Changes between Version 18 and Version 19 of Openvpn23ManPage


Ignore:
Timestamp:
05/10/16 07:19:49 (4 years ago)
Author:
Samuli Seppänen
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • Openvpn23ManPage

    v18 v19  
    16761676parameter, i.e. the UDP packet size after encapsulation
    16771677overhead has been added in, but not including
    1678 the UDP header itself.
     1678the UDP header itself. Resulting packet would be at most 28
     1679bytes larger for IPv4 and 48 bytes for IPv6 (20/40 bytes for IP
     1680header and 8 bytes for UDP header). Default value of 1450 allows
     1681IPv4 packets to be transmitted over a link with MTU 1473 or higher
     1682without IP level fragmentation.
    16791683<P>
    16801684The
     
    26112615are executed after the chroot operation.
    26122616<P>
    2613 Note: if OpenVPN is built using the PolarSSL SSL
    2614 library,
    2615 <B>--chroot</B>
    2616 
    2617 will only work if a /dev/urandom device node is available
    2618 inside the chroot directory
     2617Note: The SSL library will probably need /dev/urandom to be available inside
     2618the chroot directory
    26192619<B>dir.</B>
    26202620
    2621 This is due to the way PolarSSL works (it wants to open
    2622 /dev/urandom every time randomness is needed, not just once
    2623 at startup) and nothing OpenVPN can influence.
     2621This is because SSL libraries occasionally need to collect fresh random.  Newer
     2622linux kernels and some BSDs implement a getrandom() or getentropy() syscall
     2623that removes the need for /dev/urandom to be available.
    26242624
    26252625<DT><B>--setcon context</B>
     
    55505550<P>
    55515551The default for --tls-cipher is to use PolarSSL's default cipher list
    5552 when using PolarSSL or &quot;DEFAULT:!EXP:!PSK:!SRP:!kRSA&quot; when using OpenSSL.
     5552when using PolarSSL or &quot;DEFAULT:!EXP:!LOW:!MEDIUM:!PSK:!SRP:!kRSA&quot; when using
     5553OpenSSL.
    55535554
    55545555<DT><B>--tls-timeout n</B>
     
    66696670Windows Filtering Platform (WFP) and works on Windows Vista or
    66706671later.
     6672<P>
     6673This option is considered unknown on non-Windows platforms
     6674and unsupported on Windows XP, resulting in fatal error.
     6675You may want to use
     6676<B>--setenv opt</B>
     6677
     6678or
     6679<B>--ignore-unknown-option</B>
     6680
     6681(not suitable for Windows XP) to ignore said error.
     6682Note that pushing unknown options from server does not trigger
     6683fatal errors.
    66716684
    66726685<DT><B>--dhcp-renew</B>
     
    85308543<A HREF="/man/man2html">man2html</A>,
    85318544using the manual pages.<BR>
    8532 Time: 12:35:03 GMT, January 04, 2016
     8545Time: 07:18:23 GMT, May 10, 2016
    85338546}}}