diff options
author | james <james@e7ae566f-a301-0410-adde-c780ea21d3b5> | 2008-09-30 06:11:38 +0000 |
---|---|---|
committer | james <james@e7ae566f-a301-0410-adde-c780ea21d3b5> | 2008-09-30 06:11:38 +0000 |
commit | bb564a5950a14139f59305e549ca8665b8f31cb8 (patch) | |
tree | 62054c12921f4e364b607b1cf3fded0df5605632 /openvpn.8 | |
parent | Version 2.1_rc12 (diff) | |
download | openvpn-bb564a5950a14139f59305e549ca8665b8f31cb8.tar.xz |
Management interface can now listen on a unix
domain socket, for example:
management /tmp/openvpn unix
Also added management-client-user and management-client-group
directives to control which processes are allowed to connect
to the socket.
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3396 e7ae566f-a301-0410-adde-c780ea21d3b5
Diffstat (limited to 'openvpn.8')
-rw-r--r-- | openvpn.8 | 27 |
1 files changed, 27 insertions, 0 deletions
@@ -181,7 +181,9 @@ openvpn \- secure IP tunnel daemon. [\ \fB\-\-suppress-timestamps\fR\ ] [\ \fB\-\-lport\fR\ \fIport\fR\ ] [\ \fB\-\-management\-client\-auth\fR\ ] +[\ \fB\-\-management\-client\-group\fR\ \fIg\fR\ ] [\ \fB\-\-management\-client\-pf\fR\ ] +[\ \fB\-\-management\-client\-user\fR\ \fIu\fR\ ] [\ \fB\-\-management\-forget\-disconnect\fR\ ] [\ \fB\-\-management\-hold\fR\ ] [\ \fB\-\-management\-log\-cache\fR\ \fIn\fR\ ] @@ -2455,6 +2457,19 @@ or "stdin" to prompt from standard input. The password provided will set the password which TCP clients will need to provide in order to access management functions. +The management interface can also listen on a unix domain socket, +for those platforms that support it. To use a unix domain socket, specify +the unix socket pathname in place of +.B IP +and set +.B port +to 'unix'. While the default behavior is to create a unix domain socket +that may be connected to by any process, the +.B --management-client-user +and +.B --management-client-group +directives can be used to restrict access. + The management interface provides a special mode where the TCP management link can operate over the tunnel itself. To enable this mode, set @@ -2532,6 +2547,18 @@ filter file for each connecting client. See management-notes.txt in OpenVPN distribution for detailed notes. .\"********************************************************* .TP +.B --management-client-user u +When the management interface is listening on a unix domain socket, +only allow connections from user +.B u. +.\"********************************************************* +.TP +.B --management-client-group g +When the management interface is listening on a unix domain socket, +only allow connections from group +.B g. +.\"********************************************************* +.TP .B --plugin module-pathname [init-string] Load plug-in module from the file .B module-pathname, |