This patch documents the usage of inline files in OpenVPN. Hackish ways of
inline files are deliberately left out. For tls-auth and
secret the key-direction option is right way of specifying the direction
and not by using two tls-auth/secret lines where the first sets the
direction and has a dummy file name and the second sets the inline file
data but does not reset the direction parameter.
Also pkcs12 [[INLINE]] base64encoded_data works but is a quirk of how the
config parser works
Signed-off-by: Arne Schwabe <arne@rfc2549.org>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: 1345756860-2044-1-git-send-email-arne@rfc2549.org
URL: http://article.gmane.org/gmane.network.openvpn.devel/7006
Signed-off-by: David Sommerseth <davids@redhat.com>
... | ... |
@@ -3621,6 +3621,14 @@ would see nothing |
3621 | 3621 |
but random-looking data. |
3622 | 3622 |
.\"********************************************************* |
3623 | 3623 |
.TP |
3624 |
+.B \-\-key-direction |
|
3625 |
+Alternative way of specifying the optional direction parameter for the |
|
3626 |
+.B \-\-tls-auth |
|
3627 |
+and |
|
3628 |
+.B \-\-secret |
|
3629 |
+options. Useful when using inline files (See section on inline files). |
|
3630 |
+.\"********************************************************* |
|
3631 |
+.TP |
|
3624 | 3632 |
.B \-\-auth alg |
3625 | 3633 |
Authenticate packets with HMAC using message |
3626 | 3634 |
digest algorithm |
... | ... |
@@ -5901,6 +5909,37 @@ X509_1_C=KG |
5901 | 5901 |
.ft |
5902 | 5902 |
.fi |
5903 | 5903 |
.\"********************************************************* |
5904 |
+.SH INLINE FILE SUPPORT |
|
5905 |
+OpenVPN allows including files in the main configuration for the |
|
5906 |
+.B \-\-ca, \-\-cert, \-\-dh, \-\-extra-certs, \-\-key, \-\-pkcs12, \-\-secret |
|
5907 |
+and |
|
5908 |
+.B \-\-tls-auth |
|
5909 |
+options. |
|
5910 |
+ |
|
5911 |
+Each inline file started by the line |
|
5912 |
+.B <option> |
|
5913 |
+and ended by the line |
|
5914 |
+.B </option> |
|
5915 |
+ |
|
5916 |
+Here is an example of an inline file usage |
|
5917 |
+ |
|
5918 |
+.nf |
|
5919 |
+.ft 3 |
|
5920 |
+.in +4 |
|
5921 |
+<cert> |
|
5922 |
+-----BEGIN CERTIFICATE----- |
|
5923 |
+[...] |
|
5924 |
+-----END CERTIFICATE----- |
|
5925 |
+</cert> |
|
5926 |
+.in -4 |
|
5927 |
+.ft |
|
5928 |
+.fi |
|
5929 |
+ |
|
5930 |
+When using the inline file feature with |
|
5931 |
+.B \-\-pkcs12 |
|
5932 |
+the inline file has to be base64 encoded. Encoding of a .p12 file into base64 can be done for example with OpenSSL by running |
|
5933 |
+.B openssl base64 -in input.p12 |
|
5934 |
+ |
|
5904 | 5935 |
.SH SIGNALS |
5905 | 5936 |
.TP |
5906 | 5937 |
.B SIGHUP |