[Openvpn-devel,v2] Improve description of compat-mode

Message ID	20230320165538.902965-1-arne@rfc2549.org
State	Accepted
Headers	show Return-Path: <openvpn-devel-bounces@lists.sourceforge.net> Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; From: Arne Schwabe <arne@rfc2549.org> To: openvpn-devel@lists.sourceforge.net Date: Mon, 20 Mar 2023 17:55:38 +0100 Message-Id: <20230320165538.902965-1-arne@rfc2549.org> In-Reply-To: <20230301134449.2810039-1-arne@rfc2549.org> References: <20230301134449.2810039-1-arne@rfc2549.org> MIME-Version: 1.0 preview: Explicitly say that the version specified is the one of the peer and not the version we try to emulate. Patch v2: Improve grammar. Change-Id: I3bd27a8d34d8cb4896a3b78508b7d16911571543 Change-Id: If4fb45b3426f5e0dbe6c87d5bd05681b9d733827 Signed-off-by: Arne Schwabe <arne@rfc2549.org> --- doc/man-sections/generic-options.rst \| 22 ++++++++++++++++------ 1 file changed, 16 insertions(+ [...] Content analysis details: (0.3 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 SPF_NONE SPF: sender does not publish an SPF Record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.2 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail domains are different Subject: [Openvpn-devel] [PATCH v2] Improve description of compat-mode Precedence: list Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox
Series	[Openvpn-devel,v2] Improve description of compat-mode \| expand [Openvpn-devel,v2] Improve description of compat-mode

Message ID

20230320165538.902965-1-arne@rfc2549.org

State

Accepted

Headers

Received-SPF: pass (google.com: domain of
 openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as
 permitted sender) client-ip=216.105.38.7;
From: Arne Schwabe <arne@rfc2549.org>
To: openvpn-devel@lists.sourceforge.net
Date: Mon, 20 Mar 2023 17:55:38 +0100
Message-Id: <20230320165538.902965-1-arne@rfc2549.org>
In-Reply-To: <20230301134449.2810039-1-arne@rfc2549.org>
References: <20230301134449.2810039-1-arne@rfc2549.org>
MIME-Version: 1.0
Subject: [Openvpn-devel] [PATCH v2] Improve description of compat-mode
Precedence: list
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: openvpn-devel-bounces@lists.sourceforge.net

Series

[Openvpn-devel,v2] Improve description of compat-mode | expand

Commit Message

Arne Schwabe March 20, 2023, 4:55 p.m. UTC

Explicitly say that the version specified is the one of the peer and not
the version we try to emulate.

Patch v2: Improve grammar.
Change-Id: I3bd27a8d34d8cb4896a3b78508b7d16911571543

Change-Id: If4fb45b3426f5e0dbe6c87d5bd05681b9d733827
Signed-off-by: Arne Schwabe <arne@rfc2549.org>
---
 doc/man-sections/generic-options.rst | 22 ++++++++++++++++------
 1 file changed, 16 insertions(+), 6 deletions(-)

Comments

Frank Lichtenheld March 21, 2023, 8:23 a.m. UTC | #1

On Mon, Mar 20, 2023 at 05:55:38PM +0100, Arne Schwabe wrote:
> Explicitly say that the version specified is the one of the peer and not
> the version we try to emulate.
> 
> Patch v2: Improve grammar.
> Change-Id: I3bd27a8d34d8cb4896a3b78508b7d16911571543
> 
> Change-Id: If4fb45b3426f5e0dbe6c87d5bd05681b9d733827

How did you end up with two change ids?

> Signed-off-by: Arne Schwabe <arne@rfc2549.org>
> ---
>  doc/man-sections/generic-options.rst | 22 ++++++++++++++++------
>  1 file changed, 16 insertions(+), 6 deletions(-)

Review happened in Gerrit.

Acked-By: Frank Lichtenheld <frank@lichtenheld.com>

Regards,

Gert Doering March 21, 2023, 3:07 p.m. UTC | #2

Nothing to test here :-)

Your patch has been applied to the master and release/2.6 branch.

commit daf66f4013d8facc085ea6cfaaf8a42f4d45a461 (master)
commit 92827ad84eb3a5b7ca70f3e7f34800d25790b10d (release/2.6)
Author: Arne Schwabe
Date:   Mon Mar 20 17:55:38 2023 +0100

     Improve description of compat-mode

     Signed-off-by: Arne Schwabe <arne@rfc2549.org>
     Acked-by: Frank Lichtenheld <frank@lichtenheld.com>
     Message-Id: <20230320165538.902965-1-arne@rfc2549.org>
     URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg26445.html
     Signed-off-by: Gert Doering <gert@greenie.muc.de>


--
kind regards,

Gert Doering

diff --git a/doc/man-sections/generic-options.rst b/doc/man-sections/generic-options.rst
index c827651d6..97e1b5aa6 100644
--- a/doc/man-sections/generic-options.rst
+++ b/doc/man-sections/generic-options.rst
@@ -53,10 +53,17 @@  which mode OpenVPN is configured as.
   need for /dev/urandom to be available.
 
 --compat-mode version
-  This option provides a way to alter the default of OpenVPN to be more
-  compatible with the version ``version`` specified. All of the changes
-  this option does can also be achieved using individual configuration
-  options.
+  This option provides a convenient way to alter the defaults of OpenVPN
+  to be more compatible with the version ``version`` specified. All of
+  the changes this option applies can also be achieved using individual
+  configuration options.
+
+  The version specified with this option is the version of OpenVPN peer
+  OpenVPN should try to be compatible with. In general OpenVPN should be
+  compatible with the last two previous version without this option. E.g.
+  OpenVPN 2.6.0 should be compatible with 2.5.x and 2.4.x without this option.
+  However, there might be some edge cases that still require this option even
+  in these cases.
 
   Note: Using this option reverts defaults to no longer recommended
   values and should be avoided if possible.
@@ -67,12 +74,15 @@  which mode OpenVPN is configured as.
   - 2.5.x or lower: ``--allow-compression asym`` is automatically added
     to the configuration if no other compression options are present.
   - 2.4.x or lower: The cipher in ``--cipher`` is appended to
-    ``--data-ciphers``
+    ``--data-ciphers``.
   - 2.3.x or lower: ``--data-cipher-fallback`` is automatically added with
-    the same cipher as ``--cipher``
+    the same cipher as ``--cipher``.
   - 2.3.6 or lower: ``--tls-version-min 1.0`` is added to the configuration
     when ``--tls-version-min`` is not explicitly set.
 
+  If not required, this is option should be avoided. Setting this option can
+  lower security or disable features like data-channel offloading.
+
 --config file
   Load additional config options from ``file`` where each line corresponds
   to one command line option, but with the leading :code:`--` removed.