Message ID | 20210709131330.140347-1-openvpn@sf.lists.topphemmelig.net |
---|---|
State | Superseded |
Headers | show |
Series | [Openvpn-devel] man: Clarify IV_HWADDR | expand |
Hi, On Fri, Jul 09, 2021 at 03:13:30PM +0200, David Sommerseth wrote: > From: David Sommerseth <davids@openvpn.net> > > The IV_HWADDR description was only partially correct, as there are more > implementations using other values than the MAC address of the default > gateway. Feature ACK, but this text is actually still factually wrong: > + :code:`IV_HWADDR=<string>` > + This is intended to be a unique and persistent ID of the client. > + The string value can be any readable ASCII string up to 64 bytes. > + OpenVPN 2.x and some other implementations use the MAC address of > + the client's default gateway. If this string is generated by the It was never "the MAC address of the default gateway" (which would be "the plastic router in the corner", and specifically depending on "which network is this client in, right now?"). It is the MAC address of the *client* interface that is used to reach the default gateway. So maybe a better wording would be "... use the MAC address of the client's interface used to reach the default gateway." (it's the client's interface MAC, not the gateway's MAC). gert
diff --git a/doc/man-sections/server-options.rst b/doc/man-sections/server-options.rst index 047f2270..b026ac7b 100644 --- a/doc/man-sections/server-options.rst +++ b/doc/man-sections/server-options.rst @@ -467,8 +467,13 @@ fast hardware. SSL/TLS authentication must be used in this mode. When ``--push-peer-info`` is enabled the additional information consists of the following data: - :code:`IV_HWADDR=<mac address>` - The MAC address of clients default gateway + :code:`IV_HWADDR=<string>` + This is intended to be a unique and persistent ID of the client. + The string value can be any readable ASCII string up to 64 bytes. + OpenVPN 2.x and some other implementations use the MAC address of + the client's default gateway. If this string is generated by the + client, it should be consistent and preserved across independent + session and preferably re-installations and upgrades. :code:`IV_SSL=<version string>` The ssl version used by the client, e.g.