diff options
| -rw-r--r-- | doc/man-sections/client-options.rst | 44 |
1 files changed, 31 insertions, 13 deletions
diff --git a/doc/man-sections/client-options.rst b/doc/man-sections/client-options.rst index 54c4ec6..cd3e565 100644 --- a/doc/man-sections/client-options.rst +++ b/doc/man-sections/client-options.rst @@ -339,31 +339,31 @@ configuration. :code:`IV_PLAT=[linux|solaris|openbsd|mac|netbsd|freebsd|win]` The client OS platform - :code:`IV_LZO_STUB=1` - If client was built with LZO stub capability - - :code:`IV_LZ4=1` - If the client supports LZ4 compressions. - :code:`IV_PROTO` Details about protocol extensions that the peer supports. The - variable is a bitfield and the bits are defined as follows - (starting a bit 0 for the first (unused) bit: + variable is a bitfield and the bits are defined as follows: + - bit 0: Reserved, should always be zero - bit 1: The peer supports peer-id floating mechanism - bit 2: The client expects a push-reply and the server may send this reply without waiting for a push-request first. - bit 3: The client is capable of doing key derivation using RFC5705 key material exporter. - bit 4: The client is capable of accepting additional arguments - to the `AUTH_PENDING` message. + to the ``AUTH_PENDING`` message. + - bit 5: The client supports doing feature negotiation in P2P mode + - bit 6: The client is capable of parsing and receiving the ``--dns`` pushed option + - bit 7: The client is capable of sending exit notification via control channel using ``EXIT`` message. Also, the client is accepting the protocol-flags pushed option for the EKM capability + - bit 8: The client is capable of accepting ``AUTH_FAILED,TEMP`` messages + - bit 9: The client is capable of dynamic tls-crypt :code:`IV_NCP=2` Negotiable ciphers, client supports ``--cipher`` pushed by the server, a value of 2 or greater indicates client supports - *AES-GCM-128* and *AES-GCM-256*. + *AES-GCM-128* and *AES-GCM-256*. IV_NCP is *deprecated* in + favor of ``IV_CIPHERS``. - :code:`IV_CIPHERS=<ncp-ciphers>` + :code:`IV_CIPHERS=<data-ciphers>` The client announces the list of supported ciphers configured with the ``--data-ciphers`` option to the server. @@ -379,6 +379,23 @@ configuration. Additional authentication methods supported by the client. This may be set by the client UI/GUI using ``--setenv`` + The following flags depend on which compression formats are compiled in + and whether compression is allowed by options. See `Protocol options`_ + for more details. + + :code:`IV_LZO=1` + If client supports LZO compression. + + :code:`IV_LZO_STUB=1` + If client was built with LZO stub capability. This is only sent if + ``IV_LZO=1`` is not sent. + + :code:`IV_LZ4=1` and :code:`IV_LZ4v2=1` + If the client supports LZ4 compression. + + :code:`IV_COMP_STUB=1` and :code:`IV_COMP_STUBv2=1` + If the client supports stub compression. + When ``--push-peer-info`` is enabled the additional information consists of the following data: @@ -388,15 +405,16 @@ configuration. OpenVPN 2.x and some other implementations use the MAC address of the client's interface used to reach the default gateway. If this string is generated by the client, it should be consistent and - preserved across independent session and preferably + preserved across independent sessions and preferably re-installations and upgrades. :code:`IV_SSL=<version string>` - The ssl version used by the client, e.g. + The ssl library version used by the client, e.g. :code:`OpenSSL 1.0.2f 28 Jan 2016`. :code:`IV_PLAT_VER=x.y` The version of the operating system, e.g. 6.1 for Windows 7. + This is only sent on Windows operating systems. :code:`UV_<name>=<value>` Client environment variables whose names start with |