diff options
author | James Yonan <james@openvpn.net> | 2011-06-12 01:14:36 +0000 |
---|---|---|
committer | James Yonan <james@openvpn.net> | 2011-06-12 01:14:36 +0000 |
commit | 7fb0e07ec3f7c5f6514523085dbe02ea6b8933e2 (patch) | |
tree | de7e157cc9c513a1870ae9bce16b04fd908e9295 /openvpn.8 | |
parent | 759873034018f597e52dfbbfe91ff9d20530ea91 (diff) | |
download | openvpn-7fb0e07ec3f7c5f6514523085dbe02ea6b8933e2.tar.gz openvpn-7fb0e07ec3f7c5f6514523085dbe02ea6b8933e2.tar.xz openvpn-7fb0e07ec3f7c5f6514523085dbe02ea6b8933e2.zip |
Added redirect-gateway block-local flag, with support for
Linux, Mac OS X, and Linux. This flag (which is pushable
from server) blocks client access to local LAN while VPN
session is active.
Added standalone --show-gateway option to show info about
default gateway.
Extensively refactored get_default_gateway function in
route.c to ease implementation of block-local.
Removed "Experimental" disclaimer from redirect-gateway
man page.
Version 2.1.3y.
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@7334 e7ae566f-a301-0410-adde-c780ea21d3b5
Diffstat (limited to 'openvpn.8')
-rw-r--r-- | openvpn.8 | 16 |
1 files changed, 12 insertions, 4 deletions
@@ -1093,8 +1093,8 @@ addresses in packets. .\"********************************************************* .TP .B --redirect-gateway flags... -(Experimental) Automatically execute routing commands to cause all outgoing IP traffic -to be redirected over the VPN. +Automatically execute routing commands to cause all outgoing IP traffic +to be redirected over the VPN. This is a client-side option. This option performs three steps: @@ -1126,13 +1126,18 @@ Option flags: .B local -- Add the .B local -flag if both OpenVPN servers are directly connected via a common subnet, +flag if both OpenVPN nodes are directly connected via a common subnet, such as with wireless. The .B local flag will cause step .B 1 above to be omitted. +.B autolocal -- +Try to automatically determine whether to enable +.B local +flag above. + .B def1 -- Use this flag to override the default gateway by using 0.0.0.0/1 and 128.0.0.0/1 @@ -1151,7 +1156,10 @@ bypasses the tunnel (Available on Windows clients, may not be available on non-Windows clients). -Using the def1 flag is highly recommended. +.B block-local -- +Block access to local LAN when the tunnel is active, except for +the LAN gateway itself. This is accomplished by routing the local +LAN (except for the LAN gateway address) into the tunnel. .\"********************************************************* .TP .B --link-mtu n |