Changes between Version 2 and Version 3 of DeprecatedOptions


Ignore:
Timestamp:
08/17/17 15:25:10 (7 years ago)
Author:
plaisthos
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • DeprecatedOptions

    v2 v3  
    155155|| ||`--remote-cert-tls client` ||
    156156As of OpenSSL v1.1, the nsCertType extension in X.509 certificates are no longer supported.  This extension is old and have been deprecated for a long time.  The replacement option, `---remote-cert-tls` is a macro which sets the `--remote-cert-ku` and `--remote-cert-eku` to appropriate values, depending on it is wanted to check if the remote provided certificate is a server or client certificate.  As the extended key usage extension is far more commonly used today, this is effectively the equivalent of `--ns-cert-type`.  For the time being, if `--ns-cert-type` is used in OpenVPN v2.5 or later, it will currently be re-mapped to `--remote-cert-tls` and complain about a deprecated option being used.
     157
     158
     159== `--tun-ipv6` ==
     160||=Status =||Removed in OpenVPN 2.4l ||
     161||=Deprecated in: =||OpenVPN v2.4 ||
     162||=To be removed in: =||'''OpenVPN v2.4 ||
     163||=Affects: =||Client and server ||
     164||=Result if used: =||OpenVPN will complain and remap to replacement option||
     165||=Replaced by: =|| --  ||
     166||=Examples: =||`--tun-ipv6` ||
     167
     168This option was useful when IPv6 tun support was non standard and was an
     169internal/user specified flag that tracked the Ipv6 capability of the tun
     170device.
     171
     172Today, all supported OS support IPv6 and indicating explicit support is not needed anymore. Also tun-ipv6 is pushable by the remote so
     173not putting tun-ipv6 does not forbid ipv6 addresses.
     174