OpenVPN
options.h
Go to the documentation of this file.
1 /*
2  * OpenVPN -- An application to securely tunnel IP networks
3  * over a single UDP port, with support for SSL/TLS-based
4  * session authentication and key exchange,
5  * packet encryption, packet authentication, and
6  * packet compression.
7  *
8  * Copyright (C) 2002-2017 OpenVPN Technologies, Inc. <sales@openvpn.net>
9  *
10  * This program is free software; you can redistribute it and/or modify
11  * it under the terms of the GNU General Public License version 2
12  * as published by the Free Software Foundation.
13  *
14  * This program is distributed in the hope that it will be useful,
15  * but WITHOUT ANY WARRANTY; without even the implied warranty of
16  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17  * GNU General Public License for more details.
18  *
19  * You should have received a copy of the GNU General Public License along
20  * with this program; if not, write to the Free Software Foundation, Inc.,
21  * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
22  */
23 
24 /*
25  * 2004-01-28: Added Socks5 proxy support
26  * (Christof Meerwald, http://cmeerw.org)
27  */
28 
29 #ifndef OPTIONS_H
30 #define OPTIONS_H
31 
32 #include "basic.h"
33 #include "common.h"
34 #include "mtu.h"
35 #include "route.h"
36 #include "tun.h"
37 #include "socket.h"
38 #include "plugin.h"
39 #include "manage.h"
40 #include "proxy.h"
41 #include "comp.h"
42 #include "pushlist.h"
43 #include "clinat.h"
44 #ifdef ENABLE_CRYPTO
45 #include "crypto_backend.h"
46 #endif
47 
48 
49 /*
50  * Maximum number of parameters associated with an option,
51  * including the option name itself.
52  */
53 #define MAX_PARMS 16
54 
55 /*
56  * Max size of options line and parameter.
57  */
58 #define OPTION_PARM_SIZE 256
59 #define OPTION_LINE_SIZE 256
60 
61 extern const char title_string[];
62 
63 #if P2MP
64 
65 /* certain options are saved before --pull modifications are applied */
67 {
70 
73 
76 
79 
81 };
82 
83 #endif
84 #if defined(ENABLE_CRYPTO) && !defined(ENABLE_CRYPTO_OPENSSL) && !defined(ENABLE_CRYPTO_MBEDTLS)
85 #error "At least one of OpenSSL or mbed TLS needs to be defined."
86 #endif
87 
89 {
90  int proto;
92  const char *local_port;
94  const char *remote_port;
95  const char *local;
96  const char *remote;
105  const char *socks_proxy_server;
106  const char *socks_proxy_port;
107  const char *socks_proxy_authfile;
108 
109  int tun_mtu; /* MTU of tun device */
110  bool tun_mtu_defined; /* true if user overriding parm with command line option */
113  int link_mtu; /* MTU of device over which tunnel packets pass via TCP/UDP */
114  bool link_mtu_defined; /* true if user overriding parm with command line option */
115 
116  /* Advanced MTU negotiation and datagram fragmentation options */
117  int mtu_discover_type; /* used if OS supports setting Path MTU discovery options on socket */
118 
119  int fragment; /* internal fragmentation size */
120  int mssfix; /* Upper bound on TCP MSS */
121  bool mssfix_default; /* true if --mssfix was supplied without a parameter */
122 
123  int explicit_exit_notification; /* Explicitly tell peer when we are exiting via OCC_EXIT or [RESTART] message */
124 
125 #define CE_DISABLED (1<<0)
126 #define CE_MAN_QUERY_PROXY (1<<1)
127 #define CE_MAN_QUERY_REMOTE_UNDEF 0
128 #define CE_MAN_QUERY_REMOTE_QUERY 1
129 #define CE_MAN_QUERY_REMOTE_ACCEPT 2
130 #define CE_MAN_QUERY_REMOTE_MOD 3
131 #define CE_MAN_QUERY_REMOTE_SKIP 4
132 #define CE_MAN_QUERY_REMOTE_MASK (0x07)
133 #define CE_MAN_QUERY_REMOTE_SHIFT (2)
134  unsigned int flags;
135 };
136 
138 {
139  const char *remote;
140  const char *remote_port;
141  int proto;
143 };
144 
145 #define CONNECTION_LIST_SIZE 64
146 
148 {
149  int len;
150  int current;
152 };
153 
155 {
156  int len;
158 };
159 
161 {
162 #define RH_HOST_LEN 80
163  char host[RH_HOST_LEN];
164 #define RH_PORT_LEN 20
165  char port[RH_PORT_LEN];
166 };
167 
168 /* Command line options */
169 struct options
170 {
171  struct gc_arena gc;
172  bool gc_owned;
173 
174  /* first config file */
175  const char *config;
176 
177  /* major mode */
178 #define MODE_POINT_TO_POINT 0
179 #define MODE_SERVER 1
180  int mode;
181 
182  /* enable forward compatibility for post-2.1 features */
184  /* list of options that should be ignored even if unknown */
185  const char **ignore_unknown_option;
186 
187  /* persist parms */
190 
191 #ifdef ENABLE_CRYPTO
192  const char *key_pass_file;
198  bool genkey;
199 #endif
200 
201  /* Networking parms */
203  struct connection_entry ce;
205 
207  /* Do not advanced the connection or remote addr list*/
209  /* Counts the number of unsuccessful connection attempts */
210  unsigned int unsuccessful_attempts;
211 
212 #if ENABLE_MANAGEMENT
214 #endif
215 
217 
219  const char *ipchange;
220  const char *dev;
221  const char *dev_type;
222  const char *dev_node;
223  const char *lladdr;
224  int topology; /* one of the TOP_x values from proto.h */
225  const char *ifconfig_local;
227  const char *ifconfig_ipv6_local;
229  const char *ifconfig_ipv6_remote;
232 #ifdef ENABLE_FEATURE_SHAPER
233  int shaper;
234 #endif
235 
237 
238 #ifdef ENABLE_OCC
239  bool mtu_test;
240 #endif
241 
242 #ifdef ENABLE_MEMSTATS
243  char *memstats_fn;
244 #endif
245 
246  bool mlock;
247 
248  int keepalive_ping; /* a proxy for ping/ping-restart */
250 
251  int inactivity_timeout; /* --inactive */
253 
254  int ping_send_timeout; /* Send a TCP/UDP ping to remote every n seconds */
255  int ping_rec_timeout; /* Expect a TCP/UDP ping from remote at least once every n seconds */
256  bool ping_timer_remote; /* Run ping timer only if we have a remote address */
257 
258 #define PING_UNDEF 0
259 #define PING_EXIT 1
260 #define PING_RESTART 2
261  int ping_rec_timeout_action; /* What action to take on ping_rec_timeout (exit or restart)? */
262 
263  bool persist_tun; /* Don't close/reopen TUN/TAP dev on SIGUSR1 or PING_RESTART */
264  bool persist_local_ip; /* Don't re-resolve local address on SIGUSR1 or PING_RESTART */
265  bool persist_remote_ip; /* Don't re-resolve remote address on SIGUSR1 or PING_RESTART */
266  bool persist_key; /* Don't re-read key files on SIGUSR1 or PING_RESTART */
267 
268 #if PASSTOS_CAPABILITY
269  bool passtos;
270 #endif
271 
272  int resolve_retry_seconds; /* If hostname resolve fails, retry for n seconds */
274  const char *ip_remote_hint;
275 
277 
278  /* Misc parms */
279  const char *username;
280  const char *groupname;
281  const char *chroot_dir;
282  const char *cd_dir;
283 #ifdef ENABLE_SELINUX
284  char *selinux_context;
285 #endif
286  const char *writepid;
287  const char *up_script;
288  const char *down_script;
290  bool down_pre;
291  bool up_delay;
293  bool daemon;
294 
296 
297  /* inetd modes defined in socket.h */
298  int inetd;
299 
300  bool log;
303  int nice;
305  int mute;
306 
307 #ifdef ENABLE_DEBUG
308  int gremlin;
309 #endif
310 
311  const char *status_file;
314 
315  /* optimize TUN/TAP/UDP writes */
316  bool fast_io;
317 
318 #ifdef USE_COMP
319  struct compress_options comp;
320 #endif
321 
322  /* buffer sizes */
323  int rcvbuf;
324  int sndbuf;
325 
326  /* mark value */
327  int mark;
328 
329  /* socket flags */
330  unsigned int sockflags;
331 
332  /* route management */
333  const char *route_script;
334  const char *route_predown_script;
345  bool allow_pull_fqdn; /* as a client, allow server to push a FQDN for certain parameters */
347 
348 #ifdef ENABLE_OCC
349  /* Enable options consistency check between peers */
350  bool occ;
351 #endif
352 
353 #ifdef ENABLE_MANAGEMENT
354  const char *management_addr;
355  const char *management_port;
356  const char *management_user_pass;
361 
364 
365  /* Mask of MF_ values of manage.h */
366  unsigned int management_flags;
368 #endif
369 
370 #ifdef ENABLE_PLUGIN
372 #endif
373 
374 
375 
376 #if P2MP
377 
378 #if P2MP_SERVER
379  /* the tmp dir is for now only used in the P2P server context */
380  const char *tmp_dir;
384  bool server_ipv6_defined; /* IPv6 */
385  struct in6_addr server_network_ipv6; /* IPv6 */
386  unsigned int server_netbits_ipv6; /* IPv6 */
387 
388 #define SF_NOPOOL (1<<0)
389 #define SF_TCP_NODELAY_HELPER (1<<1)
390 #define SF_NO_PUSH_ROUTE_GATEWAY (1<<2)
391  unsigned int server_flags;
392 
394 
400 
408 
409  bool ifconfig_ipv6_pool_defined; /* IPv6 */
410  struct in6_addr ifconfig_ipv6_pool_base; /* IPv6 */
412 
417  const char *learn_address_script;
418  const char *client_config_dir;
420  bool disable;
423  struct iroute *iroutes;
424  struct iroute_ipv6 *iroutes_ipv6; /* IPv6 */
432  bool push_ifconfig_ipv6_defined; /* IPv6 */
433  struct in6_addr push_ifconfig_ipv6_local; /* IPv6 */
435  struct in6_addr push_ifconfig_ipv6_remote; /* IPv6 */
436  bool push_ifconfig_ipv6_blocked; /* IPv6 */
439  int cf_max;
440  int cf_per;
445 
449  unsigned int auth_token_lifetime;
450 #if PORT_SHARE
451  char *port_share_host;
452  char *port_share_port;
453  const char *port_share_journal_dir;
454 #endif
455 #endif /* if P2MP_SERVER */
456 
457  bool client;
458  bool pull; /* client pull of config options from server */
461  const char *auth_user_pass_file;
463 
465 
466 #ifdef ENABLE_CLIENT_CR
467  struct static_challenge_info sc_info;
468 #endif
469 #endif /* if P2MP */
470 
471 #ifdef ENABLE_CRYPTO
472  /* Cipher parms */
473  const char *shared_secret_file;
476  const char *ciphername;
478  const char *ncp_ciphers;
479  const char *authname;
480  int keysize;
481  const char *prng_hash;
483  const char *engine;
484  bool replay;
488  const char *packet_id_file;
490 #ifdef ENABLE_PREDICTION_RESISTANCE
491  bool use_prediction_resistance;
492 #endif
493 
494  /* TLS (control channel) parms */
497  const char *ca_file;
498  const char *ca_path;
499  const char *dh_file;
500  const char *cert_file;
501  const char *extra_certs_file;
502  const char *priv_key_file;
503  const char *pkcs12_file;
504  const char *cipher_list;
505  const char *ecdh_curve;
506  const char *tls_verify;
508  const char *verify_x509_name;
509  const char *tls_export_cert;
510  const char *crl_file;
511 
512  const char *ca_file_inline;
513  const char *cert_file_inline;
515  const char *crl_file_inline;
517  const char *dh_file_inline;
518  const char *pkcs12_file_inline; /* contains the base64 encoding of pkcs12 file */
519 
520  int ns_cert_type; /* set to 0, NS_CERT_CHECK_SERVER, or NS_CERT_CHECK_CLIENT */
521  unsigned remote_cert_ku[MAX_PARMS];
522  const char *remote_cert_eku;
525  unsigned int ssl_flags; /* set to SSLF_x flags from ssl.h */
526 
527 #ifdef ENABLE_PKCS11
528  const char *pkcs11_providers[MAX_PARMS];
529  unsigned pkcs11_private_mode[MAX_PARMS];
530  bool pkcs11_protected_authentication[MAX_PARMS];
531  bool pkcs11_cert_private[MAX_PARMS];
532  int pkcs11_pin_cache_period;
533  const char *pkcs11_id;
534  bool pkcs11_id_management;
535 #endif
536 
537 #ifdef ENABLE_CRYPTOAPI
538  const char *cryptoapi_cert;
539 #endif
540 
541  /* data channel key exchange method */
543 
544  /* Per-packet timeout on control channel */
546 
547  /* Data channel key renegotiation parameters */
551 
552  /* Data channel key handshake must finalize
553  * within n seconds of handshake initiation. */
555 
556 #ifdef ENABLE_X509ALTUSERNAME
557  /* Field used to be the username in X509 cert. */
558  char *x509_username_field;
559 #endif
560 
561  /* Old key allowed to live n seconds after new key goes active */
563 
564  /* Shared secret used for TLS control channel authentication */
565  const char *tls_auth_file;
566  const char *tls_auth_file_inline;
567 
568  /* Shared secret used for TLS control channel authenticated encryption */
569  const char *tls_crypt_file;
570  const char *tls_crypt_inline;
571 
572  /* Allow only one session */
574 
575 #ifdef ENABLE_PUSH_PEER_INFO
576  bool push_peer_info;
577 #endif
578 
579  bool tls_exit;
580 
581 #endif /* ENABLE_CRYPTO */
582 
583  const struct x509_track *x509_track;
584 
585  /* special state parms */
587 
588 #ifdef _WIN32
589  HANDLE msg_channel;
590  const char *exit_event_name;
595 #endif
596 
599 
600 #if defined(ENABLE_CRYPTO_OPENSSL) && OPENSSL_VERSION_NUMBER >= 0x10001000
601  /* Keying Material Exporters [RFC 5705] */
602  const char *keying_material_exporter_label;
603  int keying_material_exporter_length;
604 #endif
605 
607 
608  /* Useful when packets sent by openvpn itself are not subject
609  * to the routing tables that would move packets into the tunnel. */
611 };
612 
613 #define streq(x, y) (!strcmp((x), (y)))
614 
615 /*
616  * Option classes.
617  */
618 #define OPT_P_GENERAL (1<<0)
619 #define OPT_P_UP (1<<1)
620 #define OPT_P_ROUTE (1<<2)
621 #define OPT_P_IPWIN32 (1<<3)
622 #define OPT_P_SCRIPT (1<<4)
623 #define OPT_P_SETENV (1<<5)
624 #define OPT_P_SHAPER (1<<6)
625 #define OPT_P_TIMER (1<<7)
626 #define OPT_P_PERSIST (1<<8)
627 #define OPT_P_PERSIST_IP (1<<9)
628 #define OPT_P_COMP (1<<10) /* TODO */
629 #define OPT_P_MESSAGES (1<<11)
630 #define OPT_P_NCP (1<<12)
631 #define OPT_P_TLS_PARMS (1<<13) /* TODO */
632 #define OPT_P_MTU (1<<14) /* TODO */
633 #define OPT_P_NICE (1<<15)
634 #define OPT_P_PUSH (1<<16)
635 #define OPT_P_INSTANCE (1<<17)
636 #define OPT_P_CONFIG (1<<18)
637 #define OPT_P_EXPLICIT_NOTIFY (1<<19)
638 #define OPT_P_ECHO (1<<20)
639 #define OPT_P_INHERIT (1<<21)
640 #define OPT_P_ROUTE_EXTRAS (1<<22)
641 #define OPT_P_PULL_MODE (1<<23)
642 #define OPT_P_PLUGIN (1<<24)
643 #define OPT_P_SOCKBUF (1<<25)
644 #define OPT_P_SOCKFLAGS (1<<26)
645 #define OPT_P_CONNECTION (1<<27)
646 #define OPT_P_PEER_ID (1<<28)
647 
648 #define OPT_P_DEFAULT (~(OPT_P_INSTANCE|OPT_P_PULL_MODE))
649 
650 #if P2MP
651 #define PULL_DEFINED(opt) ((opt)->pull)
652 #if P2MP_SERVER
653 #define PUSH_DEFINED(opt) ((opt)->push_list)
654 #endif
655 #endif
656 
657 #ifndef PULL_DEFINED
658 #define PULL_DEFINED(opt) (false)
659 #endif
660 
661 #ifndef PUSH_DEFINED
662 #define PUSH_DEFINED(opt) (false)
663 #endif
664 
665 #ifdef _WIN32
666 #define ROUTE_OPTION_FLAGS(o) ((o)->route_method & ROUTE_METHOD_MASK)
667 #else
668 #define ROUTE_OPTION_FLAGS(o) (0)
669 #endif
670 
671 #ifdef ENABLE_FEATURE_SHAPER
672 #define SHAPER_DEFINED(opt) ((opt)->shaper)
673 #else
674 #define SHAPER_DEFINED(opt) (false)
675 #endif
676 
677 #ifdef ENABLE_PLUGIN
678 #define PLUGIN_OPTION_LIST(opt) ((opt)->plugin_list)
679 #else
680 #define PLUGIN_OPTION_LIST(opt) (NULL)
681 #endif
682 
683 #ifdef MANAGEMENT_DEF_AUTH
684 #define MAN_CLIENT_AUTH_ENABLED(opt) ((opt)->management_flags & MF_CLIENT_AUTH)
685 #else
686 #define MAN_CLIENT_AUTH_ENABLED(opt) (false)
687 #endif
688 
689 void parse_argv(struct options *options,
690  const int argc,
691  char *argv[],
692  const int msglevel,
693  const unsigned int permission_mask,
694  unsigned int *option_types_found,
695  struct env_set *es);
696 
697 void notnull(const char *arg, const char *description);
698 
699 void usage_small(void);
700 
701 void show_library_versions(const unsigned int flags);
702 
703 #ifdef _WIN32
704 void show_windows_version(const unsigned int flags);
705 
706 #endif
707 
708 void init_options(struct options *o, const bool init_gc);
709 
710 void uninit_options(struct options *o);
711 
712 void setenv_settings(struct env_set *es, const struct options *o);
713 
714 void show_settings(const struct options *o);
715 
716 bool string_defined_equal(const char *s1, const char *s2);
717 
718 #ifdef ENABLE_OCC
719 
720 const char *options_string_version(const char *s, struct gc_arena *gc);
721 
722 char *options_string(const struct options *o,
723  const struct frame *frame,
724  struct tuntap *tt,
725  bool remote,
726  struct gc_arena *gc);
727 
728 bool options_cmp_equal_safe(char *actual, const char *expected, size_t actual_n);
729 
730 void options_warning_safe(char *actual, const char *expected, size_t actual_n);
731 
732 bool options_cmp_equal(char *actual, const char *expected);
733 
734 void options_warning(char *actual, const char *expected);
735 
736 #endif
737 
749  const char *opt_name, struct gc_arena *gc);
750 
751 
752 void options_postprocess(struct options *options);
753 
754 void pre_pull_save(struct options *o);
755 
756 void pre_pull_restore(struct options *o, struct gc_arena *gc);
757 
758 bool apply_push_options(struct options *options,
759  struct buffer *buf,
760  unsigned int permission_mask,
761  unsigned int *option_types_found,
762  struct env_set *es);
763 
764 void options_detach(struct options *o);
765 
766 void options_server_import(struct options *o,
767  const char *filename,
768  int msglevel,
769  unsigned int permission_mask,
770  unsigned int *option_types_found,
771  struct env_set *es);
772 
773 void pre_pull_default(struct options *o);
774 
775 void rol_check_alloc(struct options *options);
776 
777 int parse_line(const char *line,
778  char *p[],
779  const int n,
780  const char *file,
781  const int line_num,
782  int msglevel,
783  struct gc_arena *gc);
784 
785 /*
786  * parse/print topology coding
787  */
788 
789 int parse_topology(const char *str, const int msglevel);
790 
791 const char *print_topology(const int topology);
792 
793 /*
794  * Manage auth-retry variable
795  */
796 
797 #if P2MP
798 
799 #define AR_NONE 0
800 #define AR_INTERACT 1
801 #define AR_NOINTERACT 2
802 
803 int auth_retry_get(void);
804 
805 bool auth_retry_set(const int msglevel, const char *option);
806 
807 const char *auth_retry_print(void);
808 
809 #endif
810 
812  const char *config,
813  const int msglevel,
814  const unsigned int permission_mask,
815  unsigned int *option_types_found,
816  struct env_set *es);
817 
818 bool get_ipv6_addr( const char *prefix_str, struct in6_addr *network,
819  unsigned int *netbits, int msglevel );
820 
821 
822 #endif /* ifndef OPTIONS_H */
void options_warning_safe(char *actual, const char *expected, size_t actual_n)
Definition: options.c:3873
bool remote_float
Definition: options.h:97
const char * tls_crypt_file
Definition: options.h:569
const char * status_file
Definition: options.h:311
bool get_ipv6_addr(const char *prefix_str, struct in6_addr *network, unsigned int *netbits, int msglevel)
Definition: options.c:1037
const char * ecdh_curve
Definition: options.h:505
int ifconfig_pool_persist_refresh_freq
Definition: options.h:407
bool persist_remote_ip
Definition: options.h:265
int sndbuf
Definition: options.h:324
const char * ca_file_inline
Definition: options.h:512
struct route_ipv6_option_list * routes_ipv6
Definition: options.h:342
const char * management_certificate
Definition: options.h:367
const char * socks_proxy_port
Definition: options.h:106
bool options_cmp_equal(char *actual, const char *expected)
Definition: options.c:3713
bool tun_mtu_defined
Definition: options.h:110
Definition: tun.h:131
bool ncp_enabled
Definition: options.h:477
unsigned int management_flags
Definition: options.h:366
struct client_nat_option_list * client_nat
Definition: options.h:346
void show_windows_version(const unsigned int flags)
Definition: options.c:4116
bool block_outside_dns
Definition: options.h:594
bool mute_replay_warnings
Definition: options.h:485
bool show_curves
Definition: options.h:197
bool push_ifconfig_ipv6_blocked
Definition: options.h:436
bool exit_event_initial_state
Definition: options.h:591
const char * cipher_list
Definition: options.h:504
bool tls_server
Definition: options.h:495
const char * cert_file
Definition: options.h:500
int management_log_history_cache
Definition: options.h:357
const char * ifconfig_pool_persist_filename
Definition: options.h:406
const char * chroot_dir
Definition: options.h:281
bool allow_pull_fqdn
Definition: options.h:345
bool server_bridge_proxy_dhcp
Definition: options.h:393
const char * dev
Definition: options.h:220
int ping_rec_timeout_action
Definition: options.h:261
bool auth_token_generate
Definition: options.h:448
int inetd
Definition: options.h:298
int foreign_option_index
Definition: options.h:586
Packet geometry parameters.
Definition: mtu.h:93
int foreign_option_index
Definition: options.h:80
const char * ca_path
Definition: options.h:498
const char * ca_file
Definition: options.h:497
bool string_defined_equal(const char *s1, const char *s2)
Definition: options.c:4175
const char * tls_auth_file
Definition: options.h:565
const char * learn_address_script
Definition: options.h:417
const char * shared_secret_file
Definition: options.h:473
const char * priv_key_file
Definition: options.h:502
bool enable_c2c
Definition: options.h:437
#define RH_PORT_LEN
Definition: options.h:164
int push_ifconfig_ipv6_netbits
Definition: options.h:434
uint32_t peer_id
Definition: options.h:598
struct remote_list * remote_list
Definition: options.h:206
unsigned short sa_family_t
Definition: syshead.h:446
Definition: options.h:88
int renegotiate_seconds
Definition: options.h:550
bool persist_key
Definition: options.h:266
int replay_window
Definition: options.h:486
int persist_mode
Definition: options.h:189
int connect_retry_seconds
Definition: options.h:101
in_addr_t push_ifconfig_remote_netmask
Definition: options.h:427
void usage_small(void)
Definition: options.c:4108
bool ifconfig_pool_defined
Definition: options.h:402
const char * auth_retry_print(void)
Definition: options.c:4042
int rcvbuf
Definition: options.h:323
int inactivity_minimum_bytes
Definition: options.h:252
const char * crl_file_inline
Definition: options.h:515
char * options_string(const struct options *o, const struct frame *frame, struct tuntap *tt, bool remote, struct gc_arena *gc)
Definition: options.c:3521
const char title_string[]
Definition: options.c:64
struct connection_list * connection_list
Definition: options.h:204
#define RH_HOST_LEN
Definition: options.h:162
const char * exit_event_name
Definition: options.h:590
bool route_noexec
Definition: options.h:337
unsigned int sockflags
Definition: options.h:330
struct http_proxy_options * http_proxy_override
Definition: options.h:213
const char * route_script
Definition: options.h:333
bool routes_defined
Definition: options.h:71
int proto_force
Definition: options.h:236
int management_state_buffer_size
Definition: options.h:359
int resolve_retry_seconds
Definition: options.h:272
int route_method
Definition: options.h:593
hash_algo_type
Types referencing specific message digest hashing algorithms.
#define in_addr_t
Definition: config-msvc.h:104
const char * config
Definition: options.h:175
int route_delay
Definition: options.h:338
const char * tls_auth_file_inline
Definition: options.h:566
#define MAX_PARMS
Definition: options.h:53
const char * down_script
Definition: options.h:288
const char * local_port
Definition: options.h:92
const char * route_predown_script
Definition: options.h:334
int cf_max
Definition: options.h:439
bool down_pre
Definition: options.h:290
int keepalive_timeout
Definition: options.h:249
struct route_option_list * routes
Definition: options.h:72
const char * pkcs12_file_inline
Definition: options.h:518
static bool push_peer_info(struct buffer *buf, struct tls_session *session)
Definition: ssl.c:2232
int handshake_window
Definition: options.h:554
bool allow_recursive_routing
Definition: options.h:610
in_addr_t ifconfig_pool_end
Definition: options.h:404
struct remote_host_store * rh_store
Definition: options.h:216
int parse_topology(const char *str, const int msglevel)
Definition: options.c:3961
const char * client_disconnect_script
Definition: options.h:416
int explicit_exit_notification
Definition: options.h:123
int status_file_update_freq
Definition: options.h:313
int verify_x509_type
Definition: options.h:507
unsigned int unsuccessful_attempts
Definition: options.h:210
const char * prng_hash
Definition: options.h:481
int scheduled_exit_interval
Definition: options.h:464
int ping_rec_timeout
Definition: options.h:255
void pre_pull_save(struct options *o)
Definition: options.c:3367
const char * pkcs12_file
Definition: options.h:503
void options_server_import(struct options *o, const char *filename, int msglevel, unsigned int permission_mask, unsigned int *option_types_found, struct env_set *es)
Definition: options.c:4769
bool ifconfig_noexec
Definition: options.h:230
bool fast_io
Definition: options.h:316
int key_direction
Definition: options.h:475
bool link_mtu_defined
Definition: options.h:114
const char * options_string_version(const char *s, struct gc_arena *gc)
Definition: options.c:3879
bool gc_owned
Definition: options.h:172
bool route_delay_defined
Definition: options.h:340
bool tls_exit
Definition: options.h:579
bool route_nopull
Definition: options.h:343
const char * tls_export_cert
Definition: options.h:509
const char * route_default_gateway
Definition: options.h:335
const char * ncp_ciphers
Definition: options.h:478
int cf_per
Definition: options.h:440
int remap_sigusr1
Definition: options.h:295
bool remote_random
Definition: options.h:218
struct client_nat_option_list * client_nat
Definition: options.h:78
bool auth_user_pass_verify_script_via_file
Definition: options.h:447
const char * tls_verify
Definition: options.h:506
bool push_ifconfig_constraint_defined
Definition: options.h:429
in_addr_t push_ifconfig_local
Definition: options.h:426
int parse_line(const char *line, char *p[], const int n, const char *file, const int line_num, int msglevel, struct gc_arena *gc)
Definition: options.c:4219
bool suppress_timestamps
Definition: options.h:301
int tun_mtu
Definition: options.h:109
const char * verify_x509_name
Definition: options.h:508
const char * socks_proxy_server
Definition: options.h:105
int ns_cert_type
Definition: options.h:520
const char * management_write_peer_info_file
Definition: options.h:360
in_addr_t server_bridge_pool_start
Definition: options.h:398
struct plugin_option_list * plugin_list
Definition: options.h:371
int proto
Definition: options.h:90
bool server_defined
Definition: options.h:381
int verbosity
Definition: options.h:304
bool show_net_up
Definition: options.h:592
int stale_routes_check_interval
Definition: options.h:443
bool show_engines
Definition: options.h:195
bool tuntap_options_defined
Definition: options.h:68
int mode
Definition: options.h:180
bool show_tls_ciphers
Definition: options.h:196
bool ifconfig_ipv6_pool_defined
Definition: options.h:409
bool ccd_exclusive
Definition: options.h:419
in_addr_t push_ifconfig_constraint_netmask
Definition: options.h:431
bool occ
Definition: options.h:350
bool local_port_defined
Definition: options.h:93
int ifconfig_ipv6_netbits
Definition: options.h:228
bool tls_client
Definition: options.h:496
const char * authname
Definition: options.h:479
int connect_retry_max
Definition: options.h:202
bool show_digests
Definition: options.h:194
bool genkey
Definition: options.h:198
int topology
Definition: options.h:224
struct iroute * iroutes
Definition: options.h:423
int mssfix
Definition: options.h:120
void setenv_settings(struct env_set *es, const struct options *o)
Definition: options.c:987
const char * remote_port
Definition: options.h:140
int virtual_hash_size
Definition: options.h:414
const struct x509_track * x509_track
Definition: options.h:583
unsigned __int32 uint32_t
Definition: config-msvc.h:121
const char ** ignore_unknown_option
Definition: options.h:185
int proto
Definition: options.h:141
void parse_argv(struct options *options, const int argc, char *argv[], const int msglevel, const unsigned int permission_mask, unsigned int *option_types_found, struct env_set *es)
Definition: options.c:4634
HANDLE msg_channel
Definition: options.h:589
int keysize
Definition: options.h:480
int tcp_queue_limit
Definition: options.h:422
bool client_nat_defined
Definition: options.h:77
const char * socks_proxy_authfile
Definition: options.h:107
const char * client_config_dir
Definition: options.h:418
const char * ciphername
Definition: options.h:476
int renegotiate_bytes
Definition: options.h:548
struct http_proxy_options * http_proxy_options
Definition: options.h:104
const char * remote_cert_eku
Definition: options.h:522
in_addr_t server_bridge_ip
Definition: options.h:396
in_addr_t server_netmask
Definition: options.h:383
int prng_nonce_secret_len
Definition: options.h:482
const char * extra_certs_file
Definition: options.h:501
unsigned int ssl_flags
Definition: options.h:525
int max_routes_per_client
Definition: options.h:442
const char * lladdr
Definition: options.h:223
int renegotiate_packets
Definition: options.h:549
int n_bcast_buf
Definition: options.h:421
const char * auth_user_pass_file
Definition: options.h:461
int connect_retry_seconds_max
Definition: options.h:102
const char * management_user_pass
Definition: options.h:356
const char * cert_file_inline
Definition: options.h:513
in_addr_t ifconfig_pool_start
Definition: options.h:403
bool mtu_test
Definition: options.h:239
int ping_send_timeout
Definition: options.h:254
const char * remote
Definition: options.h:96
hash_algo_type verify_hash_algo
Definition: options.h:524
int auth_retry_get(void)
Definition: options.c:4013
char * options_string_extract_option(const char *options_string, const char *opt_name, struct gc_arena *gc)
Given an OpenVPN options string, extract the value of an option.
Definition: options.c:3889
void options_warning(char *actual, const char *expected)
Definition: options.c:3719
bool push_ifconfig_defined
Definition: options.h:425
void rol_check_alloc(struct options *options)
Definition: options.c:1435
void show_settings(const struct options *o)
Definition: options.c:1543
const char * ifconfig_ipv6_remote
Definition: options.h:229
bool resolve_in_advance
Definition: options.h:273
const char * writepid
Definition: options.h:286
const char * ifconfig_ipv6_local
Definition: options.h:227
const char * management_port
Definition: options.h:355
bool log
Definition: options.h:300
const char * client_connect_script
Definition: options.h:415
const char * cd_dir
Definition: options.h:282
int inactivity_timeout
Definition: options.h:251
const char * up_script
Definition: options.h:287
const char * ipchange
Definition: options.h:219
unsigned int flags
Definition: options.h:134
bool forward_compatible
Definition: options.h:183
const char * tls_crypt_inline
Definition: options.h:570
bool ifconfig_nowarn
Definition: options.h:231
in_addr_t ifconfig_pool_netmask
Definition: options.h:405
void pre_pull_restore(struct options *o, struct gc_arena *gc)
Definition: options.c:3394
void options_string_import(struct options *options, const char *config, const int msglevel, const unsigned int permission_mask, unsigned int *option_types_found, struct env_set *es)
Definition: options.c:4789
bool client
Definition: options.h:457
bool disable
Definition: options.h:420
const char * remote_port
Definition: options.h:94
bool user_script_used
Definition: options.h:289
int push_continuation
Definition: options.h:459
void init_options(struct options *o, const bool init_gc)
Definition: options.c:783
const char * ip_remote_hint
Definition: options.h:274
const char * key_pass_file
Definition: options.h:192
int nice
Definition: options.h:303
unsigned int push_option_types_found
Definition: options.h:460
unsigned __int8 uint8_t
Definition: config-msvc.h:123
const char * tmp_dir
Definition: options.h:380
int route_default_metric
Definition: options.h:336
int max_clients
Definition: options.h:441
bool no_advance
Definition: options.h:208
int transition_window
Definition: options.h:562
bool mlock
Definition: options.h:246
const char * remote
Definition: options.h:139
bool show_ciphers
Definition: options.h:193
int status_file_version
Definition: options.h:312
const char * local
Definition: options.h:95
struct options_pre_pull * pre_pull
Definition: options.h:462
int route_delay_window
Definition: options.h:339
bool up_delay
Definition: options.h:291
const char * extra_certs_file_inline
Definition: options.h:514
int keepalive_ping
Definition: options.h:248
bool push_ifconfig_ipv6_defined
Definition: options.h:432
int replay_time
Definition: options.h:487
bool routes_ipv6_defined
Definition: options.h:74
const char * dev_node
Definition: options.h:222
sa_family_t af
Definition: options.h:142
int connect_timeout
Definition: options.h:103
Wrapper structure for dynamically allocated memory.
Definition: buffer.h:60
void options_postprocess(struct options *options)
Definition: options.c:3351
in_addr_t server_network
Definition: options.h:382
int real_hash_size
Definition: options.h:413
in_addr_t push_ifconfig_local_alias
Definition: options.h:428
const char * print_topology(const int topology)
Definition: options.c:3983
bool apply_push_options(struct options *options, struct buffer *buf, unsigned int permission_mask, unsigned int *option_types_found, struct env_set *es)
Definition: options.c:4740
const char * auth_user_pass_verify_script
Definition: options.h:446
Definition: route.h:230
int mute
Definition: options.h:305
struct route_option_list * routes
Definition: options.h:341
struct iroute_ipv6 * iroutes_ipv6
Definition: options.h:424
const char * management_addr
Definition: options.h:354
int tun_mtu_extra
Definition: options.h:111
Definition: misc.h:49
struct pull_filter_list * pull_filter_list
Definition: options.h:606
struct route_ipv6_option_list * routes_ipv6
Definition: options.h:75
bool options_cmp_equal_safe(char *actual, const char *expected, size_t actual_n)
Definition: options.c:3850
unsigned int server_flags
Definition: options.h:391
bool machine_readable_output
Definition: options.h:302
bool daemon
Definition: options.h:293
Garbage collection arena used to keep track of dynamically allocated memory.
Definition: buffer.h:116
bool single_session
Definition: options.h:573
sa_family_t af
Definition: options.h:91
const char * management_client_group
Definition: options.h:363
void show_library_versions(const unsigned int flags)
Definition: options.c:4125
int tls_timeout
Definition: options.h:545
unsigned int auth_token_lifetime
Definition: options.h:449
bool bind_local
Definition: options.h:100
bool use_peer_id
Definition: options.h:597
unsigned int server_netbits_ipv6
Definition: options.h:386
const char * ifconfig_local
Definition: options.h:225
bool pull
Definition: options.h:458
int mtu_discover_type
Definition: options.h:117
void pre_pull_default(struct options *o)
void notnull(const char *arg, const char *description)
Definition: options.c:4166
bool bind_ipv6_only
Definition: options.h:99
Definition: options.h:137
const char * packet_id_file
Definition: options.h:488
bool server_ipv6_defined
Definition: options.h:384
const char * dh_file
Definition: options.h:499
void options_detach(struct options *o)
Definition: options.c:1424
const char * management_client_user
Definition: options.h:362
Definition: argv.h:35
bool ping_timer_remote
Definition: options.h:256
bool mssfix_default
Definition: options.h:121
uint8_t * verify_hash
Definition: options.h:523
in_addr_t server_bridge_pool_end
Definition: options.h:399
in_addr_t push_ifconfig_constraint_network
Definition: options.h:430
bool auth_retry_set(const int msglevel, const char *option)
Definition: options.c:4019
bool persist_config
Definition: options.h:188
bool replay
Definition: options.h:484
bool test_crypto
Definition: options.h:489
bool persist_tun
Definition: options.h:263
const char * groupname
Definition: options.h:280
bool tun_mtu_extra_defined
Definition: options.h:112
bool duplicate_cn
Definition: options.h:438
int stale_routes_ageing_time
Definition: options.h:444
const char * engine
Definition: options.h:483
int management_echo_buffer_size
Definition: options.h:358
const char * dh_file_inline
Definition: options.h:517
#define CONNECTION_LIST_SIZE
Definition: options.h:145
const char * ifconfig_remote_netmask
Definition: options.h:226
in_addr_t server_bridge_netmask
Definition: options.h:397
bool server_bridge_defined
Definition: options.h:395
bool bind_defined
Definition: options.h:98
int mark
Definition: options.h:327
char * priv_key_file_inline
Definition: options.h:516
const char * shared_secret_file_inline
Definition: options.h:474
const char * username
Definition: options.h:279
int key_method
Definition: options.h:542
void uninit_options(struct options *o)
Definition: options.c:905
int ifconfig_ipv6_pool_netbits
Definition: options.h:411
int fragment
Definition: options.h:119
const char * dev_type
Definition: options.h:221
bool route_gateway_via_dhcp
Definition: options.h:344
bool up_restart
Definition: options.h:292
int link_mtu
Definition: options.h:113
bool persist_local_ip
Definition: options.h:264
const char * crl_file
Definition: options.h:510