aboutsummaryrefslogtreecommitdiff
path: root/openvpn.8
diff options
context:
space:
mode:
authorjames <james@e7ae566f-a301-0410-adde-c780ea21d3b5>2008-09-30 06:11:38 +0000
committerjames <james@e7ae566f-a301-0410-adde-c780ea21d3b5>2008-09-30 06:11:38 +0000
commitbb564a5950a14139f59305e549ca8665b8f31cb8 (patch)
tree62054c12921f4e364b607b1cf3fded0df5605632 /openvpn.8
parentVersion 2.1_rc12 (diff)
downloadopenvpn-bb564a5950a14139f59305e549ca8665b8f31cb8.tar.xz
Management interface can now listen on a unix
domain socket, for example: management /tmp/openvpn unix Also added management-client-user and management-client-group directives to control which processes are allowed to connect to the socket. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3396 e7ae566f-a301-0410-adde-c780ea21d3b5
Diffstat (limited to 'openvpn.8')
-rw-r--r--openvpn.827
1 files changed, 27 insertions, 0 deletions
diff --git a/openvpn.8 b/openvpn.8
index 7dc1ed1..5c6a9dc 100644
--- a/openvpn.8
+++ b/openvpn.8
@@ -181,7 +181,9 @@ openvpn \- secure IP tunnel daemon.
[\ \fB\-\-suppress-timestamps\fR\ ]
[\ \fB\-\-lport\fR\ \fIport\fR\ ]
[\ \fB\-\-management\-client\-auth\fR\ ]
+[\ \fB\-\-management\-client\-group\fR\ \fIg\fR\ ]
[\ \fB\-\-management\-client\-pf\fR\ ]
+[\ \fB\-\-management\-client\-user\fR\ \fIu\fR\ ]
[\ \fB\-\-management\-forget\-disconnect\fR\ ]
[\ \fB\-\-management\-hold\fR\ ]
[\ \fB\-\-management\-log\-cache\fR\ \fIn\fR\ ]
@@ -2455,6 +2457,19 @@ or "stdin" to prompt from standard input. The password
provided will set the password which TCP clients will need
to provide in order to access management functions.
+The management interface can also listen on a unix domain socket,
+for those platforms that support it. To use a unix domain socket, specify
+the unix socket pathname in place of
+.B IP
+and set
+.B port
+to 'unix'. While the default behavior is to create a unix domain socket
+that may be connected to by any process, the
+.B --management-client-user
+and
+.B --management-client-group
+directives can be used to restrict access.
+
The management interface provides a special mode where the TCP
management link can operate over the tunnel itself. To enable this mode,
set
@@ -2532,6 +2547,18 @@ filter file for each connecting client. See management-notes.txt
in OpenVPN distribution for detailed notes.
.\"*********************************************************
.TP
+.B --management-client-user u
+When the management interface is listening on a unix domain socket,
+only allow connections from user
+.B u.
+.\"*********************************************************
+.TP
+.B --management-client-group g
+When the management interface is listening on a unix domain socket,
+only allow connections from group
+.B g.
+.\"*********************************************************
+.TP
.B --plugin module-pathname [init-string]
Load plug-in module from the file
.B module-pathname,