aboutsummaryrefslogtreecommitdiff
path: root/openvpn.8
diff options
context:
space:
mode:
authorjames <james@e7ae566f-a301-0410-adde-c780ea21d3b5>2008-01-21 19:34:13 +0000
committerjames <james@e7ae566f-a301-0410-adde-c780ea21d3b5>2008-01-21 19:34:13 +0000
commit0aee9ca7e76887fb5752c15ef63bfb7a356df06e (patch)
treebd7db9d2c4e4ef4d2cedfdef961208ebd680c2f0 /openvpn.8
parentRewrote extract_x509_field and modified COMMON_NAME_CHAR_CLASS (diff)
downloadopenvpn-0aee9ca7e76887fb5752c15ef63bfb7a356df06e.tar.xz
Allow OpenVPN to run completely unprivileged under Linux
by allowing openvpn --mktun to be used with --user and --group to set the UID/GID of the tun device node. Also added --iproute option to allow an alternative command to be executed in place of the default iproute2 command (Alon Bar-Lev). git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2639 e7ae566f-a301-0410-adde-c780ea21d3b5
Diffstat (limited to 'openvpn.8')
-rw-r--r--openvpn.816
1 files changed, 16 insertions, 0 deletions
diff --git a/openvpn.8 b/openvpn.8
index 6446c5b..df276e7 100644
--- a/openvpn.8
+++ b/openvpn.8
@@ -71,6 +71,8 @@ openvpn \- secure IP tunnel daemon.
[\ \fB\-\-dev\-type\fR\ \fIdevice\-type\fR\ ]
[\ \fB\-\-dev\-node\fR\ \fInode\fR\ ]
[\ \fB\-\-lladdr\fR\ \fIaddress\fR\ ]
+[\ \fB\-\-user\fR\ \fIuser\fR\ ]
+[\ \fB\-\-group\fR\ \fIgroup\fR\ ]
.in -4
.ti +4
.hy
@@ -164,6 +166,7 @@ openvpn \- secure IP tunnel daemon.
[\ \fB\-\-inetd\fR\ \fI[wait|nowait]\ [progname]\fR\ ]
[\ \fB\-\-ip\-win32\fR\ \fImethod\fR\ ]
[\ \fB\-\-ipchange\fR\ \fIcmd\fR\ ]
+[\ \fB\-\-iproute\fR\ \fIcmd\fR\ ]
[\ \fB\-\-iroute\fR\ \fInetwork\ [netmask]\fR\ ]
[\ \fB\-\-keepalive\fR\ \fIn\ m\fR\ ]
[\ \fB\-\-key\-method\fR\ \fIm\fR\ ]
@@ -923,6 +926,11 @@ Specify the link layer address, more commonly known as the MAC address.
Only applied to TAP devices.
.\"*********************************************************
.TP
+.B --iproute cmd
+Set alternate command to execute instead of default iproute2 command.
+May be used in order to execute OpenVPN in unprivileged environment.
+.\"*********************************************************
+.TP
.B --ifconfig l rn
Set TUN/TAP adapter parameters.
.B l
@@ -4306,6 +4314,14 @@ Remove a persistent tunnel.
.B --dev tunX | tapX
TUN/TAP device
.\"*********************************************************
+.TP
+.B --user user
+Optional user to be owner of this tunnel.
+.\"*********************************************************
+.TP
+.B --group group
+Optional group to be owner of this tunnel.
+.\"*********************************************************
.SS Windows-Specific Options:
.\"*********************************************************
.TP