Changes between Version 2 and Version 3 of DeprecatedOptions
- Timestamp:
- 08/17/17 15:25:10 (7 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
DeprecatedOptions
v2 v3 155 155 || ||`--remote-cert-tls client` || 156 156 As of OpenSSL v1.1, the nsCertType extension in X.509 certificates are no longer supported. This extension is old and have been deprecated for a long time. The replacement option, `---remote-cert-tls` is a macro which sets the `--remote-cert-ku` and `--remote-cert-eku` to appropriate values, depending on it is wanted to check if the remote provided certificate is a server or client certificate. As the extended key usage extension is far more commonly used today, this is effectively the equivalent of `--ns-cert-type`. For the time being, if `--ns-cert-type` is used in OpenVPN v2.5 or later, it will currently be re-mapped to `--remote-cert-tls` and complain about a deprecated option being used. 157 158 159 == `--tun-ipv6` == 160 ||=Status =||Removed in OpenVPN 2.4l || 161 ||=Deprecated in: =||OpenVPN v2.4 || 162 ||=To be removed in: =||'''OpenVPN v2.4 || 163 ||=Affects: =||Client and server || 164 ||=Result if used: =||OpenVPN will complain and remap to replacement option|| 165 ||=Replaced by: =|| -- || 166 ||=Examples: =||`--tun-ipv6` || 167 168 This option was useful when IPv6 tun support was non standard and was an 169 internal/user specified flag that tracked the Ipv6 capability of the tun 170 device. 171 172 Today, all supported OS support IPv6 and indicating explicit support is not needed anymore. Also tun-ipv6 is pushable by the remote so 173 not putting tun-ipv6 does not forbid ipv6 addresses. 174