From patchwork Wed Jul 15 12:30:06 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: David Sommerseth X-Patchwork-Id: 1257 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director11.mail.ord1d.rsapps.net ([172.31.255.6]) by backend30.mail.ord1d.rsapps.net with LMTP id OBADDxKED18uDgAAIUCqbw for ; Wed, 15 Jul 2020 18:32:50 -0400 Received: from proxy18.mail.iad3b.rsapps.net ([172.31.255.6]) by director11.mail.ord1d.rsapps.net with LMTP id uI+cDBKED1+pcAAAvGGmqA ; Wed, 15 Jul 2020 18:32:50 -0400 Received: from smtp13.gate.iad3b ([172.31.255.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy18.mail.iad3b.rsapps.net with LMTP id kEdYBxKED1+vCgAA3NpJmQ ; Wed, 15 Jul 2020 18:32:50 -0400 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp13.gate.iad3b.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dmarc=fail (p=none; dis=none) header.from=openvpn.net X-Suspicious-Flag: YES X-Classification-ID: 1cd54430-c6eb-11ea-a42c-5254001dfc40-1-1 Received: from [216.105.38.7] ([216.105.38.7:33440] helo=lists.sourceforge.net) by smtp13.gate.iad3b.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id 69/02-08005-1148F0F5; Wed, 15 Jul 2020 18:32:49 -0400 Received: from [127.0.0.1] (helo=sfs-ml-2.v29.lw.sourceforge.com) by sfs-ml-2.v29.lw.sourceforge.com with esmtp (Exim 4.90_1) (envelope-from ) id 1jvpwa-00015D-II; Wed, 15 Jul 2020 22:32:04 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-2.v29.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.90_1) (envelope-from ) id 1jvpwY-00014y-FC for openvpn-devel@lists.sourceforge.net; Wed, 15 Jul 2020 22:32:02 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-Id:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=T8yZLu0w7ivBOKjTH9tOQFpYh/NHndWjcX33bJNzvbs=; b=hUToRSYXXJOUq2RPTsFAaleYAy Bn3OdzAqzh98GXyQH7vkWvtEHurhfLV15eAb3zt8jJk9QiJ+pWkoy9ziEYg98i5RfJ+ZHbVsIC1LZ HCCxMPkRP6xyK5btE2zTFl2CTJ1Cgc9eALVMB81TSPyCvIROszcwAoMlJfKDECsJ+opI=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-Id: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=T8yZLu0w7ivBOKjTH9tOQFpYh/NHndWjcX33bJNzvbs=; b=m3PdIwCWhS2mH8dfHAoCkSqzyI OXl/5Q7ClifYY3nITLI1XP9mZExfRotzbWsD8LXe7ydfs2nW/MkLg25n8lA7wMCw78JQ3M6G6n3TN 1cU5nzBKnS2sQnzmoubsCkinjK9UsXsP1kM1BthSwJ+ao+yuh9e6cq+wtYO3AJH/WWt0=; Received: from mx0.basenordic.cloud ([185.212.44.139]) by sfi-mx-3.v28.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.92.2) id 1jvpwW-0021Gg-M0 for openvpn-devel@lists.sourceforge.net; Wed, 15 Jul 2020 22:32:02 +0000 Received: from localhost (unknown [IPv6:::1]) by mx0.basenordic.cloud (Postfix) with ESMTP id 077E284A723 for ; Wed, 15 Jul 2020 22:31:48 +0000 (UTC) Received: from mx0.basenordic.cloud ([IPv6:::1]) by localhost (winterfell.topphemmelig.net [IPv6:::1]) (amavisd-new, port 10024) with ESMTP id udxdb8MwK3zG for ; Thu, 16 Jul 2020 00:31:45 +0200 (CEST) Received: from zimbra.sommerseth.email (zimbra.sommerseth.email [172.16.33.42]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx0.basenordic.cloud (Postfix) with ESMTPS id C4EAB8617FF for ; Thu, 16 Jul 2020 00:30:51 +0200 (CEST) Received: from localhost (localhost [127.0.0.1]) by zimbra.sommerseth.email (Postfix) with ESMTP id EF54E400F0DB for ; Thu, 16 Jul 2020 00:30:50 +0200 (CEST) Received: from zimbra.sommerseth.email ([127.0.0.1]) by localhost (zimbra.sommerseth.email [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id Oe9drdNhvf-l for ; Thu, 16 Jul 2020 00:30:50 +0200 (CEST) Received: from optimus.homebase.sommerseths.net (unknown [10.35.7.3]) by zimbra.sommerseth.email (Postfix) with ESMTPS id 7F031400F0D5 for ; Thu, 16 Jul 2020 00:30:49 +0200 (CEST) From: David Sommerseth To: openvpn-devel@lists.sourceforge.net Date: Thu, 16 Jul 2020 00:30:06 +0200 Message-Id: <20200715223013.11726-10-davids@openvpn.net> X-Mailer: git-send-email 2.26.0 In-Reply-To: <20200715223013.11726-1-davids@openvpn.net> References: <20200715223013.11726-1-davids@openvpn.net> MIME-Version: 1.0 X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. 0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [URIs: openvpn.net] -0.0 SPF_HELO_PASS SPF: HELO matches SPF record 0.0 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail domains are different -0.0 SPF_PASS SPF: sender matches SPF record X-Headers-End: 1jvpwW-0021Gg-M0 Subject: [Openvpn-devel] [PATCH 09/16] doc/man: Move some options from link to advanced section X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox Moved --persist-local-ip, --persist-remote-ip, --rcvbuf, --sndbuf and --shaper from the link options section to the advanced section. The rationale is that these options are not common to use and is for more advanced use cases where special tweaking is required. Signed-off-by: David Sommerseth --- doc/man-sections/advanced-options.rst | 40 +++++++++++++++++++++++++++ doc/man-sections/link-options.rst | 40 --------------------------- 2 files changed, 40 insertions(+), 40 deletions(-) diff --git a/doc/man-sections/advanced-options.rst b/doc/man-sections/advanced-options.rst index 9e59677d..262e568c 100644 --- a/doc/man-sections/advanced-options.rst +++ b/doc/man-sections/advanced-options.rst @@ -34,6 +34,14 @@ used when debugging or testing out special usage scenarios. --bcast-buffers n Allocate ``n`` buffers for broadcast datagrams (default :code:`256`). +--persist-local-ip + Preserve initially resolved local IP address and port number across + ``SIGUSR1`` or ``--ping-restart`` restarts. + +--persist-remote-ip + Preserve most recently authenticated remote IP address and port number + across :code:`SIGUSR1` or ``--ping-restart`` restarts. + --prng args *(Advanced)* Change the PRNG (Pseudo-random number generator) parameters @@ -51,6 +59,38 @@ used when debugging or testing out special usage scenarios. RAND\_bytes function instead for all of OpenVPN's pseudo-random number needs. +--rcvbuf size + Set the TCP/UDP socket receive buffer size. Defaults to operation system + default. + +--shaper n + Limit bandwidth of outgoing tunnel data to ``n`` bytes per second on the + TCP/UDP port. Note that this will only work if mode is set to + :code:`p2p`. If you want to limit the bandwidth in both directions, use + this option on both peers. + + OpenVPN uses the following algorithm to implement traffic shaping: Given + a shaper rate of ``n`` bytes per second, after a datagram write of ``b`` + bytes is queued on the TCP/UDP port, wait a minimum of ``(b / n)`` + seconds before queuing the next write. + + It should be noted that OpenVPN supports multiple tunnels between the + same two peers, allowing you to construct full-speed and reduced + bandwidth tunnels at the same time, routing low-priority data such as + off-site backups over the reduced bandwidth tunnel, and other data over + the full-speed tunnel. + + Also note that for low bandwidth tunnels (under 1000 bytes per second), + you should probably use lower MTU values as well (see above), otherwise + the packet latency will grow so large as to trigger timeouts in the TLS + layer and TCP connections running over the tunnel. + + OpenVPN allows ``n`` to be between 100 bytes/sec and 100 Mbytes/sec. + +--sndbuf size + Set the TCP/UDP socket send buffer size. Defaults to operation system + default. + --tcp-queue-limit n Maximum number of output packets queued before TCP (default :code:`64`). diff --git a/doc/man-sections/link-options.rst b/doc/man-sections/link-options.rst index ca719c75..5f75c5f3 100644 --- a/doc/man-sections/link-options.rst +++ b/doc/man-sections/link-options.rst @@ -173,14 +173,6 @@ the local and the remote host. --passtos Set the TOS field of the tunnel packet to what the payload's TOS is. ---persist-local-ip - Preserve initially resolved local IP address and port number across - ``SIGUSR1`` or ``--ping-restart`` restarts. - ---persist-remote-ip - Preserve most recently authenticated remote IP address and port number - across :code:`SIGUSR1` or ``--ping-restart`` restarts. - --ping n Ping remote over the TCP/UDP control channel if no packets have been sent for at least ``n`` seconds (specify ``--ping`` on both peers to @@ -292,10 +284,6 @@ the local and the remote host. and has been used since version 2.0-beta17. Previous versions used port 5000 as the default. ---rcvbuf size - Set the TCP/UDP socket receive buffer size. Defaults to operation system - default. - --reneg-bytes n Renegotiate data channel key after ``n`` bytes sent or received (disabled by default with an exception, see below). OpenVPN allows the @@ -439,34 +427,6 @@ the local and the remote host. default) and you are using either ``--secret`` (shared-secret key mode) or TLS mode with ``--tls-auth``. ---shaper n - Limit bandwidth of outgoing tunnel data to ``n`` bytes per second on the - TCP/UDP port. Note that this will only work if mode is set to - :code:`p2p`. If you want to limit the bandwidth in both directions, use - this option on both peers. - - OpenVPN uses the following algorithm to implement traffic shaping: Given - a shaper rate of ``n`` bytes per second, after a datagram write of ``b`` - bytes is queued on the TCP/UDP port, wait a minimum of ``(b / n)`` - seconds before queuing the next write. - - It should be noted that OpenVPN supports multiple tunnels between the - same two peers, allowing you to construct full-speed and reduced - bandwidth tunnels at the same time, routing low-priority data such as - off-site backups over the reduced bandwidth tunnel, and other data over - the full-speed tunnel. - - Also note that for low bandwidth tunnels (under 1000 bytes per second), - you should probably use lower MTU values as well (see above), otherwise - the packet latency will grow so large as to trigger timeouts in the TLS - layer and TCP connections running over the tunnel. - - OpenVPN allows ``n`` to be between 100 bytes/sec and 100 Mbytes/sec. - ---sndbuf size - Set the TCP/UDP socket send buffer size. Defaults to operation system - default. - --socket-flags flags Apply the given flags to the OpenVPN transport socket. Currently, only :code:`TCP_NODELAY` is supported.