diff options
Diffstat (limited to 'openvpn.8')
-rw-r--r-- | openvpn.8 | 42 |
1 files changed, 33 insertions, 9 deletions
@@ -4254,11 +4254,23 @@ test). .B cmd should return 0 to allow the TLS handshake to proceed, or 1 to fail. + +Note that +.B cmd +is a command line and as such may (if enclosed in quotes) contain +whitespace separated arguments. The first word of .B cmd -is executed as +is the shell command to execute and the remaining words are its +arguments. +When +.B cmd +is executed two arguments are appended, as follows: .B cmd certificate_depth X509_NAME_oneline +These arguments are, respectively, the current certificate depth and +the X509 common name (cn) of the peer. + This feature is useful if the peer you want to trust has a certificate which was signed by a certificate authority who also signed many other certificates, where you don't necessarily want to trust all of them, @@ -4272,14 +4284,14 @@ in the OpenVPN distribution. See the "Environmental Variables" section below for additional parameters passed as environmental variables. - -Note that -.B cmd -can be a shell command with multiple arguments, in which -case all OpenVPN-generated arguments will be appended -to -.B cmd -to build a command line which will be passed to the script. +.\"********************************************************* +.TP +.B --tls-export-cert directory +Store the certificates the clients uses upon connection to this +directory. This will be done before --tls-verify is called. The +certificates will use a temporary name and will be deleted when +the tls-verify script returns. The file name used for the certificate +is available via the peer_cert environment variable. .\"********************************************************* .TP .B \-\-tls-remote name @@ -4760,6 +4772,13 @@ This option has the same caveats as above. .\"********************************************************* .TP +.B \-\-register-dns +Run net stop dnscache, net start dnscache, ipconfig /flushdns +and ipconfig /registerdns on connection initiation. +This is known to kick Windows into +recognizing pushed DNS servers. +.\"********************************************************* +.TP .B \-\-pause-exit Put up a "press any key to continue" message on the console prior to OpenVPN program exit. This option is automatically used by the @@ -5266,6 +5285,11 @@ than their names as denoted on the command line or configuration file. .\"********************************************************* .TP +.B peer_cert +Temporary file name containing the client certificate upon +connection. Useful in conjunction with --tls-verify +.\"********************************************************* +.TP .B script_context Set to "init" or "restart" prior to up/down script execution. For more information, see |