From patchwork Mon Jun 29 21:45:17 2026
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Sami Rusani <samgithub@pm.me>
X-Patchwork-Id: 5045
Return-Path: <openvpn-devel-bounces@lists.sourceforge.net>
Delivered-To: patchwork@openvpn.net
Received: by 2002:a05:7000:c319:b0:861:c897:cb9d with SMTP id jk25csp64244mab;
        Mon, 29 Jun 2026 14:45:50 -0700 (PDT)
X-Forwarded-Encrypted: i=2;
 AHgh+Rqfo4v/L4Uw2kKujgPBZPKahboXmdmxhbg/pdOhfBOeuLbRwg2E7mwv7SagmOz2NOFukuiQXXxLPV8=@openvpn.net
X-Received: by 2002:a05:6871:d601:b0:435:16e9:f288 with SMTP id
 586e51a60fabf-448dc95e50cmr927605fac.20.1782769549924;
        Mon, 29 Jun 2026 14:45:49 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1782769549; cv=none;
        d=google.com; s=arc-20260327;
        b=LE3Mp0A6oS+VTHiTeDHnrzAyL8EqBJViFbVKaq/CJ7hquK9niQgVLgKs1+Aq9c8K3n
         j4H89YMRvUzUqM9JvIj8ygWinv1gJEUkcK6HtGKZVa893+ayYZPQNG31IlvUWUpyNlRn
         Hy2Wsq0Hx/EhOXjZDGpsPjyaQztymcS9i0eqYP9ytdAZOv6D7qDXbxNpzZH3opacW1Yw
         3gTzB6DvDT9obxhcrc21aQhUikTPN/oED1IK36uiYvYlflePzJNZvboEfoCL14fiEhrB
         m/MHv4VPExe5p6Yu/DATFWg73OVoI5OLqLRV+mkG3w6bHd0lL2fKZ7azppv3CDxa6+8N
         5HCg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20260327;
        h=errors-to:content-transfer-encoding:cc:reply-to:from:list-subscribe
         :list-help:list-post:list-archive:list-unsubscribe:list-id
         :precedence:subject:mime-version:feedback-id:references:in-reply-to
         :message-id:to:date:dkim-signature:dkim-signature:dkim-signature
         :dkim-signature;
        bh=iQJoY+D3XCARa0tnvlqNp9UNSZLAuNUWPEXJN9iWxAg=;
        fh=JIeMPWeY0ZcYOGvkK1HRqoW8SRFZ0iJ4COTf320xJBg=;
        b=D/zGiP69GimuZM3RKPBI7S/WuH/zU8J/RagemwJB01WQofStClLZOVLJABqXy2ClXB
         i1aeOdgPfSOKEn2YXnq7tdtVN+HdhlgAQ2eFFJpedvBoz36ijZDJ2PSIsD+jfWZ4In9Z
         +wkouEqWsofmiWkd3f0sBKi0eTFEktIgamKiV+1BjUAPd+euIj2EE4qicidUiQwTzyHr
         tBVX1IFq/UlRsI8m+YRrNtaBrP5ySa8p6eIbma/rtH49ZIZ6L2jMe+m6EhCk+8nroRr5
         OsbYZJsZCiFJkuDyND/iI8/PzNuMZICTy+jQkvGe7rrfNfgsHjEsyzFdHy50Gqxbpdoc
         RfzQ==;
        dara=google.com
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@lists.sourceforge.net header.s=beta
 header.b=cKX5pvni;
       dkim=neutral (body hash did not verify) header.i=@sourceforge.net
 header.s=x header.b=fHDe5eFB;
       dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x
 header.b=OyQBQvcW;
       dkim=neutral (body hash did not verify) header.i=@pm.me
 header.s=protonmail3 header.b=GORbaPq+;
       spf=pass (google.com: domain of
 openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as
 permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=lists.sourceforge.net
Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7])
        by mx.google.com with ESMTPS id
 586e51a60fabf-448dc34ee54si792785fac.308.2026.06.29.14.45.49
        (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128);
        Mon, 29 Jun 2026 14:45:49 -0700 (PDT)
Received-SPF: pass (google.com: domain of
 openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as
 permitted sender) client-ip=216.105.38.7;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@lists.sourceforge.net header.s=beta
 header.b=cKX5pvni;
       dkim=neutral (body hash did not verify) header.i=@sourceforge.net
 header.s=x header.b=fHDe5eFB;
       dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x
 header.b=OyQBQvcW;
       dkim=neutral (body hash did not verify) header.i=@pm.me
 header.s=protonmail3 header.b=GORbaPq+;
       spf=pass (google.com: domain of
 openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as
 permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=lists.sourceforge.net
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
	d=lists.sourceforge.net; s=beta; h=Content-Transfer-Encoding:Content-Type:Cc:
	Reply-To:From:List-Subscribe:List-Help:List-Post:List-Archive:
	List-Unsubscribe:List-Id:Subject:MIME-Version:References:In-Reply-To:
	Message-ID:To:Date:Sender:Content-ID:Content-Description:Resent-Date:
	Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner;
	bh=iQJoY+D3XCARa0tnvlqNp9UNSZLAuNUWPEXJN9iWxAg=; b=cKX5pvnidZBQzLOupVYsbLu216
	cdS1ZF+dUPND6GGXtkbBFrQs+jyuXKVVgYuhgDpc7eBo5DZRJVL/z+M1JgzmjfSdy0RjY6Zc7rb5a
	e0ap1hif+t/eqZ/HSOJNA1BemBLYrDDHy2pbj2/KUar4zxCdaEOV10Url038AhPUOR+c=;
Received: from [127.0.0.1] (helo=sfs-ml-4.v29.lw.sourceforge.com)
	by sfs-ml-4.v29.lw.sourceforge.com with esmtp (Exim 4.95)
	(envelope-from <openvpn-devel-bounces@lists.sourceforge.net>)
	id 1weJnT-0001oC-Gm;
	Mon, 29 Jun 2026 21:45:43 +0000
Received: from [172.30.29.66] (helo=mx.sourceforge.net)
 by sfs-ml-4.v29.lw.sourceforge.com with esmtps (TLS1.2) tls
 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95)
 (envelope-from <samgithub@pm.me>) id 1weJnI-0001o0-Dw
 for openvpn-devel@lists.sourceforge.net;
 Mon, 29 Jun 2026 21:45:32 +0000
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
 d=sourceforge.net; s=x; h=Content-Transfer-Encoding:Content-Type:MIME-Version
 :References:In-Reply-To:Message-ID:Subject:Cc:From:To:Date:Sender:Reply-To:
 Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:
 Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:
 List-Subscribe:List-Post:List-Owner:List-Archive;
 bh=WXgl5R5WDwfRVOCsHH/VfOffS1AVm3Zh3TS/Y5nNNVo=; b=fHDe5eFBpBZRl4vp2JKJeanEPG
 PzbwjU1SipF61iQ4Po6KMg+eQtna4Rcp0TVI9+GtBPmyqn7Fy4deTCimylhjICp1WuCkPu3vl+oqw
 4Rk4tn+LhkmP248HTiHz8dv8hv6PWjfvqYq6e7Hp5HYW+Pt53Yp1yL+teAp5AIgpsE8g=;
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x
 ;
 h=Content-Transfer-Encoding:Content-Type:MIME-Version:References:
 In-Reply-To:Message-ID:Subject:Cc:From:To:Date:Sender:Reply-To:Content-ID:
 Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc
 :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe:
 List-Post:List-Owner:List-Archive;
 bh=WXgl5R5WDwfRVOCsHH/VfOffS1AVm3Zh3TS/Y5nNNVo=; b=OyQBQvcWTESMgdGqmgWZOkuY+0
 gEkPZadZ65xfPcayZ+/L3szEmEiCqSfkP/F0PZ7kZotC7LIwBaXrefMQbYLdBbMM5fFuJfwXpbvF1
 ucLMoEDwD4kxF6H582Z745CcEOjP101Kh28pdPwFeYxi3/ngFxHENd50hkpb0Nnu1SBk=;
Received: from mail-24418.protonmail.ch ([109.224.244.18])
 by sfi-mx-2.v28.lw.sourceforge.com with esmtps
 (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95)
 id 1weJnH-0006BE-7p for openvpn-devel@lists.sourceforge.net;
 Mon, 29 Jun 2026 21:45:32 +0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=pm.me;
 s=protonmail3; t=1782769519; x=1783028719;
 bh=WXgl5R5WDwfRVOCsHH/VfOffS1AVm3Zh3TS/Y5nNNVo=;
 h=Date:To:From:Cc:Subject:Message-ID:In-Reply-To:References:
 Feedback-ID:From:To:Cc:Date:Subject:Reply-To:Feedback-ID:
 Message-ID:BIMI-Selector;
 b=GORbaPq+mmmt0x/t3Swt7CN3I68/jdgmUFlXGoFM/waRjOBtP0gTgWrpfrxmn9VqK
 zXJoZ2a3K/MCc87QPCajTm+/Cxfdix9NZuviCZCjYflYwKBCADp6vmV0/QsJY+Q6OG
 Q4R+57cI7Io1UUvVvKODxIuxcROoNGEiOvZQLK7Xw4vJ16S43TxVx9Oi62huzGgUyi
 L3fCyKXLG0xpiOkr2Z4HCNMkDbVMZcLxtSItzDby2pO3uSqRPc+5BI+3vDWxtPcRRH
 QSzArbVlfrG9LB+mAGbHgv4kGRmYdHTjD/EYK70tXQvc4iCXg+MWvCuluZGfj1nQZX
 fBjimfpjZjJPA==
Date: Mon, 29 Jun 2026 21:45:17 +0000
To: Gert Doering <gert@greenie.muc.de>
Message-ID: 
 <SXGKysQ5xx6qb0pPY8pAk_wO-B0Pl44xmifYB_bBdqIXMtGir8GTPKxhB2kivfBvPO2uU9bBnxbJVTTy2IDBqXlumDVRYOLOE-qEZfea5TQ=@pm.me>
In-Reply-To: <akLhalx5QQtBOBRb@greenie.muc.de>
References: 
 <_bJ1zZXmxAD6YHGNM2W5HBm8iTr9nSYO-a3PUY6guDPKD9ZNfmri_8fPnlnLBA984ahSqoMAdAcQeF4Xf_P5Ljk0mexlvZHXSOPGxGD5AEU=@pm.me>
 <akLhalx5QQtBOBRb@greenie.muc.de>
Feedback-ID: 192537181:user:proton
X-Pm-Message-ID: 4d633243bd465f34111f81dedc4cd4d24230d8a1
MIME-Version: 1.0
X-Spam-Score: -0.2 (/)
X-Spam-Report: Spam detection software,
 running on the system "sfi-spamd-1.hosts.colo.sdot.me",
 has NOT identified this incoming email as spam.  The original
 message has been attached to this so you can view it or label
 similar future email.  If you have any questions, see
 the administrator of that system for details.
 Content preview: Hello! The --float option lets OpenVPN accept authenticated
 packets from a changed peer address. That only applies to UDP transports.
 Document the transport limitation in the man page.
 Content analysis details:   (-0.2 points, 5.0 required)
 pts rule name              description
 ---- ----------------------
 --------------------------------------------------
 0.1 DKIM_SIGNED            Message has a DKIM or DK signature,
 not necessarily valid
 -0.1 DKIM_VALID_EF          Message has a valid DKIM or DK signature from
 envelope-from domain
 -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's
 domain
 -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
 0.0 RCVD_IN_MSPIKE_H2      RBL: Average reputation (+2)
 [109.224.244.18 listed in wl.mailspike.net]
X-Headers-End: 1weJnH-0006BE-7p
Subject: [Openvpn-devel] [PATCH v2] doc: clarify that --float only applies
 to UDP
X-BeenThere: openvpn-devel@lists.sourceforge.net
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: <openvpn-devel.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/options/openvpn-devel>,
 <mailto:openvpn-devel-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: 
 <http://sourceforge.net/mailarchive/forum.php?forum_name=openvpn-devel>
List-Post: <mailto:openvpn-devel@lists.sourceforge.net>
List-Help: <mailto:openvpn-devel-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/openvpn-devel>,
 <mailto:openvpn-devel-request@lists.sourceforge.net?subject=subscribe>
X-Patchwork-Original-From: Sami Rusani via Openvpn-devel
 <openvpn-devel@lists.sourceforge.net>
From: Sami Rusani <samgithub@pm.me>
Reply-To: Sami Rusani <samgithub@pm.me>
Cc: "openvpn-devel@lists.sourceforge.net"
 <openvpn-devel@lists.sourceforge.net>
Errors-To: openvpn-devel-bounces@lists.sourceforge.net
X-getmail-retrieved-from-mailbox: Inbox
X-GMAIL-THRID: 1869362100178459429
X-GMAIL-MSGID: 1869369363584793142

Hello!

The --float option lets OpenVPN accept authenticated packets from a
changed peer address. That only applies to UDP transports.

Document the transport limitation in the man page.

Github: fixes OpenVPN/openvpn#358
---
Changes from v1:
- Shorten the man-page wording per review.
- Leave the usage text unchanged.

 doc/man-sections/link-options.rst | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/doc/man-sections/link-options.rst b/doc/man-sections/link-options.rst
index edda1ca..df8c917 100644
--- a/doc/man-sections/link-options.rst
+++ b/doc/man-sections/link-options.rst
@@ -12,7 +12,9 @@ the local and the remote host.
 
 --float
   Allow remote peer to change its IP address and/or port number, such as
-  due to DHCP (this is the default if ``--remote`` is not used).
+  due to DHCP or NAT mappings changing. ``--float`` only works when
+  using UDP transport.
+
   ``--float`` when specified with ``--remote`` allows an OpenVPN session
   to initially connect to a peer at a known address, however if packets
   arrive from a new address and pass all authentication tests, the new