From 0aee9ca7e76887fb5752c15ef63bfb7a356df06e Mon Sep 17 00:00:00 2001
From: james <james@e7ae566f-a301-0410-adde-c780ea21d3b5>
Date: Mon, 21 Jan 2008 19:34:13 +0000
Subject: Allow OpenVPN to run completely unprivileged under Linux by allowing
 openvpn --mktun to be used with --user and --group to set the UID/GID of the
 tun device node.  Also added --iproute option to allow an alternative command
 to be executed in place of the default iproute2 command (Alon Bar-Lev).

git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2639 e7ae566f-a301-0410-adde-c780ea21d3b5
---
 openvpn.8 | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

(limited to 'openvpn.8')

diff --git a/openvpn.8 b/openvpn.8
index 6446c5b..df276e7 100644
--- a/openvpn.8
+++ b/openvpn.8
@@ -71,6 +71,8 @@ openvpn \- secure IP tunnel daemon.
 [\ \fB\-\-dev\-type\fR\ \fIdevice\-type\fR\ ]
 [\ \fB\-\-dev\-node\fR\ \fInode\fR\ ]
 [\ \fB\-\-lladdr\fR\ \fIaddress\fR\ ]
+[\ \fB\-\-user\fR\ \fIuser\fR\ ]
+[\ \fB\-\-group\fR\ \fIgroup\fR\ ]
 .in -4
 .ti +4
 .hy
@@ -164,6 +166,7 @@ openvpn \- secure IP tunnel daemon.
 [\ \fB\-\-inetd\fR\ \fI[wait|nowait]\ [progname]\fR\ ]
 [\ \fB\-\-ip\-win32\fR\ \fImethod\fR\ ]
 [\ \fB\-\-ipchange\fR\ \fIcmd\fR\ ]
+[\ \fB\-\-iproute\fR\ \fIcmd\fR\ ]
 [\ \fB\-\-iroute\fR\ \fInetwork\ [netmask]\fR\ ]
 [\ \fB\-\-keepalive\fR\ \fIn\ m\fR\ ]
 [\ \fB\-\-key\-method\fR\ \fIm\fR\ ]
@@ -923,6 +926,11 @@ Specify the link layer address, more commonly known as the MAC address.
 Only applied to TAP devices.
 .\"*********************************************************
 .TP
+.B --iproute cmd
+Set alternate command to execute instead of default iproute2 command.
+May be used in order to execute OpenVPN in unprivileged environment.
+.\"*********************************************************
+.TP
 .B --ifconfig l rn
 Set TUN/TAP adapter parameters. 
 .B l
@@ -4306,6 +4314,14 @@ Remove a persistent tunnel.
 .B --dev tunX | tapX
 TUN/TAP device
 .\"*********************************************************
+.TP
+.B --user user
+Optional user to be owner of this tunnel.
+.\"*********************************************************
+.TP
+.B --group group
+Optional group to be owner of this tunnel.
+.\"*********************************************************
 .SS Windows-Specific Options:
 .\"*********************************************************
 .TP
-- 
cgit