From patchwork Wed Jun 24 08:07:39 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: David Sommerseth X-Patchwork-Id: 1170 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director12.mail.ord1d.rsapps.net ([172.30.191.6]) by backend30.mail.ord1d.rsapps.net with LMTP id 4IJtKiSX817rPAAAIUCqbw for ; Wed, 24 Jun 2020 14:10:44 -0400 Received: from proxy6.mail.ord1d.rsapps.net ([172.30.191.6]) by director12.mail.ord1d.rsapps.net with LMTP id CHk2KiSX817OEAAAIasKDg ; Wed, 24 Jun 2020 14:10:44 -0400 Received: from smtp35.gate.ord1d ([172.30.191.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy6.mail.ord1d.rsapps.net with LMTP id ABRUKSSX814sQwAAQyIf0w ; Wed, 24 Jun 2020 14:10:44 -0400 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp35.gate.ord1d.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dmarc=fail (p=none; dis=none) header.from=openvpn.net X-Suspicious-Flag: YES X-Classification-ID: 04cf73ac-b646-11ea-ac77-525400a7b7b4-1-1 Received: from [216.105.38.7] ([216.105.38.7:48364] helo=lists.sourceforge.net) by smtp35.gate.ord1d.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id 8A/27-13885-32793FE5; Wed, 24 Jun 2020 14:10:43 -0400 Received: from [127.0.0.1] (helo=sfs-ml-1.v29.lw.sourceforge.com) by sfs-ml-1.v29.lw.sourceforge.com with esmtp (Exim 4.90_1) (envelope-from ) id 1jo9qR-00042F-BC; Wed, 24 Jun 2020 18:09:59 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-1.v29.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.90_1) (envelope-from ) id 1jo9qP-000425-TD for openvpn-devel@lists.sourceforge.net; Wed, 24 Jun 2020 18:09:57 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-Id:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=T8yZLu0w7ivBOKjTH9tOQFpYh/NHndWjcX33bJNzvbs=; b=EOonaauu91DwwB0L/Zr9Io73G2 IhHySAMkDfNT/XHohG1SKAa1wDEo6jNBk+qaCLZafwTdR2SAbdmX2WCRN1lmtLEGZTox2lgU+o6Wj 6LrzE5ZJSxemLk9UbR4Un6We+/6Vw9YbTAqp5+NqAw4Xj9tQDBz2g1IEHWABeX4m8BlY=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-Id: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=T8yZLu0w7ivBOKjTH9tOQFpYh/NHndWjcX33bJNzvbs=; b=EjsBZIZoGZBVQ7cYIFT/HMsZTn 2oOWyRoEB+icIvDcxPv0kXsna5nEAo/7QPSNw28sz5TBv+JW0e2hB6QkczMtHE3AiqLDTvl98HhTc /94ntIGrvrgjmR0FNKs4BofsBYNFCdjrfknJjsFuomnKmddDAT5NacVQnqF7Aj3ZuZ+E=; Received: from mx0.basenordic.cloud ([185.212.44.139]) by sfi-mx-4.v28.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.92.2) id 1jo9qO-00HElz-BB for openvpn-devel@lists.sourceforge.net; Wed, 24 Jun 2020 18:09:57 +0000 Received: from localhost (unknown [IPv6:::1]) by mx0.basenordic.cloud (Postfix) with ESMTP id F285182D96B for ; Wed, 24 Jun 2020 18:09:49 +0000 (UTC) Received: from mx0.basenordic.cloud ([IPv6:::1]) by localhost (winterfell.topphemmelig.net [IPv6:::1]) (amavisd-new, port 10024) with ESMTP id lbUSOQYhphaw for ; Wed, 24 Jun 2020 20:09:46 +0200 (CEST) Received: from zimbra.sommerseth.email (zimbra.sommerseth.email [172.16.33.42]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx0.basenordic.cloud (Postfix) with ESMTPS id 59CFB83BF4C for ; Wed, 24 Jun 2020 20:08:21 +0200 (CEST) Received: from localhost (localhost [127.0.0.1]) by zimbra.sommerseth.email (Postfix) with ESMTP id 399464172FFE for ; Wed, 24 Jun 2020 20:08:20 +0200 (CEST) Received: from zimbra.sommerseth.email ([127.0.0.1]) by localhost (zimbra.sommerseth.email [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id 1Vju21hH7BeW for ; Wed, 24 Jun 2020 20:08:19 +0200 (CEST) Received: from optimus.homebase.sommerseths.net (unknown [10.35.7.3]) by zimbra.sommerseth.email (Postfix) with ESMTPS id 7D9D34173000 for ; Wed, 24 Jun 2020 20:08:12 +0200 (CEST) From: David Sommerseth To: openvpn-devel@lists.sourceforge.net Date: Wed, 24 Jun 2020 20:07:39 +0200 Message-Id: <20200624180741.426-10-davids@openvpn.net> X-Mailer: git-send-email 2.26.0 In-Reply-To: <20200624180741.426-1-davids@openvpn.net> References: <20200624180741.426-1-davids@openvpn.net> MIME-Version: 1.0 X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -0.0 SPF_HELO_PASS SPF: HELO matches SPF record 0.0 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail domains are different -0.0 SPF_PASS SPF: sender matches SPF record X-Headers-End: 1jo9qO-00HElz-BB Subject: [Openvpn-devel] [PATCH 09/11] doc/man: Move some options from link to advanced section X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox Moved --persist-local-ip, --persist-remote-ip, --rcvbuf, --sndbuf and --shaper from the link options section to the advanced section. The rationale is that these options are not common to use and is for more advanced use cases where special tweaking is required. Signed-off-by: David Sommerseth --- doc/man-sections/advanced-options.rst | 40 +++++++++++++++++++++++++++ doc/man-sections/link-options.rst | 40 --------------------------- 2 files changed, 40 insertions(+), 40 deletions(-) diff --git a/doc/man-sections/advanced-options.rst b/doc/man-sections/advanced-options.rst index 9e59677d..262e568c 100644 --- a/doc/man-sections/advanced-options.rst +++ b/doc/man-sections/advanced-options.rst @@ -34,6 +34,14 @@ used when debugging or testing out special usage scenarios. --bcast-buffers n Allocate ``n`` buffers for broadcast datagrams (default :code:`256`). +--persist-local-ip + Preserve initially resolved local IP address and port number across + ``SIGUSR1`` or ``--ping-restart`` restarts. + +--persist-remote-ip + Preserve most recently authenticated remote IP address and port number + across :code:`SIGUSR1` or ``--ping-restart`` restarts. + --prng args *(Advanced)* Change the PRNG (Pseudo-random number generator) parameters @@ -51,6 +59,38 @@ used when debugging or testing out special usage scenarios. RAND\_bytes function instead for all of OpenVPN's pseudo-random number needs. +--rcvbuf size + Set the TCP/UDP socket receive buffer size. Defaults to operation system + default. + +--shaper n + Limit bandwidth of outgoing tunnel data to ``n`` bytes per second on the + TCP/UDP port. Note that this will only work if mode is set to + :code:`p2p`. If you want to limit the bandwidth in both directions, use + this option on both peers. + + OpenVPN uses the following algorithm to implement traffic shaping: Given + a shaper rate of ``n`` bytes per second, after a datagram write of ``b`` + bytes is queued on the TCP/UDP port, wait a minimum of ``(b / n)`` + seconds before queuing the next write. + + It should be noted that OpenVPN supports multiple tunnels between the + same two peers, allowing you to construct full-speed and reduced + bandwidth tunnels at the same time, routing low-priority data such as + off-site backups over the reduced bandwidth tunnel, and other data over + the full-speed tunnel. + + Also note that for low bandwidth tunnels (under 1000 bytes per second), + you should probably use lower MTU values as well (see above), otherwise + the packet latency will grow so large as to trigger timeouts in the TLS + layer and TCP connections running over the tunnel. + + OpenVPN allows ``n`` to be between 100 bytes/sec and 100 Mbytes/sec. + +--sndbuf size + Set the TCP/UDP socket send buffer size. Defaults to operation system + default. + --tcp-queue-limit n Maximum number of output packets queued before TCP (default :code:`64`). diff --git a/doc/man-sections/link-options.rst b/doc/man-sections/link-options.rst index ca719c75..5f75c5f3 100644 --- a/doc/man-sections/link-options.rst +++ b/doc/man-sections/link-options.rst @@ -173,14 +173,6 @@ the local and the remote host. --passtos Set the TOS field of the tunnel packet to what the payload's TOS is. ---persist-local-ip - Preserve initially resolved local IP address and port number across - ``SIGUSR1`` or ``--ping-restart`` restarts. - ---persist-remote-ip - Preserve most recently authenticated remote IP address and port number - across :code:`SIGUSR1` or ``--ping-restart`` restarts. - --ping n Ping remote over the TCP/UDP control channel if no packets have been sent for at least ``n`` seconds (specify ``--ping`` on both peers to @@ -292,10 +284,6 @@ the local and the remote host. and has been used since version 2.0-beta17. Previous versions used port 5000 as the default. ---rcvbuf size - Set the TCP/UDP socket receive buffer size. Defaults to operation system - default. - --reneg-bytes n Renegotiate data channel key after ``n`` bytes sent or received (disabled by default with an exception, see below). OpenVPN allows the @@ -439,34 +427,6 @@ the local and the remote host. default) and you are using either ``--secret`` (shared-secret key mode) or TLS mode with ``--tls-auth``. ---shaper n - Limit bandwidth of outgoing tunnel data to ``n`` bytes per second on the - TCP/UDP port. Note that this will only work if mode is set to - :code:`p2p`. If you want to limit the bandwidth in both directions, use - this option on both peers. - - OpenVPN uses the following algorithm to implement traffic shaping: Given - a shaper rate of ``n`` bytes per second, after a datagram write of ``b`` - bytes is queued on the TCP/UDP port, wait a minimum of ``(b / n)`` - seconds before queuing the next write. - - It should be noted that OpenVPN supports multiple tunnels between the - same two peers, allowing you to construct full-speed and reduced - bandwidth tunnels at the same time, routing low-priority data such as - off-site backups over the reduced bandwidth tunnel, and other data over - the full-speed tunnel. - - Also note that for low bandwidth tunnels (under 1000 bytes per second), - you should probably use lower MTU values as well (see above), otherwise - the packet latency will grow so large as to trigger timeouts in the TLS - layer and TCP connections running over the tunnel. - - OpenVPN allows ``n`` to be between 100 bytes/sec and 100 Mbytes/sec. - ---sndbuf size - Set the TCP/UDP socket send buffer size. Defaults to operation system - default. - --socket-flags flags Apply the given flags to the OpenVPN transport socket. Currently, only :code:`TCP_NODELAY` is supported.