Changes between Version 22 and Version 23 of Openvpn23ManPage


Ignore:
Timestamp:
05/12/17 07:21:55 (7 years ago)
Author:
Samuli Seppänen
Comment:

Update man-page to 2.3.15

Legend:

Unmodified
Added
Removed
Modified
  • Openvpn23ManPage

    v22 v23  
    477477<B>tcp-server.</B>
    478478
     479<P>
     480These will only try IPv4 to connect to the remote host.  To use IPv6,
     481add &quot;6&quot; to the protocol, as in
     482<B>udp6,</B>
     483
     484<B>tcp6-client,</B>
     485
     486or
     487<B>tcp6-server.</B>
     488
     489OpenVPN 2.3 cannot auto-determine whether to use IPv4 or IPv6 (or
     490automatically try whatever is available) - full dual-stack functionality
     491is available starting with OpenVPN 2.4.0
    479492<P>
    480493The default protocol is
     
    56185631<B>n</B>
    56195632
    5620 bytes sent or received (disabled by default).
     5633bytes sent or received (disabled by default with an exception, see below).
    56215634OpenVPN allows the lifetime of a key
    5622 to be expressed as a number of bytes encrypted/decrypted, a number of packets, or
    5623 a number of seconds.  A key renegotiation will be forced
     5635to be expressed as a number of bytes encrypted/decrypted, a number of packets,
     5636or a number of seconds.  A key renegotiation will be forced
    56245637if any of these three criteria are met by either peer.
     5638<P>
     5639If using ciphers with cipher block sizes less than 128-bits, --reneg-bytes is
     5640set to 64MB by default, unless it is explicitly disabled by setting the value to
     56410, but this is
     5642<B>HIGHLY DISCOURAGED</B>
     5643
     5644as this is designed to add some protection against the SWEET32 attack vector.
     5645For more information see the --cipher option.
    56255646
    56265647<DT><B>--reneg-pkts n</B>
     
    63216342
    63226343make sure that this user has sufficient privileges to read the file.
     6344<P>
     6345<B>Security considerations</B>
     6346
     6347<P>
     6348<B>--crl-verify</B>
     6349
     6350does not check whether the CRL is correctly signed by the CA.  It merely checks
     6351that the CRL issuers matches the CA CN.  Therefore, users should ensure that
     6352the supplied CRL is correct.
     6353<P>
     6354OpenVPN 2.4 and newer resolve this issue.
    63236355
    63246356</DL>
     
    86338665<A HREF="/cgi-bin/man/man2html">man2html</A>,
    86348666using the manual pages.<BR>
    8635 Time: 11:48:16 GMT, December 07, 2016
     8667Time: 07:20:42 GMT, May 12, 2017
    86368668}}}