From patchwork Thu Oct 5 12:25:42 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: David Sommerseth X-Patchwork-Id: 13 X-Patchwork-Delegate: davids@openvpn.net Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director4.mail.ord1d.rsapps.net ([172.30.157.10]) by backend31.mail.ord1d.rsapps.net (Dovecot) with LMTP id eB8JIaK/1lndLgAAgoeIoA for ; Thu, 05 Oct 2017 19:26:26 -0400 Received: from proxy11.mail.ord1d.rsapps.net ([172.30.157.56]) by director4.mail.ord1d.rsapps.net (Dovecot) with LMTP id +Y4SB5vh1Vn2SQAAHDmxtw ; Thu, 05 Oct 2017 19:26:26 -0400 Received: from smtp9.gate.ord1d ([172.30.191.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy11.mail.ord1d.rsapps.net (Dovecot) with LMTP id mT43Afq91llWKgAAgKDEHA ; Thu, 05 Oct 2017 19:26:26 -0400 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-MessageSniffer-Scan-Result: 0 X-MessageSniffer-Rules: 0-298-1046-1248-w 0-298-1046-1612-w 0-298-0-10255-f X-CMAE-Scan-Result: 0 X-CNFS-Analysis: v=2.2 cv=a+lyzgaF c=1 sm=1 tr=0 a=Q8DxjiC8O3VT/NpP1XjEZQ==:117 a=Q8DxjiC8O3VT/NpP1XjEZQ==:17 a=kj9zAlcOel0A:10 a=xqWC_Br6kY4A:10 a=02M-m0pO-4AA:10 a=WiVod9pSvdkA:10 a=uDo-SIiEAAAA:8 a=9sSjY8p1AAAA:8 a=P_JWiMecAAAA:8 a=FP58Ms26AAAA:8 a=t8MWFogJPN6TC1MUJHEA:9 a=5CEbkSUZma_bFmSQ:21 a=kN8Y543QaCeIHo4R:21 a=CjuIK1q_8ugA:10 a=-FEs8UIgK8oA:10 a=NWVoK91CQyQA:10 a=Rkhf4GTZPwEC63LfVcCP:22 a=ub54wNWiXv_DzeFsgEJW:22 a=D0-HAvA3Hk9NMREbgwuX:22 X-Orig-To: justin@openvpn.net X-Originating-Ip: [216.34.181.88] Authentication-Results: smtp9.gate.ord1d.rsapps.net; iprev=pass policy.iprev="216.34.181.88"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dmarc=none (p=nil; dis=none) header.from=openvpn.net X-Classification-ID: 9b8097ee-aa24-11e7-a27e-525400bd3b1f-1-1 Received: from [216.34.181.88] ([216.34.181.88:32060] helo=lists.sourceforge.net) by smtp9.gate.ord1d.rsapps.net (envelope-from ) (ecelerity 4.2.1.56364 r(Core:4.2.1.14)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id 58/FF-00445-2AFB6D95; Thu, 05 Oct 2017 19:26:26 -0400 Received: from localhost ([127.0.0.1] helo=sfs-ml-2.v29.ch3.sourceforge.com) by sfs-ml-2.v29.ch3.sourceforge.com with esmtp (Exim 4.89) (envelope-from ) id 1e0FWk-0006VA-Vy; Thu, 05 Oct 2017 23:26:02 +0000 Received: from sog-mx-4.v43.ch3.sourceforge.com ([172.29.43.194] helo=mx.sourceforge.net) by sfs-ml-2.v29.ch3.sourceforge.com with esmtps (TLSv1:DHE-RSA-AES256-SHA:256) (Exim 4.89) (envelope-from ) id 1e0FWj-0006Uy-73 for openvpn-devel@lists.sourceforge.net; Thu, 05 Oct 2017 23:26:01 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Message-Id:Date:Subject:To:From; bh=Ab5oHNL296t30FuMzRJwpz/EFDG1K2uJUpBW1us7P+4=; b=c7PH39p7uc7plSHFIDP0cqr6fU5z4Fj0tIYBVxB2nSfa9u5BusVZp4r/5o05aHLOdEPU2NTMCQsa3nRyaYE3THQUxvi3AgOkGSjAhkhqgt5o1Hgt5Vh8F/qeTTKYqAo4fRvancMdGs+Slqv0Gbg1NVjxkj6cX4sTimrSk/rRVO8=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x; h=Message-Id:Date:Subject:To:From; bh=Ab5oHNL296t30FuMzRJwpz/EFDG1K2uJUpBW1us7P+4=; b=U1TVv3GWcrLb2xEH6gy9BvPUdZKFvUeDgA65M/BnOSppqTDf50kKHjHmkhiR0XYEVJsj69OlogjbR8kt0TNGBATQ79cJFT69RzffVADfmnSGvs83BFGUbyaHwBnQTv1+Y3GkD/XKeHyGCdoYBmNIn72MEhfc5aQx9H5FKaNrS1U=; Received-SPF: pass (sog-mx-4.v43.ch3.sourceforge.com: domain of sf.lists.topphemmelig.net designates 83.243.40.96 as permitted sender) client-ip=83.243.40.96; envelope-from=openvpn@sf.lists.topphemmelig.net; helo=winterfell.topphemmelig.net; Received: from [83.243.40.96] (helo=winterfell.topphemmelig.net) by sog-mx-4.v43.ch3.sourceforge.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.76) id 1e0FWi-0002Ev-9B for openvpn-devel@lists.sourceforge.net; Thu, 05 Oct 2017 23:26:01 +0000 Received: from localhost (unknown [IPv6:::1]) by winterfell.topphemmelig.net (Postfix) with ESMTP id D09FC8100F7 for ; Thu, 5 Oct 2017 23:25:51 +0000 (UTC) Received: from winterfell.topphemmelig.net ([127.0.0.1]) by localhost (winterfell.topphemmelig.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Fbm4_Pn2V-ed for ; Fri, 6 Oct 2017 01:25:50 +0200 (CEST) Received: from zimbra.sommerseth.email (zimbra.sommerseth.email [172.16.33.42]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by winterfell.topphemmelig.net (Postfix) with ESMTPS id 0E3AC80D7D6 for ; Fri, 6 Oct 2017 01:25:50 +0200 (CEST) Received: from localhost (localhost [IPv6:::1]) by zimbra.sommerseth.email (Postfix) with ESMTP id 94D9940C1CBA for ; Fri, 6 Oct 2017 01:25:49 +0200 (CEST) Received: from zimbra.sommerseth.email ([IPv6:::1]) by localhost (zimbra.sommerseth.email [IPv6:::1]) (amavisd-new, port 10026) with ESMTP id 1kqo7y4vmNmu for ; Fri, 6 Oct 2017 01:25:49 +0200 (CEST) Received: from optimus.homebase.sommerseths.net (unknown [10.35.7.4]) by zimbra.sommerseth.email (Postfix) with ESMTPS id 11D6C40C1CB8 for ; Fri, 6 Oct 2017 01:25:48 +0200 (CEST) From: David Sommerseth To: openvpn-devel@lists.sourceforge.net Date: Fri, 6 Oct 2017 01:25:42 +0200 Message-Id: <20171005232542.30007-1-davids@openvpn.net> X-Mailer: git-send-email 2.13.5 X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for sender-domain -0.0 SPF_PASS SPF: sender matches SPF record 1.0 RDNS_NONE Delivered to internal network by a host with no rDNS -0.5 AWL AWL: Adjusted score from AWL reputation of From: address X-Headers-End: 1e0FWi-0002Ev-9B Subject: [Openvpn-devel] [PATCH] man: Describe --proto options better X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox The --proto options changed a bit in OpenVPN v2.4. This tries to expand this section, explaining the new variants and how they related to older OpenVPN versions. Signed-off-by: David Sommerseth --- doc/openvpn.8 | 37 ++++++++++++++++++++++++++++++++++--- 1 file changed, 34 insertions(+), 3 deletions(-) diff --git a/doc/openvpn.8 b/doc/openvpn.8 index a4189ac2..ca4c652e 100644 --- a/doc/openvpn.8 +++ b/doc/openvpn.8 @@ -413,10 +413,10 @@ Use protocol for communicating with remote host. .B p can be -.B udp, -.B tcp\-client, +.B udp, udp4, udp6 +.B tcp\-client, tcp4\-client, tcp6\-client, or -.B tcp\-server. +.B tcp\-server, tcp4\-server, tcp6\-server. The default protocol is .B udp @@ -445,6 +445,37 @@ option) and try again infinite or up to N retries (adjustable via the option). Both TCP client and server will simulate a SIGUSR1 restart signal if either side resets the connection. +When using just +.B udp +or +.B tcp +(not udp4/udp6/tcp4/tcp6) OpenVPN will deploy a dual-stack approach connecting +to remote hosts and binding to local interfaces. If a hostname resolves to +both an IPv4 and IPv6 address, OpenVPN will most commonly try to connect using +IPv6 first before trying the IPv4 address; this is decided by the operating +system's resolver. To enforce OpenVPN to only use either IPv4 or IPv6, the +.B udp4/tcp4 +and +.B udp6/tcp6 +variants needs to be used. + +A quick overview of what gives the most similar behaviour between OpenVPN 2.3 +and v2.4. + +.nf +.ft 3 +.in +4 +.B \ OpenVPN 2.3\ \ \ \ \ OpenVPN 2.4 +============================== + udp udp4 + udp6 udp + tcp-server tcp4-server + tcp6-server tcp-server + tcp-client tcp4-client + tcp6-client tcp-client +.in -4 +.fi + OpenVPN is designed to operate optimally over UDP, but TCP capability is provided for situations where UDP cannot be used. In comparison with UDP, TCP will usually be