From patchwork Tue Dec 7 02:04:36 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gert Doering X-Patchwork-Id: 2120 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director7.mail.ord1d.rsapps.net ([172.31.255.6]) by backend41.mail.ord1d.rsapps.net with LMTP id joWbKChcr2G5dgAAqwncew (envelope-from ) for ; Tue, 07 Dec 2021 08:05:44 -0500 Received: from proxy6.mail.iad3b.rsapps.net ([172.31.255.6]) by director7.mail.ord1d.rsapps.net with LMTP id EFjbKihcr2GhRgAAovjBpQ (envelope-from ) for ; Tue, 07 Dec 2021 08:05:44 -0500 Received: from smtp29.gate.iad3b ([172.31.255.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy6.mail.iad3b.rsapps.net with LMTPS id GMArJChcr2EAZAAARawThA (envelope-from ) for ; Tue, 07 Dec 2021 08:05:44 -0500 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp29.gate.iad3b.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dmarc=none (p=nil; dis=none) header.from=greenie.muc.de X-Suspicious-Flag: YES X-Classification-ID: 61fede9a-575e-11ec-941d-525400534f55-1-1 Received: from [216.105.38.7] ([216.105.38.7:48470] helo=lists.sourceforge.net) by smtp29.gate.iad3b.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id 5B/13-08843-62C5FA16; Tue, 07 Dec 2021 08:05:43 -0500 Received: from [127.0.0.1] (helo=sfs-ml-2.v29.lw.sourceforge.com) by sfs-ml-2.v29.lw.sourceforge.com with esmtp (Exim 4.94.2) (envelope-from ) id 1mua9M-0001PL-2n; Tue, 07 Dec 2021 13:04:52 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-2.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1mua9J-0001PE-N9 for openvpn-devel@lists.sourceforge.net; Tue, 07 Dec 2021 13:04:49 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:Message-Id: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=T8rVHhfhpGxReM7H7v8NSwnD1NNSLS0TVnCBcXrE0Ao=; b=CKTD1GO+zzxEfKGucPvBMfn8uT /+mRfXa3jzNDjHTYopQ6E/VHR6U+UgGqkCpnK5eXAMm3g18WbgSMt9/gwp6RcQo96MxNAhXX30boc epVP1uaNqPvWmVTvCQ94OxUrNJFbigpbJM1nwJnGeMKLkTrpzAlidZhUcfwMZZlxLBAE=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:Message-Id:Date:Subject:To:From: Sender:Reply-To:Cc:Content-Type:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To: References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post: List-Owner:List-Archive; bh=T8rVHhfhpGxReM7H7v8NSwnD1NNSLS0TVnCBcXrE0Ao=; b=L ojkmTuHGjGqILZX829MGig6ohbAAkzeisFzFO9aeRkzk5/zpm0nlP5cyiZYHU+sWhb9OEAtisgGNS OcoLBPpbltBJaJmsfVAFY71+MDg3zSWcei9ADvtGg6skD5kkxU/bCbWRv8OBUpyNT0oUYz7tpO9E4 NDk1KjKQlVJhunhw=; Received: from dhcp-174.greenie.muc.de ([193.149.48.174] helo=blue.greenie.muc.de) by sfi-mx-1.v28.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.92.3) id 1mua9F-007Olh-UT for openvpn-devel@lists.sourceforge.net; Tue, 07 Dec 2021 13:04:49 +0000 Received: from blue.greenie.muc.de (localhost [127.0.0.1]) by blue.greenie.muc.de (8.15.2/8.14.9) with ESMTP id 1B7D4cZh022240 for ; Tue, 7 Dec 2021 14:04:38 +0100 Received: (from gert@localhost) by blue.greenie.muc.de (8.15.2/8.14.9/Submit) id 1B7D4cAn022239 for openvpn-devel@lists.sourceforge.net; Tue, 7 Dec 2021 14:04:38 +0100 From: Gert Doering To: openvpn-devel@lists.sourceforge.net Date: Tue, 7 Dec 2021 14:04:36 +0100 Message-Id: <20211207130436.22187-1-gert@greenie.muc.de> X-Mailer: git-send-email 2.26.3 MIME-Version: 1.0 X-Spam-Report: Spam detection software, running on the system "util-spamd-1.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: While --push-peer-info can be configured on the server, it's not really intended for that, and it ended in the "SERVER OPTIONS" section by mishap. Fix that. Reported-by: Stella Ashburne Signed-off-by: Gert Doering --- doc/man-sections/client-options.rst | 69 +++++++++++++++++++++++++++++ doc/man-sections/server-opti [...] Content analysis details: (-0.0 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 SPF_HELO_PASS SPF: HELO matches SPF record -0.0 SPF_PASS SPF: sender matches SPF record X-Headers-End: 1mua9F-007Olh-UT Subject: [Openvpn-devel] [PATCH] Move '--push-peer-info' documentation from 'server' to 'client options' X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox While --push-peer-info can be configured on the server, it's not really intended for that, and it ended in the "SERVER OPTIONS" section by mishap. Fix that. Reported-by: Stella Ashburne Signed-off-by: Gert Doering Acked-By: Frank Lichtenheld --- doc/man-sections/client-options.rst | 69 +++++++++++++++++++++++++++++ doc/man-sections/server-options.rst | 69 ----------------------------- 2 files changed, 69 insertions(+), 69 deletions(-) diff --git a/doc/man-sections/client-options.rst b/doc/man-sections/client-options.rst index c5b7ad96..92a02e28 100644 --- a/doc/man-sections/client-options.rst +++ b/doc/man-sections/client-options.rst @@ -251,6 +251,75 @@ configuration. next remote succeeds. To silently ignore an option pushed by the server, use :code:`ignore`. +--push-peer-info + Push additional information about the client to server. The following + data is always pushed to the server: + + :code:`IV_VER=` + The client OpenVPN version + + :code:`IV_PLAT=[linux|solaris|openbsd|mac|netbsd|freebsd|win]` + The client OS platform + + :code:`IV_LZO_STUB=1` + If client was built with LZO stub capability + + :code:`IV_LZ4=1` + If the client supports LZ4 compressions. + + :code:`IV_PROTO` + Details about protocol extensions that the peer supports. The + variable is a bitfield and the bits are defined as follows + (starting a bit 0 for the first (unused) bit: + + - bit 1: The peer supports peer-id floating mechanism + - bit 2: The client expects a push-reply and the server may + send this reply without waiting for a push-request first. + - bit 3: The client is capable of doing key derivation using + RFC5705 key material exporter. + - bit 4: The client is capable of accepting additional arguments + to the `AUTH_PENDING` message. + + :code:`IV_NCP=2` + Negotiable ciphers, client supports ``--cipher`` pushed by + the server, a value of 2 or greater indicates client supports + *AES-GCM-128* and *AES-GCM-256*. + + :code:`IV_CIPHERS=` + The client announces the list of supported ciphers configured with the + ``--data-ciphers`` option to the server. + + :code:`IV_GUI_VER= ` + The UI version of a UI if one is running, for example + :code:`de.blinkt.openvpn 0.5.47` for the Android app. + + :code:`IV_SSO=[crtext,][openurl,][proxy_url]` + Additional authentication methods supported by the client. + This may be set by the client UI/GUI using ``--setenv`` + + When ``--push-peer-info`` is enabled the additional information consists + of the following data: + + :code:`IV_HWADDR=` + This is intended to be a unique and persistent ID of the client. + The string value can be any readable ASCII string up to 64 bytes. + OpenVPN 2.x and some other implementations use the MAC address of + the client's interface used to reach the default gateway. If this + string is generated by the client, it should be consistent and + preserved across independent session and preferably + re-installations and upgrades. + + :code:`IV_SSL=` + The ssl version used by the client, e.g. + :code:`OpenSSL 1.0.2f 28 Jan 2016`. + + :code:`IV_PLAT_VER=x.y` + The version of the operating system, e.g. 6.1 for Windows 7. + + :code:`UV_=` + Client environment variables whose names start with + :code:`UV_` + --remote args Remote host name or IP address, port and protocol. diff --git a/doc/man-sections/server-options.rst b/doc/man-sections/server-options.rst index f1d2ec31..8a030294 100644 --- a/doc/man-sections/server-options.rst +++ b/doc/man-sections/server-options.rst @@ -418,75 +418,6 @@ fast hardware. SSL/TLS authentication must be used in this mode. ``--echo``, ``--comp-lzo``, ``--socket-flags``, ``--sndbuf``, ``--rcvbuf`` ---push-peer-info - Push additional information about the client to server. The following - data is always pushed to the server: - - :code:`IV_VER=` - The client OpenVPN version - - :code:`IV_PLAT=[linux|solaris|openbsd|mac|netbsd|freebsd|win]` - The client OS platform - - :code:`IV_LZO_STUB=1` - If client was built with LZO stub capability - - :code:`IV_LZ4=1` - If the client supports LZ4 compressions. - - :code:`IV_PROTO` - Details about protocol extensions that the peer supports. The - variable is a bitfield and the bits are defined as follows - (starting a bit 0 for the first (unused) bit: - - - bit 1: The peer supports peer-id floating mechanism - - bit 2: The client expects a push-reply and the server may - send this reply without waiting for a push-request first. - - bit 3: The client is capable of doing key derivation using - RFC5705 key material exporter. - - bit 4: The client is capable of accepting additional arguments - to the `AUTH_PENDING` message. - - :code:`IV_NCP=2` - Negotiable ciphers, client supports ``--cipher`` pushed by - the server, a value of 2 or greater indicates client supports - *AES-GCM-128* and *AES-GCM-256*. - - :code:`IV_CIPHERS=` - The client announces the list of supported ciphers configured with the - ``--data-ciphers`` option to the server. - - :code:`IV_GUI_VER= ` - The UI version of a UI if one is running, for example - :code:`de.blinkt.openvpn 0.5.47` for the Android app. - - :code:`IV_SSO=[crtext,][openurl,][proxy_url]` - Additional authentication methods supported by the client. - This may be set by the client UI/GUI using ``--setenv`` - - When ``--push-peer-info`` is enabled the additional information consists - of the following data: - - :code:`IV_HWADDR=` - This is intended to be a unique and persistent ID of the client. - The string value can be any readable ASCII string up to 64 bytes. - OpenVPN 2.x and some other implementations use the MAC address of - the client's interface used to reach the default gateway. If this - string is generated by the client, it should be consistent and - preserved across independent session and preferably - re-installations and upgrades. - - :code:`IV_SSL=` - The ssl version used by the client, e.g. - :code:`OpenSSL 1.0.2f 28 Jan 2016`. - - :code:`IV_PLAT_VER=x.y` - The version of the operating system, e.g. 6.1 for Windows 7. - - :code:`UV_=` - Client environment variables whose names start with - :code:`UV_` - --push-remove opt Selectively remove all ``--push`` options matching "opt" from the option list for a client. ``opt`` is matched as a substring against the whole