Document the inlining of files in openvpn and document key-direction
This patch documents the usage of inline files in OpenVPN. Hackish ways of
inline files are deliberately left out. For tls-auth and
secret the key-direction option is right way of specifying the direction
and not by using two tls-auth/secret lines where the first sets the
direction and has a dummy file name and the second sets the inline file
data but does not reset the direction parameter.
Also pkcs12 [[INLINE]] base64encoded_data works but is a quirk of how the
config parser works
Signed-off-by: Arne Schwabe <arne@rfc2549.org>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: 1345756860-2044-1-git-send-email-arne@rfc2549.org
URL: http://article.gmane.org/gmane.network.openvpn.devel/7006
Signed-off-by: David Sommerseth <davids@redhat.com>
Arne Schwabe authored on 2012/08/24 06:21:00Showing 1 changed files
| ... | ... |
@@ -3621,6 +3621,14 @@ would see nothing |
| 3621 | 3621 |
but random-looking data. |
| 3622 | 3622 |
.\"********************************************************* |
| 3623 | 3623 |
.TP |
| 3624 |
+.B \-\-key-direction |
|
| 3625 |
+Alternative way of specifying the optional direction parameter for the |
|
| 3626 |
+.B \-\-tls-auth |
|
| 3627 |
+and |
|
| 3628 |
+.B \-\-secret |
|
| 3629 |
+options. Useful when using inline files (See section on inline files). |
|
| 3630 |
+.\"********************************************************* |
|
| 3631 |
+.TP |
|
| 3624 | 3632 |
.B \-\-auth alg |
| 3625 | 3633 |
Authenticate packets with HMAC using message |
| 3626 | 3634 |
digest algorithm |
| ... | ... |
@@ -5901,6 +5909,37 @@ X509_1_C=KG |
| 5901 | 5901 |
.ft |
| 5902 | 5902 |
.fi |
| 5903 | 5903 |
.\"********************************************************* |
| 5904 |
+.SH INLINE FILE SUPPORT |
|
| 5905 |
+OpenVPN allows including files in the main configuration for the |
|
| 5906 |
+.B \-\-ca, \-\-cert, \-\-dh, \-\-extra-certs, \-\-key, \-\-pkcs12, \-\-secret |
|
| 5907 |
+and |
|
| 5908 |
+.B \-\-tls-auth |
|
| 5909 |
+options. |
|
| 5910 |
+ |
|
| 5911 |
+Each inline file started by the line |
|
| 5912 |
+.B <option> |
|
| 5913 |
+and ended by the line |
|
| 5914 |
+.B </option> |
|
| 5915 |
+ |
|
| 5916 |
+Here is an example of an inline file usage |
|
| 5917 |
+ |
|
| 5918 |
+.nf |
|
| 5919 |
+.ft 3 |
|
| 5920 |
+.in +4 |
|
| 5921 |
+<cert> |
|
| 5922 |
+-----BEGIN CERTIFICATE----- |
|
| 5923 |
+[...] |
|
| 5924 |
+-----END CERTIFICATE----- |
|
| 5925 |
+</cert> |
|
| 5926 |
+.in -4 |
|
| 5927 |
+.ft |
|
| 5928 |
+.fi |
|
| 5929 |
+ |
|
| 5930 |
+When using the inline file feature with |
|
| 5931 |
+.B \-\-pkcs12 |
|
| 5932 |
+the inline file has to be base64 encoded. Encoding of a .p12 file into base64 can be done for example with OpenSSL by running |
|
| 5933 |
+.B openssl base64 -in input.p12 |
|
| 5934 |
+ |
|
| 5904 | 5935 |
.SH SIGNALS |
| 5905 | 5936 |
.TP |
| 5906 | 5937 |
.B SIGHUP |