From 0979ec7e9109da95ad56e9365a89701fee11c72c Mon Sep 17 00:00:00 2001 From: Arne Schwabe Date: Thu, 23 Aug 2012 23:21:00 +0200 Subject: Document the inlining of files in openvpn and document key-direction This patch documents the usage of inline files in OpenVPN. Hackish ways of inline files are deliberately left out. For tls-auth and secret the key-direction option is right way of specifying the direction and not by using two tls-auth/secret lines where the first sets the direction and has a dummy file name and the second sets the inline file data but does not reset the direction parameter. Also pkcs12 [[INLINE]] base64encoded_data works but is a quirk of how the config parser works Signed-off-by: Arne Schwabe Acked-by: Gert Doering Message-Id: 1345756860-2044-1-git-send-email-arne@rfc2549.org URL: http://article.gmane.org/gmane.network.openvpn.devel/7006 Signed-off-by: David Sommerseth --- doc/openvpn.8 | 39 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 39 insertions(+) diff --git a/doc/openvpn.8 b/doc/openvpn.8 index 56be29e..f40ef1f 100644 --- a/doc/openvpn.8 +++ b/doc/openvpn.8 @@ -3621,6 +3621,14 @@ would see nothing but random-looking data. .\"********************************************************* .TP +.B \-\-key-direction +Alternative way of specifying the optional direction parameter for the +.B \-\-tls-auth +and +.B \-\-secret +options. Useful when using inline files (See section on inline files). +.\"********************************************************* +.TP .B \-\-auth alg Authenticate packets with HMAC using message digest algorithm @@ -5901,6 +5909,37 @@ X509_1_C=KG .ft .fi .\"********************************************************* +.SH INLINE FILE SUPPORT +OpenVPN allows including files in the main configuration for the +.B \-\-ca, \-\-cert, \-\-dh, \-\-extra-certs, \-\-key, \-\-pkcs12, \-\-secret +and +.B \-\-tls-auth +options. + +Each inline file started by the line +.B + +Here is an example of an inline file usage + +.nf +.ft 3 +.in +4 + +-----BEGIN CERTIFICATE----- +[...] +-----END CERTIFICATE----- + +.in -4 +.ft +.fi + +When using the inline file feature with +.B \-\-pkcs12 +the inline file has to be base64 encoded. Encoding of a .p12 file into base64 can be done for example with OpenSSL by running +.B openssl base64 -in input.p12 + .SH SIGNALS .TP .B SIGHUP -- cgit