aboutsummaryrefslogtreecommitdiff
path: root/openvpn.8
diff options
context:
space:
mode:
authorJames Yonan <james@openvpn.net>2010-05-11 19:32:41 +0000
committerJames Yonan <james@openvpn.net>2010-05-11 19:32:41 +0000
commitb27dc04c366c031f4bb349e3235a2b0eb76c821a (patch)
treeecf3f1de1ef0efd4fe0b802e8789988ae42fe271 /openvpn.8
parentFixed issue on Windows with MSVC compiler, where TCP_NODELAY support (diff)
downloadopenvpn-b27dc04c366c031f4bb349e3235a2b0eb76c821a.tar.xz
Proxy improvements:
Improved the ability of http-auth "auto" flag to dynamically detect the auth method required by the proxy. Added http-auth "auto-nct" flag to reject weak proxy auth methods. Added HTTP proxy digest authentication method. Removed extraneous openvpn_sleep calls from proxy.c. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@5628 e7ae566f-a301-0410-adde-c780ea21d3b5
Diffstat (limited to 'openvpn.8')
-rw-r--r--openvpn.815
1 files changed, 14 insertions, 1 deletions
diff --git a/openvpn.8 b/openvpn.8
index a29ad29..12294be 100644
--- a/openvpn.8
+++ b/openvpn.8
@@ -474,7 +474,7 @@ InternetQueryOption API.
This option exists in OpenVPN 2.1 or higher.
.\"*********************************************************
.TP
-.B --http-proxy server port [authfile|'auto'] [auth-method]
+.B --http-proxy server port [authfile|'auto'|'auto-nct'] [auth-method]
Connect to remote host through an HTTP proxy at address
.B server
and port
@@ -487,6 +487,13 @@ is a file containing a username and password on 2 lines, or
.B auth-method
should be one of "none", "basic", or "ntlm".
+HTTP Digest authentication is supported as well, but only via
+the
+.B auto
+or
+.B auto-nct
+flags (below).
+
The
.B auto
flag causes OpenVPN to automatically determine the
@@ -494,6 +501,12 @@ flag causes OpenVPN to automatically determine the
and query stdin or the management interface for
username/password credentials, if required. This flag
exists on OpenVPN 2.1 or higher.
+
+The
+.B auto-nct
+flag (no clear-text auth) instructs OpenVPN to automatically
+determine the authentication method, but to reject weak
+authentication protocols such as HTTP Basic Authentication.
.\"*********************************************************
.TP
.B --http-proxy-retry