diff options
author | Gianmarco De Gregori | 2024-03-07 15:03:55 +0100 |
---|---|---|
committer | Gert Doering | 2024-03-07 15:06:36 +0100 |
commit | 802fcce5448741bb1e34dd06ac3674b6b6c55a94 (patch) | |
tree | e45096e541e4ce89e52a1f87836addd543170847 /doc/man-sections/generic-options.rst | |
parent | 15b74036a9b180e862ed4cb23f1e351c08706527 (diff) | |
download | openvpn-802fcce5448741bb1e34dd06ac3674b6b6c55a94.zip openvpn-802fcce5448741bb1e34dd06ac3674b6b6c55a94.tar.gz |
Persist-key: enable persist-key option by default
Change the default behavior of the OpenVPN configuration
by enabling the persist-key option by default.
This means that all the keys will be kept in memory
across restart.
Trac: #1405
Change-Id: I57f1c2ed42bd9dfd43577238749a9b7f4c1419ff
Signed-off-by: Gianmarco De Gregori <gianmarco@mandelbit.com>
Message-Id: <20240307140355.32644-1-gert@greenie.muc.de>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28347.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Diffstat (limited to 'doc/man-sections/generic-options.rst')
-rw-r--r-- | doc/man-sections/generic-options.rst | 13 |
1 files changed, 1 insertions, 12 deletions
diff --git a/doc/man-sections/generic-options.rst b/doc/man-sections/generic-options.rst index 30c990d..f8a0f48 100644 --- a/doc/man-sections/generic-options.rst +++ b/doc/man-sections/generic-options.rst @@ -302,17 +302,6 @@ which mode OpenVPN is configured as. Change process priority after initialization (``n`` greater than 0 is lower priority, ``n`` less than zero is higher priority). ---persist-key - Don't re-read key files across :code:`SIGUSR1` or ``--ping-restart``. - - This option can be combined with ``--user`` to allow restarts - triggered by the :code:`SIGUSR1` signal. Normally if you drop root - privileges in OpenVPN, the daemon cannot be restarted since it will now - be unable to re-read protected key files. - - This option solves the problem by persisting keys across :code:`SIGUSR1` - resets, so they don't need to be re-read. - --providers providers Load the list of (OpenSSL) providers. This is mainly useful for using an external provider for key management like tpm2-openssl or to load the @@ -402,7 +391,7 @@ which mode OpenVPN is configured as. Like with chroot, complications can result when scripts or restarts are executed after the setcon operation, which is why you should really - consider using the ``--persist-key`` and ``--persist-tun`` options. + consider using the ``--persist-tun`` option. --status args Write operational status to ``file`` every ``n`` seconds. ``n`` defaults |