From patchwork Fri Jul 9 03:48:49 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: David Sommerseth X-Patchwork-Id: 1879 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director9.mail.ord1d.rsapps.net ([172.30.191.6]) by backend30.mail.ord1d.rsapps.net with LMTP id wNUIJRZU6GApLgAAIUCqbw (envelope-from ) for ; Fri, 09 Jul 2021 09:50:14 -0400 Received: from proxy18.mail.ord1d.rsapps.net ([172.30.191.6]) by director9.mail.ord1d.rsapps.net with LMTP id MCXWJBZU6GAAcwAAalYnBA (envelope-from ) for ; Fri, 09 Jul 2021 09:50:14 -0400 Received: from smtp1.gate.ord1d ([172.30.191.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy18.mail.ord1d.rsapps.net with LMTPS id 0JNeJBZU6GBFawAATCaURg (envelope-from ) for ; Fri, 09 Jul 2021 09:50:14 -0400 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp1.gate.ord1d.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dkim=fail (signature verification failed) header.d=sf.lists.topphemmelig.net; dmarc=fail (p=none; dis=none) header.from=sf.lists.topphemmelig.net X-Suspicious-Flag: YES X-Classification-ID: 95d1ade2-e0bc-11eb-b1ba-5254002d775b-1-1 Received: from [216.105.38.7] ([216.105.38.7:58092] helo=lists.sourceforge.net) by smtp1.gate.ord1d.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id 35/35-04604-61458E06; Fri, 09 Jul 2021 09:50:14 -0400 Received: from [127.0.0.1] (helo=sfs-ml-2.v29.lw.sourceforge.com) by sfs-ml-2.v29.lw.sourceforge.com with esmtp (Exim 4.92.3) (envelope-from ) id 1m1qsh-0005sw-A0; Fri, 09 Jul 2021 13:49:27 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-2.v29.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.92.3) (envelope-from ) id 1m1qsf-0005so-Ti for openvpn-devel@lists.sourceforge.net; Fri, 09 Jul 2021 13:49:25 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=6nXDeR+s0Xr5XtZntpaRp1yAFLg9K0l2ZX9/a93eofk=; b=HAk61ect/xyx0aSfF4dqcbdRGf rLRA1iOzCrJZqnLX5bxQAY5idGgBiMP//7mHI2H2aDtMRayVXOV2BOmtTQvKSWKPZzA+Pkwgd2yn9 Id32HMZF6YdMkL/Wk+vQqJIuqCAv28RXXvYUDC5FmDRV7yF9+c2b28czKtEhrgy9Y3lM=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-Id: Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=6nXDeR+s0Xr5XtZntpaRp1yAFLg9K0l2ZX9/a93eofk=; b=K9C1/Z9buHz5UX2fQHIqdVsYlL efflTtNJlexrQ6omYirH/lDdRtDwV0MmjRROz/YCq4sV1bDaCz3Lf0NqilOej7EaBrNIMc1wOjwIK C7t09usmm4C8bxIBU1cPyjSfY4RIafIl/y+yQbrnOdmh76DPQA/2B8iVve133qzaMCmE=; Received: from mx1.basenordic.cloud ([217.170.196.134]) by sfi-mx-1.v28.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.92.3) id 1m1qsb-001ukk-Em for openvpn-devel@lists.sourceforge.net; Fri, 09 Jul 2021 13:49:25 +0000 Received: from localhost (unknown [127.0.0.1]) by mx1.basenordic.cloud (Postfix) with ESMTP id 612C8E733; Fri, 9 Jul 2021 13:49:12 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sf.lists.topphemmelig.net; s=inouz9eefah2too5; t=1625838552; bh=6nXDeR+s0Xr5XtZntpaRp1yAFLg9K0l2ZX9/a93eofk=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=AA1A3Ip4g6jRjNSpblkN8zK8de9ZSx+OIGHSfPzzSb++5ndpnMsKFO4Q//WwFEX+N ga1+fuWY0KEBIQ3yI/DKHmkmpEuSoMSHWCE9ykxo3Wk+lFqefmdOMLJQrtNqc2bmH/ jhftQAqDwuKib3FBy4gyA+7gI3q4K38eYw4JTcVHkcctyVEDsz1QZ29EgT/svaKgod VMGBWqN2wTj9Ug/QRLLE1rf6ublWB3SYyOh5nrpg1tdSe8qfq8Cn/Due3lO4LSKF/e b3wFpAUiIC41zs6oR0YHz+ILCR6/+mjtpFJ4AIZpTgUA5K9d3Kz4TtBx7YKgv9CqR8 GPqigrK9N3rYQ== Received: from mx1.basenordic.cloud ([127.0.0.1]) by localhost (mx1.basenordic.cloud [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CZ_q3HftLTc8; Fri, 9 Jul 2021 15:49:02 +0200 (CEST) Received: from xplorer.net (unknown [10.35.7.11]) by mx1.basenordic.cloud (Postfix) with ESMTP id 6A119E730; Fri, 9 Jul 2021 15:49:02 +0200 (CEST) From: David Sommerseth To: openvpn-devel@lists.sourceforge.net Date: Fri, 9 Jul 2021 15:48:49 +0200 Message-Id: <20210709134849.161728-1-openvpn@sf.lists.topphemmelig.net> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20210709131330.140347-1-openvpn@sf.lists.topphemmelig.net> References: <20210709131330.140347-1-openvpn@sf.lists.topphemmelig.net> MIME-Version: 1.0 X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -0.0 SPF_HELO_PASS SPF: HELO matches SPF record 0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [URIs: openvpn.net] -0.0 SPF_PASS SPF: sender matches SPF record -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid X-Headers-End: 1m1qsb-001ukk-Em Subject: [Openvpn-devel] [PATCH v2] man: Clarify IV_HWADDR X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: David Sommerseth Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox From: David Sommerseth The IV_HWADDR description was only partially correct, as there are more implementations using other values than the MAC address of the default gateway. The intention of this value is to provide a unique identifier of the client and on some platforms this is not possible to retrieve other than to generate this information. The 64 bytes limitation is an arbitrary value, it is not enforced by OpenVPN 2.x. But it was considered a good idea to at least have some reasonable upper limit of how long this string can be, at least for those implementing support for this information. Signed-off-by: David Sommerseth Acked-by: Gert Doering --- v2 - Implement further clarifications from Gert --- doc/man-sections/server-options.rst | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/doc/man-sections/server-options.rst b/doc/man-sections/server-options.rst index 047f2270..71547335 100644 --- a/doc/man-sections/server-options.rst +++ b/doc/man-sections/server-options.rst @@ -467,8 +467,14 @@ fast hardware. SSL/TLS authentication must be used in this mode. When ``--push-peer-info`` is enabled the additional information consists of the following data: - :code:`IV_HWADDR=` - The MAC address of clients default gateway + :code:`IV_HWADDR=` + This is intended to be a unique and persistent ID of the client. + The string value can be any readable ASCII string up to 64 bytes. + OpenVPN 2.x and some other implementations use the MAC address of + the client's interface used to reach the default gateway. If this + string is generated by the client, it should be consistent and + preserved across independent session and preferably + re-installations and upgrades. :code:`IV_SSL=` The ssl version used by the client, e.g.