aboutsummaryrefslogtreecommitdiff
path: root/openvpn.8
diff options
context:
space:
mode:
Diffstat (limited to 'openvpn.8')
-rw-r--r--openvpn.8101
1 files changed, 54 insertions, 47 deletions
diff --git a/openvpn.8 b/openvpn.8
index e87609d..499d802 100644
--- a/openvpn.8
+++ b/openvpn.8
@@ -205,15 +205,15 @@ openvpn \- secure IP tunnel daemon.
[\ \fB\-\-ping\-restart\fR\ \fIn\fR\ ]
[\ \fB\-\-ping\-timer\-rem\fR\ ]
[\ \fB\-\-ping\fR\ \fIn\fR\ ]
+[\ \fB\-\-pkcs11\-cert\-private\fR\ \fI[0|1]...\fR\ ]
+[\ \fB\-\-pkcs11\-id\fR\ \fIname\fR\ ]
+[\ \fB\-\-pkcs11\-id\-type\fR\ \fItype\fR\ ]
+[\ \fB\-\-pkcs11\-pin\-cache\fR\ \fIseconds\fR\ ]
+[\ \fB\-\-pkcs11\-protected\-authentication\fR\ \fI[0|1]...\fR\ ]
[\ \fB\-\-pkcs11\-providers\fR\ \fIprovider...\fR\ ]
[\ \fB\-\-pkcs11\-sign\-mode\fR\ \fImode...\fR\ ]
-[\ \fB\-\-pkcs11\-slot\-type\fR\ \fItype\fR\ ]
[\ \fB\-\-pkcs11\-slot\fR\ \fIname\fR\ ]
-[\ \fB\-\-pkcs11\-id\-type\fR\ \fItype\fR\ ]
-[\ \fB\-\-pkcs11\-id\fR\ \fIname\fR\ ]
-[\ \fB\-\-pkcs11\-pin\-cache\fR\ \fIseconds\fR\ ]
-[\ \fB\-\-pkcs11\-protected\-authentication\fR\ ]
-[\ \fB\-\-pkcs11\-cert\-private\fR\ ]
+[\ \fB\-\-pkcs11\-slot\-type\fR\ \fItype\fR\ ]
[\ \fB\-\-pkcs12\fR\ \fIfile\fR\ ]
[\ \fB\-\-plugin\fR\ \fImodule\-pathname\ init\-string\fR\ ]
[\ \fB\-\-port\fR\ \fIport\fR\ ]
@@ -257,8 +257,8 @@ openvpn \- secure IP tunnel daemon.
[\ \fB\-\-show\-ciphers\fR\ ]
[\ \fB\-\-show\-digests\fR\ ]
[\ \fB\-\-show\-engines\fR\ ]
-[\ \fB\-\-show\-pkcs11\-slots\fR\ \fIprovider\fR\ ]
[\ \fB\-\-show\-pkcs11\-objects\fR\ \fIprovider\ slot\fR\ ]
+[\ \fB\-\-show\-pkcs11\-slots\fR\ \fIprovider\fR\ ]
[\ \fB\-\-show\-net\-up\fR\ ]
[\ \fB\-\-show\-net\fR\ ]
[\ \fB\-\-show\-tls\fR\ ]
@@ -3620,6 +3620,39 @@ and
.B --key.
.\"*********************************************************
.TP
+.B --pkcs11-cert-private [0|1]...
+Set if access to certificate object should be performed after login.
+Every provider has its own setting.
+.\"*********************************************************
+.TP
+.B --pkcs11-id name
+Specify a name of the object to search for.
+.\"*********************************************************
+.TP
+.B --pkcs11-id-type type
+Specify how to locate the correct objects. Type can be one of the following:
+
+.B 'id'
+-- Locate by the id attribte, name should be hex encoded string.
+.br
+.B 'label'
+-- Locate by the label attribute, name should be string.
+.br
+.B 'subject'
+-- Locate by certificate subject attribute, name should be string.
+.br
+.\"*********************************************************
+.TP
+.B --pkcs11-pin-cache seconds
+Specify how many seconds the PIN can be cached, the default is until the token is removed.
+.\"*********************************************************
+.TP
+.B --pkcs11-protected-authentication [0|1]...
+Use PKCS#11 protected authentication path, useful for biometric and external
+keypad devices.
+Every provider has its own setting.
+.\"*********************************************************
+.TP
.B --pkcs11-providers provider...
Specify a RSA Security Inc. PKCS #11 Cryptographic Token Interface (Cryptoki) providers
to load.
@@ -3636,21 +3669,30 @@ for each provider. Mode can be one of the following:
.B 'auto'
(default) -- Try to determind automatically.
.br
+.B 'sign'
+-- Use Sign.
+.br
.B 'recover'
-- Use SignRecover.
.br
-.B 'sign'
--- Use Sign.
+.B 'any'
+-- Use Sign and if not supported use SignRecover.
.br
.\"*********************************************************
.TP
+.B --pkcs11-slot name
+Specify a name of the slot to search for.
+.\"*********************************************************
+.TP
.B --pkcs11-slot-type type
Specify how to locate the correct slot. Type can be one of the following:
.B 'id'
--- Locate the slot by a numeric id. The format is [provider:]id, for example, slot 2 of provider 1
-is encoded as 1:2. If you have only one provider you can omit the provider number.
-The provider number is set by the order specified in the --pkcs11-providers option.
+-- Locate the slot by a numeric id. The format is [provider:]id, for example, slot 2 of provider a.so
+should be encoded as a.so:2. If you have only one provider you can omit the provider name.
+The provider name is set by the name specified in the
+.B --pkcs11-providers
+option.
.br
.B 'name'
-- Locate the slot by its name.
@@ -3660,41 +3702,6 @@ The provider number is set by the order specified in the --pkcs11-providers opti
.br
.\"*********************************************************
.TP
-.B --pkcs11-slot name
-Specify a name of the slot to search for.
-.\"*********************************************************
-.TP
-.B --pkcs11-id-type type
-Specify how to locate the correct objects. Type can be one of the following:
-
-.B 'id'
--- Locate by the id attribte, name should be hex encoded string.
-.br
-.B 'label'
--- Locate by the label attribute, name should be string.
-.br
-.B 'subject'
--- Locate by certificate subject attribute, name should be string.
-.br
-.\"*********************************************************
-.TP
-.B --pkcs11-id name
-Specify a name of the object to search for.
-.\"*********************************************************
-.TP
-.B --pkcs11-pin-cache seconds
-Specify how many seconds the PIN can be cached, the default is until the token is removed.
-.\"*********************************************************
-.TP
-.B --pkcs11-protected-authentication
-Use PKCS#11 protected authentication path, useful for biometric and external
-keypad devices.
-.\"*********************************************************
-.TP
-.B --pkcs11-cert-private
-Set if access to certificate object should be performed after login.
-.\"*********************************************************
-.TP
.B --cryptoapicert select-string
Load the certificate and private key from the
Windows Certificate System Store (Windows Only).