Changes between Version 62 and Version 63 of DeprecatedOptions
- Timestamp:
- 01/11/23 18:49:27 (15 months ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
DeprecatedOptions
v62 v63 9 9 [[TOC(notitle, inline)]] 10 10 11 == Change default `--topology net30` to `subnet` **Status: Pending** ==11 == Change default `--topology net30` to `subnet` || **Status: Pending** == 12 12 ||=Status =|| Pending || 13 13 ||=Deprecated in: =|| OpenVPN v2.5 || … … 21 21 **Openvpn recommend using `topology subnet` now, so that when the default is changed, you will not be affected.** 22 22 23 == Option: `--key-method` **Status: Pending removal** ==23 == Option: `--key-method` || **Status: Pending removal** == 24 24 ||=Status =||Pending removal || 25 25 ||=Deprecated in: =||OpenVPN v2.4 || … … 31 31 OpenVPN have used `--key-method 2` since OpenVPN v2.0 if it was not provided. Using the older `--key-method 1` was primarily present to allow OpenVPN clients running older releases than v2.0 to connect to a v2.0 server. This older key-method is not recommended as the key negotiation method is not as strong as the current default. 32 32 33 == Option: `--tls-remote` Status: Removed in OpenVPN v2.4 ==33 == Option: `--tls-remote` || Status: Removed in OpenVPN v2.4 == 34 34 ||=Status =||**Removed in OpenVPN v2.4** || 35 35 ||=Deprecated in: =||OpenVPN v2.3 || … … 41 41 || ||`--verify-x509-name Server name-prefix` || 42 42 43 == Option: `--compat-names` Status: Removed in OpenVPN v2.5 ==43 == Option: `--compat-names` || Status: Removed in OpenVPN v2.5 == 44 44 ||=Status =||**Removed in OpenVPN v2.5** || 45 45 ||=Deprecated in: =||OpenVPN v2.3 || … … 59 59 This option would in addition add remapping of characters and rendering most characters outside the typical a-z/A-Z/0-9 range to be replaced by an underscore (_) - unless the `no-remapping` flag was added. This behaviour would in many cases be required by older authentication plug-ins or scripts which was not able to process the newer format. As this behaviour is now considered bad, it is expected that authentication plug-ins and scripts will have had enough time to get an update to handle the new X.509 Subject formatting. 60 60 61 == Option: `--no-name-remapping` Status: Removed in OpenVPN v2.5 ==61 == Option: `--no-name-remapping` || Status: Removed in OpenVPN v2.5 == 62 62 ||=Status =||**Removed in OpenVPN v2.5** || 63 63 ||=Deprecated in: =||OpenVPN v2.3 || … … 69 69 This is essentially just an alias for `--compat-names no-remapping`. This option would avoid the character remapping of characters being outside the typical a-z/A-Z/0-9 range in the X.509 Subject identifiers. 70 70 71 == Option: `--no-iv` Status: Removed in OpenVPN v2.5 ==71 == Option: `--no-iv` || Status: Removed in OpenVPN v2.5 == 72 72 ||=Status =|| **Removed in OpenVPN v2.5** || 73 73 ||=Deprecated in: =||OpenVPN v2.4 || … … 79 79 80 80 81 == Option: `--no-replay` **Status: Pending removal** ==81 == Option: `--no-replay` || **Status: Pending removal** == 82 82 ||=Status =||Pending removal || 83 83 ||=Deprecated in: =||OpenVPN v2.4 || … … 90 90 91 91 92 == Policy: Removal of insecure ciphers **Status: Pending removal** ==92 == Policy: Removal of insecure ciphers || **Status: Pending removal** == 93 93 Ciphers with cipher block-size less than 128 bits; Most commonly `BF`, `DES`, `CAST5`, `IDEA` and `RC2`. 94 94 ||=Status =||Pending removal || … … 112 112 '''NOTE:''' For Fedora 27, if the `openvpn-server@.service` unit file is used for ''server configurations'', this migration path have already been enabled. 113 113 114 == Option: `--keysize` **Status: Pending removal** ==114 == Option: `--keysize` || **Status: Pending removal** == 115 115 ||=Status =||Pending removal || 116 116 ||=Deprecated in: =||OpenVPN v2.4 || … … 122 122 The `--keysize` option was only useful to change the key length when using the `BF`, `CAST6` or `RC2` ciphers. For all other ciphers the key-size is fixed with the chosen cipher. As OpenVPN v2.6 will no longer support any of these variable length ciphers, this option will be removed as well to avoid confusion. 123 123 124 == Option: `--comp-lzo` **Status: Pending removal** ==124 == Option: `--comp-lzo` || **Status: Pending removal** == 125 125 ||=Status =||Currently not planned for removal, see description for details || 126 126 ||=Deprecated in: =||OpenVPN v2.4 || … … 132 132 Compression is not recommended and is a feature users should avoid using. See `--compress` for more details. 133 133 134 == Option: `--comp-noadapt` **Status: Pending removal** ==134 == Option: `--comp-noadapt` || **Status: Pending removal** == 135 135 ||=Status =||Currently not planned for removal, see description for details || 136 136 ||=Deprecated in: =||OpenVPN v2.4 || … … 142 142 Compression is not recommended and is a feature users should avoid using. See `--compress` for more details. 143 143 144 == Option: `--compress` **Status: Pending removal** ==144 == Option: `--compress` || **Status: Pending removal** == 145 145 ||=Status =||Currently not planned for removal, see description for details || 146 146 ||=Deprecated in: =||OpenVPN v2.5 || … … 152 152 Compression is not recommended and is a feature users should avoid using. To signal this clearly, `--comp-lzo` and `--compress` are discouraged and considered deprecated features. Beginning with 2.5, these options will no longer enable compression, just enable the compression framing to be able to receive compressed packets. 153 153 154 == Option: `--ifconfig-pool-linear` Status: Removed in OpenVPN v2.6 ==154 == Option: `--ifconfig-pool-linear` || Status: Removed in OpenVPN v2.6 == 155 155 ||=Status =||Removed in OpenVPN v2.6 || 156 156 ||=Deprecated in: =||OpenVPN v2.1 || … … 162 162 This option will not work with Windows based clients. Since the `--topology p2p` mode is equivalent to `--ifconfig-pool-linear` and works with Windows, this option will be removed. 163 163 164 == Option: `--client-cert-not-required` Status: Removed in OpenVPN v2.6 ==164 == Option: `--client-cert-not-required` || Status: Removed in OpenVPN v2.6 == 165 165 ||=Status =||Removed in OpenVPN v2.6 || 166 166 ||=Deprecated in: =||OpenVPN v2.4 || … … 174 174 The replacement option allows a far more fine grained control of authentication methods, and can allow a combination of only username/password authentication, only certificate based authentication or a combination. This would not be possible with the old `--client-cert-not-required` option. 175 175 176 == Option: `--ns-cert-type` **Status: Pending removal ==176 == Option: `--ns-cert-type` || **Status: Pending removal == 177 177 ||=Status =||Pending removal || 178 178 ||=Deprecated in: =||OpenVPN v2.4 and v2.3.18 || … … 188 188 189 189 190 == Option: `--tun-ipv6` **Status: Ignored, pending removal** ==190 == Option: `--tun-ipv6` || **Status: Ignored, pending removal** == 191 191 ||=Status =||Removed in OpenVPN 2.4l || 192 192 ||=Deprecated in: =||OpenVPN v2.4 || … … 203 203 204 204 205 == Policy: Automatic Up-casing of X509 Certificate field names ==205 == Policy: Automatic Up-casing of X509 Certificate field names || Status: Completed in OpenVPN 2.5 == 206 206 ||=Status =||Planned for removal || 207 207 ||=Deprecated in: =||OpenVPN v2.3 || … … 214 214 See --x509-username-field in https://community.openvpn.net/openvpn/wiki/Openvpn24ManPage for a detailed explanation. 215 215 216 == Option: `--max-routes` **Status: Ignored, pending removal** ==216 == Option: `--max-routes` || **Status: Ignored, pending removal** == 217 217 ||=Status =||Planned for removal || 218 218 ||=Deprecated in: =||OpenVPN v2.4 || … … 223 223 ||=Examples: =|| || 224 224 225 == Option: `--dhcp-release` **Status: Ignored, pending removal** ==225 == Option: `--dhcp-release` || **Status: Ignored, pending removal** == 226 226 ||=Status =||Enabled by default || 227 227 ||=Deprecated in: =||OpenVPN v2.4 || … … 233 233 ||=Notes: =|| Windows only || 234 234 235 == Option: `--route-nopull` **Status: Pending, to be decided** ==235 == Option: `--route-nopull` || **Status: To be decided** == 236 236 ||=Status =||Disabled by default || 237 237 ||=Deprecated in: =|| Deprecation is under discussion || … … 248 248 - Optionally, also `ignore`: `route-gateway` `route-delay` 249 249 250 == Option: `--secret` Status: Removed in OpenVPN v2.5 ==250 == Option: `--secret` || Status: Removed in OpenVPN v2.5 == 251 251 ||=Status =|| Removed || 252 252 ||=Deprecated in: =|| OpenVPN v2.4 || … … 258 258 ||=Notes: =|| || 259 259 260 == Option: `--ncp-disable` Status: Removed in OpenVPN v2.6 ==260 == Option: `--ncp-disable` || Status: Removed in OpenVPN v2.6 == 261 261 ||=Status =||Removed in OpenVPN 2.6 || 262 262 ||=Deprecated in: =|| OpenVPN v2.5 || … … 267 267 ||=Notes: =|| `ncp-disable` was mainly a debug option that allowed disabling ncp if there were problem with dynamic cipher negotiation. With the current status of NCP, this option is no longer necessary. || 268 268 269 == plugin: `_v1 and _v2 functions for open and func call` **Status: Pending removal** ==269 == plugin: `_v1 and _v2 functions for open and func call` || **Status: Pending removal** == 270 270 ||=Status =||Planned for removal || 271 271 ||=Deprecated in: =|| OpenVPN v2.5 (**to be done**) || … … 277 277 ||=Notes: =|| the _v3 API functions can do everything _v1 and _v2 can do, and the existence of the old functions mostly confuses everyone || 278 278 279 == Option: `--inetd` Status: Removed in OpenVPN v2.6 ==279 == Option: `--inetd` || Status: Removed in OpenVPN v2.6 == 280 280 ||=Status =|| Removed in OpenVPN v2.6 || 281 281 ||=Deprecated in: =|| OpenVPN v2.5 || … … 286 286 ||=Notes: =|| This is a very limited and not-well-tested way to run OpenVPN, on TCP and TAP mode only, which complicates the code quite a bit for little gain. To be removed in OpenVPN 2.6 (unless users protest). || 287 287 288 == Windows: `openvpn-legacy-service` Status: Removed ==288 == Windows: `openvpn-legacy-service` || Status: Removed == 289 289 ||=Status =|| Gone || 290 290 ||=Deprecated in: =|| A Galaxy a long time ago .. || … … 296 296 ||=Notes: =|| To use `openvpnserv2.exe` see `C:\Program Files\Openvpn\config-auto\readme.txt` || 297 297 298 == Option: `--persist-key` **Status: To be decided** ==298 == Option: `--persist-key` || **Status: To be decided** == 299 299 ||=Status =|| TBD || 300 300 ||=Deprecated in: =|| TBD || … … 306 306 ||=Notes: =|| `--persist-key` will be always enabled || 307 307 308 == Option: `--verify-hash` **Status: Pending removal** ==308 == Option: `--verify-hash` || **Status: Pending removal** == 309 309 ||=Status =|| TBD || 310 310 ||=Deprecated in: =|| OpenVPN v2.6 || … … 316 316 ||=Notes: =|| n/a || 317 317 318 == Option: `--link-mtu` **Status: Pending Deprecation** ==318 == Option: `--link-mtu` || **Status: Pending Deprecation** == 319 319 ||=Status =|| TBD || 320 320 ||=Deprecated in: =|| TBD || … … 326 326 ||=Notes: =|| n/a || 327 327 328 == Option: `--management-client-pf` Status: Removed in OpenVPN v2.6 ==328 == Option: `--management-client-pf` || Status: Removed in OpenVPN v2.6 == 329 329 ||=Status =|| Removed in OpenVPN 2.6 || 330 330 ||=Deprecated in: =|| 2.5 || … … 335 335 ||=Notes: =|| n/a || 336 336 337 == Option: `--prng` Status: Removed in OpenVPN v2.6 ==337 == Option: `--prng` || Status: Removed in OpenVPN v2.6 == 338 338 ||=Status =|| Removed in OpenVPN 2.6 || 339 339 ||=Deprecated in: =|| 2.5 ||