Trac #574, #576
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Acked-by: Steffan Karger <steffan.karger@fox-it.com>
Message-Id: <1436857794-29419-1-git-send-email-gert@greenie.muc.de>
URL: http://article.gmane.org/gmane.network.openvpn.devel/9923
... | ... |
@@ -2208,6 +2208,22 @@ openvpn command for a fairly reliable indication of whether the command |
2208 | 2208 |
has correctly initialized and entered the packet forwarding event loop. |
2209 | 2209 |
|
2210 | 2210 |
In OpenVPN, the vast majority of errors which occur after initialization are non-fatal. |
2211 |
+ |
|
2212 |
+Note: as soon as OpenVPN has daemonized, it can not ask for usernames, |
|
2213 |
+passwords, or key pass phrases anymore. This has certain consequences, |
|
2214 |
+namely that using a password-protected private key will fail unless the |
|
2215 |
+.B \-\-askpass |
|
2216 |
+option is used to tell OpenVPN to ask for the pass phrase (this |
|
2217 |
+requirement is new in 2.3.7, and is a consequence of calling daemon() |
|
2218 |
+before initializing the crypto layer). |
|
2219 |
+ |
|
2220 |
+Further, using |
|
2221 |
+.B \-\-daemon |
|
2222 |
+together with |
|
2223 |
+.B \-\-auth-user-pass |
|
2224 |
+(entered on console) and |
|
2225 |
+.B \-\-auth-nocache |
|
2226 |
+will fail as soon as key renegotiation (and reauthentication) occurs. |
|
2211 | 2227 |
.\"********************************************************* |
2212 | 2228 |
.TP |
2213 | 2229 |
.B \-\-syslog [progname] |