From patchwork Fri Jul 9 03:13:30 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: David Sommerseth X-Patchwork-Id: 1878 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director13.mail.ord1d.rsapps.net ([172.30.191.6]) by backend30.mail.ord1d.rsapps.net with LMTP id GN4JFNFL6GCcYwAAIUCqbw (envelope-from ) for ; Fri, 09 Jul 2021 09:14:57 -0400 Received: from proxy20.mail.ord1d.rsapps.net ([172.30.191.6]) by director13.mail.ord1d.rsapps.net with LMTP id 8JPRE9FL6GDlNAAA91zNiA (envelope-from ) for ; Fri, 09 Jul 2021 09:14:57 -0400 Received: from smtp3.gate.ord1d ([172.30.191.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy20.mail.ord1d.rsapps.net with LMTPS id 6KSCE9FL6GCnDQAAsk8m8w (envelope-from ) for ; Fri, 09 Jul 2021 09:14:57 -0400 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp3.gate.ord1d.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dkim=fail (signature verification failed) header.d=sf.lists.topphemmelig.net; dmarc=fail (p=none; dis=none) header.from=sf.lists.topphemmelig.net X-Suspicious-Flag: YES X-Classification-ID: a7c4b332-e0b7-11eb-87c3-5254006d4589-1-1 Received: from [216.105.38.7] ([216.105.38.7:47386] helo=lists.sourceforge.net) by smtp3.gate.ord1d.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id 82/4B-29748-0DB48E06; Fri, 09 Jul 2021 09:14:56 -0400 Received: from [127.0.0.1] (helo=sfs-ml-4.v29.lw.sourceforge.com) by sfs-ml-4.v29.lw.sourceforge.com with esmtp (Exim 4.90_1) (envelope-from ) id 1m1qKM-000281-Hh; Fri, 09 Jul 2021 13:13:58 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-4.v29.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.90_1) (envelope-from ) id 1m1qKL-00027v-GN for openvpn-devel@lists.sourceforge.net; Fri, 09 Jul 2021 13:13:57 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:Message-Id: Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=UXKrssFimJ8y80/N4SkVGXpDmOhLKKEfgvAwUL3MI7o=; b=j1JowKiK+ABMWVvGZ7kR/59EVa PimJOB11RGLlr5QZFqjb2Q55PfNf3qRdy+vUzJTExAe0EWs5vmZ2vU+tARZ1eZta3vIUNeEhudwlm tkRSrGJbVH4s+QeTutmL2XsyrhLJ165tZL0ZcV8oPhfjDwxN4wVh1OL/G9anU/lq++Zw=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:Message-Id:Date:Subject:Cc:To:From :Sender:Reply-To:Content-Type:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To: References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post: List-Owner:List-Archive; bh=UXKrssFimJ8y80/N4SkVGXpDmOhLKKEfgvAwUL3MI7o=; b=k suBSv83zze/uTG9iDlNDpnLkpcQVdxCZ2o+4Sz1DAlZ7QK36TpSk3KOeXsbeD0AHYToABG9Yvrl6/ Mz7ObSA3SEKfi2M9xbbIr+8LLvJoDJONgiX0Guv538jJ0UQQ+DX8ohcUp0sdqa62Kb5BJNgZsyGeN pLBRkTQiBd7aiD3s=; Received: from mx1.basenordic.cloud ([217.170.196.134]) by sfi-mx-1.v28.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.92.3) id 1m1qKB-001rv1-3D for openvpn-devel@lists.sourceforge.net; Fri, 09 Jul 2021 13:13:57 +0000 Received: from localhost (unknown [127.0.0.1]) by mx1.basenordic.cloud (Postfix) with ESMTP id 93F3BE733; Fri, 9 Jul 2021 13:13:34 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sf.lists.topphemmelig.net; s=inouz9eefah2too5; t=1625836414; bh=UXKrssFimJ8y80/N4SkVGXpDmOhLKKEfgvAwUL3MI7o=; h=From:To:Cc:Subject:Date:From; b=ZnXO94IeBrPNQpcOgMUcek6at5sLQC+298j+Xfvv+xR7bd0QgUPiAtBbZN2OiHemu rrBXqFhBgULmkSbhmS3FCd+2DMD/RnKXkFuxVkTCAJjhqcfqIGvjpz66ub+JyeK8yJ JHoftqBDs3MeppOlOvuMH0B0EIU+EghqOCfaBX8xBLSsJvNdiVILWGGGz+HzwSiaXX xUPr6QIFL6nXqO3+wlbEKwirALIBEPEhegxeHzhHBcY3bG3PgWYkagLX7pocJEToVB qlZWVvylwfXzdhLkyBdRZB+vvHgC0n6QiMF2u4IjIdUoiSBBhQu7bNz3TXFvlfSZA/ quyGkB/Vvb2YQ== Received: from mx1.basenordic.cloud ([127.0.0.1]) by localhost (mx1.basenordic.cloud [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FuUpWLfPgMoe; Fri, 9 Jul 2021 15:13:34 +0200 (CEST) Received: from xplorer.net (unknown [10.35.7.11]) by mx1.basenordic.cloud (Postfix) with ESMTP id EF5BEE730; Fri, 9 Jul 2021 15:13:33 +0200 (CEST) From: David Sommerseth To: openvpn-devel@lists.sourceforge.net Date: Fri, 9 Jul 2021 15:13:30 +0200 Message-Id: <20210709131330.140347-1-openvpn@sf.lists.topphemmelig.net> X-Mailer: git-send-email 2.27.0 MIME-Version: 1.0 X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. 0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [URIs: openvpn.net] -0.0 SPF_HELO_PASS SPF: HELO matches SPF record -0.0 SPF_PASS SPF: sender matches SPF record -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid X-Headers-End: 1m1qKB-001rv1-3D Subject: [Openvpn-devel] [PATCH] man: Clarify IV_HWADDR X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: David Sommerseth Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox From: David Sommerseth The IV_HWADDR description was only partially correct, as there are more implementations using other values than the MAC address of the default gateway. The intention of this value is to provide a unique identifier of the client and on some platforms this is not possible to retrieve other than to generate this information. The 64 bytes limitation is an arbitrary value, it is not enforced by OpenVPN 2.x. But it was considered a good idea to at least have some reasonable upper limit of how long this string can be, at least for those implementing support for this information. Signed-off-by: David Sommerseth --- doc/man-sections/server-options.rst | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/doc/man-sections/server-options.rst b/doc/man-sections/server-options.rst index 047f2270..b026ac7b 100644 --- a/doc/man-sections/server-options.rst +++ b/doc/man-sections/server-options.rst @@ -467,8 +467,13 @@ fast hardware. SSL/TLS authentication must be used in this mode. When ``--push-peer-info`` is enabled the additional information consists of the following data: - :code:`IV_HWADDR=` - The MAC address of clients default gateway + :code:`IV_HWADDR=` + This is intended to be a unique and persistent ID of the client. + The string value can be any readable ASCII string up to 64 bytes. + OpenVPN 2.x and some other implementations use the MAC address of + the client's default gateway. If this string is generated by the + client, it should be consistent and preserved across independent + session and preferably re-installations and upgrades. :code:`IV_SSL=` The ssl version used by the client, e.g.