diff options
author | Arne Schwabe <arne@rfc2549.org> | 2012-08-23 23:21:00 +0200 |
---|---|---|
committer | David Sommerseth <davids@redhat.com> | 2012-09-02 20:18:26 +0200 |
commit | 0979ec7e9109da95ad56e9365a89701fee11c72c (patch) | |
tree | a3f3b08297586ab2683ca1644721faba864c6e02 | |
parent | e1f6121d6c189c59b367890e82efe369e08861b4 (diff) | |
download | openvpn-0979ec7e9109da95ad56e9365a89701fee11c72c.tar.gz openvpn-0979ec7e9109da95ad56e9365a89701fee11c72c.tar.xz openvpn-0979ec7e9109da95ad56e9365a89701fee11c72c.zip |
Document the inlining of files in openvpn and document key-direction
This patch documents the usage of inline files in OpenVPN. Hackish ways of
inline files are deliberately left out. For tls-auth and
secret the key-direction option is right way of specifying the direction
and not by using two tls-auth/secret lines where the first sets the
direction and has a dummy file name and the second sets the inline file
data but does not reset the direction parameter.
Also pkcs12 [[INLINE]] base64encoded_data works but is a quirk of how the
config parser works
Signed-off-by: Arne Schwabe <arne@rfc2549.org>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: 1345756860-2044-1-git-send-email-arne@rfc2549.org
URL: http://article.gmane.org/gmane.network.openvpn.devel/7006
Signed-off-by: David Sommerseth <davids@redhat.com>
-rw-r--r-- | doc/openvpn.8 | 39 |
1 files changed, 39 insertions, 0 deletions
diff --git a/doc/openvpn.8 b/doc/openvpn.8 index 56be29e..f40ef1f 100644 --- a/doc/openvpn.8 +++ b/doc/openvpn.8 @@ -3621,6 +3621,14 @@ would see nothing but random-looking data. .\"********************************************************* .TP +.B \-\-key-direction +Alternative way of specifying the optional direction parameter for the +.B \-\-tls-auth +and +.B \-\-secret +options. Useful when using inline files (See section on inline files). +.\"********************************************************* +.TP .B \-\-auth alg Authenticate packets with HMAC using message digest algorithm @@ -5901,6 +5909,37 @@ X509_1_C=KG .ft .fi .\"********************************************************* +.SH INLINE FILE SUPPORT +OpenVPN allows including files in the main configuration for the +.B \-\-ca, \-\-cert, \-\-dh, \-\-extra-certs, \-\-key, \-\-pkcs12, \-\-secret +and +.B \-\-tls-auth +options. + +Each inline file started by the line +.B <option> +and ended by the line +.B </option> + +Here is an example of an inline file usage + +.nf +.ft 3 +.in +4 +<cert> +-----BEGIN CERTIFICATE----- +[...] +-----END CERTIFICATE----- +</cert> +.in -4 +.ft +.fi + +When using the inline file feature with +.B \-\-pkcs12 +the inline file has to be base64 encoded. Encoding of a .p12 file into base64 can be done for example with OpenSSL by running +.B openssl base64 -in input.p12 + .SH SIGNALS .TP .B SIGHUP |