Browse code
Document --daemon changes and consequences (--askpass, --auth-nocache).
Trac #574, #576
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Acked-by: Steffan Karger <steffan.karger@fox-it.com>
Message-Id: <1436857794-29419-1-git-send-email-gert@greenie.muc.de>
URL: http://article.gmane.org/gmane.network.openvpn.devel/9923
Gert Doering authored on 2015/07/14 16:09:54Showing 1 changed files
| ... | ... |
@@ -2208,6 +2208,22 @@ openvpn command for a fairly reliable indication of whether the command |
| 2208 | 2208 |
has correctly initialized and entered the packet forwarding event loop. |
| 2209 | 2209 |
|
| 2210 | 2210 |
In OpenVPN, the vast majority of errors which occur after initialization are non-fatal. |
| 2211 |
+ |
|
| 2212 |
+Note: as soon as OpenVPN has daemonized, it can not ask for usernames, |
|
| 2213 |
+passwords, or key pass phrases anymore. This has certain consequences, |
|
| 2214 |
+namely that using a password-protected private key will fail unless the |
|
| 2215 |
+.B \-\-askpass |
|
| 2216 |
+option is used to tell OpenVPN to ask for the pass phrase (this |
|
| 2217 |
+requirement is new in 2.3.7, and is a consequence of calling daemon() |
|
| 2218 |
+before initializing the crypto layer). |
|
| 2219 |
+ |
|
| 2220 |
+Further, using |
|
| 2221 |
+.B \-\-daemon |
|
| 2222 |
+together with |
|
| 2223 |
+.B \-\-auth-user-pass |
|
| 2224 |
+(entered on console) and |
|
| 2225 |
+.B \-\-auth-nocache |
|
| 2226 |
+will fail as soon as key renegotiation (and reauthentication) occurs. |
|
| 2211 | 2227 |
.\"********************************************************* |
| 2212 | 2228 |
.TP |
| 2213 | 2229 |
.B \-\-syslog [progname] |