OpenVPN
options.h
Go to the documentation of this file.
1 /*
2  * OpenVPN -- An application to securely tunnel IP networks
3  * over a single UDP port, with support for SSL/TLS-based
4  * session authentication and key exchange,
5  * packet encryption, packet authentication, and
6  * packet compression.
7  *
8  * Copyright (C) 2002-2018 OpenVPN Inc <sales@openvpn.net>
9  *
10  * This program is free software; you can redistribute it and/or modify
11  * it under the terms of the GNU General Public License version 2
12  * as published by the Free Software Foundation.
13  *
14  * This program is distributed in the hope that it will be useful,
15  * but WITHOUT ANY WARRANTY; without even the implied warranty of
16  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17  * GNU General Public License for more details.
18  *
19  * You should have received a copy of the GNU General Public License along
20  * with this program; if not, write to the Free Software Foundation, Inc.,
21  * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
22  */
23 
24 /*
25  * 2004-01-28: Added Socks5 proxy support
26  * (Christof Meerwald, http://cmeerw.org)
27  */
28 
29 #ifndef OPTIONS_H
30 #define OPTIONS_H
31 
32 #include "basic.h"
33 #include "common.h"
34 #include "mtu.h"
35 #include "route.h"
36 #include "tun.h"
37 #include "socket.h"
38 #include "plugin.h"
39 #include "manage.h"
40 #include "proxy.h"
41 #include "comp.h"
42 #include "pushlist.h"
43 #include "clinat.h"
44 #include "crypto_backend.h"
45 
46 
47 /*
48  * Maximum number of parameters associated with an option,
49  * including the option name itself.
50  */
51 #define MAX_PARMS 16
52 
53 /*
54  * Max size of options line and parameter.
55  */
56 #define OPTION_PARM_SIZE 256
57 #define OPTION_LINE_SIZE 256
58 
59 extern const char title_string[];
60 
61 #if P2MP
62 
63 /* certain options are saved before --pull modifications are applied */
65 {
68 
71 
74 
77 
79 };
80 
81 #endif
82 #if !defined(ENABLE_CRYPTO_OPENSSL) && !defined(ENABLE_CRYPTO_MBEDTLS)
83 #error "At least one of OpenSSL or mbed TLS needs to be defined."
84 #endif
85 
87 {
88  int proto;
90  const char *local_port;
92  const char *remote_port;
93  const char *local;
94  const char *remote;
98  bool bind_local;
103  const char *socks_proxy_server;
104  const char *socks_proxy_port;
105  const char *socks_proxy_authfile;
106 
107  int tun_mtu; /* MTU of tun device */
108  bool tun_mtu_defined; /* true if user overriding parm with command line option */
111  int link_mtu; /* MTU of device over which tunnel packets pass via TCP/UDP */
112  bool link_mtu_defined; /* true if user overriding parm with command line option */
113 
114  /* Advanced MTU negotiation and datagram fragmentation options */
115  int mtu_discover_type; /* used if OS supports setting Path MTU discovery options on socket */
116 
117  int fragment; /* internal fragmentation size */
118  int mssfix; /* Upper bound on TCP MSS */
119  bool mssfix_default; /* true if --mssfix was supplied without a parameter */
120 
121  int explicit_exit_notification; /* Explicitly tell peer when we are exiting via OCC_EXIT or [RESTART] message */
122 
123 #define CE_DISABLED (1<<0)
124 #define CE_MAN_QUERY_PROXY (1<<1)
125 #define CE_MAN_QUERY_REMOTE_UNDEF 0
126 #define CE_MAN_QUERY_REMOTE_QUERY 1
127 #define CE_MAN_QUERY_REMOTE_ACCEPT 2
128 #define CE_MAN_QUERY_REMOTE_MOD 3
129 #define CE_MAN_QUERY_REMOTE_SKIP 4
130 #define CE_MAN_QUERY_REMOTE_MASK (0x07)
131 #define CE_MAN_QUERY_REMOTE_SHIFT (2)
132  unsigned int flags;
133 
134  /* Shared secret used for TLS control channel authentication */
135  const char *tls_auth_file;
138 
139  /* Shared secret used for TLS control channel authenticated encryption */
140  const char *tls_crypt_file;
142 
143  /* Client-specific secret or server key used for TLS control channel
144  * authenticated encryption v2 */
145  const char *tls_crypt_v2_file;
147 };
148 
150 {
151  const char *remote;
152  const char *remote_port;
153  int proto;
155 };
156 
157 #define CONNECTION_LIST_SIZE 64
158 
160 {
161  int len;
162  int current;
164 };
165 
167 {
168  int len;
170 };
171 
173 {
177 };
178 
180 {
181 #define RH_HOST_LEN 80
182  char host[RH_HOST_LEN];
183 #define RH_PORT_LEN 20
184  char port[RH_PORT_LEN];
185 };
186 
192 };
193 
194 /* Command line options */
195 struct options
196 {
197  struct gc_arena gc;
198  bool gc_owned;
199 
200  /* first config file */
201  const char *config;
202 
203  /* major mode */
204 #define MODE_POINT_TO_POINT 0
205 #define MODE_SERVER 1
206  int mode;
207 
208  /* enable forward compatibility for post-2.1 features */
210  /* list of options that should be ignored even if unknown */
211  const char **ignore_unknown_option;
212 
213  /* persist parms */
216 
217  const char *key_pass_file;
223  bool genkey;
225  const char *genkey_filename;
226  const char *genkey_extra_data;
227 
228  /* Networking parms */
230  struct connection_entry ce;
232 
234  /* Do not advanced the connection or remote addr list*/
236  /* Counts the number of unsuccessful connection attempts */
237  unsigned int unsuccessful_attempts;
238 
239 #if ENABLE_MANAGEMENT
241 #endif
242 
244 
246  const char *ipchange;
247  const char *dev;
248  const char *dev_type;
249  const char *dev_node;
250  const char *lladdr;
251  int topology; /* one of the TOP_x values from proto.h */
252  const char *ifconfig_local;
254  const char *ifconfig_ipv6_local;
256  const char *ifconfig_ipv6_remote;
259 #ifdef ENABLE_FEATURE_SHAPER
260  int shaper;
261 #endif
262 
264 
265  bool mtu_test;
266 
267 #ifdef ENABLE_MEMSTATS
268  char *memstats_fn;
269 #endif
270 
271  bool mlock;
272 
273  int keepalive_ping; /* a proxy for ping/ping-restart */
275 
276  int inactivity_timeout; /* --inactive */
278 
279  int ping_send_timeout; /* Send a TCP/UDP ping to remote every n seconds */
280  int ping_rec_timeout; /* Expect a TCP/UDP ping from remote at least once every n seconds */
281  bool ping_timer_remote; /* Run ping timer only if we have a remote address */
282 
283 #define PING_UNDEF 0
284 #define PING_EXIT 1
285 #define PING_RESTART 2
286  int ping_rec_timeout_action; /* What action to take on ping_rec_timeout (exit or restart)? */
287 
288  bool persist_tun; /* Don't close/reopen TUN/TAP dev on SIGUSR1 or PING_RESTART */
289  bool persist_local_ip; /* Don't re-resolve local address on SIGUSR1 or PING_RESTART */
290  bool persist_remote_ip; /* Don't re-resolve remote address on SIGUSR1 or PING_RESTART */
291  bool persist_key; /* Don't re-read key files on SIGUSR1 or PING_RESTART */
292 
293 #if PASSTOS_CAPABILITY
294  bool passtos;
295 #endif
296 
297  int resolve_retry_seconds; /* If hostname resolve fails, retry for n seconds */
299  const char *ip_remote_hint;
300 
302 
303  /* Misc parms */
304  const char *username;
305  const char *groupname;
306  const char *chroot_dir;
307  const char *cd_dir;
308 #ifdef ENABLE_SELINUX
309  char *selinux_context;
310 #endif
311  const char *writepid;
312  const char *up_script;
313  const char *down_script;
315  bool down_pre;
316  bool up_delay;
318  bool daemon;
319 
321 
322  bool log;
325  int nice;
327  int mute;
328 
329 #ifdef ENABLE_DEBUG
330  int gremlin;
331 #endif
332 
333  const char *status_file;
336 
337  /* optimize TUN/TAP/UDP writes */
338  bool fast_io;
339 
340 #ifdef USE_COMP
341  struct compress_options comp;
342 #endif
343 
344  /* buffer sizes */
345  int rcvbuf;
346  int sndbuf;
347 
348  /* mark value */
349  int mark;
350  char *bind_dev;
351 
352  /* socket flags */
353  unsigned int sockflags;
354 
355  /* route management */
356  const char *route_script;
357  const char *route_predown_script;
370  bool allow_pull_fqdn; /* as a client, allow server to push a FQDN for certain parameters */
372 
373  /* Enable options consistency check between peers */
374  bool occ;
375 
376 #ifdef ENABLE_MANAGEMENT
377  const char *management_addr;
378  const char *management_port;
379  const char *management_user_pass;
384 
387 
388  /* Mask of MF_ values of manage.h */
389  unsigned int management_flags;
391 #endif
392 
393 #ifdef ENABLE_PLUGIN
395 #endif
396 
397 
398 
399 #if P2MP
400 
401  /* the tmp dir is for now only used in the P2P server context */
402  const char *tmp_dir;
406  bool server_ipv6_defined; /* IPv6 */
407  struct in6_addr server_network_ipv6; /* IPv6 */
408  unsigned int server_netbits_ipv6; /* IPv6 */
409 
410 #define SF_NOPOOL (1<<0)
411 #define SF_TCP_NODELAY_HELPER (1<<1)
412 #define SF_NO_PUSH_ROUTE_GATEWAY (1<<2)
413  unsigned int server_flags;
414 
416 
422 
430 
431  bool ifconfig_ipv6_pool_defined; /* IPv6 */
432  struct in6_addr ifconfig_ipv6_pool_base; /* IPv6 */
434 
439  const char *learn_address_script;
440  const char *client_config_dir;
442  bool disable;
445  struct iroute *iroutes;
446  struct iroute_ipv6 *iroutes_ipv6; /* IPv6 */
454  bool push_ifconfig_ipv4_blocked; /* IPv4 */
455  bool push_ifconfig_ipv6_defined; /* IPv6 */
456  struct in6_addr push_ifconfig_ipv6_local; /* IPv6 */
458  struct in6_addr push_ifconfig_ipv6_remote; /* IPv6 */
459  bool push_ifconfig_ipv6_blocked; /* IPv6 */
462  int cf_max;
463  int cf_per;
468 
477 
478 #if PORT_SHARE
479  char *port_share_host;
480  char *port_share_port;
481  const char *port_share_journal_dir;
482 #endif
483 
484  bool client;
485  bool pull; /* client pull of config options from server */
488  const char *auth_user_pass_file;
490 
492 
493 #ifdef ENABLE_MANAGEMENT
494  struct static_challenge_info sc_info;
495 #endif
496 #endif /* if P2MP */
497 
498  /* Cipher parms */
499  const char *shared_secret_file;
502  const char *ciphername;
506  const char *ncp_ciphers;
507  const char *authname;
508  int keysize;
509  const char *prng_hash;
511  const char *engine;
512  bool replay;
516  const char *packet_id_file;
518 #ifdef ENABLE_PREDICTION_RESISTANCE
519  bool use_prediction_resistance;
520 #endif
521 
522  /* TLS (control channel) parms */
525  const char *ca_file;
527  const char *ca_path;
528  const char *dh_file;
530  const char *cert_file;
532  const char *extra_certs_file;
534  const char *priv_key_file;
536  const char *pkcs12_file;
538  const char *cipher_list;
539  const char *cipher_list_tls13;
540  const char *tls_groups;
541  const char *tls_cert_profile;
542  const char *ecdh_curve;
543  const char *tls_verify;
545  const char *verify_x509_name;
546  const char *tls_export_cert;
547  const char *crl_file;
549 
550  int ns_cert_type; /* set to 0, NS_CERT_CHECK_SERVER, or NS_CERT_CHECK_CLIENT */
551  unsigned remote_cert_ku[MAX_PARMS];
552  const char *remote_cert_eku;
555  unsigned int ssl_flags; /* set to SSLF_x flags from ssl.h */
556 
557 #ifdef ENABLE_PKCS11
558  const char *pkcs11_providers[MAX_PARMS];
559  unsigned pkcs11_private_mode[MAX_PARMS];
560  bool pkcs11_protected_authentication[MAX_PARMS];
561  bool pkcs11_cert_private[MAX_PARMS];
562  int pkcs11_pin_cache_period;
563  const char *pkcs11_id;
564  bool pkcs11_id_management;
565 #endif
566 
567 #ifdef ENABLE_CRYPTOAPI
568  const char *cryptoapi_cert;
569 #endif
570  /* Per-packet timeout on control channel */
572 
573  /* Data channel key renegotiation parameters */
578 
579  /* Data channel key handshake must finalize
580  * within n seconds of handshake initiation. */
582 
583 #ifdef ENABLE_X509ALTUSERNAME
584  /* Field list used to be the username in X509 cert. */
585  char *x509_username_field[MAX_PARMS];
586 #endif
587 
588  /* Old key allowed to live n seconds after new key goes active */
590 
591  /* Shared secret used for TLS control channel authentication */
592  const char *tls_auth_file;
594 
595  /* Shared secret used for TLS control channel authenticated encryption */
596  const char *tls_crypt_file;
598 
599  /* Client-specific secret or server key used for TLS control channel
600  * authenticated encryption v2 */
601  const char *tls_crypt_v2_file;
603 
605 
607 
608  /* Allow only one session */
610 
612 
613  bool tls_exit;
614 
615  const struct x509_track *x509_track;
616 
617  /* special state parms */
619 
620 #ifdef _WIN32
621  HANDLE msg_channel;
622  const char *exit_event_name;
627  enum windows_driver_type windows_driver;
628 #endif
629 
632 
633 #ifdef HAVE_EXPORT_KEYING_MATERIAL
634  /* Keying Material Exporters [RFC 5705] */
635  const char *keying_material_exporter_label;
636  int keying_material_exporter_length;
637 #endif
638 
640  enum vlan_acceptable_frames vlan_accept;
642 
644 
645  /* Useful when packets sent by openvpn itself are not subject
646  * to the routing tables that would move packets into the tunnel. */
648 
649  /* Use RFC5705 key export to generate data channel keys */
651 };
652 
653 #define streq(x, y) (!strcmp((x), (y)))
654 
655 /*
656  * Option classes.
657  */
658 #define OPT_P_GENERAL (1<<0)
659 #define OPT_P_UP (1<<1)
660 #define OPT_P_ROUTE (1<<2)
661 #define OPT_P_IPWIN32 (1<<3)
662 #define OPT_P_SCRIPT (1<<4)
663 #define OPT_P_SETENV (1<<5)
664 #define OPT_P_SHAPER (1<<6)
665 #define OPT_P_TIMER (1<<7)
666 #define OPT_P_PERSIST (1<<8)
667 #define OPT_P_PERSIST_IP (1<<9)
668 #define OPT_P_COMP (1<<10) /* TODO */
669 #define OPT_P_MESSAGES (1<<11)
670 #define OPT_P_NCP (1<<12)
671 #define OPT_P_TLS_PARMS (1<<13) /* TODO */
672 #define OPT_P_MTU (1<<14) /* TODO */
673 #define OPT_P_NICE (1<<15)
674 #define OPT_P_PUSH (1<<16)
675 #define OPT_P_INSTANCE (1<<17)
676 #define OPT_P_CONFIG (1<<18)
677 #define OPT_P_EXPLICIT_NOTIFY (1<<19)
678 #define OPT_P_ECHO (1<<20)
679 #define OPT_P_INHERIT (1<<21)
680 #define OPT_P_ROUTE_EXTRAS (1<<22)
681 #define OPT_P_PULL_MODE (1<<23)
682 #define OPT_P_PLUGIN (1<<24)
683 #define OPT_P_SOCKBUF (1<<25)
684 #define OPT_P_SOCKFLAGS (1<<26)
685 #define OPT_P_CONNECTION (1<<27)
686 #define OPT_P_PEER_ID (1<<28)
687 #define OPT_P_INLINE (1<<29)
688 
689 #define OPT_P_DEFAULT (~(OPT_P_INSTANCE|OPT_P_PULL_MODE))
690 
691 #if P2MP
692 #define PULL_DEFINED(opt) ((opt)->pull)
693 #define PUSH_DEFINED(opt) ((opt)->push_list)
694 #endif
695 
696 #ifndef PULL_DEFINED
697 #define PULL_DEFINED(opt) (false)
698 #endif
699 
700 #ifndef PUSH_DEFINED
701 #define PUSH_DEFINED(opt) (false)
702 #endif
703 
704 #ifdef _WIN32
705 #define ROUTE_OPTION_FLAGS(o) ((o)->route_method & ROUTE_METHOD_MASK)
706 #else
707 #define ROUTE_OPTION_FLAGS(o) (0)
708 #endif
709 
710 #ifdef ENABLE_FEATURE_SHAPER
711 #define SHAPER_DEFINED(opt) ((opt)->shaper)
712 #else
713 #define SHAPER_DEFINED(opt) (false)
714 #endif
715 
716 #ifdef ENABLE_PLUGIN
717 #define PLUGIN_OPTION_LIST(opt) ((opt)->plugin_list)
718 #else
719 #define PLUGIN_OPTION_LIST(opt) (NULL)
720 #endif
721 
722 #ifdef ENABLE_MANAGEMENT
723 #define MAN_CLIENT_AUTH_ENABLED(opt) ((opt)->management_flags & MF_CLIENT_AUTH)
724 #else
725 #define MAN_CLIENT_AUTH_ENABLED(opt) (false)
726 #endif
727 
728 void parse_argv(struct options *options,
729  const int argc,
730  char *argv[],
731  const int msglevel,
732  const unsigned int permission_mask,
733  unsigned int *option_types_found,
734  struct env_set *es);
735 
736 void notnull(const char *arg, const char *description);
737 
738 void usage_small(void);
739 
740 void show_library_versions(const unsigned int flags);
741 
742 #ifdef _WIN32
743 void show_windows_version(const unsigned int flags);
744 
745 #endif
746 
747 void init_options(struct options *o, const bool init_gc);
748 
749 void uninit_options(struct options *o);
750 
751 void setenv_settings(struct env_set *es, const struct options *o);
752 
753 void show_settings(const struct options *o);
754 
755 bool string_defined_equal(const char *s1, const char *s2);
756 
757 const char *options_string_version(const char *s, struct gc_arena *gc);
758 
759 char *options_string(const struct options *o,
760  const struct frame *frame,
761  struct tuntap *tt,
762  openvpn_net_ctx_t *ctx,
763  bool remote,
764  struct gc_arena *gc);
765 
766 bool options_cmp_equal_safe(char *actual, const char *expected, size_t actual_n);
767 
768 void options_warning_safe(char *actual, const char *expected, size_t actual_n);
769 
770 bool options_cmp_equal(char *actual, const char *expected);
771 
772 void options_warning(char *actual, const char *expected);
773 
785  const char *opt_name, struct gc_arena *gc);
786 
787 
788 void options_postprocess(struct options *options);
789 
790 void pre_pull_save(struct options *o);
791 
792 void pre_pull_restore(struct options *o, struct gc_arena *gc);
793 
794 bool apply_push_options(struct options *options,
795  struct buffer *buf,
796  unsigned int permission_mask,
797  unsigned int *option_types_found,
798  struct env_set *es);
799 
800 void options_detach(struct options *o);
801 
802 void options_server_import(struct options *o,
803  const char *filename,
804  int msglevel,
805  unsigned int permission_mask,
806  unsigned int *option_types_found,
807  struct env_set *es);
808 
809 void pre_pull_default(struct options *o);
810 
811 void rol_check_alloc(struct options *options);
812 
813 int parse_line(const char *line,
814  char *p[],
815  const int n,
816  const char *file,
817  const int line_num,
818  int msglevel,
819  struct gc_arena *gc);
820 
821 /*
822  * parse/print topology coding
823  */
824 
825 int parse_topology(const char *str, const int msglevel);
826 
827 const char *print_topology(const int topology);
828 
829 /*
830  * Manage auth-retry variable
831  */
832 
833 #if P2MP
834 
835 #define AR_NONE 0
836 #define AR_INTERACT 1
837 #define AR_NOINTERACT 2
838 
839 int auth_retry_get(void);
840 
841 bool auth_retry_set(const int msglevel, const char *option);
842 
843 const char *auth_retry_print(void);
844 
845 #endif
846 
848  const char *config,
849  const int msglevel,
850  const unsigned int permission_mask,
851  unsigned int *option_types_found,
852  struct env_set *es);
853 
854 #endif /* ifndef OPTIONS_H */
void options_warning_safe(char *actual, const char *expected, size_t actual_n)
Definition: options.c:4028
bool remote_float
Definition: options.h:95
const char * tls_crypt_file
Definition: options.h:596
const char * status_file
Definition: options.h:333
const char * ecdh_curve
Definition: options.h:542
int ifconfig_pool_persist_refresh_freq
Definition: options.h:429
bool persist_remote_ip
Definition: options.h:290
int sndbuf
Definition: options.h:346
struct route_ipv6_option_list * routes_ipv6
Definition: options.h:366
const char * management_certificate
Definition: options.h:390
const char * socks_proxy_port
Definition: options.h:104
bool options_cmp_equal(char *actual, const char *expected)
Definition: options.c:3863
bool tun_mtu_defined
Definition: options.h:108
Definition: tun.h:151
bool ncp_enabled
Definition: options.h:505
unsigned int management_flags
Definition: options.h:389
struct client_nat_option_list * client_nat
Definition: options.h:371
void show_windows_version(const unsigned int flags)
Definition: options.c:4286
bool block_outside_dns
Definition: options.h:626
bool mute_replay_warnings
Definition: options.h:513
bool show_curves
Definition: options.h:222
bool push_ifconfig_ipv6_blocked
Definition: options.h:459
bool exit_event_initial_state
Definition: options.h:623
const char * cipher_list
Definition: options.h:538
bool tls_server
Definition: options.h:523
bool enable_ncp_fallback
If defined fall back to ciphername if NCP fails.
Definition: options.h:503
bool tls_crypt_v2_file_inline
Definition: options.h:602
const char * cert_file
Definition: options.h:530
const char * tls_cert_profile
Definition: options.h:541
int management_log_history_cache
Definition: options.h:380
const char * ifconfig_pool_persist_filename
Definition: options.h:428
const char * chroot_dir
Definition: options.h:306
bool allow_pull_fqdn
Definition: options.h:370
bool server_bridge_proxy_dhcp
Definition: options.h:415
const char * dev
Definition: options.h:247
int ping_rec_timeout_action
Definition: options.h:286
bool auth_token_generate
Definition: options.h:471
int foreign_option_index
Definition: options.h:618
Packet geometry parameters.
Definition: mtu.h:93
int foreign_option_index
Definition: options.h:78
const char * ca_path
Definition: options.h:527
const char * ca_file
Definition: options.h:525
bool string_defined_equal(const char *s1, const char *s2)
Definition: options.c:4340
bool extra_certs_file_inline
Definition: options.h:533
bool cert_file_inline
Definition: options.h:531
const char * tls_auth_file
Definition: options.h:592
const char * learn_address_script
Definition: options.h:439
const char * shared_secret_file
Definition: options.h:499
const char * priv_key_file
Definition: options.h:534
bool enable_c2c
Definition: options.h:460
#define RH_PORT_LEN
Definition: options.h:183
int push_ifconfig_ipv6_netbits
Definition: options.h:457
uint32_t peer_id
Definition: options.h:631
bool tls_auth_file_inline
Definition: options.h:593
struct remote_list * remote_list
Definition: options.h:233
bool tls_crypt_v2_file_inline
Definition: options.h:146
unsigned short sa_family_t
Definition: syshead.h:448
Definition: options.h:86
int renegotiate_seconds
Definition: options.h:576
bool persist_key
Definition: options.h:291
int replay_window
Definition: options.h:514
int persist_mode
Definition: options.h:215
int connect_retry_seconds
Definition: options.h:99
in_addr_t push_ifconfig_remote_netmask
Definition: options.h:449
void usage_small(void)
Definition: options.c:4278
bool ifconfig_pool_defined
Definition: options.h:424
const char * auth_retry_print(void)
Definition: options.c:4222
int rcvbuf
Definition: options.h:345
int inactivity_minimum_bytes
Definition: options.h:277
const char title_string[]
Definition: options.c:67
struct connection_list * connection_list
Definition: options.h:231
#define RH_HOST_LEN
Definition: options.h:181
const char * exit_event_name
Definition: options.h:622
bool route_noexec
Definition: options.h:361
unsigned int sockflags
Definition: options.h:353
const char * tls_crypt_file
Definition: options.h:140
const char * genkey_extra_data
Definition: options.h:226
struct http_proxy_options * http_proxy_override
Definition: options.h:240
const char * route_script
Definition: options.h:356
bool routes_defined
Definition: options.h:69
int proto_force
Definition: options.h:263
int management_state_buffer_size
Definition: options.h:382
int resolve_retry_seconds
Definition: options.h:297
int route_method
Definition: options.h:625
hash_algo_type
Types referencing specific message digest hashing algorithms.
const char * auth_token_secret_file
Definition: options.h:475
bool tls_crypt_file_inline
Definition: options.h:597
#define in_addr_t
Definition: config-msvc.h:140
const char * config
Definition: options.h:201
int route_delay
Definition: options.h:362
vlan_acceptable_frames
Definition: options.h:172
#define MAX_PARMS
Definition: options.h:51
const char * down_script
Definition: options.h:313
const char * cryptoapi_cert
Definition: options.h:568
const char * local_port
Definition: options.h:90
const char * route_predown_script
Definition: options.h:357
int cf_max
Definition: options.h:462
bool down_pre
Definition: options.h:315
int keepalive_timeout
Definition: options.h:274
void * openvpn_net_ctx_t
Definition: networking.h:26
struct route_option_list * routes
Definition: options.h:70
bool push_peer_info
Definition: options.h:611
int renegotiate_seconds_min
Definition: options.h:577
bool tls_crypt_file_inline
Definition: options.h:141
int handshake_window
Definition: options.h:581
bool allow_recursive_routing
Definition: options.h:647
in_addr_t ifconfig_pool_end
Definition: options.h:426
struct remote_host_store * rh_store
Definition: options.h:243
int parse_topology(const char *str, const int msglevel)
Definition: options.c:4141
const char * client_disconnect_script
Definition: options.h:438
int explicit_exit_notification
Definition: options.h:121
int status_file_update_freq
Definition: options.h:335
int verify_x509_type
Definition: options.h:544
unsigned int unsuccessful_attempts
Definition: options.h:237
bool auth_token_call_auth
Definition: options.h:473
const char * prng_hash
Definition: options.h:509
int scheduled_exit_interval
Definition: options.h:491
int ping_rec_timeout
Definition: options.h:280
void pre_pull_save(struct options *o)
Definition: options.c:3515
const char * pkcs12_file
Definition: options.h:536
void options_server_import(struct options *o, const char *filename, int msglevel, unsigned int permission_mask, unsigned int *option_types_found, struct env_set *es)
Definition: options.c:4946
bool ifconfig_noexec
Definition: options.h:257
bool fast_io
Definition: options.h:338
int key_direction
Definition: options.h:501
bool link_mtu_defined
Definition: options.h:112
const char * options_string_version(const char *s, struct gc_arena *gc)
Definition: options.c:4034
bool gc_owned
Definition: options.h:198
bool route_delay_defined
Definition: options.h:364
bool tls_exit
Definition: options.h:613
int key_direction
Definition: options.h:137
bool route_nopull
Definition: options.h:368
list flags
const char * tls_export_cert
Definition: options.h:546
const char * route_default_gateway
Definition: options.h:358
const char * ncp_ciphers
Definition: options.h:506
int cf_per
Definition: options.h:463
int remap_sigusr1
Definition: options.h:320
bool remote_random
Definition: options.h:245
struct client_nat_option_list * client_nat
Definition: options.h:76
bool auth_user_pass_verify_script_via_file
Definition: options.h:470
const char * tls_verify
Definition: options.h:543
bool push_ifconfig_constraint_defined
Definition: options.h:451
in_addr_t push_ifconfig_local
Definition: options.h:448
int parse_line(const char *line, char *p[], const int n, const char *file, const int line_num, int msglevel, struct gc_arena *gc)
Definition: options.c:4384
bool suppress_timestamps
Definition: options.h:323
bool crl_file_inline
Definition: options.h:548
int tun_mtu
Definition: options.h:107
const char * verify_x509_name
Definition: options.h:545
const char * socks_proxy_server
Definition: options.h:103
int ns_cert_type
Definition: options.h:550
const char * management_write_peer_info_file
Definition: options.h:383
in_addr_t server_bridge_pool_start
Definition: options.h:420
struct plugin_option_list * plugin_list
Definition: options.h:394
int proto
Definition: options.h:88
bool server_defined
Definition: options.h:403
int verbosity
Definition: options.h:326
bool show_net_up
Definition: options.h:624
int stale_routes_check_interval
Definition: options.h:466
bool show_engines
Definition: options.h:220
bool tuntap_options_defined
Definition: options.h:66
uint16_t vlan_pvid
Definition: options.h:641
int mode
Definition: options.h:206
bool show_tls_ciphers
Definition: options.h:221
bool ifconfig_ipv6_pool_defined
Definition: options.h:431
bool ccd_exclusive
Definition: options.h:441
bool ca_file_inline
Definition: options.h:526
in_addr_t push_ifconfig_constraint_netmask
Definition: options.h:453
bool occ
Definition: options.h:374
bool local_port_defined
Definition: options.h:91
int ifconfig_ipv6_netbits
Definition: options.h:255
bool tls_client
Definition: options.h:524
const char * authname
Definition: options.h:507
int shaper
Definition: options.h:260
int connect_retry_max
Definition: options.h:229
bool show_digests
Definition: options.h:219
bool genkey
Definition: options.h:223
int topology
Definition: options.h:251
struct iroute * iroutes
Definition: options.h:445
int mssfix
Definition: options.h:118
void setenv_settings(struct env_set *es, const struct options *o)
Definition: options.c:986
const char * remote_port
Definition: options.h:152
int virtual_hash_size
Definition: options.h:436
const struct x509_track * x509_track
Definition: options.h:615
unsigned __int32 uint32_t
Definition: config-msvc.h:157
const char ** ignore_unknown_option
Definition: options.h:211
int proto
Definition: options.h:153
void parse_argv(struct options *options, const int argc, char *argv[], const int msglevel, const unsigned int permission_mask, unsigned int *option_types_found, struct env_set *es)
Definition: options.c:4808
HANDLE msg_channel
Definition: options.h:621
int keysize
Definition: options.h:508
int tcp_queue_limit
Definition: options.h:444
bool client_nat_defined
Definition: options.h:75
bool auth_token_secret_file_inline
Definition: options.h:476
const char * socks_proxy_authfile
Definition: options.h:105
const char * client_config_dir
Definition: options.h:440
const char * ciphername
Definition: options.h:502
int renegotiate_bytes
Definition: options.h:574
struct http_proxy_options * http_proxy_options
Definition: options.h:102
const char * remote_cert_eku
Definition: options.h:552
bool vlan_tagging
Definition: options.h:639
in_addr_t server_bridge_ip
Definition: options.h:418
in_addr_t server_netmask
Definition: options.h:405
int prng_nonce_secret_len
Definition: options.h:510
const char * extra_certs_file
Definition: options.h:532
unsigned int ssl_flags
Definition: options.h:555
int max_routes_per_client
Definition: options.h:465
const char * lladdr
Definition: options.h:250
int renegotiate_packets
Definition: options.h:575
int n_bcast_buf
Definition: options.h:443
const char * auth_user_pass_file
Definition: options.h:488
int connect_retry_seconds_max
Definition: options.h:100
const char * management_user_pass
Definition: options.h:379
in_addr_t ifconfig_pool_start
Definition: options.h:425
bool mtu_test
Definition: options.h:265
windows_driver_type
Definition: tun.h:47
bool push_ifconfig_ipv4_blocked
Definition: options.h:454
int ping_send_timeout
Definition: options.h:279
const char * remote
Definition: options.h:94
hash_algo_type verify_hash_algo
Definition: options.h:554
const char * tls_crypt_v2_verify_script
Definition: options.h:606
int auth_retry_get(void)
Definition: options.c:4193
char * options_string_extract_option(const char *options_string, const char *opt_name, struct gc_arena *gc)
Given an OpenVPN options string, extract the value of an option.
Definition: options.c:4042
const char * tls_crypt_v2_file
Definition: options.h:601
void options_warning(char *actual, const char *expected)
Definition: options.c:3869
bool push_ifconfig_defined
Definition: options.h:447
void rol_check_alloc(struct options *options)
Definition: options.c:1410
void show_settings(const struct options *o)
Definition: options.c:1522
const char * genkey_filename
Definition: options.h:225
const char * ifconfig_ipv6_remote
Definition: options.h:256
bool resolve_in_advance
Definition: options.h:298
const char * writepid
Definition: options.h:311
const char * ifconfig_ipv6_local
Definition: options.h:254
const char * tls_groups
Definition: options.h:540
const char * management_port
Definition: options.h:378
bool log
Definition: options.h:322
const char * client_connect_script
Definition: options.h:437
const char * cd_dir
Definition: options.h:307
int inactivity_timeout
Definition: options.h:276
const char * up_script
Definition: options.h:312
const char * ipchange
Definition: options.h:246
unsigned int flags
Definition: options.h:132
bool forward_compatible
Definition: options.h:209
bool ifconfig_nowarn
Definition: options.h:258
in_addr_t ifconfig_pool_netmask
Definition: options.h:427
void pre_pull_restore(struct options *o, struct gc_arena *gc)
Definition: options.c:3542
void options_string_import(struct options *options, const char *config, const int msglevel, const unsigned int permission_mask, unsigned int *option_types_found, struct env_set *es)
Definition: options.c:4966
bool client
Definition: options.h:484
bool pkcs12_file_inline
Definition: options.h:537
bool disable
Definition: options.h:442
const char * remote_port
Definition: options.h:92
bool user_script_used
Definition: options.h:314
int push_continuation
Definition: options.h:486
void init_options(struct options *o, const bool init_gc)
Definition: options.c:790
const char * ip_remote_hint
Definition: options.h:299
const char * key_pass_file
Definition: options.h:217
int nice
Definition: options.h:325
unsigned int push_option_types_found
Definition: options.h:487
unsigned __int8 uint8_t
Definition: config-msvc.h:159
const char * tmp_dir
Definition: options.h:402
int route_default_metric
Definition: options.h:360
int max_clients
Definition: options.h:464
bool no_advance
Definition: options.h:235
int transition_window
Definition: options.h:589
bool mlock
Definition: options.h:271
const char * remote
Definition: options.h:151
bool show_ciphers
Definition: options.h:218
int status_file_version
Definition: options.h:334
const char * local
Definition: options.h:93
struct options_pre_pull * pre_pull
Definition: options.h:489
int route_delay_window
Definition: options.h:363
char * bind_dev
Definition: options.h:350
bool up_delay
Definition: options.h:316
int keepalive_ping
Definition: options.h:273
bool push_ifconfig_ipv6_defined
Definition: options.h:455
int replay_time
Definition: options.h:515
bool routes_ipv6_defined
Definition: options.h:72
const char * dev_node
Definition: options.h:249
sa_family_t af
Definition: options.h:154
int connect_timeout
Definition: options.h:101
Wrapper structure for dynamically allocated memory.
Definition: buffer.h:60
void options_postprocess(struct options *options)
Definition: options.c:3499
in_addr_t server_network
Definition: options.h:404
const char * cipher_list_tls13
Definition: options.h:539
int real_hash_size
Definition: options.h:435
in_addr_t push_ifconfig_local_alias
Definition: options.h:450
const char * print_topology(const int topology)
Definition: options.c:4163
bool apply_push_options(struct options *options, struct buffer *buf, unsigned int permission_mask, unsigned int *option_types_found, struct env_set *es)
Definition: options.c:4916
const char * auth_user_pass_verify_script
Definition: options.h:469
const char * tls_crypt_v2_metadata
Definition: options.h:604
genkey_type
Definition: options.h:187
Definition: route.h:235
int mute
Definition: options.h:327
struct route_option_list * routes
Definition: options.h:365
struct iroute_ipv6 * iroutes_ipv6
Definition: options.h:446
const char * management_addr
Definition: options.h:377
int tun_mtu_extra
Definition: options.h:109
struct pull_filter_list * pull_filter_list
Definition: options.h:643
struct route_ipv6_option_list * routes_ipv6
Definition: options.h:73
bool options_cmp_equal_safe(char *actual, const char *expected, size_t actual_n)
Definition: options.c:4005
unsigned int server_flags
Definition: options.h:413
unsigned __int16 uint16_t
Definition: config-msvc.h:158
bool machine_readable_output
Definition: options.h:324
bool daemon
Definition: options.h:318
Garbage collection arena used to keep track of dynamically allocated memory.
Definition: buffer.h:116
bool single_session
Definition: options.h:609
sa_family_t af
Definition: options.h:89
char * options_string(const struct options *o, const struct frame *frame, struct tuntap *tt, openvpn_net_ctx_t *ctx, bool remote, struct gc_arena *gc)
Definition: options.c:3664
const char * management_client_group
Definition: options.h:386
void show_library_versions(const unsigned int flags)
Definition: options.c:4295
int tls_timeout
Definition: options.h:571
bool auth_token_gen_secret_file
Definition: options.h:472
bool bind_local
Definition: options.h:98
bool use_peer_id
Definition: options.h:630
unsigned int server_netbits_ipv6
Definition: options.h:408
const char * ifconfig_local
Definition: options.h:252
bool pull
Definition: options.h:485
int mtu_discover_type
Definition: options.h:115
void pre_pull_default(struct options *o)
int auth_token_lifetime
Definition: options.h:474
void notnull(const char *arg, const char *description)
Definition: options.c:4331
bool bind_ipv6_only
Definition: options.h:97
Definition: options.h:149
const char * packet_id_file
Definition: options.h:516
bool server_ipv6_defined
Definition: options.h:406
const char * dh_file
Definition: options.h:528
void options_detach(struct options *o)
Definition: options.c:1401
const char * management_client_user
Definition: options.h:385
const char * tls_auth_file
Definition: options.h:135
Definition: argv.h:35
bool ping_timer_remote
Definition: options.h:281
bool mssfix_default
Definition: options.h:119
bool tls_auth_file_inline
Definition: options.h:136
uint8_t * verify_hash
Definition: options.h:553
in_addr_t server_bridge_pool_end
Definition: options.h:421
in_addr_t push_ifconfig_constraint_network
Definition: options.h:452
bool auth_retry_set(const int msglevel, const char *option)
Definition: options.c:4199
bool persist_config
Definition: options.h:214
bool replay
Definition: options.h:512
bool test_crypto
Definition: options.h:517
bool persist_tun
Definition: options.h:288
const char * groupname
Definition: options.h:305
bool tun_mtu_extra_defined
Definition: options.h:110
bool block_ipv6
Definition: options.h:367
bool dh_file_inline
Definition: options.h:529
bool duplicate_cn
Definition: options.h:461
int stale_routes_ageing_time
Definition: options.h:467
const char * engine
Definition: options.h:511
int management_echo_buffer_size
Definition: options.h:381
#define CONNECTION_LIST_SIZE
Definition: options.h:157
const char * ifconfig_remote_netmask
Definition: options.h:253
in_addr_t server_bridge_netmask
Definition: options.h:419
bool server_bridge_defined
Definition: options.h:417
bool bind_defined
Definition: options.h:96
int mark
Definition: options.h:349
const char * username
Definition: options.h:304
bool shared_secret_file_inline
Definition: options.h:500
bool priv_key_file_inline
Definition: options.h:535
void uninit_options(struct options *o)
Definition: options.c:900
int ifconfig_ipv6_pool_netbits
Definition: options.h:433
int fragment
Definition: options.h:117
const char * dev_type
Definition: options.h:248
bool route_gateway_via_dhcp
Definition: options.h:369
bool up_restart
Definition: options.h:317
const char * route_ipv6_default_gateway
Definition: options.h:359
int link_mtu
Definition: options.h:111
const char * tls_crypt_v2_file
Definition: options.h:145
bool persist_local_ip
Definition: options.h:289
bool data_channel_use_ekm
Definition: options.h:650
const char * crl_file
Definition: options.h:547