~ubuntu-branches/ubuntu/utopic/openvpn/utopic-proposed

Viewing changes to openvpn.8

Committer: Package Import Robot
Author(s): Stéphane Graber
Date: 2012-02-25 21:08:48 UTC
mfrom: (10.2.18 sid)
Revision ID: package-import@ubuntu.com-20120225210848-s4tqi61yt6pp9rbf

Tags: 2.2.1-5ubuntu1

* Merge from Debian unstable. Remaining changes: (LP: #907828)
  + debian/openvpn.init.d:
    - Do not use start-stop-daemon and </dev/null to avoid blocking boot.
    - Show per-VPN result messages.
    - Add "--script-security 2" by default for backwards compatabliity.
  + debian/control: Add lsb-base >= 3.2-14 to allow status_of_proc()

files added:
.pc/accommodate_typo.patch

.pc/accommodate_typo.patch/occ.c

.pc/manpage_fixes.patch

.pc/manpage_fixes.patch/openvpn.8

debian/patches/accommodate_typo.patch

debian/patches/manpage_fixes.patch

files modified:
.pc/applied-patches

debian/README.Debian

debian/changelog

debian/control

debian/default

debian/openvpn.init.d

debian/patches/series

debian/po/ca.po

debian/po/cs.po

debian/po/da.po

debian/po/de.po

debian/po/es.po

debian/po/eu.po

debian/po/fi.po

debian/po/fr.po

debian/po/gl.po

debian/po/it.po

debian/po/ja.po

debian/po/nb.po

debian/po/nl.po

debian/po/pt.po

debian/po/pt_BR.po

debian/po/ru.po

debian/po/sv.po

debian/po/templates.pot

debian/po/vi.po

debian/rules

occ.c

openvpn.8

Show diffs side-by-side

added added

removed removed

openvpn.8

.\" 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA

.\"

.\" Manual page for openvpn

.\"

.\" SH section heading

.\" SS subsection heading

.\" LP paragraph

.\" IP indented paragraph

.\" TP hanging label

.\"

.\" .nf -- no formatting

.\" .fi -- resume formatting

.\" .ft 3 -- boldface

3620

This option is only relevant in UDP mode, i.e.

3621

when either

3622

.B \-\-proto udp

3623

is specifed, or no

3623

is specified, or no

3624

.B \-\-proto

3625

option is specified.

3626

4352

.TP

4353

.B \-\-tls-export-cert directory

4354

Store the certificates the clients uses upon connection to this

4355

directory. This will be done before --tls-verify is called. The

4355

directory. This will be done before \-\-tls-verify is called. The

4356

certificates will use a temporary name and will be deleted when

4357

the tls-verify script returns. The file name used for the certificate

4358

is available via the peer_cert environment variable.

4362

Field in x509 certificate subject to be used as username (default=CN).

4363

.B Fieldname

4364

will be uppercased before matching. When this option is used, the

4365

--tls-remote option will match against the chosen fieldname instead

4365

\-\-tls-remote option will match against the chosen fieldname instead

4366

of the CN.

4367

.\"*********************************************************

4368

.TP

4664

.B \-\-dev tun

4665

mode, OpenVPN will cause the DHCP server to masquerade as if it were

4666

coming from the remote endpoint. The optional offset parameter is

4667

an integer which is > -256 and < 256 and which defaults to 0.

4667

an integer which is > \-256 and < 256 and which defaults to 0.

4668

If offset is positive, the DHCP server will masquerade as the IP

4669

address at network address + offset.

4670

If offset is negative, the DHCP server will masquerade as the IP

4958

documentation of the IPv6-related options. More documentation can be

4959

found on http://www.greenie.net/ipv6/openvpn.html.

4960

.TP

4961

.B --ifconfig-ipv6 ipv6addr/bits ipv6remote

4961

.B \-\-ifconfig-ipv6 ipv6addr/bits ipv6remote

4962

configure IPv6 address

4963

.B ipv6addr/bits

4964

on the ``tun'' device. The second parameter is used as route target for

4965

.B --route-ipv6

4965

.B \-\-route-ipv6

4966

if no gateway is specified.

4967

.TP

4968

.B --route-ipv6 ipv6addr/bits [gateway] [metric]

4968

.B \-\-route-ipv6 ipv6addr/bits [gateway] [metric]

4969

setup IPv6 routing in the system to send the specified IPv6 network

4970

into OpenVPN's ``tun'' device

4971

.TP

4972

.B --server-ipv6 ipv6addr/bits

4972

.B \-\-server-ipv6 ipv6addr/bits

4973

convenience-function to enable a number of IPv6 related options at

4974

once, namely

4975

.B --ifconfig-ipv6, --ifconfig-ipv6-pool, --tun-ipv6

4975

.B \-\-ifconfig-ipv6, \-\-ifconfig-ipv6-pool, \-\-tun-ipv6

4976

and

4977

.B --push tun-ipv6

4978

Is only accepted if ``--mode server'' or ``--server'' is set.

4977

.B \-\-push tun-ipv6

4978

Is only accepted if ``\-\-mode server'' or ``\-\-server'' is set.

4979

.TP

4980

.B --ifconfig-ipv6-pool ipv6addr/bits

4980

.B \-\-ifconfig-ipv6-pool ipv6addr/bits

4981

Specify an IPv6 address pool for dynamic assignment to clients. The

4982

pool starts at

4983

.B ipv6addr

4985

.B /bits

4986

setting controls the size of the pool.

4987

.TP

4988

.B --ifconfig-ipv6-push ipv6addr/bits ipv6remote

4988

.B \-\-ifconfig-ipv6-push ipv6addr/bits ipv6remote

4989

for ccd/ per-client static IPv6 interface configuration, see

4990

.B --client-config-dir

4990

.B \-\-client-config-dir

4991

and

4992

.B --ifconfig-push

4992

.B \-\-ifconfig-push

4993

for more details.

4994

.TP

4995

.B --iroute-ipv6 ipv6addr/bits

4995

.B \-\-iroute-ipv6 ipv6addr/bits

4996

for ccd/ per-client static IPv6 route configuration, see

4997

.B --iroute

4997

.B \-\-iroute

4998

for more details how to setup and use this, and how

4999

.B --iroute

4999

.B \-\-iroute

5000

and

5001

.B --route

5001

.B \-\-route

5002

interact.

5003

5004

.\"*********************************************************

5417

.TP

5418

.B peer_cert

5419

Temporary file name containing the client certificate upon

5420

connection. Useful in conjunction with --tls-verify

5420

connection. Useful in conjunction with \-\-tls-verify

5421

.\"*********************************************************

5422

.TP

5423

.B script_context

Older »