From 7fb0e07ec3f7c5f6514523085dbe02ea6b8933e2 Mon Sep 17 00:00:00 2001
From: James Yonan <james@openvpn.net>
Date: Sun, 12 Jun 2011 01:14:36 +0000
Subject: Added redirect-gateway block-local flag, with support for Linux, Mac
 OS X, and Linux.  This flag (which is pushable from server) blocks client
 access to local LAN while VPN session is active.

Added standalone --show-gateway option to show info about
default gateway.

Extensively refactored get_default_gateway function in
route.c to ease implementation of block-local.

Removed "Experimental" disclaimer from redirect-gateway
man page.

Version 2.1.3y.


git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@7334 e7ae566f-a301-0410-adde-c780ea21d3b5
---
 openvpn.8 | 16 ++++++++++++----
 1 file changed, 12 insertions(+), 4 deletions(-)

(limited to 'openvpn.8')

diff --git a/openvpn.8 b/openvpn.8
index 29eb00b..1c5ca0d 100644
--- a/openvpn.8
+++ b/openvpn.8
@@ -1093,8 +1093,8 @@ addresses in packets.
 .\"*********************************************************
 .TP
 .B --redirect-gateway flags...
-(Experimental) Automatically execute routing commands to cause all outgoing IP traffic
-to be redirected over the VPN.
+Automatically execute routing commands to cause all outgoing IP traffic
+to be redirected over the VPN.  This is a client-side option.
 
 This option performs three steps:
 
@@ -1126,13 +1126,18 @@ Option flags:
 .B local --
 Add the
 .B local
-flag if both OpenVPN servers are directly connected via a common subnet,
+flag if both OpenVPN nodes are directly connected via a common subnet,
 such as with wireless.  The
 .B local
 flag will cause step
 .B 1
 above to be omitted.
 
+.B autolocal --
+Try to automatically determine whether to enable
+.B local
+flag above.
+
 .B def1 --
 Use this flag to override
 the default gateway by using 0.0.0.0/1 and 128.0.0.0/1
@@ -1151,7 +1156,10 @@ bypasses the tunnel
 (Available on Windows clients, may not be available
 on non-Windows clients).
 
-Using the def1 flag is highly recommended.
+.B block-local --
+Block access to local LAN when the tunnel is active, except for
+the LAN gateway itself.  This is accomplished by routing the local
+LAN (except for the LAN gateway address) into the tunnel.
 .\"*********************************************************
 .TP
 .B --link-mtu n
-- 
cgit