Changes between Version 62 and Version 63 of DeprecatedOptions


Ignore:
Timestamp:
01/11/23 18:49:27 (15 months ago)
Author:
tct
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • DeprecatedOptions

    v62 v63  
    99[[TOC(notitle, inline)]]
    1010
    11 == Change default `--topology net30` to `subnet` **Status: Pending** ==
     11== Change default `--topology net30` to `subnet` || **Status: Pending** ==
    1212||=Status =|| Pending ||
    1313||=Deprecated in: =|| OpenVPN v2.5 ||
     
    2121**Openvpn recommend using `topology subnet` now, so that when the default is changed, you will not be affected.**
    2222
    23 == Option: `--key-method` **Status: Pending removal** ==
     23== Option: `--key-method` || **Status: Pending removal** ==
    2424||=Status =||Pending removal ||
    2525||=Deprecated in: =||OpenVPN v2.4 ||
     
    3131OpenVPN have used `--key-method 2` since OpenVPN v2.0 if it was not provided.  Using the older `--key-method 1` was primarily present to allow OpenVPN clients running older releases than v2.0 to connect to a v2.0 server.  This older key-method is not recommended as the key negotiation method is not as strong as the current default.
    3232
    33 == Option: `--tls-remote` Status: Removed in OpenVPN v2.4 ==
     33== Option: `--tls-remote` || Status: Removed in OpenVPN v2.4 ==
    3434||=Status =||**Removed in OpenVPN v2.4** ||
    3535||=Deprecated in: =||OpenVPN v2.3 ||
     
    4141|| ||`--verify-x509-name Server name-prefix` ||
    4242
    43 == Option: `--compat-names` Status: Removed in OpenVPN v2.5 ==
     43== Option: `--compat-names` || Status: Removed in OpenVPN v2.5 ==
    4444||=Status =||**Removed in OpenVPN v2.5** ||
    4545||=Deprecated in: =||OpenVPN v2.3 ||
     
    5959This option would in addition add remapping of characters and rendering most characters outside the typical a-z/A-Z/0-9 range to be replaced by an underscore (_) - unless the `no-remapping` flag was added.  This behaviour would in many cases be required by older authentication plug-ins or scripts which was not able to process the newer format.  As this behaviour is now considered bad, it is expected that authentication plug-ins and scripts will have had enough time to get an update to handle the new X.509 Subject formatting.
    6060
    61 == Option: `--no-name-remapping` Status: Removed in OpenVPN v2.5 ==
     61== Option: `--no-name-remapping` || Status: Removed in OpenVPN v2.5 ==
    6262||=Status =||**Removed in OpenVPN v2.5** ||
    6363||=Deprecated in: =||OpenVPN v2.3 ||
     
    6969This is essentially just an alias for `--compat-names no-remapping`.  This option would avoid the character remapping of characters being outside the typical a-z/A-Z/0-9 range in the X.509 Subject identifiers.
    7070
    71 == Option: `--no-iv` Status: Removed in OpenVPN v2.5 ==
     71== Option: `--no-iv` || Status: Removed in OpenVPN v2.5 ==
    7272||=Status =|| **Removed in OpenVPN v2.5** ||
    7373||=Deprecated in: =||OpenVPN v2.4 ||
     
    7979
    8080
    81 == Option: `--no-replay` **Status: Pending removal** ==
     81== Option: `--no-replay` || **Status: Pending removal** ==
    8282||=Status =||Pending removal ||
    8383||=Deprecated in: =||OpenVPN v2.4 ||
     
    9090
    9191
    92 == Policy: Removal of insecure ciphers **Status: Pending removal** ==
     92== Policy: Removal of insecure ciphers || **Status: Pending removal** ==
    9393Ciphers with cipher block-size less than 128 bits; Most commonly `BF`, `DES`, `CAST5`, `IDEA` and `RC2`.
    9494||=Status =||Pending removal ||
     
    112112'''NOTE:''' For Fedora 27, if the `openvpn-server@.service` unit file is used for ''server configurations'', this migration path have already been enabled.
    113113
    114 == Option: `--keysize` **Status: Pending removal** ==
     114== Option: `--keysize` || **Status: Pending removal** ==
    115115||=Status =||Pending removal ||
    116116||=Deprecated in: =||OpenVPN v2.4 ||
     
    122122The `--keysize` option was only useful to change the key length when using the `BF`, `CAST6` or `RC2` ciphers.  For all other ciphers the key-size is fixed with the chosen cipher.  As OpenVPN v2.6 will no longer support any of these variable length ciphers, this option will be removed as well to avoid confusion.
    123123
    124 == Option: `--comp-lzo` **Status: Pending removal** ==
     124== Option: `--comp-lzo` || **Status: Pending removal** ==
    125125||=Status =||Currently not planned for removal, see description for details ||
    126126||=Deprecated in: =||OpenVPN v2.4 ||
     
    132132Compression is not recommended and is a feature users should avoid using.  See `--compress` for more details.
    133133
    134 == Option: `--comp-noadapt` **Status: Pending removal** ==
     134== Option: `--comp-noadapt` || **Status: Pending removal** ==
    135135||=Status =||Currently not planned for removal, see description for details ||
    136136||=Deprecated in: =||OpenVPN v2.4 ||
     
    142142Compression is not recommended and is a feature users should avoid using.  See `--compress` for more details.
    143143
    144 == Option: `--compress` **Status: Pending removal** ==
     144== Option: `--compress` || **Status: Pending removal** ==
    145145||=Status =||Currently not planned for removal, see description for details ||
    146146||=Deprecated in: =||OpenVPN v2.5 ||
     
    152152Compression is not recommended and is a feature users should avoid using.  To signal this clearly, `--comp-lzo` and `--compress` are discouraged and considered deprecated features.  Beginning with 2.5, these options will no longer enable compression, just enable the compression framing to be able to receive compressed packets.
    153153
    154 == Option: `--ifconfig-pool-linear` Status: Removed in OpenVPN v2.6 ==
     154== Option: `--ifconfig-pool-linear` || Status: Removed in OpenVPN v2.6 ==
    155155||=Status =||Removed in OpenVPN v2.6 ||
    156156||=Deprecated in: =||OpenVPN v2.1 ||
     
    162162This option will not work with Windows based clients.  Since the `--topology p2p` mode is equivalent  to `--ifconfig-pool-linear` and works with Windows, this option will be removed.
    163163
    164 == Option: `--client-cert-not-required` Status: Removed in OpenVPN v2.6 ==
     164== Option: `--client-cert-not-required` || Status: Removed in OpenVPN v2.6 ==
    165165||=Status =||Removed in OpenVPN v2.6 ||
    166166||=Deprecated in: =||OpenVPN v2.4 ||
     
    174174The replacement option allows a far more fine grained control of authentication methods, and can allow a combination of only username/password authentication, only certificate based authentication or a combination.  This would not be possible with the old `--client-cert-not-required` option.
    175175
    176 == Option: `--ns-cert-type` **Status: Pending removal ==
     176== Option: `--ns-cert-type` || **Status: Pending removal ==
    177177||=Status =||Pending removal ||
    178178||=Deprecated in: =||OpenVPN v2.4 and v2.3.18 ||
     
    188188
    189189
    190 == Option: `--tun-ipv6` **Status: Ignored, pending removal** ==
     190== Option: `--tun-ipv6` || **Status: Ignored, pending removal** ==
    191191||=Status =||Removed in OpenVPN 2.4l ||
    192192||=Deprecated in: =||OpenVPN v2.4 ||
     
    203203
    204204
    205 == Policy: Automatic Up-casing of X509 Certificate field names ==
     205== Policy: Automatic Up-casing of X509 Certificate field names || Status: Completed in OpenVPN 2.5 ==
    206206||=Status =||Planned for removal ||
    207207||=Deprecated in: =||OpenVPN v2.3 ||
     
    214214See --x509-username-field in https://community.openvpn.net/openvpn/wiki/Openvpn24ManPage for a detailed explanation.
    215215
    216 == Option: `--max-routes` **Status: Ignored, pending removal** ==
     216== Option: `--max-routes` || **Status: Ignored, pending removal** ==
    217217||=Status =||Planned for removal ||
    218218||=Deprecated in: =||OpenVPN v2.4 ||
     
    223223||=Examples: =|| ||
    224224
    225 == Option: `--dhcp-release` **Status: Ignored, pending removal** ==
     225== Option: `--dhcp-release` || **Status: Ignored, pending removal** ==
    226226||=Status =||Enabled by default ||
    227227||=Deprecated in: =||OpenVPN v2.4 ||
     
    233233||=Notes: =|| Windows only ||
    234234
    235 == Option: `--route-nopull` **Status: Pending, to be decided** ==
     235== Option: `--route-nopull` || **Status: To be decided** ==
    236236||=Status =||Disabled by default ||
    237237||=Deprecated in: =|| Deprecation is under discussion ||
     
    248248  - Optionally, also `ignore`:  `route-gateway` `route-delay`
    249249
    250 == Option: `--secret` Status: Removed in OpenVPN v2.5 ==
     250== Option: `--secret` || Status: Removed in OpenVPN v2.5 ==
    251251||=Status =|| Removed ||
    252252||=Deprecated in: =|| OpenVPN v2.4 ||
     
    258258||=Notes: =||  ||
    259259
    260 == Option: `--ncp-disable` Status: Removed in OpenVPN v2.6 ==
     260== Option: `--ncp-disable` || Status: Removed in OpenVPN v2.6 ==
    261261||=Status =||Removed in OpenVPN 2.6 ||
    262262||=Deprecated in: =|| OpenVPN v2.5 ||
     
    267267||=Notes: =|| `ncp-disable` was mainly a debug option that allowed disabling ncp if there were problem with dynamic cipher negotiation. With the current status of NCP, this option is no longer necessary. ||
    268268
    269 == plugin: `_v1 and _v2 functions for open and func call` **Status: Pending removal** ==
     269== plugin: `_v1 and _v2 functions for open and func call` || **Status: Pending removal** ==
    270270||=Status =||Planned for removal ||
    271271||=Deprecated in: =|| OpenVPN v2.5 (**to be done**) ||
     
    277277||=Notes: =|| the _v3 API functions can do everything _v1 and _v2 can do, and the existence of the old functions mostly confuses everyone ||
    278278
    279 == Option: `--inetd` Status: Removed in OpenVPN v2.6 ==
     279== Option: `--inetd` || Status: Removed in OpenVPN v2.6 ==
    280280||=Status =|| Removed in OpenVPN v2.6 ||
    281281||=Deprecated in: =|| OpenVPN v2.5 ||
     
    286286||=Notes: =||  This is a very limited and not-well-tested way to run OpenVPN, on TCP and TAP mode only, which complicates the code quite a bit for little gain. To be removed in OpenVPN 2.6 (unless users protest). ||
    287287
    288 == Windows: `openvpn-legacy-service` Status: Removed ==
     288== Windows: `openvpn-legacy-service` || Status: Removed ==
    289289||=Status =|| Gone ||
    290290||=Deprecated in: =|| A Galaxy a long time ago .. ||
     
    296296||=Notes: =|| To use `openvpnserv2.exe` see `C:\Program Files\Openvpn\config-auto\readme.txt` ||
    297297
    298 == Option: `--persist-key` **Status: To be decided** ==
     298== Option: `--persist-key` || **Status: To be decided** ==
    299299||=Status =|| TBD ||
    300300||=Deprecated in: =|| TBD ||
     
    306306||=Notes: =|| `--persist-key` will be always enabled ||
    307307
    308 == Option: `--verify-hash` **Status: Pending removal** ==
     308== Option: `--verify-hash` || **Status: Pending removal** ==
    309309||=Status =|| TBD ||
    310310||=Deprecated in: =|| OpenVPN v2.6 ||
     
    316316||=Notes: =|| n/a ||
    317317
    318 == Option: `--link-mtu` **Status: Pending Deprecation** ==
     318== Option: `--link-mtu` || **Status: Pending Deprecation** ==
    319319||=Status =|| TBD ||
    320320||=Deprecated in: =|| TBD ||
     
    326326||=Notes: =|| n/a ||
    327327
    328 == Option: `--management-client-pf` Status: Removed in OpenVPN v2.6 ==
     328== Option: `--management-client-pf` || Status: Removed in OpenVPN v2.6 ==
    329329||=Status =|| Removed in OpenVPN 2.6 ||
    330330||=Deprecated in: =|| 2.5 ||
     
    335335||=Notes: =|| n/a ||
    336336
    337 == Option: `--prng` Status: Removed in OpenVPN v2.6 ==
     337== Option: `--prng` || Status: Removed in OpenVPN v2.6 ==
    338338||=Status =|| Removed in OpenVPN 2.6 ||
    339339||=Deprecated in: =|| 2.5 ||