OpenVPN
options.h
Go to the documentation of this file.
1 /*
2  * OpenVPN -- An application to securely tunnel IP networks
3  * over a single UDP port, with support for SSL/TLS-based
4  * session authentication and key exchange,
5  * packet encryption, packet authentication, and
6  * packet compression.
7  *
8  * Copyright (C) 2002-2018 OpenVPN Inc <sales@openvpn.net>
9  *
10  * This program is free software; you can redistribute it and/or modify
11  * it under the terms of the GNU General Public License version 2
12  * as published by the Free Software Foundation.
13  *
14  * This program is distributed in the hope that it will be useful,
15  * but WITHOUT ANY WARRANTY; without even the implied warranty of
16  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17  * GNU General Public License for more details.
18  *
19  * You should have received a copy of the GNU General Public License along
20  * with this program; if not, write to the Free Software Foundation, Inc.,
21  * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
22  */
23 
24 /*
25  * 2004-01-28: Added Socks5 proxy support
26  * (Christof Meerwald, http://cmeerw.org)
27  */
28 
29 #ifndef OPTIONS_H
30 #define OPTIONS_H
31 
32 #include "basic.h"
33 #include "common.h"
34 #include "mtu.h"
35 #include "route.h"
36 #include "tun.h"
37 #include "socket.h"
38 #include "plugin.h"
39 #include "manage.h"
40 #include "proxy.h"
41 #include "comp.h"
42 #include "pushlist.h"
43 #include "clinat.h"
44 #include "crypto_backend.h"
45 
46 
47 /*
48  * Maximum number of parameters associated with an option,
49  * including the option name itself.
50  */
51 #define MAX_PARMS 16
52 
53 /*
54  * Max size of options line and parameter.
55  */
56 #define OPTION_PARM_SIZE 256
57 #define OPTION_LINE_SIZE 256
58 
59 extern const char title_string[];
60 
61 #if P2MP
62 
63 /* certain options are saved before --pull modifications are applied */
65 {
68 
71 
74 
77 
79 };
80 
81 #endif
82 #if !defined(ENABLE_CRYPTO_OPENSSL) && !defined(ENABLE_CRYPTO_MBEDTLS)
83 #error "At least one of OpenSSL or mbed TLS needs to be defined."
84 #endif
85 
87 {
88  int proto;
90  const char *local_port;
92  const char *remote_port;
93  const char *local;
94  const char *remote;
98  bool bind_local;
103  const char *socks_proxy_server;
104  const char *socks_proxy_port;
105  const char *socks_proxy_authfile;
106 
107  int tun_mtu; /* MTU of tun device */
108  bool tun_mtu_defined; /* true if user overriding parm with command line option */
111  int link_mtu; /* MTU of device over which tunnel packets pass via TCP/UDP */
112  bool link_mtu_defined; /* true if user overriding parm with command line option */
113 
114  /* Advanced MTU negotiation and datagram fragmentation options */
115  int mtu_discover_type; /* used if OS supports setting Path MTU discovery options on socket */
116 
117  int fragment; /* internal fragmentation size */
118  int mssfix; /* Upper bound on TCP MSS */
119  bool mssfix_default; /* true if --mssfix was supplied without a parameter */
120 
121  int explicit_exit_notification; /* Explicitly tell peer when we are exiting via OCC_EXIT or [RESTART] message */
122 
123 #define CE_DISABLED (1<<0)
124 #define CE_MAN_QUERY_PROXY (1<<1)
125 #define CE_MAN_QUERY_REMOTE_UNDEF 0
126 #define CE_MAN_QUERY_REMOTE_QUERY 1
127 #define CE_MAN_QUERY_REMOTE_ACCEPT 2
128 #define CE_MAN_QUERY_REMOTE_MOD 3
129 #define CE_MAN_QUERY_REMOTE_SKIP 4
130 #define CE_MAN_QUERY_REMOTE_MASK (0x07)
131 #define CE_MAN_QUERY_REMOTE_SHIFT (2)
132  unsigned int flags;
133 
134  /* Shared secret used for TLS control channel authentication */
135  const char *tls_auth_file;
136  const char *tls_auth_file_inline;
138 
139  /* Shared secret used for TLS control channel authenticated encryption */
140  const char *tls_crypt_file;
141  const char *tls_crypt_inline;
142 
143  /* Client-specific secret or server key used for TLS control channel
144  * authenticated encryption v2 */
145  const char *tls_crypt_v2_file;
146  const char *tls_crypt_v2_inline;
147 };
148 
150 {
151  const char *remote;
152  const char *remote_port;
153  int proto;
155 };
156 
157 #define CONNECTION_LIST_SIZE 64
158 
160 {
161  int len;
162  int current;
164 };
165 
167 {
168  int len;
170 };
171 
173 {
174 #define RH_HOST_LEN 80
175  char host[RH_HOST_LEN];
176 #define RH_PORT_LEN 20
177  char port[RH_PORT_LEN];
178 };
179 
180 /* Command line options */
181 struct options
182 {
183  struct gc_arena gc;
184  bool gc_owned;
185 
186  /* first config file */
187  const char *config;
188 
189  /* major mode */
190 #define MODE_POINT_TO_POINT 0
191 #define MODE_SERVER 1
192  int mode;
193 
194  /* enable forward compatibility for post-2.1 features */
196  /* list of options that should be ignored even if unknown */
197  const char **ignore_unknown_option;
198 
199  /* persist parms */
202 
203  const char *key_pass_file;
209  bool genkey;
210 
211  /* Networking parms */
213  struct connection_entry ce;
215 
217  /* Do not advanced the connection or remote addr list*/
219  /* Counts the number of unsuccessful connection attempts */
220  unsigned int unsuccessful_attempts;
221 
222 #if ENABLE_MANAGEMENT
224 #endif
225 
227 
229  const char *ipchange;
230  const char *dev;
231  const char *dev_type;
232  const char *dev_node;
233  const char *lladdr;
234  int topology; /* one of the TOP_x values from proto.h */
235  const char *ifconfig_local;
237  const char *ifconfig_ipv6_local;
239  const char *ifconfig_ipv6_remote;
242 #ifdef ENABLE_FEATURE_SHAPER
243  int shaper;
244 #endif
245 
247 
248 #ifdef ENABLE_OCC
249  bool mtu_test;
250 #endif
251 
252 #ifdef ENABLE_MEMSTATS
253  char *memstats_fn;
254 #endif
255 
256  bool mlock;
257 
258  int keepalive_ping; /* a proxy for ping/ping-restart */
260 
261  int inactivity_timeout; /* --inactive */
263 
264  int ping_send_timeout; /* Send a TCP/UDP ping to remote every n seconds */
265  int ping_rec_timeout; /* Expect a TCP/UDP ping from remote at least once every n seconds */
266  bool ping_timer_remote; /* Run ping timer only if we have a remote address */
267 
268 #define PING_UNDEF 0
269 #define PING_EXIT 1
270 #define PING_RESTART 2
271  int ping_rec_timeout_action; /* What action to take on ping_rec_timeout (exit or restart)? */
272 
273  bool persist_tun; /* Don't close/reopen TUN/TAP dev on SIGUSR1 or PING_RESTART */
274  bool persist_local_ip; /* Don't re-resolve local address on SIGUSR1 or PING_RESTART */
275  bool persist_remote_ip; /* Don't re-resolve remote address on SIGUSR1 or PING_RESTART */
276  bool persist_key; /* Don't re-read key files on SIGUSR1 or PING_RESTART */
277 
278 #if PASSTOS_CAPABILITY
279  bool passtos;
280 #endif
281 
282  int resolve_retry_seconds; /* If hostname resolve fails, retry for n seconds */
284  const char *ip_remote_hint;
285 
287 
288  /* Misc parms */
289  const char *username;
290  const char *groupname;
291  const char *chroot_dir;
292  const char *cd_dir;
293 #ifdef ENABLE_SELINUX
294  char *selinux_context;
295 #endif
296  const char *writepid;
297  const char *up_script;
298  const char *down_script;
300  bool down_pre;
301  bool up_delay;
303  bool daemon;
304 
306 
307  /* inetd modes defined in socket.h */
308  int inetd;
309 
310  bool log;
313  int nice;
315  int mute;
316 
317 #ifdef ENABLE_DEBUG
318  int gremlin;
319 #endif
320 
321  const char *status_file;
324 
325  /* optimize TUN/TAP/UDP writes */
326  bool fast_io;
327 
328 #ifdef USE_COMP
329  struct compress_options comp;
330 #endif
331 
332  /* buffer sizes */
333  int rcvbuf;
334  int sndbuf;
335 
336  /* mark value */
337  int mark;
338 
339  /* socket flags */
340  unsigned int sockflags;
341 
342  /* route management */
343  const char *route_script;
344  const char *route_predown_script;
357  bool allow_pull_fqdn; /* as a client, allow server to push a FQDN for certain parameters */
359 
360 #ifdef ENABLE_OCC
361  /* Enable options consistency check between peers */
362  bool occ;
363 #endif
364 
365 #ifdef ENABLE_MANAGEMENT
366  const char *management_addr;
367  const char *management_port;
368  const char *management_user_pass;
373 
376 
377  /* Mask of MF_ values of manage.h */
378  unsigned int management_flags;
380 #endif
381 
382 #ifdef ENABLE_PLUGIN
384 #endif
385 
386 
387 
388 #if P2MP
389 
390 #if P2MP_SERVER
391  /* the tmp dir is for now only used in the P2P server context */
392  const char *tmp_dir;
396  bool server_ipv6_defined; /* IPv6 */
397  struct in6_addr server_network_ipv6; /* IPv6 */
398  unsigned int server_netbits_ipv6; /* IPv6 */
399 
400 #define SF_NOPOOL (1<<0)
401 #define SF_TCP_NODELAY_HELPER (1<<1)
402 #define SF_NO_PUSH_ROUTE_GATEWAY (1<<2)
403  unsigned int server_flags;
404 
406 
412 
420 
421  bool ifconfig_ipv6_pool_defined; /* IPv6 */
422  struct in6_addr ifconfig_ipv6_pool_base; /* IPv6 */
424 
429  const char *learn_address_script;
430  const char *client_config_dir;
432  bool disable;
435  struct iroute *iroutes;
436  struct iroute_ipv6 *iroutes_ipv6; /* IPv6 */
444  bool push_ifconfig_ipv4_blocked; /* IPv4 */
445  bool push_ifconfig_ipv6_defined; /* IPv6 */
446  struct in6_addr push_ifconfig_ipv6_local; /* IPv6 */
448  struct in6_addr push_ifconfig_ipv6_remote; /* IPv6 */
449  bool push_ifconfig_ipv6_blocked; /* IPv6 */
452  int cf_max;
453  int cf_per;
458 
462  unsigned int auth_token_lifetime;
463 #if PORT_SHARE
464  char *port_share_host;
465  char *port_share_port;
466  const char *port_share_journal_dir;
467 #endif
468 #endif /* if P2MP_SERVER */
469 
470  bool client;
471  bool pull; /* client pull of config options from server */
474  const char *auth_user_pass_file;
476 
478 
479 #ifdef ENABLE_MANAGEMENT
480  struct static_challenge_info sc_info;
481 #endif
482 #endif /* if P2MP */
483 
484  /* Cipher parms */
485  const char *shared_secret_file;
488  const char *ciphername;
490  const char *ncp_ciphers;
491  const char *authname;
492  int keysize;
493  const char *prng_hash;
495  const char *engine;
496  bool replay;
500  const char *packet_id_file;
502 #ifdef ENABLE_PREDICTION_RESISTANCE
503  bool use_prediction_resistance;
504 #endif
505 
506  /* TLS (control channel) parms */
509  const char *ca_file;
510  const char *ca_path;
511  const char *dh_file;
512  const char *cert_file;
513  const char *extra_certs_file;
514  const char *priv_key_file;
515  const char *pkcs12_file;
516  const char *cipher_list;
517  const char *cipher_list_tls13;
518  const char *tls_cert_profile;
519  const char *ecdh_curve;
520  const char *tls_verify;
522  const char *verify_x509_name;
523  const char *tls_export_cert;
524  const char *crl_file;
525 
526  const char *ca_file_inline;
527  const char *cert_file_inline;
529  const char *crl_file_inline;
531  const char *dh_file_inline;
532  const char *pkcs12_file_inline; /* contains the base64 encoding of pkcs12 file */
533 
534  int ns_cert_type; /* set to 0, NS_CERT_CHECK_SERVER, or NS_CERT_CHECK_CLIENT */
535  unsigned remote_cert_ku[MAX_PARMS];
536  const char *remote_cert_eku;
539  unsigned int ssl_flags; /* set to SSLF_x flags from ssl.h */
540 
541 #ifdef ENABLE_PKCS11
542  const char *pkcs11_providers[MAX_PARMS];
543  unsigned pkcs11_private_mode[MAX_PARMS];
544  bool pkcs11_protected_authentication[MAX_PARMS];
545  bool pkcs11_cert_private[MAX_PARMS];
546  int pkcs11_pin_cache_period;
547  const char *pkcs11_id;
548  bool pkcs11_id_management;
549 #endif
550 
551 #ifdef ENABLE_CRYPTOAPI
552  const char *cryptoapi_cert;
553 #endif
554 
555  /* data channel key exchange method */
557 
558  /* Per-packet timeout on control channel */
560 
561  /* Data channel key renegotiation parameters */
566 
567  /* Data channel key handshake must finalize
568  * within n seconds of handshake initiation. */
570 
571 #ifdef ENABLE_X509ALTUSERNAME
572  /* Field used to be the username in X509 cert. */
573  char *x509_username_field;
574 #endif
575 
576  /* Old key allowed to live n seconds after new key goes active */
578 
579  /* Shared secret used for TLS control channel authentication */
580  const char *tls_auth_file;
581  const char *tls_auth_file_inline;
582 
583  /* Shared secret used for TLS control channel authenticated encryption */
584  const char *tls_crypt_file;
585  const char *tls_crypt_inline;
586 
587  /* Client-specific secret or server key used for TLS control channel
588  * authenticated encryption v2 */
589  const char *tls_crypt_v2_file;
590  const char *tls_crypt_v2_inline;
591 
595 
597 
598  /* Allow only one session */
600 
602 
603  bool tls_exit;
604 
605  const struct x509_track *x509_track;
606 
607  /* special state parms */
609 
610 #ifdef _WIN32
611  HANDLE msg_channel;
612  const char *exit_event_name;
617 #endif
618 
621 
622 #if defined(ENABLE_CRYPTO_OPENSSL) && OPENSSL_VERSION_NUMBER >= 0x10001000
623  /* Keying Material Exporters [RFC 5705] */
624  const char *keying_material_exporter_label;
625  int keying_material_exporter_length;
626 #endif
627 
629 
630  /* Useful when packets sent by openvpn itself are not subject
631  * to the routing tables that would move packets into the tunnel. */
633 };
634 
635 #define streq(x, y) (!strcmp((x), (y)))
636 
637 /*
638  * Option classes.
639  */
640 #define OPT_P_GENERAL (1<<0)
641 #define OPT_P_UP (1<<1)
642 #define OPT_P_ROUTE (1<<2)
643 #define OPT_P_IPWIN32 (1<<3)
644 #define OPT_P_SCRIPT (1<<4)
645 #define OPT_P_SETENV (1<<5)
646 #define OPT_P_SHAPER (1<<6)
647 #define OPT_P_TIMER (1<<7)
648 #define OPT_P_PERSIST (1<<8)
649 #define OPT_P_PERSIST_IP (1<<9)
650 #define OPT_P_COMP (1<<10) /* TODO */
651 #define OPT_P_MESSAGES (1<<11)
652 #define OPT_P_NCP (1<<12)
653 #define OPT_P_TLS_PARMS (1<<13) /* TODO */
654 #define OPT_P_MTU (1<<14) /* TODO */
655 #define OPT_P_NICE (1<<15)
656 #define OPT_P_PUSH (1<<16)
657 #define OPT_P_INSTANCE (1<<17)
658 #define OPT_P_CONFIG (1<<18)
659 #define OPT_P_EXPLICIT_NOTIFY (1<<19)
660 #define OPT_P_ECHO (1<<20)
661 #define OPT_P_INHERIT (1<<21)
662 #define OPT_P_ROUTE_EXTRAS (1<<22)
663 #define OPT_P_PULL_MODE (1<<23)
664 #define OPT_P_PLUGIN (1<<24)
665 #define OPT_P_SOCKBUF (1<<25)
666 #define OPT_P_SOCKFLAGS (1<<26)
667 #define OPT_P_CONNECTION (1<<27)
668 #define OPT_P_PEER_ID (1<<28)
669 
670 #define OPT_P_DEFAULT (~(OPT_P_INSTANCE|OPT_P_PULL_MODE))
671 
672 #if P2MP
673 #define PULL_DEFINED(opt) ((opt)->pull)
674 #if P2MP_SERVER
675 #define PUSH_DEFINED(opt) ((opt)->push_list)
676 #endif
677 #endif
678 
679 #ifndef PULL_DEFINED
680 #define PULL_DEFINED(opt) (false)
681 #endif
682 
683 #ifndef PUSH_DEFINED
684 #define PUSH_DEFINED(opt) (false)
685 #endif
686 
687 #ifdef _WIN32
688 #define ROUTE_OPTION_FLAGS(o) ((o)->route_method & ROUTE_METHOD_MASK)
689 #else
690 #define ROUTE_OPTION_FLAGS(o) (0)
691 #endif
692 
693 #ifdef ENABLE_FEATURE_SHAPER
694 #define SHAPER_DEFINED(opt) ((opt)->shaper)
695 #else
696 #define SHAPER_DEFINED(opt) (false)
697 #endif
698 
699 #ifdef ENABLE_PLUGIN
700 #define PLUGIN_OPTION_LIST(opt) ((opt)->plugin_list)
701 #else
702 #define PLUGIN_OPTION_LIST(opt) (NULL)
703 #endif
704 
705 #ifdef MANAGEMENT_DEF_AUTH
706 #define MAN_CLIENT_AUTH_ENABLED(opt) ((opt)->management_flags & MF_CLIENT_AUTH)
707 #else
708 #define MAN_CLIENT_AUTH_ENABLED(opt) (false)
709 #endif
710 
711 void parse_argv(struct options *options,
712  const int argc,
713  char *argv[],
714  const int msglevel,
715  const unsigned int permission_mask,
716  unsigned int *option_types_found,
717  struct env_set *es);
718 
719 void notnull(const char *arg, const char *description);
720 
721 void usage_small(void);
722 
723 void show_library_versions(const unsigned int flags);
724 
725 #ifdef _WIN32
726 void show_windows_version(const unsigned int flags);
727 
728 #endif
729 
730 void init_options(struct options *o, const bool init_gc);
731 
732 void uninit_options(struct options *o);
733 
734 void setenv_settings(struct env_set *es, const struct options *o);
735 
736 void show_settings(const struct options *o);
737 
738 bool string_defined_equal(const char *s1, const char *s2);
739 
740 #ifdef ENABLE_OCC
741 
742 const char *options_string_version(const char *s, struct gc_arena *gc);
743 
744 char *options_string(const struct options *o,
745  const struct frame *frame,
746  struct tuntap *tt,
747  bool remote,
748  struct gc_arena *gc);
749 
750 bool options_cmp_equal_safe(char *actual, const char *expected, size_t actual_n);
751 
752 void options_warning_safe(char *actual, const char *expected, size_t actual_n);
753 
754 bool options_cmp_equal(char *actual, const char *expected);
755 
756 void options_warning(char *actual, const char *expected);
757 
758 #endif
759 
771  const char *opt_name, struct gc_arena *gc);
772 
773 
774 void options_postprocess(struct options *options);
775 
776 void pre_pull_save(struct options *o);
777 
778 void pre_pull_restore(struct options *o, struct gc_arena *gc);
779 
780 bool apply_push_options(struct options *options,
781  struct buffer *buf,
782  unsigned int permission_mask,
783  unsigned int *option_types_found,
784  struct env_set *es);
785 
786 void options_detach(struct options *o);
787 
788 void options_server_import(struct options *o,
789  const char *filename,
790  int msglevel,
791  unsigned int permission_mask,
792  unsigned int *option_types_found,
793  struct env_set *es);
794 
795 void pre_pull_default(struct options *o);
796 
797 void rol_check_alloc(struct options *options);
798 
799 int parse_line(const char *line,
800  char *p[],
801  const int n,
802  const char *file,
803  const int line_num,
804  int msglevel,
805  struct gc_arena *gc);
806 
807 /*
808  * parse/print topology coding
809  */
810 
811 int parse_topology(const char *str, const int msglevel);
812 
813 const char *print_topology(const int topology);
814 
815 /*
816  * Manage auth-retry variable
817  */
818 
819 #if P2MP
820 
821 #define AR_NONE 0
822 #define AR_INTERACT 1
823 #define AR_NOINTERACT 2
824 
825 int auth_retry_get(void);
826 
827 bool auth_retry_set(const int msglevel, const char *option);
828 
829 const char *auth_retry_print(void);
830 
831 #endif
832 
834  const char *config,
835  const int msglevel,
836  const unsigned int permission_mask,
837  unsigned int *option_types_found,
838  struct env_set *es);
839 
840 #endif /* ifndef OPTIONS_H */
void options_warning_safe(char *actual, const char *expected, size_t actual_n)
Definition: options.c:3900
bool remote_float
Definition: options.h:95
const char * tls_crypt_file
Definition: options.h:584
const char * status_file
Definition: options.h:321
const char * ecdh_curve
Definition: options.h:519
int ifconfig_pool_persist_refresh_freq
Definition: options.h:419
bool persist_remote_ip
Definition: options.h:275
int sndbuf
Definition: options.h:334
const char * ca_file_inline
Definition: options.h:526
struct route_ipv6_option_list * routes_ipv6
Definition: options.h:353
const char * management_certificate
Definition: options.h:379
const char * socks_proxy_port
Definition: options.h:104
bool options_cmp_equal(char *actual, const char *expected)
Definition: options.c:3736
bool tun_mtu_defined
Definition: options.h:108
Definition: tun.h:131
bool ncp_enabled
Definition: options.h:489
unsigned int management_flags
Definition: options.h:378
struct client_nat_option_list * client_nat
Definition: options.h:358
void show_windows_version(const unsigned int flags)
Definition: options.c:4133
bool block_outside_dns
Definition: options.h:616
bool mute_replay_warnings
Definition: options.h:497
bool show_curves
Definition: options.h:208
bool push_ifconfig_ipv6_blocked
Definition: options.h:449
bool exit_event_initial_state
Definition: options.h:613
const char * cipher_list
Definition: options.h:516
bool tls_server
Definition: options.h:507
const char * cert_file
Definition: options.h:512
const char * tls_cert_profile
Definition: options.h:518
int management_log_history_cache
Definition: options.h:369
const char * ifconfig_pool_persist_filename
Definition: options.h:418
const char * chroot_dir
Definition: options.h:291
bool allow_pull_fqdn
Definition: options.h:357
bool server_bridge_proxy_dhcp
Definition: options.h:405
const char * dev
Definition: options.h:230
int ping_rec_timeout_action
Definition: options.h:271
bool auth_token_generate
Definition: options.h:461
int inetd
Definition: options.h:308
int foreign_option_index
Definition: options.h:608
Packet geometry parameters.
Definition: mtu.h:93
int foreign_option_index
Definition: options.h:78
const char * ca_path
Definition: options.h:510
const char * ca_file
Definition: options.h:509
bool string_defined_equal(const char *s1, const char *s2)
Definition: options.c:4187
const char * tls_auth_file
Definition: options.h:580
const char * learn_address_script
Definition: options.h:429
const char * shared_secret_file
Definition: options.h:485
const char * priv_key_file
Definition: options.h:514
bool enable_c2c
Definition: options.h:450
#define RH_PORT_LEN
Definition: options.h:176
int push_ifconfig_ipv6_netbits
Definition: options.h:447
uint32_t peer_id
Definition: options.h:620
struct remote_list * remote_list
Definition: options.h:216
unsigned short sa_family_t
Definition: syshead.h:447
Definition: options.h:86
int renegotiate_seconds
Definition: options.h:564
bool persist_key
Definition: options.h:276
int replay_window
Definition: options.h:498
int persist_mode
Definition: options.h:201
int connect_retry_seconds
Definition: options.h:99
in_addr_t push_ifconfig_remote_netmask
Definition: options.h:439
void usage_small(void)
Definition: options.c:4125
bool ifconfig_pool_defined
Definition: options.h:414
const char * auth_retry_print(void)
Definition: options.c:4069
int rcvbuf
Definition: options.h:333
int inactivity_minimum_bytes
Definition: options.h:262
const char * crl_file_inline
Definition: options.h:529
char * options_string(const struct options *o, const struct frame *frame, struct tuntap *tt, bool remote, struct gc_arena *gc)
Definition: options.c:3548
const char title_string[]
Definition: options.c:65
struct connection_list * connection_list
Definition: options.h:214
#define RH_HOST_LEN
Definition: options.h:174
const char * exit_event_name
Definition: options.h:612
bool route_noexec
Definition: options.h:348
unsigned int sockflags
Definition: options.h:340
const char * tls_crypt_file
Definition: options.h:140
struct http_proxy_options * http_proxy_override
Definition: options.h:223
const char * route_script
Definition: options.h:343
const char * tls_crypt_v2_genkey_file
Definition: options.h:593
bool routes_defined
Definition: options.h:69
int proto_force
Definition: options.h:246
int management_state_buffer_size
Definition: options.h:371
int resolve_retry_seconds
Definition: options.h:282
int route_method
Definition: options.h:615
hash_algo_type
Types referencing specific message digest hashing algorithms.
#define in_addr_t
Definition: config-msvc.h:104
const char * config
Definition: options.h:187
int route_delay
Definition: options.h:349
const char * tls_auth_file_inline
Definition: options.h:581
#define MAX_PARMS
Definition: options.h:51
const char * down_script
Definition: options.h:298
const char * local_port
Definition: options.h:90
const char * route_predown_script
Definition: options.h:344
int cf_max
Definition: options.h:452
bool down_pre
Definition: options.h:300
int keepalive_timeout
Definition: options.h:259
struct route_option_list * routes
Definition: options.h:70
const char * pkcs12_file_inline
Definition: options.h:532
bool push_peer_info
Definition: options.h:601
int renegotiate_seconds_min
Definition: options.h:565
int handshake_window
Definition: options.h:569
bool allow_recursive_routing
Definition: options.h:632
in_addr_t ifconfig_pool_end
Definition: options.h:416
const char * tls_auth_file_inline
Definition: options.h:136
struct remote_host_store * rh_store
Definition: options.h:226
int parse_topology(const char *str, const int msglevel)
Definition: options.c:3988
const char * client_disconnect_script
Definition: options.h:428
int explicit_exit_notification
Definition: options.h:121
int status_file_update_freq
Definition: options.h:323
int verify_x509_type
Definition: options.h:521
unsigned int unsuccessful_attempts
Definition: options.h:220
const char * prng_hash
Definition: options.h:493
int scheduled_exit_interval
Definition: options.h:477
int ping_rec_timeout
Definition: options.h:265
void pre_pull_save(struct options *o)
Definition: options.c:3395
const char * pkcs12_file
Definition: options.h:515
void options_server_import(struct options *o, const char *filename, int msglevel, unsigned int permission_mask, unsigned int *option_types_found, struct env_set *es)
Definition: options.c:4781
bool ifconfig_noexec
Definition: options.h:240
bool fast_io
Definition: options.h:326
int key_direction
Definition: options.h:487
bool link_mtu_defined
Definition: options.h:112
const char * options_string_version(const char *s, struct gc_arena *gc)
Definition: options.c:3906
const char * tls_crypt_v2_inline
Definition: options.h:146
bool gc_owned
Definition: options.h:184
bool route_delay_defined
Definition: options.h:351
bool tls_exit
Definition: options.h:603
int key_direction
Definition: options.h:137
bool route_nopull
Definition: options.h:355
list flags
const char * tls_export_cert
Definition: options.h:523
const char * route_default_gateway
Definition: options.h:345
const char * ncp_ciphers
Definition: options.h:490
int cf_per
Definition: options.h:453
int remap_sigusr1
Definition: options.h:305
bool remote_random
Definition: options.h:228
struct client_nat_option_list * client_nat
Definition: options.h:76
bool auth_user_pass_verify_script_via_file
Definition: options.h:460
const char * tls_verify
Definition: options.h:520
bool push_ifconfig_constraint_defined
Definition: options.h:441
in_addr_t push_ifconfig_local
Definition: options.h:438
int parse_line(const char *line, char *p[], const int n, const char *file, const int line_num, int msglevel, struct gc_arena *gc)
Definition: options.c:4231
bool suppress_timestamps
Definition: options.h:311
int tun_mtu
Definition: options.h:107
const char * verify_x509_name
Definition: options.h:522
const char * socks_proxy_server
Definition: options.h:103
int ns_cert_type
Definition: options.h:534
const char * management_write_peer_info_file
Definition: options.h:372
in_addr_t server_bridge_pool_start
Definition: options.h:410
struct plugin_option_list * plugin_list
Definition: options.h:383
int proto
Definition: options.h:88
bool server_defined
Definition: options.h:393
int verbosity
Definition: options.h:314
bool show_net_up
Definition: options.h:614
int stale_routes_check_interval
Definition: options.h:456
bool show_engines
Definition: options.h:206
bool tuntap_options_defined
Definition: options.h:66
int mode
Definition: options.h:192
bool show_tls_ciphers
Definition: options.h:207
bool ifconfig_ipv6_pool_defined
Definition: options.h:421
bool ccd_exclusive
Definition: options.h:431
in_addr_t push_ifconfig_constraint_netmask
Definition: options.h:443
bool occ
Definition: options.h:362
bool local_port_defined
Definition: options.h:91
int ifconfig_ipv6_netbits
Definition: options.h:238
bool tls_client
Definition: options.h:508
const char * authname
Definition: options.h:491
int connect_retry_max
Definition: options.h:212
bool show_digests
Definition: options.h:205
bool genkey
Definition: options.h:209
int topology
Definition: options.h:234
struct iroute * iroutes
Definition: options.h:435
int mssfix
Definition: options.h:118
const char * tls_crypt_inline
Definition: options.h:141
void setenv_settings(struct env_set *es, const struct options *o)
Definition: options.c:998
const char * remote_port
Definition: options.h:152
int virtual_hash_size
Definition: options.h:426
const struct x509_track * x509_track
Definition: options.h:605
unsigned __int32 uint32_t
Definition: config-msvc.h:121
const char * tls_crypt_v2_inline
Definition: options.h:590
const char ** ignore_unknown_option
Definition: options.h:197
int proto
Definition: options.h:153
void parse_argv(struct options *options, const int argc, char *argv[], const int msglevel, const unsigned int permission_mask, unsigned int *option_types_found, struct env_set *es)
Definition: options.c:4646
HANDLE msg_channel
Definition: options.h:611
int keysize
Definition: options.h:492
int tcp_queue_limit
Definition: options.h:434
bool client_nat_defined
Definition: options.h:75
const char * socks_proxy_authfile
Definition: options.h:105
const char * client_config_dir
Definition: options.h:430
const char * ciphername
Definition: options.h:488
int renegotiate_bytes
Definition: options.h:562
struct http_proxy_options * http_proxy_options
Definition: options.h:102
const char * remote_cert_eku
Definition: options.h:536
in_addr_t server_bridge_ip
Definition: options.h:408
in_addr_t server_netmask
Definition: options.h:395
int prng_nonce_secret_len
Definition: options.h:494
const char * extra_certs_file
Definition: options.h:513
unsigned int ssl_flags
Definition: options.h:539
int max_routes_per_client
Definition: options.h:455
const char * lladdr
Definition: options.h:233
int renegotiate_packets
Definition: options.h:563
int n_bcast_buf
Definition: options.h:433
const char * auth_user_pass_file
Definition: options.h:474
int connect_retry_seconds_max
Definition: options.h:100
const char * management_user_pass
Definition: options.h:368
const char * cert_file_inline
Definition: options.h:527
in_addr_t ifconfig_pool_start
Definition: options.h:415
bool mtu_test
Definition: options.h:249
bool push_ifconfig_ipv4_blocked
Definition: options.h:444
int ping_send_timeout
Definition: options.h:264
const char * remote
Definition: options.h:94
hash_algo_type verify_hash_algo
Definition: options.h:538
const char * tls_crypt_v2_verify_script
Definition: options.h:596
int auth_retry_get(void)
Definition: options.c:4040
char * options_string_extract_option(const char *options_string, const char *opt_name, struct gc_arena *gc)
Given an OpenVPN options string, extract the value of an option.
Definition: options.c:3916
const char * tls_crypt_v2_file
Definition: options.h:589
void options_warning(char *actual, const char *expected)
Definition: options.c:3742
bool push_ifconfig_defined
Definition: options.h:437
void rol_check_alloc(struct options *options)
Definition: options.c:1397
void show_settings(const struct options *o)
Definition: options.c:1511
const char * ifconfig_ipv6_remote
Definition: options.h:239
bool resolve_in_advance
Definition: options.h:283
const char * writepid
Definition: options.h:296
const char * ifconfig_ipv6_local
Definition: options.h:237
const char * management_port
Definition: options.h:367
bool log
Definition: options.h:310
const char * client_connect_script
Definition: options.h:427
const char * cd_dir
Definition: options.h:292
int inactivity_timeout
Definition: options.h:261
const char * up_script
Definition: options.h:297
const char * ipchange
Definition: options.h:229
unsigned int flags
Definition: options.h:132
bool forward_compatible
Definition: options.h:195
const char * tls_crypt_inline
Definition: options.h:585
bool ifconfig_nowarn
Definition: options.h:241
in_addr_t ifconfig_pool_netmask
Definition: options.h:417
void pre_pull_restore(struct options *o, struct gc_arena *gc)
Definition: options.c:3422
void options_string_import(struct options *options, const char *config, const int msglevel, const unsigned int permission_mask, unsigned int *option_types_found, struct env_set *es)
Definition: options.c:4801
const char * tls_crypt_v2_genkey_type
Definition: options.h:592
bool client
Definition: options.h:470
bool disable
Definition: options.h:432
const char * remote_port
Definition: options.h:92
bool user_script_used
Definition: options.h:299
int push_continuation
Definition: options.h:472
void init_options(struct options *o, const bool init_gc)
Definition: options.c:794
const char * ip_remote_hint
Definition: options.h:284
const char * key_pass_file
Definition: options.h:203
int nice
Definition: options.h:313
unsigned int push_option_types_found
Definition: options.h:473
unsigned __int8 uint8_t
Definition: config-msvc.h:123
const char * tmp_dir
Definition: options.h:392
int route_default_metric
Definition: options.h:347
int max_clients
Definition: options.h:454
bool no_advance
Definition: options.h:218
int transition_window
Definition: options.h:577
bool mlock
Definition: options.h:256
const char * remote
Definition: options.h:151
bool show_ciphers
Definition: options.h:204
int status_file_version
Definition: options.h:322
const char * local
Definition: options.h:93
struct options_pre_pull * pre_pull
Definition: options.h:475
int route_delay_window
Definition: options.h:350
bool up_delay
Definition: options.h:301
const char * extra_certs_file_inline
Definition: options.h:528
int keepalive_ping
Definition: options.h:258
bool push_ifconfig_ipv6_defined
Definition: options.h:445
int replay_time
Definition: options.h:499
bool routes_ipv6_defined
Definition: options.h:72
const char * dev_node
Definition: options.h:232
sa_family_t af
Definition: options.h:154
int connect_timeout
Definition: options.h:101
Wrapper structure for dynamically allocated memory.
Definition: buffer.h:60
void options_postprocess(struct options *options)
Definition: options.c:3379
in_addr_t server_network
Definition: options.h:394
const char * cipher_list_tls13
Definition: options.h:517
int real_hash_size
Definition: options.h:425
in_addr_t push_ifconfig_local_alias
Definition: options.h:440
const char * print_topology(const int topology)
Definition: options.c:4010
bool apply_push_options(struct options *options, struct buffer *buf, unsigned int permission_mask, unsigned int *option_types_found, struct env_set *es)
Definition: options.c:4752
const char * auth_user_pass_verify_script
Definition: options.h:459
const char * tls_crypt_v2_metadata
Definition: options.h:594
Definition: route.h:230
int mute
Definition: options.h:315
struct route_option_list * routes
Definition: options.h:352
struct iroute_ipv6 * iroutes_ipv6
Definition: options.h:436
const char * management_addr
Definition: options.h:366
int tun_mtu_extra
Definition: options.h:109
struct pull_filter_list * pull_filter_list
Definition: options.h:628
struct route_ipv6_option_list * routes_ipv6
Definition: options.h:73
bool options_cmp_equal_safe(char *actual, const char *expected, size_t actual_n)
Definition: options.c:3877
unsigned int server_flags
Definition: options.h:403
bool machine_readable_output
Definition: options.h:312
bool daemon
Definition: options.h:303
Garbage collection arena used to keep track of dynamically allocated memory.
Definition: buffer.h:116
bool single_session
Definition: options.h:599
sa_family_t af
Definition: options.h:89
const char * management_client_group
Definition: options.h:375
void show_library_versions(const unsigned int flags)
Definition: options.c:4142
int tls_timeout
Definition: options.h:559
unsigned int auth_token_lifetime
Definition: options.h:462
bool bind_local
Definition: options.h:98
bool use_peer_id
Definition: options.h:619
unsigned int server_netbits_ipv6
Definition: options.h:398
const char * ifconfig_local
Definition: options.h:235
bool pull
Definition: options.h:471
int mtu_discover_type
Definition: options.h:115
void pre_pull_default(struct options *o)
void notnull(const char *arg, const char *description)
Definition: options.c:4178
bool bind_ipv6_only
Definition: options.h:97
Definition: options.h:149
const char * packet_id_file
Definition: options.h:500
bool server_ipv6_defined
Definition: options.h:396
const char * dh_file
Definition: options.h:511
void options_detach(struct options *o)
Definition: options.c:1386
const char * management_client_user
Definition: options.h:374
const char * tls_auth_file
Definition: options.h:135
Definition: argv.h:35
bool ping_timer_remote
Definition: options.h:266
bool mssfix_default
Definition: options.h:119
uint8_t * verify_hash
Definition: options.h:537
in_addr_t server_bridge_pool_end
Definition: options.h:411
in_addr_t push_ifconfig_constraint_network
Definition: options.h:442
bool auth_retry_set(const int msglevel, const char *option)
Definition: options.c:4046
bool persist_config
Definition: options.h:200
bool replay
Definition: options.h:496
bool test_crypto
Definition: options.h:501
bool persist_tun
Definition: options.h:273
const char * groupname
Definition: options.h:290
bool tun_mtu_extra_defined
Definition: options.h:110
bool block_ipv6
Definition: options.h:354
bool duplicate_cn
Definition: options.h:451
int stale_routes_ageing_time
Definition: options.h:457
const char * engine
Definition: options.h:495
int management_echo_buffer_size
Definition: options.h:370
const char * dh_file_inline
Definition: options.h:531
#define CONNECTION_LIST_SIZE
Definition: options.h:157
const char * ifconfig_remote_netmask
Definition: options.h:236
in_addr_t server_bridge_netmask
Definition: options.h:409
bool server_bridge_defined
Definition: options.h:407
bool bind_defined
Definition: options.h:96
int mark
Definition: options.h:337
char * priv_key_file_inline
Definition: options.h:530
const char * shared_secret_file_inline
Definition: options.h:486
const char * username
Definition: options.h:289
int key_method
Definition: options.h:556
void uninit_options(struct options *o)
Definition: options.c:916
int ifconfig_ipv6_pool_netbits
Definition: options.h:423
int fragment
Definition: options.h:117
const char * dev_type
Definition: options.h:231
bool route_gateway_via_dhcp
Definition: options.h:356
bool up_restart
Definition: options.h:302
const char * route_ipv6_default_gateway
Definition: options.h:346
int link_mtu
Definition: options.h:111
const char * tls_crypt_v2_file
Definition: options.h:145
bool persist_local_ip
Definition: options.h:274
const char * crl_file
Definition: options.h:524