diff options
author | Antonio Quartulli | 2022-07-19 00:19:23 +0200 |
---|---|---|
committer | Gert Doering | 2022-07-19 11:37:23 +0200 |
commit | 7a4c75927109acc2cd455140db312042781a3949 (patch) | |
tree | 17fd0fdc90cb8c1e50d958c87e87ea3d9fbb9161 /doc | |
parent | 8989b0f2833d25c97654c25fa6a49d8fc0ef903d (diff) | |
download | openvpn-7a4c75927109acc2cd455140db312042781a3949.zip openvpn-7a4c75927109acc2cd455140db312042781a3949.tar.gz |
dco: allow user to disable it at runtime
Signed-off-by: Antonio Quartulli <a@unstable.cc>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <20220718221923.2033-1-a@unstable.cc>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg24702.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Diffstat (limited to 'doc')
-rw-r--r-- | doc/man-sections/generic-options.rst | 9 | ||||
-rw-r--r-- | doc/man-sections/server-options.rst | 4 |
2 files changed, 13 insertions, 0 deletions
diff --git a/doc/man-sections/generic-options.rst b/doc/man-sections/generic-options.rst index 9060a23..394c218 100644 --- a/doc/man-sections/generic-options.rst +++ b/doc/man-sections/generic-options.rst @@ -171,6 +171,15 @@ which mode OpenVPN is configured as. on console) and ``--auth-nocache`` will fail as soon as key renegotiation (and reauthentication) occurs. +--disable-dco + Disable "data channel offload" (DCO). + + On Linux don't use the ovpn-dco device driver, but rather rely on the + legacy tun module. + + You may want to use this option if your server needs to allow clients + older than version 2.4 to connect. + --disable-occ Disable "options consistency check" (OCC). diff --git a/doc/man-sections/server-options.rst b/doc/man-sections/server-options.rst index 08ee7bd..04f4b4fb 100644 --- a/doc/man-sections/server-options.rst +++ b/doc/man-sections/server-options.rst @@ -146,6 +146,10 @@ fast hardware. SSL/TLS authentication must be used in this mode. server. Don't use this option if you want to firewall tunnel traffic using custom, per-client rules. + Please note that when using data channel offload this option has no + effect. Packets are always sent to the tunnel interface and then + routed based on the system routing table. + --disable Disable a particular client (based on the common name) from connecting. Don't use this option to disable a client due to key or password |