diff options
author | james <james@e7ae566f-a301-0410-adde-c780ea21d3b5> | 2008-01-21 19:34:13 +0000 |
---|---|---|
committer | james <james@e7ae566f-a301-0410-adde-c780ea21d3b5> | 2008-01-21 19:34:13 +0000 |
commit | 0aee9ca7e76887fb5752c15ef63bfb7a356df06e (patch) | |
tree | bd7db9d2c4e4ef4d2cedfdef961208ebd680c2f0 /openvpn.8 | |
parent | Rewrote extract_x509_field and modified COMMON_NAME_CHAR_CLASS (diff) | |
download | openvpn-0aee9ca7e76887fb5752c15ef63bfb7a356df06e.tar.xz |
Allow OpenVPN to run completely unprivileged under Linux
by allowing openvpn --mktun to be used with --user and --group
to set the UID/GID of the tun device node. Also added --iproute
option to allow an alternative command to be executed in place
of the default iproute2 command (Alon Bar-Lev).
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2639 e7ae566f-a301-0410-adde-c780ea21d3b5
Diffstat (limited to 'openvpn.8')
-rw-r--r-- | openvpn.8 | 16 |
1 files changed, 16 insertions, 0 deletions
@@ -71,6 +71,8 @@ openvpn \- secure IP tunnel daemon. [\ \fB\-\-dev\-type\fR\ \fIdevice\-type\fR\ ] [\ \fB\-\-dev\-node\fR\ \fInode\fR\ ] [\ \fB\-\-lladdr\fR\ \fIaddress\fR\ ] +[\ \fB\-\-user\fR\ \fIuser\fR\ ] +[\ \fB\-\-group\fR\ \fIgroup\fR\ ] .in -4 .ti +4 .hy @@ -164,6 +166,7 @@ openvpn \- secure IP tunnel daemon. [\ \fB\-\-inetd\fR\ \fI[wait|nowait]\ [progname]\fR\ ] [\ \fB\-\-ip\-win32\fR\ \fImethod\fR\ ] [\ \fB\-\-ipchange\fR\ \fIcmd\fR\ ] +[\ \fB\-\-iproute\fR\ \fIcmd\fR\ ] [\ \fB\-\-iroute\fR\ \fInetwork\ [netmask]\fR\ ] [\ \fB\-\-keepalive\fR\ \fIn\ m\fR\ ] [\ \fB\-\-key\-method\fR\ \fIm\fR\ ] @@ -923,6 +926,11 @@ Specify the link layer address, more commonly known as the MAC address. Only applied to TAP devices. .\"********************************************************* .TP +.B --iproute cmd +Set alternate command to execute instead of default iproute2 command. +May be used in order to execute OpenVPN in unprivileged environment. +.\"********************************************************* +.TP .B --ifconfig l rn Set TUN/TAP adapter parameters. .B l @@ -4306,6 +4314,14 @@ Remove a persistent tunnel. .B --dev tunX | tapX TUN/TAP device .\"********************************************************* +.TP +.B --user user +Optional user to be owner of this tunnel. +.\"********************************************************* +.TP +.B --group group +Optional group to be owner of this tunnel. +.\"********************************************************* .SS Windows-Specific Options: .\"********************************************************* .TP |