aboutsummaryrefslogtreecommitdiff
path: root/openvpn.8
diff options
context:
space:
mode:
Diffstat (limited to 'openvpn.8')
-rw-r--r--openvpn.817
1 files changed, 15 insertions, 2 deletions
diff --git a/openvpn.8 b/openvpn.8
index 2d40ca9..987b042 100644
--- a/openvpn.8
+++ b/openvpn.8
@@ -440,7 +440,7 @@ If unspecified, OpenVPN will bind to all interfaces.
.\"*********************************************************
.TP
.B --remote host [port]
-Remote host name or IP address. Multiple
+Remote host name or IP address. On the client, multiple
.B --remote
options may be specified for redundancy, each referring
to a different OpenVPN server.
@@ -457,13 +457,26 @@ Note that at any given time, the OpenVPN client
will at most be connected to
one server.
-Also, note that since UDP is connectionless, connection failure
+Note that since UDP is connectionless, connection failure
is defined by the
.B --ping
and
.B --ping-restart
options.
+Note the following corner case: If you use multiple
+.B --remote
+options, AND you are dropping root privileges on
+the client with
+.B --user
+and/or
+.B --group,
+AND the client is running a non-Windows OS, if the client needs
+to switch to a different server, and that server pushes
+back different TUN/TAP or route settings, the client may lack
+the necessary privileges to close and reopen the TUN/TAP interface.
+This could cause the client to exit with a fatal error.
+
If
.B --remote
is unspecified, OpenVPN will listen