Document that --push-remove is generally more suitable than --push-reset
It's a long-standing and well-known problem that --push-reset removes
"critical" options from the push list (like "topology subnet") which
will then lead to non-working client configs. This can not be
reasonably fixed, because the list of "critical" options depends on
overall server config.
So just document the fact, and point people towards --push-remove as
a more selective tool.
Trac: #29
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Acked-by: Arne Schwabe <arne@rfc2549.org>
Acked-by: David Sommerseth <davids@openvpn.net>
Message-Id: <20200908111511.9271-1-gert@greenie.muc.de>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg20899.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
(cherry picked from commit 5fd66510dfdef628fa95f156c5f9d80af9ae1531)
Gert Doering authored on 2020/09/08 20:15:11Showing 1 changed files
| ... | ... |
@@ -530,6 +530,14 @@ fast hardware. SSL/TLS authentication must be used in this mode. |
| 530 | 530 |
``--client-config-dir`` configuration file. This option will ignore |
| 531 | 531 |
``--push`` options at the global config file level. |
| 532 | 532 |
|
| 533 |
+ *NOTE*: ``--push-reset`` is very thorough: it will remove almost |
|
| 534 |
+ all options from the list of to-be-pushed options. In many cases, |
|
| 535 |
+ some of these options will need to be re-configured afterwards - |
|
| 536 |
+ specifically, ``--topology subnet`` and ``--route-gateway`` will get |
|
| 537 |
+ lost and this will break client configs in many cases. Thus, for most |
|
| 538 |
+ purposes, ``--push-remove`` is better suited to selectively remove |
|
| 539 |
+ push options for individual clients. |
|
| 540 |
+ |
|
| 533 | 541 |
--server args |
| 534 | 542 |
A helper directive designed to simplify the configuration of OpenVPN's |
| 535 | 543 |
server mode. This directive will set up an OpenVPN server which will |