc57b89110c08e50c7aab228e090911) Conflicts: doc/openvpn.8 src/openvpn/ssl_polarssl.c 
As reported in trac tickets #304, #358 and #359 (and possibly more), the
usage and interpretation of --tls-cipher (and --show-tls) is tricky.  This
patch extends the man page to explain those a bit better and point out
that --tls-cipher is an expert feature (i.e. easy to get wrong).  Also add
a notice to the --show-tls output, referring to the man page explanation.

Signed-off-by: Steffan Karger <steffan@karger.me>
Acked-by: Arne Schwabe <arne@rfc2549.org>
Message-Id: <1430840857-6123-1-git-send-email-steffan@karger.me>
URL: http://article.gmane.org/gmane.network.openvpn.devel/9651
Signed-off-by: Gert Doering <gert@greenie.muc.de>
(cherry picked from commit 5f66f907cfc57b89110c08e50c7aab228e090911)

Conflicts:
	doc/openvpn.8
	src/openvpn/ssl_polarssl.c