diff options
Diffstat (limited to 'doc/man-sections')
| -rw-r--r-- | doc/man-sections/connection-profiles.rst | 1 | ||||
| -rw-r--r-- | doc/man-sections/generic-options.rst | 13 | ||||
| -rw-r--r-- | doc/man-sections/link-options.rst | 2 | ||||
| -rw-r--r-- | doc/man-sections/server-options.rst | 2 | ||||
| -rw-r--r-- | doc/man-sections/signals.rst | 5 | ||||
| -rw-r--r-- | doc/man-sections/unsupported-options.rst | 3 |
6 files changed, 8 insertions, 18 deletions
diff --git a/doc/man-sections/connection-profiles.rst b/doc/man-sections/connection-profiles.rst index c8816e1..520bbef 100644 --- a/doc/man-sections/connection-profiles.rst +++ b/doc/man-sections/connection-profiles.rst @@ -39,7 +39,6 @@ Here is an example of connection profile usage:: http-proxy 192.168.0.8 8080 </connection> - persist-key persist-tun pkcs12 client.p12 remote-cert-tls server diff --git a/doc/man-sections/generic-options.rst b/doc/man-sections/generic-options.rst index 30c990d..f8a0f48 100644 --- a/doc/man-sections/generic-options.rst +++ b/doc/man-sections/generic-options.rst @@ -302,17 +302,6 @@ which mode OpenVPN is configured as. Change process priority after initialization (``n`` greater than 0 is lower priority, ``n`` less than zero is higher priority). ---persist-key - Don't re-read key files across :code:`SIGUSR1` or ``--ping-restart``. - - This option can be combined with ``--user`` to allow restarts - triggered by the :code:`SIGUSR1` signal. Normally if you drop root - privileges in OpenVPN, the daemon cannot be restarted since it will now - be unable to re-read protected key files. - - This option solves the problem by persisting keys across :code:`SIGUSR1` - resets, so they don't need to be re-read. - --providers providers Load the list of (OpenSSL) providers. This is mainly useful for using an external provider for key management like tpm2-openssl or to load the @@ -402,7 +391,7 @@ which mode OpenVPN is configured as. Like with chroot, complications can result when scripts or restarts are executed after the setcon operation, which is why you should really - consider using the ``--persist-key`` and ``--persist-tun`` options. + consider using the ``--persist-tun`` option. --status args Write operational status to ``file`` every ``n`` seconds. ``n`` defaults diff --git a/doc/man-sections/link-options.rst b/doc/man-sections/link-options.rst index ca26bfe..ca192c3 100644 --- a/doc/man-sections/link-options.rst +++ b/doc/man-sections/link-options.rst @@ -283,7 +283,7 @@ the local and the remote host. See the signals section below for more information on :code:`SIGUSR1`. Note that the behavior of ``SIGUSR1`` can be modified by the - ``--persist-tun``, ``--persist-key``, ``--persist-local-ip`` and + ``--persist-tun``, ``--persist-local-ip`` and ``--persist-remote-ip`` options. Also note that ``--ping-exit`` and ``--ping-restart`` are mutually diff --git a/doc/man-sections/server-options.rst b/doc/man-sections/server-options.rst index 98f5340..0632e31 100644 --- a/doc/man-sections/server-options.rst +++ b/doc/man-sections/server-options.rst @@ -452,7 +452,7 @@ fast hardware. SSL/TLS authentication must be used in this mode. ``--route``, ``--route-gateway``, ``--route-delay``, ``--redirect-gateway``, ``--ip-win32``, ``--dhcp-option``, ``--dns``, ``--inactive``, ``--ping``, ``--ping-exit``, ``--ping-restart``, - ``--setenv``, ``--auth-token``, ``--persist-key``, ``--persist-tun``, + ``--setenv``, ``--auth-token``, ``--persist-tun``, ``--echo``, ``--comp-lzo``, ``--socket-flags``, ``--sndbuf``, ``--rcvbuf``, ``--session-timeout`` diff --git a/doc/man-sections/signals.rst b/doc/man-sections/signals.rst index 63611b3..01e8e5b 100644 --- a/doc/man-sections/signals.rst +++ b/doc/man-sections/signals.rst @@ -10,9 +10,8 @@ SIGNALS Like :code:`SIGHUP``, except don't re-read configuration file, and possibly don't close and reopen TUN/TAP device, re-read key files, preserve local IP address/port, or preserve most recently authenticated - remote IP address/port based on ``--persist-tun``, ``--persist-key``, - ``--persist-local-ip`` and ``--persist-remote-ip`` options respectively - (see above). + remote IP address/port based on ``--persist-tun``, ``--persist-local-ip`` + and ``--persist-remote-ip`` options respectively (see above). This signal may also be internally generated by a timeout condition, governed by the ``--ping-restart`` option. diff --git a/doc/man-sections/unsupported-options.rst b/doc/man-sections/unsupported-options.rst index a0c1232..11467ca 100644 --- a/doc/man-sections/unsupported-options.rst +++ b/doc/man-sections/unsupported-options.rst @@ -42,3 +42,6 @@ longer supported --prng Removed in OpenVPN 2.6. We now always use the PRNG of the SSL library. + +--persist-key + Ignored since OpenVPN 2.7. Keys are now always persisted across restarts.
\ No newline at end of file |