OpenVPN
options.h
Go to the documentation of this file.
1/*
2 * OpenVPN -- An application to securely tunnel IP networks
3 * over a single UDP port, with support for SSL/TLS-based
4 * session authentication and key exchange,
5 * packet encryption, packet authentication, and
6 * packet compression.
7 *
8 * Copyright (C) 2002-2024 OpenVPN Inc <sales@openvpn.net>
9 *
10 * This program is free software; you can redistribute it and/or modify
11 * it under the terms of the GNU General Public License version 2
12 * as published by the Free Software Foundation.
13 *
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
18 *
19 * You should have received a copy of the GNU General Public License along
20 * with this program; if not, write to the Free Software Foundation, Inc.,
21 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
22 */
23
24/*
25 * 2004-01-28: Added Socks5 proxy support
26 * (Christof Meerwald, http://cmeerw.org)
27 */
28
29#ifndef OPTIONS_H
30#define OPTIONS_H
31
32#include "basic.h"
33#include "common.h"
34#include "mtu.h"
35#include "route.h"
36#include "tun.h"
37#include "socket.h"
38#include "plugin.h"
39#include "manage.h"
40#include "proxy.h"
41#include "comp.h"
42#include "pushlist.h"
43#include "clinat.h"
44#include "crypto_backend.h"
45#include "dns.h"
46
47
48/*
49 * Maximum number of parameters associated with an option,
50 * including the option name itself.
51 */
52#define MAX_PARMS 16
53
54/*
55 * Max size of options line and parameter.
56 */
57#define OPTION_PARM_SIZE 256
58#define OPTION_LINE_SIZE 256
59
60extern const char title_string[];
61
62/* certain options are saved before --pull modifications are applied */
92
93#if !defined(ENABLE_CRYPTO_OPENSSL) && !defined(ENABLE_CRYPTO_MBEDTLS)
94#error "At least one of OpenSSL or mbed TLS needs to be defined."
95#endif
96
98{
99 const char *local;
100 const char *port;
101 int proto;
102};
103
105{
107 int proto;
109 const char *local_port;
111 const char *remote_port;
112 const char *remote;
122 const char *socks_proxy_port;
124
125 int tun_mtu; /* MTU of tun device */
126 int occ_mtu; /* if non-null, this is the MTU we announce to peers in OCC */
127 int tun_mtu_max; /* maximum MTU that can be pushed */
128
129 bool tun_mtu_defined; /* true if user overriding parm with command line option */
132 int link_mtu; /* MTU of device over which tunnel packets pass via TCP/UDP */
133 bool link_mtu_defined; /* true if user overriding parm with command line option */
134 int tls_mtu; /* Maximum MTU for the control channel messages */
135
136 /* Advanced MTU negotiation and datagram fragmentation options */
137 int mtu_discover_type; /* used if OS supports setting Path MTU discovery options on socket */
138
139 int fragment; /* internal fragmentation size */
140 bool fragment_encap; /* true if --fragment had the "mtu" parameter to
141 * include overhead from IP and TCP/UDP encapsulation */
142 int mssfix; /* Upper bound on TCP MSS */
143 bool mssfix_default; /* true if --mssfix should use the default parameters */
144 bool mssfix_encap; /* true if --mssfix had the "mtu" parameter to include
145 * overhead from IP and TCP/UDP encapsulation */
146 bool mssfix_fixed; /* use the mssfix value without any encapsulation adjustments */
147
148 int explicit_exit_notification; /* Explicitly tell peer when we are exiting via OCC_EXIT or [RESTART] message */
149
150#define CE_DISABLED (1<<0)
151#define CE_MAN_QUERY_PROXY (1<<1)
152#define CE_MAN_QUERY_REMOTE_UNDEF 0
153#define CE_MAN_QUERY_REMOTE_QUERY 1
154#define CE_MAN_QUERY_REMOTE_ACCEPT 2
155#define CE_MAN_QUERY_REMOTE_MOD 3
156#define CE_MAN_QUERY_REMOTE_SKIP 4
157#define CE_MAN_QUERY_REMOTE_MASK (0x07)
158#define CE_MAN_QUERY_REMOTE_SHIFT (2)
159 unsigned int flags;
160
161 /* Shared secret used for TLS control channel authentication */
162 const char *tls_auth_file;
165
166 /* Shared secret used for TLS control channel authenticated encryption */
167 const char *tls_crypt_file;
169
170 /* Client-specific secret or server key used for TLS control channel
171 * authenticated encryption v2 */
172 const char *tls_crypt_v2_file;
174
175 /* Allow only client that support resending the wrapped client key */
177};
178
180{
181 const char *remote;
182 const char *remote_port;
183 int proto;
185};
186
187#define CONNECTION_LIST_SIZE 64
188
194
202
204{
206 int len;
208};
209
211{
212 /* Names of the providers */
213 const char *names[MAX_PARMS];
214 /* Pointers to the loaded providers to unload them */
216};
217
224
226{
227#define RH_HOST_LEN 80
229#define RH_PORT_LEN 20
231};
232
239
241{
242 /* We support SHA256 and SHA1 fingerpint. In the case of using the
243 * deprecated SHA1, only the first 20 bytes of each list item are used */
246};
247
248/* Command line options */
250{
251 struct gc_arena gc;
253
254 /* first config file */
255 const char *config;
256
257 /* major mode */
258#define MODE_POINT_TO_POINT 0
259#define MODE_SERVER 1
260 int mode;
261
262 /* enable forward compatibility for post-2.1 features */
267
268 /* list of options that should be ignored even if unknown */
270
271 /* persist parms */
274
275 const char *key_pass_file;
281 bool genkey;
283 const char *genkey_filename;
284 const char *genkey_extra_data;
285
286 /* Networking parms */
290
292 /* Do not advance the connection or remote addr list */
294 /* Advance directly to the next remote, skipping remaining addresses of the
295 * current remote */
297 /* Counts the number of unsuccessful connection attempts */
299 /* count of connection entries to advance by when no_advance is not set */
301 /* the server can suggest a backoff time to the client, it
302 * will still be capped by the max timeout between connections
303 * (300s by default) */
305
306#if ENABLE_MANAGEMENT
308#endif
309
311
313
315 const char *ipchange;
316 const char *dev;
317 const char *dev_type;
318 const char *dev_node;
319 const char *lladdr;
320 int topology; /* one of the TOP_x values from proto.h */
321 const char *ifconfig_local;
329
331
333
334#ifdef ENABLE_MEMSTATS
335 char *memstats_fn;
336#endif
337
338 bool mlock;
339
340 int keepalive_ping; /* a proxy for ping/ping-restart */
342
343 int inactivity_timeout; /* --inactive */
345
346 int session_timeout; /* Force-kill session after n seconds */
347
348 int ping_send_timeout; /* Send a TCP/UDP ping to remote every n seconds */
349 int ping_rec_timeout; /* Expect a TCP/UDP ping from remote at least once every n seconds */
350 bool ping_timer_remote; /* Run ping timer only if we have a remote address */
351
352#define PING_UNDEF 0
353#define PING_EXIT 1
354#define PING_RESTART 2
355 int ping_rec_timeout_action; /* What action to take on ping_rec_timeout (exit or restart)? */
356
357 bool persist_tun; /* Don't close/reopen TUN/TAP dev on SIGUSR1 or PING_RESTART */
358 bool persist_local_ip; /* Don't re-resolve local address on SIGUSR1 or PING_RESTART */
359 bool persist_remote_ip; /* Don't re-resolve remote address on SIGUSR1 or PING_RESTART */
360
361#if PASSTOS_CAPABILITY
362 bool passtos;
363#endif
364
365 int resolve_retry_seconds; /* If hostname resolve fails, retry for n seconds */
367 const char *ip_remote_hint;
368
370 /* DCO is disabled and should not be used as backend driver for the
371 * tun/tap device */
373
374 /* Misc parms */
375 const char *username;
376 const char *groupname;
377 const char *chroot_dir;
378 const char *cd_dir;
379#ifdef ENABLE_SELINUX
380 char *selinux_context;
381#endif
382 const char *writepid;
383 const char *up_script;
384 const char *down_script;
389 bool daemon;
390
392
393 bool log;
396 int nice;
398 int mute;
399
400#ifdef ENABLE_DEBUG
401 int gremlin;
402#endif
403
404 const char *status_file;
407
408 /* optimize TUN/TAP/UDP writes */
410
412
413 /* buffer sizes */
416
417 /* mark value */
418 int mark;
419 char *bind_dev;
420
421 /* socket flags */
422 unsigned int sockflags;
423
424 /* route management */
425 const char *route_script;
439 bool allow_pull_fqdn; /* as a client, allow server to push a FQDN for certain parameters */
441
442 /* Enable options consistency check between peers */
443 bool occ;
444
445#ifdef ENABLE_MANAGEMENT
446 const char *management_addr;
447 const char *management_port;
452
455
457#endif
458 /* Mask of MF_ values of manage.h */
459 unsigned int management_flags;
460
461#ifdef ENABLE_PLUGIN
463#endif
464
465 /* the tmp dir is for now only used in the P2P server context */
466 const char *tmp_dir;
468 in_addr_t server_network;
469 in_addr_t server_netmask;
470 bool server_ipv6_defined; /* IPv6 */
471 struct in6_addr server_network_ipv6; /* IPv6 */
472 unsigned int server_netbits_ipv6; /* IPv6 */
473
474#define SF_NOPOOL (1<<0)
475#define SF_TCP_NODELAY_HELPER (1<<1)
476#define SF_NO_PUSH_ROUTE_GATEWAY (1<<2)
477 unsigned int server_flags;
478
480
486
494
496 struct in6_addr ifconfig_ipv6_pool_base; /* IPv6 */
498
505 const char *client_config_dir;
508 const char *override_username;
512 struct iroute_ipv6 *iroutes_ipv6; /* IPv6 */
522 struct in6_addr push_ifconfig_ipv6_local; /* IPv6 */
524 struct in6_addr push_ifconfig_ipv6_remote; /* IPv6 */
528
531
534
539
548
549#if PORT_SHARE
550 char *port_share_host;
551 char *port_share_port;
552 const char *port_share_journal_dir;
553#endif
554
555 bool client;
556 bool pull; /* client pull of config options from server */
562
564
565#ifdef ENABLE_MANAGEMENT
567#endif
568 /* Cipher parms */
573 const char *ciphername;
577 const char *ncp_ciphers_conf;
578 const char *ncp_ciphers;
579 const char *authname;
580 const char *engine;
585 const char *packet_id_file;
587#ifdef ENABLE_PREDICTION_RESISTANCE
588 bool use_prediction_resistance;
589#endif
590
591 /* TLS (control channel) parms */
594 const char *ca_file;
596 const char *ca_path;
597 const char *dh_file;
599 const char *cert_file;
601 const char *extra_certs_file;
603 const char *priv_key_file;
605 const char *pkcs12_file;
607 const char *cipher_list;
608 const char *cipher_list_tls13;
609 const char *tls_groups;
610 const char *tls_cert_profile;
611 const char *ecdh_curve;
612 const char *tls_verify;
615 const char *verify_x509_name;
616 const char *crl_file;
618
619 int ns_cert_type; /* set to 0, NS_CERT_CHECK_SERVER, or NS_CERT_CHECK_CLIENT */
621 const char *remote_cert_eku;
626 unsigned int ssl_flags; /* set to SSLF_x flags from ssl.h */
627
628#ifdef ENABLE_PKCS11
629 const char *pkcs11_providers[MAX_PARMS];
630 unsigned pkcs11_private_mode[MAX_PARMS];
631 bool pkcs11_protected_authentication[MAX_PARMS];
632 bool pkcs11_cert_private[MAX_PARMS];
633 int pkcs11_pin_cache_period;
634 const char *pkcs11_id;
636#endif
637
638#ifdef ENABLE_CRYPTOAPI
639 const char *cryptoapi_cert;
640#endif
641 /* Per-packet timeout on control channel */
643
644 /* Data channel key renegotiation parameters */
649
650 /* Data channel key handshake must finalize
651 * within n seconds of handshake initiation. */
653
654#ifdef ENABLE_X509ALTUSERNAME
655 /* Field list used to be the username in X509 cert. */
656 char *x509_username_field[MAX_PARMS];
657#endif
658
659 /* Old key allowed to live n seconds after new key goes active */
661
662 /* Shared secret used for TLS control channel authentication */
663 const char *tls_auth_file;
665
666 /* Shared secret used for TLS control channel authenticated encryption */
667 const char *tls_crypt_file;
669
670 /* Client-specific secret or server key used for TLS control channel
671 * authenticated encryption v2 */
672 const char *tls_crypt_v2_file;
674
676
678
679 /* Allow only one session */
681
683
685
686 const struct x509_track *x509_track;
687
688 /* special state parms */
690
691#ifdef _WIN32
693 const char *exit_event_name;
699#endif
700
702 uint32_t peer_id;
703
704#ifdef HAVE_EXPORT_KEYING_MATERIAL
705 /* Keying Material Exporters [RFC 5705] */
706 const char *keying_material_exporter_label;
707 int keying_material_exporter_length;
708#endif
709 /* force using TLS key material export for data channel key generation */
711
714 uint16_t vlan_pvid;
715
717
718 /* Useful when packets sent by openvpn itself are not subject
719 * to the routing tables that would move packets into the tunnel. */
721
722 /* data channel crypto flags set by push/pull. Reuses the CO_* crypto_flags */
724};
725
726#define streq(x, y) (!strcmp((x), (y)))
727
728/*
729 * Option classes.
730 */
731#define OPT_P_GENERAL (1<<0)
732#define OPT_P_UP (1<<1)
733#define OPT_P_ROUTE (1<<2)
734#define OPT_P_DHCPDNS (1<<3) /* includes ip windows options like */
735#define OPT_P_SCRIPT (1<<4)
736#define OPT_P_SETENV (1<<5)
737#define OPT_P_SHAPER (1<<6)
738#define OPT_P_TIMER (1<<7)
739#define OPT_P_PERSIST (1<<8)
740#define OPT_P_PERSIST_IP (1<<9)
741#define OPT_P_COMP (1<<10) /* TODO */
742#define OPT_P_MESSAGES (1<<11)
743#define OPT_P_NCP (1<<12)
744#define OPT_P_TLS_PARMS (1<<13) /* TODO */
745#define OPT_P_MTU (1<<14) /* TODO */
746#define OPT_P_NICE (1<<15)
747#define OPT_P_PUSH (1<<16)
748#define OPT_P_INSTANCE (1<<17)
749#define OPT_P_CONFIG (1<<18)
750#define OPT_P_EXPLICIT_NOTIFY (1<<19)
751#define OPT_P_ECHO (1<<20)
752#define OPT_P_INHERIT (1<<21)
753#define OPT_P_ROUTE_EXTRAS (1<<22)
754#define OPT_P_PULL_MODE (1<<23)
755#define OPT_P_PLUGIN (1<<24)
756#define OPT_P_SOCKBUF (1<<25)
757#define OPT_P_SOCKFLAGS (1<<26)
758#define OPT_P_CONNECTION (1<<27)
759#define OPT_P_PEER_ID (1<<28)
760#define OPT_P_INLINE (1<<29)
761#define OPT_P_PUSH_MTU (1<<30)
762
763#define OPT_P_DEFAULT (~(OPT_P_INSTANCE|OPT_P_PULL_MODE))
764
765#define PULL_DEFINED(opt) ((opt)->pull)
766#define PUSH_DEFINED(opt) ((opt)->push_list)
767
768#ifndef PULL_DEFINED
769#define PULL_DEFINED(opt) (false)
770#endif
771
772#ifndef PUSH_DEFINED
773#define PUSH_DEFINED(opt) (false)
774#endif
775
776#ifdef _WIN32
777#define ROUTE_OPTION_FLAGS(o) ((o)->route_method & ROUTE_METHOD_MASK)
778#else
779#define ROUTE_OPTION_FLAGS(o) (0)
780#endif
781
782#define SHAPER_DEFINED(opt) ((opt)->shaper)
783
784#ifdef ENABLE_PLUGIN
785#define PLUGIN_OPTION_LIST(opt) ((opt)->plugin_list)
786#else
787#define PLUGIN_OPTION_LIST(opt) (NULL)
788#endif
789
790#ifdef ENABLE_MANAGEMENT
791#define MAN_CLIENT_AUTH_ENABLED(opt) ((opt)->management_flags & MF_CLIENT_AUTH)
792#else
793#define MAN_CLIENT_AUTH_ENABLED(opt) (false)
794#endif
795
796void parse_argv(struct options *options,
797 const int argc,
798 char *argv[],
799 const int msglevel,
800 const unsigned int permission_mask,
801 unsigned int *option_types_found,
802 struct env_set *es);
803
804void notnull(const char *arg, const char *description);
805
806void usage_small(void);
807
808void show_library_versions(const unsigned int flags);
809
810#ifdef _WIN32
811void show_windows_version(const unsigned int flags);
812
813#endif
814
815void show_dco_version(const unsigned int flags);
816
817void init_options(struct options *o, const bool init_gc);
818
819void uninit_options(struct options *o);
820
821void setenv_settings(struct env_set *es, const struct options *o);
822
823void show_settings(const struct options *o);
824
825bool string_defined_equal(const char *s1, const char *s2);
826
827const char *options_string_version(const char *s, struct gc_arena *gc);
828
829char *options_string(const struct options *o,
830 const struct frame *frame,
831 struct tuntap *tt,
833 bool remote,
834 struct gc_arena *gc);
835
836bool options_cmp_equal_safe(char *actual, const char *expected, size_t actual_n);
837
838void options_warning_safe(char *actual, const char *expected, size_t actual_n);
839
840bool options_cmp_equal(char *actual, const char *expected);
841
842void options_warning(char *actual, const char *expected);
843
855 const char *opt_name, struct gc_arena *gc);
856
857
858void options_postprocess(struct options *options, struct env_set *es);
859
860bool options_postprocess_pull(struct options *o, struct env_set *es);
861
862void pre_connect_restore(struct options *o, struct gc_arena *gc);
863
865 struct buffer *buf,
866 unsigned int permission_mask,
867 unsigned int *option_types_found,
868 struct env_set *es);
869
870void options_detach(struct options *o);
871
872void options_server_import(struct options *o,
873 const char *filename,
874 int msglevel,
875 unsigned int permission_mask,
876 unsigned int *option_types_found,
877 struct env_set *es);
878
879void pre_pull_default(struct options *o);
880
881void rol_check_alloc(struct options *options);
882
883int parse_line(const char *line,
884 char *p[],
885 const int n,
886 const char *file,
887 const int line_num,
888 int msglevel,
889 struct gc_arena *gc);
890
891/*
892 * parse/print topology coding
893 */
894
895int parse_topology(const char *str, const int msglevel);
896
897const char *print_topology(const int topology);
898
899/*
900 * Manage auth-retry variable
901 */
902
903#define AR_NONE 0
904#define AR_INTERACT 1
905#define AR_NOINTERACT 2
906
907int auth_retry_get(void);
908
909bool auth_retry_set(const int msglevel, const char *option);
910
911const char *auth_retry_print(void);
912
914 const char *config,
915 const int msglevel,
916 const unsigned int permission_mask,
917 unsigned int *option_types_found,
918 struct env_set *es);
919
920bool key_is_external(const struct options *options);
921
922bool has_udp_in_local_list(const struct options *options);
923
927static inline bool
928dco_enabled(const struct options *o)
929{
930#ifdef ENABLE_DCO
931 return !o->disable_dco;
932#else
933 return false;
934#endif /* ENABLE_DCO */
935}
936
937#endif /* ifndef OPTIONS_H */
Data Channel Cryptography SSL library-specific backend interface.
hash_algo_type
Types referencing specific message digest hashing algorithms.
#define SHA256_DIGEST_LENGTH
void provider_t
void * openvpn_net_ctx_t
Definition networking.h:39
bool options_cmp_equal(char *actual, const char *expected)
Definition options.c:4460
void options_server_import(struct options *o, const char *filename, int msglevel, unsigned int permission_mask, unsigned int *option_types_found, struct env_set *es)
Definition options.c:5516
bool options_postprocess_pull(struct options *o, struct env_set *es)
Definition options.c:4183
void uninit_options(struct options *o)
Definition options.c:928
void show_windows_version(const unsigned int flags)
Definition options.c:4847
bool key_is_external(const struct options *options)
Definition options.c:5691
bool auth_retry_set(const int msglevel, const char *option)
Definition options.c:4762
#define CONNECTION_LIST_SIZE
Definition options.h:187
void show_dco_version(const unsigned int flags)
Definition options.c:4856
void rol_check_alloc(struct options *options)
Definition options.c:1715
void show_settings(const struct options *o)
Definition options.c:1839
static bool dco_enabled(const struct options *o)
Returns whether the current configuration has dco enabled.
Definition options.h:928
bool apply_push_options(struct options *options, struct buffer *buf, unsigned int permission_mask, unsigned int *option_types_found, struct env_set *es)
Definition options.c:5486
bool options_cmp_equal_safe(char *actual, const char *expected, size_t actual_n)
Definition options.c:4602
void parse_argv(struct options *options, const int argc, char *argv[], const int msglevel, const unsigned int permission_mask, unsigned int *option_types_found, struct env_set *es)
Definition options.c:5373
bool string_defined_equal(const char *s1, const char *s2)
Definition options.c:4912
void options_postprocess(struct options *options, struct env_set *es)
Definition options.c:4169
int parse_topology(const char *str, const int msglevel)
Definition options.c:4706
void usage_small(void)
Definition options.c:4839
const char * auth_retry_print(void)
Definition options.c:4785
void options_warning_safe(char *actual, const char *expected, size_t actual_n)
Definition options.c:4625
void show_library_versions(const unsigned int flags)
Definition options.c:4866
void setenv_settings(struct env_set *es, const struct options *o)
Definition options.c:1031
#define RH_PORT_LEN
Definition options.h:229
genkey_type
Definition options.h:233
@ GENKEY_AUTH_TOKEN
Definition options.h:237
@ GENKEY_SECRET
Definition options.h:234
@ GENKEY_TLS_CRYPTV2_SERVER
Definition options.h:236
@ GENKEY_TLS_CRYPTV2_CLIENT
Definition options.h:235
int parse_line(const char *line, char *p[], const int n, const char *file, const int line_num, int msglevel, struct gc_arena *gc)
Definition options.c:4949
#define RH_HOST_LEN
Definition options.h:227
void options_detach(struct options *o)
Definition options.c:1706
void pre_connect_restore(struct options *o, struct gc_arena *gc)
Definition options.c:3300
const char * print_topology(const int topology)
Definition options.c:4728
void options_string_import(struct options *options, const char *config, const int msglevel, const unsigned int permission_mask, unsigned int *option_types_found, struct env_set *es)
Definition options.c:5536
char * options_string_extract_option(const char *options_string, const char *opt_name, struct gc_arena *gc)
Given an OpenVPN options string, extract the value of an option.
Definition options.c:4639
#define MAX_PARMS
Definition options.h:52
void pre_pull_default(struct options *o)
void init_options(struct options *o, const bool init_gc)
Definition options.c:805
void options_warning(char *actual, const char *expected)
Definition options.c:4466
const char * options_string_version(const char *s, struct gc_arena *gc)
Definition options.c:4631
const char title_string[]
Definition options.c:69
int auth_retry_get(void)
Definition options.c:4756
void notnull(const char *arg, const char *description)
Definition options.c:4903
bool has_udp_in_local_list(const struct options *options)
Definition options.c:9566
char * options_string(const struct options *o, const struct frame *frame, struct tuntap *tt, openvpn_net_ctx_t *ctx, bool remote, struct gc_arena *gc)
Definition options.c:4241
vlan_acceptable_frames
Definition options.h:219
@ VLAN_ONLY_UNTAGGED_OR_PRIORITY
Definition options.h:221
@ VLAN_ALL
Definition options.h:222
@ VLAN_ONLY_TAGGED
Definition options.h:220
Definition argv.h:35
Wrapper structure for dynamically allocated memory.
Definition buffer.h:61
Definition options.h:105
struct local_list * local_list
Definition options.h:106
int tun_mtu_max
Definition options.h:127
int connect_retry_seconds
Definition options.h:117
bool tls_crypt_v2_force_cookie
Definition options.h:176
int link_mtu
Definition options.h:132
bool link_mtu_defined
Definition options.h:133
int tun_mtu_extra
Definition options.h:130
int connect_retry_seconds_max
Definition options.h:118
bool bind_local
Definition options.h:116
int mssfix
Definition options.h:142
const char * tls_crypt_file
Definition options.h:167
const char * tls_crypt_v2_file
Definition options.h:172
bool tun_mtu_extra_defined
Definition options.h:131
const char * remote
Definition options.h:112
int connect_timeout
Definition options.h:119
const char * socks_proxy_port
Definition options.h:122
bool mssfix_default
Definition options.h:143
bool mssfix_encap
Definition options.h:144
int occ_mtu
Definition options.h:126
struct http_proxy_options * http_proxy_options
Definition options.h:120
bool tls_crypt_file_inline
Definition options.h:168
bool tls_auth_file_inline
Definition options.h:163
bool bind_ipv6_only
Definition options.h:115
bool tun_mtu_defined
Definition options.h:129
bool remote_float
Definition options.h:113
int tls_mtu
Definition options.h:134
int explicit_exit_notification
Definition options.h:148
const char * socks_proxy_authfile
Definition options.h:123
const char * remote_port
Definition options.h:111
bool fragment_encap
Definition options.h:140
const char * socks_proxy_server
Definition options.h:121
int fragment
Definition options.h:139
int mtu_discover_type
Definition options.h:137
int proto
Definition options.h:107
sa_family_t af
Definition options.h:108
const char * tls_auth_file
Definition options.h:162
bool local_port_defined
Definition options.h:110
int tun_mtu
Definition options.h:125
bool bind_defined
Definition options.h:114
const char * local_port
Definition options.h:109
int key_direction
Definition options.h:164
bool tls_crypt_v2_file_inline
Definition options.h:173
unsigned int flags
Definition options.h:159
bool mssfix_fixed
Definition options.h:146
struct connection_entry ** array
Definition options.h:200
Packet geometry parameters.
Definition mtu.h:98
Garbage collection arena used to keep track of dynamically allocated memory.
Definition buffer.h:117
Definition list.h:57
Definition options.h:98
const char * port
Definition options.h:100
int proto
Definition options.h:101
const char * local
Definition options.h:99
struct local_entry * array[CONNECTION_LIST_SIZE]
Definition options.h:192
int ping_rec_timeout_action
Definition options.h:87
bool tuntap_options_defined
Definition options.h:65
bool routes_ipv6_defined
Definition options.h:71
struct route_option_list * routes
Definition options.h:69
struct compress_options comp
Definition options.h:90
const char * ciphername
Definition options.h:82
const char * route_default_gateway
Definition options.h:74
const char * authname
Definition options.h:83
struct route_ipv6_option_list * routes_ipv6
Definition options.h:72
bool client_nat_defined
Definition options.h:77
struct client_nat_option_list * client_nat
Definition options.h:78
const char * route_ipv6_default_gateway
Definition options.h:75
int resolve_retry_seconds
Definition options.h:365
int rcvbuf
Definition options.h:414
bool resolve_in_advance
Definition options.h:366
bool route_nopull
Definition options.h:437
const char * genkey_extra_data
Definition options.h:284
struct compress_options comp
Definition options.h:411
struct http_proxy_options * http_proxy_override
Definition options.h:307
int push_ifconfig_ipv6_netbits
Definition options.h:523
int proto_force
Definition options.h:330
bool persist_config
Definition options.h:272
struct connection_list * connection_list
Definition options.h:289
const char * management_port
Definition options.h:447
bool tls_crypt_file_inline
Definition options.h:668
const char * ifconfig_ipv6_remote
Definition options.h:325
int max_routes_per_client
Definition options.h:536
const char * ncp_ciphers_conf
The original ncp_ciphers specified by the user in the configuration.
Definition options.h:577
int status_file_version
Definition options.h:405
int server_backoff_time
Definition options.h:304
enum vlan_acceptable_frames vlan_accept
Definition options.h:713
int auth_token_renewal
Definition options.h:545
in_addr_t push_ifconfig_constraint_network
Definition options.h:518
const char * tmp_dir
Definition options.h:466
bool push_peer_info
Definition options.h:682
bool daemon
Definition options.h:389
struct options_pre_connect * pre_connect
Definition options.h:561
int route_default_metric
Definition options.h:429
int renegotiate_seconds_min
Definition options.h:648
const char * auth_token_secret_file
Definition options.h:546
unsigned int imported_protocol_flags
Definition options.h:723
const char * tls_export_peer_cert_dir
Definition options.h:613
bool crl_file_inline
Definition options.h:617
const char * cryptoapi_cert
Definition options.h:639
const char * down_script
Definition options.h:384
unsigned int backwards_compatible
What version we should try to be compatible with as major * 10000 + minor * 100 + patch,...
Definition options.h:266
hash_algo_type verify_hash_algo
Definition options.h:623
int scheduled_exit_interval
Definition options.h:563
int stale_routes_ageing_time
Definition options.h:538
bool pkcs12_file_inline
Definition options.h:606
int replay_time
Definition options.h:584
unsigned int push_option_types_found
Definition options.h:558
int management_state_buffer_size
Definition options.h:451
const char * ca_file
Definition options.h:594
const char * tls_auth_file
Definition options.h:663
struct provider_list providers
Definition options.h:581
bool duplicate_cn
Definition options.h:527
struct in6_addr server_network_ipv6
Definition options.h:471
int shaper
Definition options.h:328
int management_echo_buffer_size
Definition options.h:450
in_addr_t server_network
Definition options.h:468
bool show_net_up
Definition options.h:695
bool verify_hash_no_ca
Definition options.h:625
bool allow_pull_fqdn
Definition options.h:439
bool use_peer_id
Definition options.h:701
unsigned remote_cert_ku[MAX_PARMS]
Definition options.h:620
bool server_bridge_defined
Definition options.h:481
const char * status_file
Definition options.h:404
unsigned int ssl_flags
Definition options.h:626
bool route_noexec
Definition options.h:430
bool ifconfig_nowarn
Definition options.h:327
const char * remote_cert_eku
Definition options.h:621
in_addr_t ifconfig_pool_netmask
Definition options.h:491
in_addr_t server_netmask
Definition options.h:469
int tls_timeout
Definition options.h:642
bool test_crypto
Definition options.h:586
bool up_delay
Definition options.h:387
bool server_bridge_proxy_dhcp
Definition options.h:479
bool allow_recursive_routing
Definition options.h:720
const char * authname
Definition options.h:579
const char * exit_event_name
Definition options.h:693
const char * ifconfig_ipv6_local
Definition options.h:323
int cf_max
Definition options.h:529
bool dh_file_inline
Definition options.h:598
int replay_window
Definition options.h:583
bool disable
Definition options.h:507
int mute
Definition options.h:398
bool auth_user_pass_verify_script_via_file
Definition options.h:541
const char * dev_type
Definition options.h:317
int persist_mode
Definition options.h:273
int ifconfig_pool_persist_refresh_freq
Definition options.h:493
bool show_digests
Definition options.h:277
const char * up_script
Definition options.h:383
int ce_advance_count
Definition options.h:300
bool single_session
Definition options.h:680
bool push_ifconfig_defined
Definition options.h:513
bool ifconfig_pool_defined
Definition options.h:488
struct remote_host_store * rh_store
Definition options.h:310
int verify_hash_depth
Definition options.h:624
bool route_delay_defined
Definition options.h:433
const char * packet_id_file
Definition options.h:585
const char * tls_crypt_v2_file
Definition options.h:672
int management_log_history_cache
Definition options.h:449
in_addr_t server_bridge_netmask
Definition options.h:483
const char * ip_remote_hint
Definition options.h:367
bool vlan_tagging
Definition options.h:712
uint32_t peer_id
Definition options.h:702
struct route_option_list * routes
Definition options.h:434
in_addr_t ifconfig_pool_end
Definition options.h:490
int keepalive_timeout
Definition options.h:341
const char * writepid
Definition options.h:382
int64_t inactivity_minimum_bytes
Definition options.h:344
bool ifconfig_ipv6_pool_defined
Definition options.h:495
bool fast_io
Definition options.h:409
unsigned int server_flags
Definition options.h:477
bool block_outside_dns
Definition options.h:697
bool push_ifconfig_ipv6_blocked
Definition options.h:525
bool tls_exit
Definition options.h:684
const char * pkcs12_file
Definition options.h:605
const char * client_disconnect_script
Definition options.h:502
bool show_engines
Definition options.h:278
struct remote_list * remote_list
Definition options.h:291
HANDLE msg_channel
Definition options.h:692
const char * key_pass_file
Definition options.h:275
bool mute_replay_warnings
Definition options.h:582
const char * tls_crypt_file
Definition options.h:667
int inactivity_timeout
Definition options.h:343
int n_bcast_buf
Definition options.h:509
unsigned int unsuccessful_attempts
Definition options.h:298
int handshake_window
Definition options.h:652
bool server_defined
Definition options.h:467
const char * ifconfig_local
Definition options.h:321
struct connection_entry ce
Definition options.h:288
struct iroute_ipv6 * iroutes_ipv6
Definition options.h:512
bool user_script_used
Definition options.h:385
const char * tls_groups
Definition options.h:609
bool show_tls_ciphers
Definition options.h:279
int route_method
Definition options.h:696
struct verify_hash_list * verify_hash
Definition options.h:622
const char * tls_cert_profile
Definition options.h:610
int64_t renegotiate_packets
Definition options.h:646
unsigned int management_flags
Definition options.h:459
int push_continuation
Definition options.h:557
const char * route_default_gateway
Definition options.h:427
in_addr_t push_ifconfig_local_alias
Definition options.h:516
bool exit_event_initial_state
Definition options.h:694
struct static_challenge_info sc_info
Definition options.h:566
bool auth_token_call_auth
Definition options.h:543
const char * ipchange
Definition options.h:315
int topology
Definition options.h:320
bool disable_dco
Definition options.h:372
const char * ncp_ciphers
Definition options.h:578
bool genkey
Definition options.h:281
const char * learn_address_script
Definition options.h:503
const char * ciphername
Definition options.h:573
const char * auth_user_pass_file
Definition options.h:559
bool forward_compatible
Definition options.h:263
const char * username
Definition options.h:375
int cf_initial_max
Definition options.h:532
int stale_routes_check_interval
Definition options.h:537
struct plugin_option_list * plugin_list
Definition options.h:462
int auth_token_lifetime
Definition options.h:544
uint16_t vlan_pvid
Definition options.h:714
int ns_cert_type
Definition options.h:619
const char * tls_crypt_v2_verify_script
Definition options.h:677
int mode
Definition options.h:260
bool tls_server
Definition options.h:592
const char * auth_user_pass_verify_script
Definition options.h:540
int connect_retry_max
Definition options.h:287
char * bind_dev
Definition options.h:419
const char * extra_certs_file
Definition options.h:601
bool client
Definition options.h:555
bool pull
Definition options.h:556
int ifconfig_ipv6_pool_netbits
Definition options.h:497
in_addr_t push_ifconfig_constraint_netmask
Definition options.h:519
bool show_curves
Definition options.h:280
const char * tls_crypt_v2_metadata
Definition options.h:675
const char * route_ipv6_default_gateway
Definition options.h:428
bool tls_client
Definition options.h:593
bool ping_timer_remote
Definition options.h:350
bool auth_token_generate
Definition options.h:542
bool priv_key_file_inline
Definition options.h:604
const char * tls_verify
Definition options.h:612
const char * crl_file
Definition options.h:616
int ping_rec_timeout_action
Definition options.h:355
bool auth_user_pass_file_inline
Definition options.h:560
bool show_ciphers
Definition options.h:276
bool enable_ncp_fallback
If defined fall back to ciphername if NCP fails.
Definition options.h:574
int real_hash_size
Definition options.h:499
const char * route_predown_script
Definition options.h:426
const char * dh_file
Definition options.h:597
int route_delay_window
Definition options.h:432
in_addr_t push_ifconfig_local
Definition options.h:514
bool mlock
Definition options.h:338
const char ** ignore_unknown_option
Definition options.h:269
int sndbuf
Definition options.h:415
int foreign_option_index
Definition options.h:689
struct gc_arena gc
Definition options.h:251
bool gc_owned
Definition options.h:252
bool down_pre
Definition options.h:386
bool persist_tun
Definition options.h:357
bool ca_file_inline
Definition options.h:595
bool auth_token_secret_file_inline
Definition options.h:547
bool block_ipv6
Definition options.h:436
const char * config
Definition options.h:255
bool extra_certs_file_inline
Definition options.h:602
bool push_ifconfig_constraint_defined
Definition options.h:517
int mark
Definition options.h:418
int cf_initial_per
Definition options.h:533
bool suppress_timestamps
Definition options.h:394
bool force_key_material_export
Definition options.h:710
bool mtu_test
Definition options.h:332
struct iroute * iroutes
Definition options.h:511
int verify_x509_type
Definition options.h:614
const char * cipher_list_tls13
Definition options.h:608
const char * ecdh_curve
Definition options.h:611
int status_file_update_freq
Definition options.h:406
const char * management_client_user
Definition options.h:453
const char * cipher_list
Definition options.h:607
bool ccd_exclusive
Definition options.h:506
bool allow_deprecated_insecure_static_crypto
Definition options.h:571
struct pull_filter_list * pull_filter_list
Definition options.h:716
const char * management_certificate
Definition options.h:456
const char * genkey_filename
Definition options.h:283
const struct x509_track * x509_track
Definition options.h:686
const char * chroot_dir
Definition options.h:377
bool log
Definition options.h:393
bool shared_secret_file_inline
Definition options.h:570
struct in6_addr push_ifconfig_ipv6_remote
Definition options.h:524
const char * ca_path
Definition options.h:596
int renegotiate_seconds
Definition options.h:647
int ping_rec_timeout
Definition options.h:349
unsigned int sockflags
Definition options.h:422
const char * engine
Definition options.h:580
const char * management_addr
Definition options.h:446
const char * client_connect_script
Definition options.h:501
const char * verify_x509_name
Definition options.h:615
int ping_send_timeout
Definition options.h:348
bool route_gateway_via_dhcp
Definition options.h:438
bool remote_random
Definition options.h:314
bool push_ifconfig_ipv6_defined
Definition options.h:521
int tcp_queue_limit
Definition options.h:510
int route_delay
Definition options.h:431
const char * dev_node
Definition options.h:318
const char * override_username
Definition options.h:508
const char * client_crresponse_script
Definition options.h:504
struct route_ipv6_option_list * routes_ipv6
Definition options.h:435
bool machine_readable_output
Definition options.h:395
int key_direction
Definition options.h:572
bool server_ipv6_defined
Definition options.h:470
const char * priv_key_file
Definition options.h:603
bool persist_remote_ip
Definition options.h:359
bool up_restart
Definition options.h:388
int keepalive_ping
Definition options.h:340
int virtual_hash_size
Definition options.h:500
bool no_advance
Definition options.h:293
bool tls_auth_file_inline
Definition options.h:664
bool tls_crypt_v2_file_inline
Definition options.h:673
const char * groupname
Definition options.h:376
in_addr_t server_bridge_pool_start
Definition options.h:484
const char * cd_dir
Definition options.h:378
struct client_nat_option_list * client_nat
Definition options.h:440
struct in6_addr push_ifconfig_ipv6_local
Definition options.h:522
int nice
Definition options.h:396
int max_clients
Definition options.h:535
int transition_window
Definition options.h:660
const char * ifconfig_remote_netmask
Definition options.h:322
const char * lladdr
Definition options.h:319
int verbosity
Definition options.h:397
int session_timeout
Definition options.h:346
const char * cert_file
Definition options.h:599
bool enable_c2c
Definition options.h:526
in_addr_t server_bridge_pool_end
Definition options.h:485
bool push_ifconfig_ipv4_blocked
Definition options.h:520
int cf_per
Definition options.h:530
enum tun_driver_type windows_driver
Definition options.h:698
bool cert_file_inline
Definition options.h:600
int remap_sigusr1
Definition options.h:391
int64_t renegotiate_bytes
Definition options.h:645
const char * route_script
Definition options.h:425
in_addr_t ifconfig_pool_start
Definition options.h:489
const char * management_user_pass
Definition options.h:448
unsigned int server_netbits_ipv6
Definition options.h:472
in_addr_t push_ifconfig_remote_netmask
Definition options.h:515
bool occ
Definition options.h:443
in_addr_t server_bridge_ip
Definition options.h:482
const char * shared_secret_file
Definition options.h:569
bool ifconfig_noexec
Definition options.h:326
const char * dev
Definition options.h:316
const char * management_client_group
Definition options.h:454
struct in6_addr ifconfig_ipv6_pool_base
Definition options.h:496
const char * client_config_dir
Definition options.h:505
enum genkey_type genkey_type
Definition options.h:282
bool advance_next_remote
Definition options.h:296
const char * ifconfig_pool_persist_filename
Definition options.h:492
int ifconfig_ipv6_netbits
Definition options.h:324
bool persist_local_ip
Definition options.h:358
provider_t * providers[MAX_PARMS]
Definition options.h:215
const char * names[MAX_PARMS]
Definition options.h:213
Definition options.h:180
int proto
Definition options.h:183
const char * remote
Definition options.h:181
const char * remote_port
Definition options.h:182
sa_family_t af
Definition options.h:184
char port[RH_PORT_LEN]
Definition options.h:230
char host[RH_HOST_LEN]
Definition options.h:228
struct remote_entry ** array
Definition options.h:207
int capacity
Definition options.h:205
Definition tun.h:181
struct verify_hash_list * next
Definition options.h:245
unsigned short sa_family_t
Definition syshead.h:395
struct env_set * es
static bool pkcs11_id_management
struct gc_arena gc
Definition test_ssl.c:155
tun_driver_type
Definition tun.h:45