OpenVPN
options.h
Go to the documentation of this file.
1 /*
2  * OpenVPN -- An application to securely tunnel IP networks
3  * over a single UDP port, with support for SSL/TLS-based
4  * session authentication and key exchange,
5  * packet encryption, packet authentication, and
6  * packet compression.
7  *
8  * Copyright (C) 2002-2021 OpenVPN Inc <sales@openvpn.net>
9  *
10  * This program is free software; you can redistribute it and/or modify
11  * it under the terms of the GNU General Public License version 2
12  * as published by the Free Software Foundation.
13  *
14  * This program is distributed in the hope that it will be useful,
15  * but WITHOUT ANY WARRANTY; without even the implied warranty of
16  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17  * GNU General Public License for more details.
18  *
19  * You should have received a copy of the GNU General Public License along
20  * with this program; if not, write to the Free Software Foundation, Inc.,
21  * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
22  */
23 
24 /*
25  * 2004-01-28: Added Socks5 proxy support
26  * (Christof Meerwald, http://cmeerw.org)
27  */
28 
29 #ifndef OPTIONS_H
30 #define OPTIONS_H
31 
32 #include "basic.h"
33 #include "common.h"
34 #include "mtu.h"
35 #include "route.h"
36 #include "tun.h"
37 #include "socket.h"
38 #include "plugin.h"
39 #include "manage.h"
40 #include "proxy.h"
41 #include "comp.h"
42 #include "pushlist.h"
43 #include "clinat.h"
44 #include "crypto_backend.h"
45 
46 
47 /*
48  * Maximum number of parameters associated with an option,
49  * including the option name itself.
50  */
51 #define MAX_PARMS 16
52 
53 /*
54  * Max size of options line and parameter.
55  */
56 #define OPTION_PARM_SIZE 256
57 #define OPTION_LINE_SIZE 256
58 
59 extern const char title_string[];
60 
61 /* certain options are saved before --pull modifications are applied */
63 {
66 
69 
72 
73  const char *route_default_gateway;
75 
78 
79  const char* ciphername;
80  const char* authname;
81 
85 
87 #ifdef USE_COMP
88  struct compress_options comp;
89 #endif
90 };
91 
92 #if !defined(ENABLE_CRYPTO_OPENSSL) && !defined(ENABLE_CRYPTO_MBEDTLS)
93 #error "At least one of OpenSSL or mbed TLS needs to be defined."
94 #endif
95 
97 {
98  int proto;
100  const char *local_port;
102  const char *remote_port;
103  const char *local;
104  const char *remote;
113  const char *socks_proxy_server;
114  const char *socks_proxy_port;
115  const char *socks_proxy_authfile;
116 
117  int tun_mtu; /* MTU of tun device */
118  bool tun_mtu_defined; /* true if user overriding parm with command line option */
121  int link_mtu; /* MTU of device over which tunnel packets pass via TCP/UDP */
122  bool link_mtu_defined; /* true if user overriding parm with command line option */
123 
124  /* Advanced MTU negotiation and datagram fragmentation options */
125  int mtu_discover_type; /* used if OS supports setting Path MTU discovery options on socket */
126 
127  int fragment; /* internal fragmentation size */
128  int mssfix; /* Upper bound on TCP MSS */
129  bool mssfix_default; /* true if --mssfix was supplied without a parameter */
130 
131  int explicit_exit_notification; /* Explicitly tell peer when we are exiting via OCC_EXIT or [RESTART] message */
132 
133 #define CE_DISABLED (1<<0)
134 #define CE_MAN_QUERY_PROXY (1<<1)
135 #define CE_MAN_QUERY_REMOTE_UNDEF 0
136 #define CE_MAN_QUERY_REMOTE_QUERY 1
137 #define CE_MAN_QUERY_REMOTE_ACCEPT 2
138 #define CE_MAN_QUERY_REMOTE_MOD 3
139 #define CE_MAN_QUERY_REMOTE_SKIP 4
140 #define CE_MAN_QUERY_REMOTE_MASK (0x07)
141 #define CE_MAN_QUERY_REMOTE_SHIFT (2)
142  unsigned int flags;
143 
144  /* Shared secret used for TLS control channel authentication */
145  const char *tls_auth_file;
148 
149  /* Shared secret used for TLS control channel authenticated encryption */
150  const char *tls_crypt_file;
152 
153  /* Client-specific secret or server key used for TLS control channel
154  * authenticated encryption v2 */
155  const char *tls_crypt_v2_file;
157 };
158 
160 {
161  const char *remote;
162  const char *remote_port;
163  int proto;
165 };
166 
167 #define CONNECTION_LIST_SIZE 64
168 
170 {
171  int len;
172  int current;
174 };
175 
177 {
178  int len;
180 };
181 
183 {
187 };
188 
190 {
191 #define RH_HOST_LEN 80
192  char host[RH_HOST_LEN];
193 #define RH_PORT_LEN 20
194  char port[RH_PORT_LEN];
195 };
196 
202 };
203 
205 {
206  /* We support SHA256 and SHA1 fingerpint. In the case of using the
207  * deprecated SHA1, only the first 20 bytes of each list item are used */
210 };
211 
212 /* Command line options */
213 struct options
214 {
215  struct gc_arena gc;
216  bool gc_owned;
217 
218  /* first config file */
219  const char *config;
220 
221  /* major mode */
222 #define MODE_POINT_TO_POINT 0
223 #define MODE_SERVER 1
224  int mode;
225 
226  /* enable forward compatibility for post-2.1 features */
230  unsigned int backwards_compatible;
231 
232  /* list of options that should be ignored even if unknown */
233  const char **ignore_unknown_option;
234 
235  /* persist parms */
238 
239  const char *key_pass_file;
245  bool genkey;
247  const char *genkey_filename;
248  const char *genkey_extra_data;
249 
250  /* Networking parms */
252  struct connection_entry ce;
254 
256  /* Do not advanced the connection or remote addr list*/
258  /* Counts the number of unsuccessful connection attempts */
259  unsigned int unsuccessful_attempts;
260 
261 #if ENABLE_MANAGEMENT
263 #endif
264 
266 
268  const char *ipchange;
269  const char *dev;
270  const char *dev_type;
271  const char *dev_node;
272  const char *lladdr;
273  int topology; /* one of the TOP_x values from proto.h */
274  const char *ifconfig_local;
276  const char *ifconfig_ipv6_local;
278  const char *ifconfig_ipv6_remote;
281  int shaper;
282 
284 
285  bool mtu_test;
286 
287 #ifdef ENABLE_MEMSTATS
288  char *memstats_fn;
289 #endif
290 
291  bool mlock;
292 
293  int keepalive_ping; /* a proxy for ping/ping-restart */
295 
296  int inactivity_timeout; /* --inactive */
298 
299  int ping_send_timeout; /* Send a TCP/UDP ping to remote every n seconds */
300  int ping_rec_timeout; /* Expect a TCP/UDP ping from remote at least once every n seconds */
301  bool ping_timer_remote; /* Run ping timer only if we have a remote address */
302 
303 #define PING_UNDEF 0
304 #define PING_EXIT 1
305 #define PING_RESTART 2
306  int ping_rec_timeout_action; /* What action to take on ping_rec_timeout (exit or restart)? */
307 
308  bool persist_tun; /* Don't close/reopen TUN/TAP dev on SIGUSR1 or PING_RESTART */
309  bool persist_local_ip; /* Don't re-resolve local address on SIGUSR1 or PING_RESTART */
310  bool persist_remote_ip; /* Don't re-resolve remote address on SIGUSR1 or PING_RESTART */
311  bool persist_key; /* Don't re-read key files on SIGUSR1 or PING_RESTART */
312 
313 #if PASSTOS_CAPABILITY
314  bool passtos;
315 #endif
316 
317  int resolve_retry_seconds; /* If hostname resolve fails, retry for n seconds */
319  const char *ip_remote_hint;
320 
322 
323  /* Misc parms */
324  const char *username;
325  const char *groupname;
326  const char *chroot_dir;
327  const char *cd_dir;
328 #ifdef ENABLE_SELINUX
329  char *selinux_context;
330 #endif
331  const char *writepid;
332  const char *up_script;
333  const char *down_script;
335  bool down_pre;
336  bool up_delay;
338  bool daemon;
339 
341 
342  bool log;
345  int nice;
347  int mute;
348 
349 #ifdef ENABLE_DEBUG
350  int gremlin;
351 #endif
352 
353  const char *status_file;
356 
357  /* optimize TUN/TAP/UDP writes */
358  bool fast_io;
359 
360 #ifdef USE_COMP
361  struct compress_options comp;
362 #endif
363 
364  /* buffer sizes */
365  int rcvbuf;
366  int sndbuf;
367 
368  /* mark value */
369  int mark;
370  char *bind_dev;
371 
372  /* socket flags */
373  unsigned int sockflags;
374 
375  /* route management */
376  const char *route_script;
377  const char *route_predown_script;
390  bool allow_pull_fqdn; /* as a client, allow server to push a FQDN for certain parameters */
392 
393  /* Enable options consistency check between peers */
394  bool occ;
395 
396 #ifdef ENABLE_MANAGEMENT
397  const char *management_addr;
398  const char *management_port;
399  const char *management_user_pass;
404 
407 
408  /* Mask of MF_ values of manage.h */
409  unsigned int management_flags;
411 #endif
412 
413 #ifdef ENABLE_PLUGIN
415 #endif
416 
417  /* the tmp dir is for now only used in the P2P server context */
418  const char *tmp_dir;
422  bool server_ipv6_defined; /* IPv6 */
423  struct in6_addr server_network_ipv6; /* IPv6 */
424  unsigned int server_netbits_ipv6; /* IPv6 */
425 
426 #define SF_NOPOOL (1<<0)
427 #define SF_TCP_NODELAY_HELPER (1<<1)
428 #define SF_NO_PUSH_ROUTE_GATEWAY (1<<2)
429  unsigned int server_flags;
430 
432 
438 
446 
447  bool ifconfig_ipv6_pool_defined; /* IPv6 */
448  struct in6_addr ifconfig_ipv6_pool_base; /* IPv6 */
450 
455  const char *learn_address_script;
456  const char *client_config_dir;
458  bool disable;
461  struct iroute *iroutes;
462  struct iroute_ipv6 *iroutes_ipv6; /* IPv6 */
470  bool push_ifconfig_ipv4_blocked; /* IPv4 */
471  bool push_ifconfig_ipv6_defined; /* IPv6 */
472  struct in6_addr push_ifconfig_ipv6_local; /* IPv6 */
474  struct in6_addr push_ifconfig_ipv6_remote; /* IPv6 */
475  bool push_ifconfig_ipv6_blocked; /* IPv6 */
478  int cf_max;
479  int cf_per;
484 
493 
494 #if PORT_SHARE
495  char *port_share_host;
496  char *port_share_port;
497  const char *port_share_journal_dir;
498 #endif
499 
500  bool client;
501  bool pull; /* client pull of config options from server */
504  const char *auth_user_pass_file;
506 
508 
509 #ifdef ENABLE_MANAGEMENT
510  struct static_challenge_info sc_info;
511 #endif
512  /* Cipher parms */
513  const char *shared_secret_file;
516  const char *ciphername;
519  const char *ncp_ciphers;
520  const char *authname;
521  const char *prng_hash;
523  const char *engine;
524  bool replay;
528  const char *packet_id_file;
530 #ifdef ENABLE_PREDICTION_RESISTANCE
531  bool use_prediction_resistance;
532 #endif
533 
534  /* TLS (control channel) parms */
537  const char *ca_file;
539  const char *ca_path;
540  const char *dh_file;
542  const char *cert_file;
544  const char *extra_certs_file;
546  const char *priv_key_file;
548  const char *pkcs12_file;
550  const char *cipher_list;
551  const char *cipher_list_tls13;
552  const char *tls_groups;
553  const char *tls_cert_profile;
554  const char *ecdh_curve;
555  const char *tls_verify;
557  const char *verify_x509_name;
558  const char *tls_export_cert;
559  const char *crl_file;
561 
562  int ns_cert_type; /* set to 0, NS_CERT_CHECK_SERVER, or NS_CERT_CHECK_CLIENT */
563  unsigned remote_cert_ku[MAX_PARMS];
564  const char *remote_cert_eku;
569  unsigned int ssl_flags; /* set to SSLF_x flags from ssl.h */
570 
571 #ifdef ENABLE_PKCS11
572  const char *pkcs11_providers[MAX_PARMS];
573  unsigned pkcs11_private_mode[MAX_PARMS];
574  bool pkcs11_protected_authentication[MAX_PARMS];
575  bool pkcs11_cert_private[MAX_PARMS];
576  int pkcs11_pin_cache_period;
577  const char *pkcs11_id;
578  bool pkcs11_id_management;
579 #endif
580 
581 #ifdef ENABLE_CRYPTOAPI
582  const char *cryptoapi_cert;
583 #endif
584  /* Per-packet timeout on control channel */
586 
587  /* Data channel key renegotiation parameters */
592 
593  /* Data channel key handshake must finalize
594  * within n seconds of handshake initiation. */
596 
597 #ifdef ENABLE_X509ALTUSERNAME
598  /* Field list used to be the username in X509 cert. */
599  char *x509_username_field[MAX_PARMS];
600 #endif
601 
602  /* Old key allowed to live n seconds after new key goes active */
604 
605  /* Shared secret used for TLS control channel authentication */
606  const char *tls_auth_file;
608 
609  /* Shared secret used for TLS control channel authenticated encryption */
610  const char *tls_crypt_file;
612 
613  /* Client-specific secret or server key used for TLS control channel
614  * authenticated encryption v2 */
615  const char *tls_crypt_v2_file;
617 
619 
621 
622  /* Allow only one session */
624 
626 
627  bool tls_exit;
628 
629  const struct x509_track *x509_track;
630 
631  /* special state parms */
633 
634 #ifdef _WIN32
635  HANDLE msg_channel;
636  const char *exit_event_name;
641  enum windows_driver_type windows_driver;
642 #endif
643 
645  uint32_t peer_id;
646 
647 #ifdef HAVE_EXPORT_KEYING_MATERIAL
648  /* Keying Material Exporters [RFC 5705] */
649  const char *keying_material_exporter_label;
650  int keying_material_exporter_length;
651 #endif
652 
654  enum vlan_acceptable_frames vlan_accept;
655  uint16_t vlan_pvid;
656 
658 
659  /* Useful when packets sent by openvpn itself are not subject
660  * to the routing tables that would move packets into the tunnel. */
662 
663  /* data channel crypto flags set by push/pull. Reuses the CO_* crypto_flags */
665 };
666 
667 #define streq(x, y) (!strcmp((x), (y)))
668 
669 /*
670  * Option classes.
671  */
672 #define OPT_P_GENERAL (1<<0)
673 #define OPT_P_UP (1<<1)
674 #define OPT_P_ROUTE (1<<2)
675 #define OPT_P_IPWIN32 (1<<3)
676 #define OPT_P_SCRIPT (1<<4)
677 #define OPT_P_SETENV (1<<5)
678 #define OPT_P_SHAPER (1<<6)
679 #define OPT_P_TIMER (1<<7)
680 #define OPT_P_PERSIST (1<<8)
681 #define OPT_P_PERSIST_IP (1<<9)
682 #define OPT_P_COMP (1<<10) /* TODO */
683 #define OPT_P_MESSAGES (1<<11)
684 #define OPT_P_NCP (1<<12)
685 #define OPT_P_TLS_PARMS (1<<13) /* TODO */
686 #define OPT_P_MTU (1<<14) /* TODO */
687 #define OPT_P_NICE (1<<15)
688 #define OPT_P_PUSH (1<<16)
689 #define OPT_P_INSTANCE (1<<17)
690 #define OPT_P_CONFIG (1<<18)
691 #define OPT_P_EXPLICIT_NOTIFY (1<<19)
692 #define OPT_P_ECHO (1<<20)
693 #define OPT_P_INHERIT (1<<21)
694 #define OPT_P_ROUTE_EXTRAS (1<<22)
695 #define OPT_P_PULL_MODE (1<<23)
696 #define OPT_P_PLUGIN (1<<24)
697 #define OPT_P_SOCKBUF (1<<25)
698 #define OPT_P_SOCKFLAGS (1<<26)
699 #define OPT_P_CONNECTION (1<<27)
700 #define OPT_P_PEER_ID (1<<28)
701 #define OPT_P_INLINE (1<<29)
702 
703 #define OPT_P_DEFAULT (~(OPT_P_INSTANCE|OPT_P_PULL_MODE))
704 
705 #define PULL_DEFINED(opt) ((opt)->pull)
706 #define PUSH_DEFINED(opt) ((opt)->push_list)
707 
708 #ifndef PULL_DEFINED
709 #define PULL_DEFINED(opt) (false)
710 #endif
711 
712 #ifndef PUSH_DEFINED
713 #define PUSH_DEFINED(opt) (false)
714 #endif
715 
716 #ifdef _WIN32
717 #define ROUTE_OPTION_FLAGS(o) ((o)->route_method & ROUTE_METHOD_MASK)
718 #else
719 #define ROUTE_OPTION_FLAGS(o) (0)
720 #endif
721 
722 #define SHAPER_DEFINED(opt) ((opt)->shaper)
723 
724 #ifdef ENABLE_PLUGIN
725 #define PLUGIN_OPTION_LIST(opt) ((opt)->plugin_list)
726 #else
727 #define PLUGIN_OPTION_LIST(opt) (NULL)
728 #endif
729 
730 #ifdef ENABLE_MANAGEMENT
731 #define MAN_CLIENT_AUTH_ENABLED(opt) ((opt)->management_flags & MF_CLIENT_AUTH)
732 #else
733 #define MAN_CLIENT_AUTH_ENABLED(opt) (false)
734 #endif
735 
736 void parse_argv(struct options *options,
737  const int argc,
738  char *argv[],
739  const int msglevel,
740  const unsigned int permission_mask,
741  unsigned int *option_types_found,
742  struct env_set *es);
743 
744 void notnull(const char *arg, const char *description);
745 
746 void usage_small(void);
747 
748 void show_library_versions(const unsigned int flags);
749 
750 #ifdef _WIN32
751 void show_windows_version(const unsigned int flags);
752 
753 #endif
754 
755 void init_options(struct options *o, const bool init_gc);
756 
757 void uninit_options(struct options *o);
758 
759 void setenv_settings(struct env_set *es, const struct options *o);
760 
761 void show_settings(const struct options *o);
762 
763 bool string_defined_equal(const char *s1, const char *s2);
764 
765 const char *options_string_version(const char *s, struct gc_arena *gc);
766 
767 char *options_string(const struct options *o,
768  const struct frame *frame,
769  struct tuntap *tt,
770  openvpn_net_ctx_t *ctx,
771  bool remote,
772  struct gc_arena *gc);
773 
774 bool options_cmp_equal_safe(char *actual, const char *expected, size_t actual_n);
775 
776 void options_warning_safe(char *actual, const char *expected, size_t actual_n);
777 
778 bool options_cmp_equal(char *actual, const char *expected);
779 
780 void options_warning(char *actual, const char *expected);
781 
793  const char *opt_name, struct gc_arena *gc);
794 
795 
796 void options_postprocess(struct options *options);
797 
798 void pre_connect_save(struct options *o);
799 
800 void pre_connect_restore(struct options *o, struct gc_arena *gc);
801 
802 bool apply_push_options(struct options *options,
803  struct buffer *buf,
804  unsigned int permission_mask,
805  unsigned int *option_types_found,
806  struct env_set *es);
807 
808 void options_detach(struct options *o);
809 
810 void options_server_import(struct options *o,
811  const char *filename,
812  int msglevel,
813  unsigned int permission_mask,
814  unsigned int *option_types_found,
815  struct env_set *es);
816 
817 void pre_pull_default(struct options *o);
818 
819 void rol_check_alloc(struct options *options);
820 
821 int parse_line(const char *line,
822  char *p[],
823  const int n,
824  const char *file,
825  const int line_num,
826  int msglevel,
827  struct gc_arena *gc);
828 
829 /*
830  * parse/print topology coding
831  */
832 
833 int parse_topology(const char *str, const int msglevel);
834 
835 const char *print_topology(const int topology);
836 
837 /*
838  * Manage auth-retry variable
839  */
840 
841 #define AR_NONE 0
842 #define AR_INTERACT 1
843 #define AR_NOINTERACT 2
844 
845 int auth_retry_get(void);
846 
847 bool auth_retry_set(const int msglevel, const char *option);
848 
849 const char *auth_retry_print(void);
850 
852  const char *config,
853  const int msglevel,
854  const unsigned int permission_mask,
855  unsigned int *option_types_found,
856  struct env_set *es);
857 
858 #endif /* ifndef OPTIONS_H */
void options_warning_safe(char *actual, const char *expected, size_t actual_n)
Definition: options.c:4227
bool remote_float
Definition: options.h:105
const char * tls_crypt_file
Definition: options.h:610
const char * status_file
Definition: options.h:353
const char * ecdh_curve
Definition: options.h:554
int ifconfig_pool_persist_refresh_freq
Definition: options.h:445
bool persist_remote_ip
Definition: options.h:310
const char * route_ipv6_default_gateway
Definition: options.h:74
int sndbuf
Definition: options.h:366
struct route_ipv6_option_list * routes_ipv6
Definition: options.h:386
const char * management_certificate
Definition: options.h:410
const char * socks_proxy_port
Definition: options.h:114
bool options_cmp_equal(char *actual, const char *expected)
Definition: options.c:4062
bool tun_mtu_defined
Definition: options.h:118
Definition: tun.h:155
unsigned int management_flags
Definition: options.h:409
struct client_nat_option_list * client_nat
Definition: options.h:391
bool verify_hash_no_ca
Definition: options.h:568
void show_windows_version(const unsigned int flags)
Definition: options.c:4481
bool block_outside_dns
Definition: options.h:640
bool mute_replay_warnings
Definition: options.h:525
bool show_curves
Definition: options.h:244
bool push_ifconfig_ipv6_blocked
Definition: options.h:475
bool exit_event_initial_state
Definition: options.h:637
const char * cipher_list
Definition: options.h:550
struct client_nat_option_list * client_nat
Definition: options.h:77
bool tls_server
Definition: options.h:535
bool enable_ncp_fallback
If defined fall back to ciphername if NCP fails.
Definition: options.h:517
bool tls_crypt_v2_file_inline
Definition: options.h:616
const char * cert_file
Definition: options.h:542
const char * tls_cert_profile
Definition: options.h:553
int management_log_history_cache
Definition: options.h:400
const char * ifconfig_pool_persist_filename
Definition: options.h:444
const char * chroot_dir
Definition: options.h:326
bool allow_pull_fqdn
Definition: options.h:390
bool server_bridge_proxy_dhcp
Definition: options.h:431
const char * dev
Definition: options.h:269
int ping_rec_timeout_action
Definition: options.h:306
bool auth_token_generate
Definition: options.h:487
int foreign_option_index
Definition: options.h:632
Packet geometry parameters.
Definition: mtu.h:93
const char * ca_path
Definition: options.h:539
const char * ca_file
Definition: options.h:537
bool string_defined_equal(const char *s1, const char *s2)
Definition: options.c:4535
const char * ciphername
Definition: options.h:79
bool extra_certs_file_inline
Definition: options.h:545
bool cert_file_inline
Definition: options.h:543
const char * tls_auth_file
Definition: options.h:606
const char * learn_address_script
Definition: options.h:455
const char * shared_secret_file
Definition: options.h:513
const char * priv_key_file
Definition: options.h:546
bool enable_c2c
Definition: options.h:476
#define RH_PORT_LEN
Definition: options.h:193
int push_ifconfig_ipv6_netbits
Definition: options.h:473
uint32_t peer_id
Definition: options.h:645
bool tls_auth_file_inline
Definition: options.h:607
struct remote_list * remote_list
Definition: options.h:255
bool tls_crypt_v2_file_inline
Definition: options.h:156
unsigned short sa_family_t
Definition: syshead.h:402
bool client_nat_defined
Definition: options.h:76
Definition: options.h:96
int renegotiate_seconds
Definition: options.h:590
bool persist_key
Definition: options.h:311
int replay_window
Definition: options.h:526
int persist_mode
Definition: options.h:237
int connect_retry_seconds
Definition: options.h:109
in_addr_t push_ifconfig_remote_netmask
Definition: options.h:465
void usage_small(void)
Definition: options.c:4473
bool ifconfig_pool_defined
Definition: options.h:440
const char * auth_retry_print(void)
Definition: options.c:4419
int rcvbuf
Definition: options.h:365
int inactivity_minimum_bytes
Definition: options.h:297
const char title_string[]
Definition: options.c:67
struct connection_list * connection_list
Definition: options.h:253
#define RH_HOST_LEN
Definition: options.h:191
const char * exit_event_name
Definition: options.h:636
bool route_noexec
Definition: options.h:381
unsigned int sockflags
Definition: options.h:373
const char * tls_crypt_file
Definition: options.h:150
const char * genkey_extra_data
Definition: options.h:248
struct http_proxy_options * http_proxy_override
Definition: options.h:262
const char * route_script
Definition: options.h:376
int proto_force
Definition: options.h:283
int management_state_buffer_size
Definition: options.h:402
int resolve_retry_seconds
Definition: options.h:317
int route_method
Definition: options.h:639
hash_algo_type
Types referencing specific message digest hashing algorithms.
const char * auth_token_secret_file
Definition: options.h:491
bool tls_crypt_file_inline
Definition: options.h:611
#define in_addr_t
Definition: config-msvc.h:103
const char * config
Definition: options.h:219
int route_delay
Definition: options.h:382
vlan_acceptable_frames
Definition: options.h:182
#define MAX_PARMS
Definition: options.h:51
const char * down_script
Definition: options.h:333
const char * cryptoapi_cert
Definition: options.h:582
const char * local_port
Definition: options.h:100
const char * route_predown_script
Definition: options.h:377
int cf_max
Definition: options.h:478
bool down_pre
Definition: options.h:335
int keepalive_timeout
Definition: options.h:294
void * openvpn_net_ctx_t
Definition: networking.h:26
bool push_peer_info
Definition: options.h:625
int renegotiate_seconds_min
Definition: options.h:591
bool tls_crypt_file_inline
Definition: options.h:151
int handshake_window
Definition: options.h:595
bool tuntap_options_defined
Definition: options.h:64
bool allow_recursive_routing
Definition: options.h:661
in_addr_t ifconfig_pool_end
Definition: options.h:442
struct remote_host_store * rh_store
Definition: options.h:265
int parse_topology(const char *str, const int msglevel)
Definition: options.c:4340
const char * client_disconnect_script
Definition: options.h:454
int explicit_exit_notification
Definition: options.h:131
int status_file_update_freq
Definition: options.h:355
int verify_x509_type
Definition: options.h:556
unsigned int unsuccessful_attempts
Definition: options.h:259
bool auth_token_call_auth
Definition: options.h:489
int ping_rec_timeout_action
Definition: options.h:84
const char * prng_hash
Definition: options.h:521
int scheduled_exit_interval
Definition: options.h:507
int ping_rec_timeout
Definition: options.h:300
const char * pkcs12_file
Definition: options.h:548
void options_server_import(struct options *o, const char *filename, int msglevel, unsigned int permission_mask, unsigned int *option_types_found, struct env_set *es)
Definition: options.c:5141
bool ifconfig_noexec
Definition: options.h:279
bool fast_io
Definition: options.h:358
int key_direction
Definition: options.h:515
bool link_mtu_defined
Definition: options.h:122
const char * options_string_version(const char *s, struct gc_arena *gc)
Definition: options.c:4233
bool gc_owned
Definition: options.h:216
unsigned int data_channel_crypto_flags
Definition: options.h:664
bool route_delay_defined
Definition: options.h:384
unsigned int backwards_compatible
What version we should try to be compatible with as major * 10000 + minor * 100 + patch...
Definition: options.h:230
bool tls_exit
Definition: options.h:627
int key_direction
Definition: options.h:147
bool route_nopull
Definition: options.h:388
list flags
const char * tls_export_cert
Definition: options.h:558
const char * route_default_gateway
Definition: options.h:378
const char * ncp_ciphers
Definition: options.h:519
int cf_per
Definition: options.h:479
int remap_sigusr1
Definition: options.h:340
bool remote_random
Definition: options.h:267
bool auth_user_pass_verify_script_via_file
Definition: options.h:486
const char * tls_verify
Definition: options.h:555
bool push_ifconfig_constraint_defined
Definition: options.h:467
in_addr_t push_ifconfig_local
Definition: options.h:464
int parse_line(const char *line, char *p[], const int n, const char *file, const int line_num, int msglevel, struct gc_arena *gc)
Definition: options.c:4579
bool suppress_timestamps
Definition: options.h:343
bool crl_file_inline
Definition: options.h:560
int tun_mtu
Definition: options.h:117
const char * verify_x509_name
Definition: options.h:557
const char * socks_proxy_server
Definition: options.h:113
int ns_cert_type
Definition: options.h:562
const char * management_write_peer_info_file
Definition: options.h:403
in_addr_t server_bridge_pool_start
Definition: options.h:436
struct plugin_option_list * plugin_list
Definition: options.h:414
int proto
Definition: options.h:98
bool server_defined
Definition: options.h:419
int verbosity
Definition: options.h:346
bool show_net_up
Definition: options.h:638
int stale_routes_check_interval
Definition: options.h:482
bool show_engines
Definition: options.h:242
int verify_hash_depth
Definition: options.h:567
int foreign_option_index
Definition: options.h:86
uint16_t vlan_pvid
Definition: options.h:655
int mode
Definition: options.h:224
bool show_tls_ciphers
Definition: options.h:243
bool ifconfig_ipv6_pool_defined
Definition: options.h:447
bool ccd_exclusive
Definition: options.h:457
bool ca_file_inline
Definition: options.h:538
in_addr_t push_ifconfig_constraint_netmask
Definition: options.h:469
bool occ
Definition: options.h:394
bool local_port_defined
Definition: options.h:101
struct route_ipv6_option_list * routes_ipv6
Definition: options.h:71
int ifconfig_ipv6_netbits
Definition: options.h:277
bool tls_client
Definition: options.h:536
const char * authname
Definition: options.h:520
int shaper
Definition: options.h:281
int connect_retry_max
Definition: options.h:251
bool show_digests
Definition: options.h:241
const char * route_default_gateway
Definition: options.h:73
bool genkey
Definition: options.h:245
int topology
Definition: options.h:273
struct iroute * iroutes
Definition: options.h:461
int mssfix
Definition: options.h:128
void setenv_settings(struct env_set *es, const struct options *o)
Definition: options.c:971
const char * remote_port
Definition: options.h:162
int virtual_hash_size
Definition: options.h:452
const struct x509_track * x509_track
Definition: options.h:629
const char ** ignore_unknown_option
Definition: options.h:233
int proto
Definition: options.h:163
void parse_argv(struct options *options, const int argc, char *argv[], const int msglevel, const unsigned int permission_mask, unsigned int *option_types_found, struct env_set *es)
Definition: options.c:5003
HANDLE msg_channel
Definition: options.h:635
int tcp_queue_limit
Definition: options.h:460
bool auth_token_secret_file_inline
Definition: options.h:492
const char * socks_proxy_authfile
Definition: options.h:115
const char * client_config_dir
Definition: options.h:456
const char * ciphername
Definition: options.h:516
int renegotiate_bytes
Definition: options.h:588
struct http_proxy_options * http_proxy_options
Definition: options.h:112
const char * remote_cert_eku
Definition: options.h:564
bool vlan_tagging
Definition: options.h:653
in_addr_t server_bridge_ip
Definition: options.h:434
in_addr_t server_netmask
Definition: options.h:421
int prng_nonce_secret_len
Definition: options.h:522
const char * extra_certs_file
Definition: options.h:544
unsigned int ssl_flags
Definition: options.h:569
int max_routes_per_client
Definition: options.h:481
const char * lladdr
Definition: options.h:272
int renegotiate_packets
Definition: options.h:589
int n_bcast_buf
Definition: options.h:459
const char * auth_user_pass_file
Definition: options.h:504
int connect_retry_seconds_max
Definition: options.h:110
const char * management_user_pass
Definition: options.h:399
in_addr_t ifconfig_pool_start
Definition: options.h:441
bool mtu_test
Definition: options.h:285
windows_driver_type
Definition: tun.h:47
bool push_ifconfig_ipv4_blocked
Definition: options.h:470
int ping_send_timeout
Definition: options.h:299
struct options_pre_connect * pre_connect
Definition: options.h:505
const char * remote
Definition: options.h:104
hash_algo_type verify_hash_algo
Definition: options.h:566
const char * tls_crypt_v2_verify_script
Definition: options.h:620
int auth_retry_get(void)
Definition: options.c:4390
char * options_string_extract_option(const char *options_string, const char *opt_name, struct gc_arena *gc)
Given an OpenVPN options string, extract the value of an option.
Definition: options.c:4241
const char * tls_crypt_v2_file
Definition: options.h:615
void options_warning(char *actual, const char *expected)
Definition: options.c:4068
bool push_ifconfig_defined
Definition: options.h:463
void rol_check_alloc(struct options *options)
Definition: options.c:1452
void show_settings(const struct options *o)
Definition: options.c:1564
const char * genkey_filename
Definition: options.h:247
const char * ifconfig_ipv6_remote
Definition: options.h:278
bool resolve_in_advance
Definition: options.h:318
const char * writepid
Definition: options.h:331
const char * ifconfig_ipv6_local
Definition: options.h:276
struct verify_hash_list * verify_hash
Definition: options.h:565
const char * tls_groups
Definition: options.h:552
const char * management_port
Definition: options.h:398
bool log
Definition: options.h:342
const char * client_connect_script
Definition: options.h:453
const char * cd_dir
Definition: options.h:327
int inactivity_timeout
Definition: options.h:296
const char * up_script
Definition: options.h:332
const char * ipchange
Definition: options.h:268
unsigned int flags
Definition: options.h:142
bool forward_compatible
Definition: options.h:227
bool ifconfig_nowarn
Definition: options.h:280
in_addr_t ifconfig_pool_netmask
Definition: options.h:443
void options_string_import(struct options *options, const char *config, const int msglevel, const unsigned int permission_mask, unsigned int *option_types_found, struct env_set *es)
Definition: options.c:5161
bool client
Definition: options.h:500
bool pkcs12_file_inline
Definition: options.h:549
bool disable
Definition: options.h:458
const char * remote_port
Definition: options.h:102
bool user_script_used
Definition: options.h:334
int push_continuation
Definition: options.h:502
void init_options(struct options *o, const bool init_gc)
Definition: options.c:779
const char * ip_remote_hint
Definition: options.h:319
const char * key_pass_file
Definition: options.h:239
int nice
Definition: options.h:345
unsigned int push_option_types_found
Definition: options.h:503
const char * tmp_dir
Definition: options.h:418
int route_default_metric
Definition: options.h:380
int max_clients
Definition: options.h:480
bool no_advance
Definition: options.h:257
int transition_window
Definition: options.h:603
bool mlock
Definition: options.h:291
const char * remote
Definition: options.h:161
bool show_ciphers
Definition: options.h:240
int status_file_version
Definition: options.h:354
const char * local
Definition: options.h:103
int route_delay_window
Definition: options.h:383
char * bind_dev
Definition: options.h:370
bool up_delay
Definition: options.h:336
void pre_connect_save(struct options *o)
Definition: options.c:3653
int keepalive_ping
Definition: options.h:293
bool push_ifconfig_ipv6_defined
Definition: options.h:471
int replay_time
Definition: options.h:527
const char * dev_node
Definition: options.h:271
sa_family_t af
Definition: options.h:164
int connect_timeout
Definition: options.h:111
Wrapper structure for dynamically allocated memory.
Definition: buffer.h:60
void options_postprocess(struct options *options)
Definition: options.c:3639
in_addr_t server_network
Definition: options.h:420
void pre_connect_restore(struct options *o, struct gc_arena *gc)
Definition: options.c:3695
const char * cipher_list_tls13
Definition: options.h:551
int real_hash_size
Definition: options.h:451
struct route_option_list * routes
Definition: options.h:68
in_addr_t push_ifconfig_local_alias
Definition: options.h:466
const char * print_topology(const int topology)
Definition: options.c:4362
bool apply_push_options(struct options *options, struct buffer *buf, unsigned int permission_mask, unsigned int *option_types_found, struct env_set *es)
Definition: options.c:5111
const char * auth_user_pass_verify_script
Definition: options.h:485
const char * tls_crypt_v2_metadata
Definition: options.h:618
genkey_type
Definition: options.h:197
Definition: route.h:234
int mute
Definition: options.h:347
struct route_option_list * routes
Definition: options.h:385
struct iroute_ipv6 * iroutes_ipv6
Definition: options.h:462
const char * management_addr
Definition: options.h:397
int tun_mtu_extra
Definition: options.h:119
struct pull_filter_list * pull_filter_list
Definition: options.h:657
bool routes_ipv6_defined
Definition: options.h:70
#define SHA256_DIGEST_LENGTH
bool options_cmp_equal_safe(char *actual, const char *expected, size_t actual_n)
Definition: options.c:4204
unsigned int server_flags
Definition: options.h:429
bool machine_readable_output
Definition: options.h:344
bool daemon
Definition: options.h:338
Garbage collection arena used to keep track of dynamically allocated memory.
Definition: buffer.h:116
bool single_session
Definition: options.h:623
sa_family_t af
Definition: options.h:99
char * options_string(const struct options *o, const struct frame *frame, struct tuntap *tt, openvpn_net_ctx_t *ctx, bool remote, struct gc_arena *gc)
Definition: options.c:3851
const char * management_client_group
Definition: options.h:406
void show_library_versions(const unsigned int flags)
Definition: options.c:4490
int tls_timeout
Definition: options.h:585
bool auth_token_gen_secret_file
Definition: options.h:488
bool bind_local
Definition: options.h:108
bool use_peer_id
Definition: options.h:644
unsigned int server_netbits_ipv6
Definition: options.h:424
const char * ifconfig_local
Definition: options.h:274
bool pull
Definition: options.h:501
int mtu_discover_type
Definition: options.h:125
void pre_pull_default(struct options *o)
int auth_token_lifetime
Definition: options.h:490
void notnull(const char *arg, const char *description)
Definition: options.c:4526
bool bind_ipv6_only
Definition: options.h:107
Definition: options.h:159
const char * packet_id_file
Definition: options.h:528
bool server_ipv6_defined
Definition: options.h:422
const char * dh_file
Definition: options.h:540
void options_detach(struct options *o)
Definition: options.c:1443
const char * management_client_user
Definition: options.h:405
const char * tls_auth_file
Definition: options.h:145
Definition: argv.h:35
bool ping_timer_remote
Definition: options.h:301
bool mssfix_default
Definition: options.h:129
bool tls_auth_file_inline
Definition: options.h:146
in_addr_t server_bridge_pool_end
Definition: options.h:437
in_addr_t push_ifconfig_constraint_network
Definition: options.h:468
bool auth_retry_set(const int msglevel, const char *option)
Definition: options.c:4396
bool persist_config
Definition: options.h:236
bool replay
Definition: options.h:524
bool test_crypto
Definition: options.h:529
bool persist_tun
Definition: options.h:308
const char * groupname
Definition: options.h:325
bool tun_mtu_extra_defined
Definition: options.h:120
bool block_ipv6
Definition: options.h:387
Definition: list.h:58
bool dh_file_inline
Definition: options.h:541
struct verify_hash_list * next
Definition: options.h:209
bool duplicate_cn
Definition: options.h:477
int stale_routes_ageing_time
Definition: options.h:483
const char * engine
Definition: options.h:523
int management_echo_buffer_size
Definition: options.h:401
#define CONNECTION_LIST_SIZE
Definition: options.h:167
const char * ifconfig_remote_netmask
Definition: options.h:275
in_addr_t server_bridge_netmask
Definition: options.h:435
bool server_bridge_defined
Definition: options.h:433
bool bind_defined
Definition: options.h:106
int mark
Definition: options.h:369
const char * username
Definition: options.h:324
bool shared_secret_file_inline
Definition: options.h:514
bool priv_key_file_inline
Definition: options.h:547
void uninit_options(struct options *o)
Definition: options.c:885
int ifconfig_ipv6_pool_netbits
Definition: options.h:449
int fragment
Definition: options.h:127
const char * dev_type
Definition: options.h:270
bool route_gateway_via_dhcp
Definition: options.h:389
bool up_restart
Definition: options.h:337
const char * authname
Definition: options.h:80
const char * route_ipv6_default_gateway
Definition: options.h:379
int link_mtu
Definition: options.h:121
const char * tls_crypt_v2_file
Definition: options.h:155
bool persist_local_ip
Definition: options.h:309
const char * crl_file
Definition: options.h:559