openvpn/options_8h_source.html

/*

 *  OpenVPN -- An application to securely tunnel IP networks

 *             over a single UDP port, with support for SSL/TLS-based

 *             session authentication and key exchange,

 *             packet encryption, packet authentication, and

 *             packet compression.

 *

 *  Copyright (C) 2002-2026 OpenVPN Inc <sales@openvpn.net>

 *

 *  This program is free software; you can redistribute it and/or modify

 *  it under the terms of the GNU General Public License version 2

 *  as published by the Free Software Foundation.

 *

 *  This program is distributed in the hope that it will be useful,

 *  but WITHOUT ANY WARRANTY; without even the implied warranty of

 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

 *  GNU General Public License for more details.

 *

 *  You should have received a copy of the GNU General Public License along

 *  with this program; if not, see <https://www.gnu.org/licenses/>.

 */


/*

 * 2004-01-28: Added Socks5 proxy support

 *   (Christof Meerwald, https://cmeerw.org)

 */


#ifndef OPTIONS_H

#define OPTIONS_H


#include "basic.h"

#include "common.h"

#include "mtu.h"

#include "route.h"

#include "tun.h"

#include "socket_util.h"

#include "plugin.h"

#include "manage.h"

#include "proxy.h"

#include "comp.h"

#include "pushlist.h"

#include "clinat.h"

#include "crypto_backend.h"

#include "dns.h"


/*

 * Maximum number of parameters associated with an option,

 * including the option name itself.

 */

#define MAX_PARMS 16


/*

 * Max size of options line and parameter.

 */

#define OPTION_PARM_SIZE 256

#define OPTION_LINE_SIZE 256


extern const char title_string[];


/* certain options are saved before --pull modifications are applied */


struct options_pre_connect

{

    bool tuntap_options_defined;

    struct tuntap_options tuntap_options;


    const char *ifconfig_local;

    const char *ifconfig_ipv6_local;


    bool routes_defined;

    struct route_option_list *routes;


    bool routes_ipv6_defined;

    struct route_ipv6_option_list *routes_ipv6;


    const char *route_default_gateway;

    const char *route_ipv6_default_gateway;


    bool client_nat_defined;

    struct client_nat_option_list *client_nat;


    struct dns_options dns_options;


    const char *ciphername;

    const char *authname;


    int ping_send_timeout;

    int ping_rec_timeout;

    int ping_rec_timeout_action;


    int foreign_option_index;

    struct compress_options comp;

};


#if !defined(ENABLE_CRYPTO_OPENSSL) && !defined(ENABLE_CRYPTO_MBEDTLS)

#error "At least one of OpenSSL or mbed TLS needs to be defined."

#endif


struct local_entry

{

    const char *local;

    const char *port;

    int proto;

};


struct connection_entry

{

    struct local_list *local_list;

    int proto;

    sa_family_t af;

    const char *local_port;

    bool local_port_defined;

    const char *remote_port;

    const char *remote;

    bool remote_float;

    bool bind_defined;

    bool bind_ipv6_only;

    bool bind_local;

    int connect_retry_seconds;

    int connect_retry_seconds_max;

    int connect_timeout;

    struct http_proxy_options *http_proxy_options;

    const char *socks_proxy_server;

    const char *socks_proxy_port;

    const char *socks_proxy_authfile;


    int tun_mtu;          /* MTU of tun device */

    int occ_mtu;          /* if non-null, this is the MTU we announce to peers in OCC */

    int tun_mtu_max;      /* maximum MTU that can be pushed */


    bool tun_mtu_defined; /* true if user overriding parm with command line option */

    int tun_mtu_extra;

    bool tun_mtu_extra_defined;

    int link_mtu;          /* MTU of device over which tunnel packets pass via TCP/UDP */

    bool link_mtu_defined; /* true if user overriding parm with command line option */

    int tls_mtu;           /* Maximum MTU for the control channel messages */


    /* Advanced MTU negotiation and datagram fragmentation options */

    int mtu_discover_type;          /* used if OS supports setting Path MTU discovery options on socket */


    int fragment;                   /* internal fragmentation size */

    bool fragment_encap;            /* true if --fragment had the "mtu" parameter to

                                     * include overhead from IP and TCP/UDP encapsulation */

    int mssfix;                     /* Upper bound on TCP MSS */

    bool mssfix_default;            /* true if --mssfix should use the default parameters */

    bool mssfix_encap;              /* true if --mssfix had the "mtu" parameter to include

                                     * overhead from IP and TCP/UDP encapsulation */

    bool mssfix_fixed;              /* use the mssfix value without any encapsulation adjustments */


    int explicit_exit_notification; /* Explicitly tell peer when we are exiting via OCC_EXIT or

                                       [RESTART] message */


#define CE_DISABLED                (1u << 0)

#define CE_MAN_QUERY_PROXY         (1u << 1)

#define CE_MAN_QUERY_REMOTE_UNDEF  0

#define CE_MAN_QUERY_REMOTE_QUERY  1

#define CE_MAN_QUERY_REMOTE_ACCEPT 2

#define CE_MAN_QUERY_REMOTE_MOD    3

#define CE_MAN_QUERY_REMOTE_SKIP   4

#define CE_MAN_QUERY_REMOTE_MASK   (0x07u)

#define CE_MAN_QUERY_REMOTE_SHIFT  (2)

    unsigned int flags;


    /* Shared secret used for TLS control channel authentication */

    const char *tls_auth_file;

    bool tls_auth_file_inline;

    int key_direction;


    /* Shared secret used for TLS control channel authenticated encryption */

    const char *tls_crypt_file;

    bool tls_crypt_file_inline;


    /* Client-specific secret or server key used for TLS control channel

     * authenticated encryption v2 */

    const char *tls_crypt_v2_file;

    bool tls_crypt_v2_file_inline;


    /* Allow only client that support resending the wrapped client key */

    bool tls_crypt_v2_force_cookie;

};


struct remote_entry

{

    const char *remote;

    const char *remote_port;

    int proto;

    sa_family_t af;

};


#define CONNECTION_LIST_SIZE 64


struct local_list

{

    int capacity;

    int len;

    struct local_entry **array;

};


struct connection_list

{

    int capacity;

    int len;

    int current;

    struct connection_entry **array;

};


struct remote_list

{

    int capacity;

    int len;

    struct remote_entry **array;

};


struct provider_list

{

    /* Names of the providers */

    const char *names[MAX_PARMS];

    /* Pointers to the loaded providers to unload them */

    provider_t *providers[MAX_PARMS];

};


enum vlan_acceptable_frames

{

    VLAN_ONLY_TAGGED,

    VLAN_ONLY_UNTAGGED_OR_PRIORITY,

    VLAN_ALL,

};


struct remote_host_store

{

#define RH_HOST_LEN 80

    char host[RH_HOST_LEN];

#define RH_PORT_LEN 20

    char port[RH_PORT_LEN];

};


enum genkey_type

{

    GENKEY_SECRET,

    GENKEY_TLS_CRYPTV2_CLIENT,

    GENKEY_TLS_CRYPTV2_SERVER,

    GENKEY_AUTH_TOKEN

};


struct verify_hash_list

{

    /* We support SHA256 and SHA1 fingerpint. In the case of using the

     * deprecated SHA1, only the first 20 bytes of each list item are used */

    uint8_t hash[SHA256_DIGEST_LENGTH];

    struct verify_hash_list *next;

};


/* Command line options */


struct options

{

    struct gc_arena gc;


    /* first config file */

    const char *config;


    /* major mode */

#define MODE_POINT_TO_POINT 0

#define MODE_SERVER         1

    int mode;


    /* enable forward compatibility for post-2.1 features */

    bool forward_compatible;

    unsigned int backwards_compatible;


    /* list of options that should be ignored even if unknown */

    const char **ignore_unknown_option;


    /* persist parms */

    bool persist_config;

    int persist_mode;


    const char *key_pass_file;

    bool show_ciphers;

    bool show_digests;

    bool show_engines;

    bool show_tls_ciphers;

    bool show_curves;

    bool genkey;

    enum genkey_type genkey_type;

    const char *genkey_filename;

    const char *genkey_extra_data;


    /* Networking parms */

    int connect_retry_max;

    struct connection_entry ce;

    struct connection_list *connection_list;


    struct remote_list *remote_list;

    /* Do not advance the connection or remote addr list */

    bool no_advance;

    /* Advance directly to the next remote, skipping remaining addresses of the

     * current remote */

    bool advance_next_remote;

    /* Counts the number of unsuccessful connection attempts */

    unsigned int unsuccessful_attempts;

    /* count of connection entries to advance by when no_advance is not set */

    int ce_advance_count;

    /* the server can suggest a backoff time to the client, it

     * will still be capped by the max timeout between connections

     * (300s by default) */

    int server_backoff_time;


#if ENABLE_MANAGEMENT

    struct http_proxy_options *http_proxy_override;

#endif


    struct remote_host_store *rh_store;


    struct dns_options dns_options;


    bool remote_random;

    const char *ipchange;

    const char *dev;

    const char *dev_type;

    const char *dev_node;

    const char *lladdr;

    int topology; /* one of the TOP_x values from proto.h */

    const char *ifconfig_local;

    const char *ifconfig_remote_netmask;

    const char *ifconfig_ipv6_local;

    int ifconfig_ipv6_netbits;

    const char *ifconfig_ipv6_remote;

    bool ifconfig_noexec;

    bool ifconfig_nowarn;

    int shaper;


    int proto_force;


    bool mtu_test;


    bool mlock;


    int keepalive_ping; /* a proxy for ping/ping-restart */

    int keepalive_timeout;


    int inactivity_timeout; /* --inactive */

    int64_t inactivity_minimum_bytes;


    int session_timeout;    /* Force-kill session after n seconds */


    int ping_send_timeout;  /* Send a TCP/UDP ping to remote every n seconds */

    int ping_rec_timeout;   /* Expect a TCP/UDP ping from remote at least once every n seconds */

    bool ping_timer_remote; /* Run ping timer only if we have a remote address */


#define PING_UNDEF   0

#define PING_EXIT    1

#define PING_RESTART 2

    int ping_rec_timeout_action; /* What action to take on ping_rec_timeout (exit or restart)? */


    bool persist_tun;            /* Don't close/reopen TUN/TAP dev on SIGUSR1 or PING_RESTART */

    bool persist_local_ip;       /* Don't re-resolve local address on SIGUSR1 or PING_RESTART */

    bool persist_remote_ip;      /* Don't re-resolve remote address on SIGUSR1 or PING_RESTART */


#if PASSTOS_CAPABILITY

    bool passtos;

#endif


    int resolve_retry_seconds; /* If hostname resolve fails, retry for n seconds */

    bool resolve_in_advance;

    const char *ip_remote_hint;


    struct tuntap_options tuntap_options;

    /* DCO is disabled and should not be used as backend driver for the

     * tun/tap device */

    bool disable_dco;


    /* Misc parms */

    const char *username;

    const char *groupname;

    const char *chroot_dir;

    const char *cd_dir;

#ifdef ENABLE_SELINUX

    char *selinux_context;

#endif

    const char *writepid;

    const char *up_script;

    const char *down_script;

    bool user_script_used;

    bool down_pre;

    bool up_delay;

    bool up_restart;

    bool daemon;


    int remap_sigusr1;


    bool log;

    bool suppress_timestamps;

    bool machine_readable_output;

    int nice;

    int verbosity;

    int mute;


#ifdef ENABLE_DEBUG

    int gremlin;

#endif


    const char *status_file;

    int status_file_version;

    int status_file_update_freq;


    struct compress_options comp;


    /* buffer sizes */

    int rcvbuf;

    int sndbuf;


    /* mark value */

    int mark;

    char *bind_dev;


    /* socket flags */

    unsigned int sockflags;


    /* route management */

    const char *route_script;

    const char *route_predown_script;

    const char *route_default_gateway;

    const char *route_ipv6_default_gateway;

    int route_default_table_id;

    int route_default_metric;

    bool route_noexec;

    int route_delay;

    int route_delay_window;

    bool route_delay_defined;

    struct route_option_list *routes;

    struct route_ipv6_option_list *routes_ipv6; /* IPv6 */

    bool block_ipv6;

    bool route_nopull;

    bool route_gateway_via_dhcp;

    bool allow_pull_fqdn; /* as a client, allow server to push a FQDN for certain parameters */

    struct client_nat_option_list *client_nat;


    /* Enable options consistency check between peers */

    bool occ;


#ifdef ENABLE_MANAGEMENT

    const char *management_addr;

    const char *management_port;

    const char *management_user_pass;

    int management_log_history_cache;

    int management_echo_buffer_size;

    int management_state_buffer_size;


    const char *management_client_user;

    const char *management_client_group;


    const char *management_certificate;

#endif

    /* Mask of MF_ values of manage.h */

    unsigned int management_flags;


#ifdef ENABLE_PLUGIN

    struct plugin_option_list *plugin_list;

#endif


    /* the tmp dir is for now only used in the P2P server context */

    const char *tmp_dir;

    bool server_defined;

    in_addr_t server_network;

    in_addr_t server_netmask;

    bool server_ipv6_defined;            /* IPv6 */

    struct in6_addr server_network_ipv6; /* IPv6 */

    unsigned int server_netbits_ipv6;    /* IPv6 */


#define SF_NOPOOL                (1 << 0)

#define SF_TCP_NODELAY_HELPER    (1 << 1)

#define SF_NO_PUSH_ROUTE_GATEWAY (1 << 2)

    unsigned int server_flags;


    bool server_bridge_proxy_dhcp;


    bool server_bridge_defined;

    in_addr_t server_bridge_ip;

    in_addr_t server_bridge_netmask;

    in_addr_t server_bridge_pool_start;

    in_addr_t server_bridge_pool_end;


    struct push_list push_list;

    bool ifconfig_pool_defined;

    in_addr_t ifconfig_pool_start;

    in_addr_t ifconfig_pool_end;

    in_addr_t ifconfig_pool_netmask;

    const char *ifconfig_pool_persist_filename;

    int ifconfig_pool_persist_refresh_freq;


    bool ifconfig_ipv6_pool_defined;         /* IPv6 */

    struct in6_addr ifconfig_ipv6_pool_base; /* IPv6 */

    int ifconfig_ipv6_pool_netbits;          /* IPv6 */


    uint32_t real_hash_size;

    uint32_t virtual_hash_size;

    const char *client_connect_script;

    const char *client_disconnect_script;

    const char *learn_address_script;

    const char *client_crresponse_script;

    const char *client_config_dir;

    bool ccd_exclusive;

    bool disable;

    const char *override_username;

    int n_bcast_buf;

    int tcp_queue_limit;

    struct iroute *iroutes;

    struct iroute_ipv6 *iroutes_ipv6; /* IPv6 */

    bool push_ifconfig_defined;

    in_addr_t push_ifconfig_local;

    in_addr_t push_ifconfig_remote_netmask;

    in_addr_t push_ifconfig_local_alias;

    bool push_ifconfig_constraint_defined;

    in_addr_t push_ifconfig_constraint_network;

    in_addr_t push_ifconfig_constraint_netmask;

    bool push_ifconfig_ipv4_blocked;           /* IPv4 */

    bool push_ifconfig_ipv6_defined;           /* IPv6 */

    struct in6_addr push_ifconfig_ipv6_local;  /* IPv6 */

    int push_ifconfig_ipv6_netbits;            /* IPv6 */

    struct in6_addr push_ifconfig_ipv6_remote; /* IPv6 */

    bool push_ifconfig_ipv6_blocked;           /* IPv6 */

    bool enable_c2c;

    bool duplicate_cn;


    int cf_max;

    int cf_per;


    int cf_initial_max;

    int cf_initial_per;


    int max_clients;

    int max_routes_per_client;

    int stale_routes_check_interval;

    int stale_routes_ageing_time;


    const char *auth_user_pass_verify_script;

    bool auth_user_pass_verify_script_via_file;

    bool auth_token_generate;

    bool auth_token_call_auth;

    int auth_token_lifetime;

    int auth_token_renewal;

    const char *auth_token_secret_file;

    bool auth_token_secret_file_inline;


#if PORT_SHARE

    char *port_share_host;

    char *port_share_port;

    const char *port_share_journal_dir;

#endif


    bool client;

    bool pull; /* client pull of config options from server */

    int push_continuation;

    unsigned int push_option_types_found;

    unsigned int push_update_options_found; /* tracks which option types have been reset in current PUSH_UPDATE sequence */

    const char *auth_user_pass_file;

    bool auth_user_pass_file_inline;

    struct options_pre_connect *pre_connect;


    int scheduled_exit_interval;


#ifdef ENABLE_MANAGEMENT

    struct static_challenge_info sc_info;

#endif

    /* Cipher parms */

    const char *shared_secret_file;

    bool shared_secret_file_inline;

    bool allow_deprecated_insecure_static_crypto;

    int key_direction;

    const char *ciphername;

    bool enable_ncp_fallback;

    const char *ncp_ciphers_conf;

    const char *ncp_ciphers;

    const char *authname;

    const char *engine;

    struct provider_list providers;

    bool mute_replay_warnings;

    int replay_window;

    int replay_time;

    const char *packet_id_file;

    bool test_crypto;


    /* TLS (control channel) parms */

    bool tls_server;

    bool tls_client;

    const char *ca_file;

    bool ca_file_inline;

    const char *ca_path;

    const char *dh_file;

    bool dh_file_inline;

    const char *cert_file;

    bool cert_file_inline;

    const char *extra_certs_file;

    bool extra_certs_file_inline;

    const char *priv_key_file;

    bool priv_key_file_inline;

    const char *pkcs12_file;

    bool pkcs12_file_inline;

    const char *cipher_list;

    const char *cipher_list_tls13;

    const char *tls_groups;

    const char *tls_cert_profile;

    const char *ecdh_curve;

    const char *tls_verify;

    const char *tls_export_peer_cert_dir;

    int verify_x509_type;

    const char *verify_x509_name;

    const char *crl_file;

    bool crl_file_inline;


    int ns_cert_type; /* set to 0, NS_CERT_CHECK_SERVER, or NS_CERT_CHECK_CLIENT */

    unsigned remote_cert_ku[MAX_PARMS];

    const char *remote_cert_eku;

    struct verify_hash_list *verify_hash;

    hash_algo_type verify_hash_algo;

    int verify_hash_depth;

    bool verify_hash_no_ca;

    unsigned int ssl_flags; /* set to SSLF_x flags from ssl.h */


#ifdef ENABLE_PKCS11

    const char *pkcs11_providers[MAX_PARMS];

    unsigned pkcs11_private_mode[MAX_PARMS];

    bool pkcs11_protected_authentication[MAX_PARMS];

    bool pkcs11_cert_private[MAX_PARMS];

    int pkcs11_pin_cache_period;

    const char *pkcs11_id;

    bool pkcs11_id_management;

#endif


#ifdef ENABLE_CRYPTOAPI

    const char *cryptoapi_cert;

#endif

    /* Per-packet timeout on control channel */

    int tls_timeout;


    /* Data channel key renegotiation parameters */

    int64_t renegotiate_bytes;

    int64_t renegotiate_packets;

    int renegotiate_seconds;

    int renegotiate_seconds_min;


    /* Data channel key handshake must finalize

     * within n seconds of handshake initiation. */

    int handshake_window;


    /* Field list used to be the username in X509 cert. */

    char *x509_username_field[MAX_PARMS];


    /* Old key allowed to live n seconds after new key goes active */

    int transition_window;


    /* Shared secret used for TLS control channel authentication */

    const char *tls_auth_file;

    bool tls_auth_file_inline;


    /* Shared secret used for TLS control channel authenticated encryption */

    const char *tls_crypt_file;

    bool tls_crypt_file_inline;


    /* Client-specific secret or server key used for TLS control channel

     * authenticated encryption v2 */

    const char *tls_crypt_v2_file;

    bool tls_crypt_v2_file_inline;


    const char *tls_crypt_v2_metadata;


    const char *tls_crypt_v2_verify_script;


    int tls_crypt_v2_max_age;


    /* Allow only one session */

    bool single_session;


    bool push_peer_info;


    bool tls_exit;


    const struct x509_track *x509_track;


    /* special state parms */

    int foreign_option_index;


#ifdef _WIN32

    HANDLE msg_channel;

    const char *exit_event_name;

    bool exit_event_initial_state;

    bool show_net_up;

    int route_method;

    bool block_outside_dns;

    enum tun_driver_type windows_driver;

#endif


    bool use_peer_id;

    uint32_t peer_id;


    /* Keying Material Exporters [RFC 5705] */

    const char *keying_material_exporter_label;

    int keying_material_exporter_length;

    /* force using TLS key material export for data channel key generation */

    bool force_key_material_export;


    bool vlan_tagging;

    enum vlan_acceptable_frames vlan_accept;

    uint16_t vlan_pvid;


    struct pull_filter_list *pull_filter_list;


    /* Useful when packets sent by openvpn itself are not subject

     * to the routing tables that would move packets into the tunnel. */

    bool allow_recursive_routing;


    /* data channel crypto flags set by push/pull. Reuses the CO_* crypto_flags */

    unsigned int imported_protocol_flags;

};


#define streq(x, y) (!strcmp((x), (y)))


/*

 * Option classes.

 */

#define OPT_P_GENERAL         (1u << 0)

#define OPT_P_UP              (1u << 1)

#define OPT_P_ROUTE           (1u << 2)

#define OPT_P_DHCPDNS         (1u << 3) /* includes ip windows options like */

#define OPT_P_SCRIPT          (1u << 4)

#define OPT_P_SETENV          (1u << 5)

#define OPT_P_SHAPER          (1u << 6)

#define OPT_P_TIMER           (1u << 7)

#define OPT_P_PERSIST         (1u << 8)

#define OPT_P_PERSIST_IP      (1u << 9)

#define OPT_P_COMP            (1u << 10) /* TODO */

#define OPT_P_MESSAGES        (1u << 11)

#define OPT_P_NCP             (1u << 12)

#define OPT_P_TLS_PARMS       (1u << 13) /* TODO */

#define OPT_P_MTU             (1u << 14) /* TODO */

#define OPT_P_NICE            (1u << 15)

#define OPT_P_PUSH            (1u << 16)

#define OPT_P_INSTANCE        (1u << 17)

#define OPT_P_CONFIG          (1u << 18)

#define OPT_P_EXPLICIT_NOTIFY (1u << 19)

#define OPT_P_ECHO            (1u << 20)

#define OPT_P_INHERIT         (1u << 21)

#define OPT_P_ROUTE_EXTRAS    (1u << 22)

#define OPT_P_PULL_MODE       (1u << 23)

#define OPT_P_PLUGIN          (1u << 24)

#define OPT_P_SOCKBUF         (1u << 25)

#define OPT_P_SOCKFLAGS       (1u << 26)

#define OPT_P_CONNECTION      (1u << 27)

#define OPT_P_PEER_ID         (1u << 28)

#define OPT_P_INLINE          (1u << 29)

#define OPT_P_PUSH_MTU        (1u << 30)

#define OPT_P_ROUTE_TABLE     (1u << 31)


#define OPT_P_DEFAULT (~(OPT_P_INSTANCE | OPT_P_PULL_MODE))


#define PULL_DEFINED(opt) ((opt)->pull)


#ifdef _WIN32

#define ROUTE_OPTION_FLAGS(o) ((o)->route_method & ROUTE_METHOD_MASK)

#else

#define ROUTE_OPTION_FLAGS(o) (0)

#endif


#define SHAPER_DEFINED(opt) ((opt)->shaper)


#ifdef ENABLE_PLUGIN

#define PLUGIN_OPTION_LIST(opt) ((opt)->plugin_list)

#else

#define PLUGIN_OPTION_LIST(opt) (NULL)

#endif


#ifdef ENABLE_MANAGEMENT

#define MAN_CLIENT_AUTH_ENABLED(opt) ((opt)->management_flags & MF_CLIENT_AUTH)

#else

#define MAN_CLIENT_AUTH_ENABLED(opt) (false)

#endif


/*

 * some PUSH_UPDATE options

 */

#define OPT_P_U_ROUTE         (1 << 0)

#define OPT_P_U_ROUTE6        (1 << 1)

#define OPT_P_U_DNS           (1 << 2)

#define OPT_P_U_DHCP          (1 << 3)

#define OPT_P_U_REDIR_GATEWAY (1 << 4)


struct pull_filter

{

#define PUF_TYPE_UNDEF  0

#define PUF_TYPE_ACCEPT 1

#define PUF_TYPE_IGNORE 2

#define PUF_TYPE_REJECT 3

    int type;

    size_t size;

    char *pattern;

    struct pull_filter *next;

};


struct pull_filter_list

{

    struct pull_filter *head;

    struct pull_filter *tail;

};


void add_option(struct options *options, char *p[], bool is_inline, const char *file,

                int line, const int level, const msglvl_t msglevel,

                const unsigned int permission_mask, unsigned int *option_types_found,

                struct env_set *es);


void remove_option(struct context *c, struct options *options, char *p[], bool is_inline,

                   const char *file, int line, const msglvl_t msglevel,

                   const unsigned int permission_mask, unsigned int *option_types_found,

                   struct env_set *es);


void update_option(struct context *c, struct options *options, char *p[], bool is_inline,

                   const char *file, int line, const int level, const msglvl_t msglevel,

                   const unsigned int permission_mask, unsigned int *option_types_found,

                   struct env_set *es);


void parse_argv(struct options *options, const int argc, char *argv[], const msglvl_t msglevel,

                const unsigned int permission_mask, unsigned int *option_types_found,

                struct env_set *es);


void read_config_file(struct options *options, const char *file, int level, const char *top_file,

                      const int top_line, const msglvl_t msglevel,

                      const unsigned int permission_mask, unsigned int *option_types_found,

                      struct env_set *es);


void read_config_string(const char *prefix, struct options *options, const char *config,

                        const msglvl_t msglevel, const unsigned int permission_mask,

                        unsigned int *option_types_found, struct env_set *es);


void notnull(const char *arg, const char *description);


void usage_small(void);


void usage(void);


void show_library_versions(const unsigned int flags);


#ifdef _WIN32

void show_windows_version(const unsigned int flags);


#endif


void show_dco_version(const unsigned int flags);


void init_options(struct options *o);


void uninit_options(struct options *o);


void setenv_settings(struct env_set *es, const struct options *o);


void show_settings(const struct options *o);


bool string_defined_equal(const char *s1, const char *s2);


const char *options_string_version(const char *s, struct gc_arena *gc);


char *options_string(const struct options *o, const struct frame *frame, struct tuntap *tt,

                     openvpn_net_ctx_t *ctx, bool remote, struct gc_arena *gc);


bool options_cmp_equal_safe(char *actual, const char *expected, size_t actual_n);


void options_warning_safe(char *actual, const char *expected, size_t actual_n);


bool options_cmp_equal(char *actual, const char *expected);


void options_warning(char *actual, const char *expected);


char *options_string_extract_option(const char *options_string, const char *opt_name,

                                    struct gc_arena *gc);


void options_postprocess(struct options *options, struct env_set *es);


bool options_postprocess_pull(struct options *o, struct env_set *es);


void pre_connect_restore(struct options *o, struct gc_arena *gc);


bool apply_push_options(struct context *c, struct options *options, struct buffer *buf,

                        unsigned int permission_mask, unsigned int *option_types_found,

                        struct env_set *es, bool is_update);


void options_detach(struct options *o);


void options_server_import(struct options *o, const char *filename, msglvl_t msglevel,

                           unsigned int permission_mask, unsigned int *option_types_found,

                           struct env_set *es);


void pre_pull_default(struct options *o);


void rol_check_alloc(struct options *options);


int parse_line(const char *line, char *p[], const int n, const char *file, const int line_num,

               msglvl_t msglevel, struct gc_arena *gc);


/*

 * parse/print topology coding

 */


int parse_topology(const char *str, const msglvl_t msglevel);


const char *print_topology(const int topology);


/*

 * Manage auth-retry variable

 */


#define AR_NONE       0

#define AR_INTERACT   1

#define AR_NOINTERACT 2


int auth_retry_get(void);


bool auth_retry_set(const msglvl_t msglevel, const char *option);


const char *auth_retry_print(void);


void options_string_import(struct options *options, const char *config, const msglvl_t msglevel,

                           const unsigned int permission_mask, unsigned int *option_types_found,

                           struct env_set *es);


bool key_is_external(const struct options *options);


bool has_udp_in_local_list(const struct options *options);


static inline bool


dco_enabled(const struct options *o)

{

#ifdef ENABLE_DCO

    return !o->disable_dco;

#else

    return false;

#endif /* ENABLE_DCO */

}


#endif /* ifndef OPTIONS_H */

clinat.h

common.h

comp.h

crypto_backend.h
Data Channel Cryptography SSL library-specific backend interface.

hash_algo_type
hash_algo_type
Types referencing specific message digest hashing algorithms.
Definition crypto_backend.h:59

SHA256_DIGEST_LENGTH
#define SHA256_DIGEST_LENGTH
Definition crypto_mbedtls.h:64

provider_t
void provider_t
Definition crypto_mbedtls.h:66

dns.h

manage.h

mtu.h

openvpn_net_ctx_t
void * openvpn_net_ctx_t
Definition networking.h:38

msglvl_t
unsigned int msglvl_t
Definition error.h:77

options_cmp_equal
bool options_cmp_equal(char *actual, const char *expected)
Definition options.c:4518

parse_argv
void parse_argv(struct options *options, const int argc, char *argv[], const msglvl_t msglevel, const unsigned int permission_mask, unsigned int *option_types_found, struct env_set *es)
Definition options_parse.c:450

read_config_file
void read_config_file(struct options *options, const char *file, int level, const char *top_file, const int top_line, const msglvl_t msglevel, const unsigned int permission_mask, unsigned int *option_types_found, struct env_set *es)
Definition options_parse.c:347

options_postprocess_pull
bool options_postprocess_pull(struct options *o, struct env_set *es)
Definition options.c:4267

uninit_options
void uninit_options(struct options *o)
Definition options.c:915

parse_topology
int parse_topology(const char *str, const msglvl_t msglevel)
Definition options.c:4717

show_windows_version
void show_windows_version(const unsigned int flags)
Definition options.c:4852

key_is_external
bool key_is_external(const struct options *options)
Definition options.c:5537

init_options
void init_options(struct options *o)
Definition options.c:795

show_dco_version
void show_dco_version(const unsigned int flags)
Definition options.c:4861

rol_check_alloc
void rol_check_alloc(struct options *options)
Definition options.c:1542

show_settings
void show_settings(const struct options *o)
Definition options.c:1666

dco_enabled
static bool dco_enabled(const struct options *o)
Returns whether the current configuration has dco enabled.
Definition options.h:986

remove_option
void remove_option(struct context *c, struct options *options, char *p[], bool is_inline, const char *file, int line, const msglvl_t msglevel, const unsigned int permission_mask, unsigned int *option_types_found, struct env_set *es)
Resets options found in the PUSH_UPDATE message that are preceded by the - flag.
Definition options.c:5047

parse_line
int parse_line(const char *line, char *p[], const int n, const char *file, const int line_num, msglvl_t msglevel, struct gc_arena *gc)
Definition options_parse.c:50

options_cmp_equal_safe
bool options_cmp_equal_safe(char *actual, const char *expected, size_t actual_n)
Definition options.c:4638

string_defined_equal
bool string_defined_equal(const char *s1, const char *s2)
Definition options.c:4916

options_postprocess
void options_postprocess(struct options *options, struct env_set *es)
Definition options.c:4253

options_string_import
void options_string_import(struct options *options, const char *config, const msglvl_t msglevel, const unsigned int permission_mask, unsigned int *option_types_found, struct env_set *es)
Definition options_parse.c:590

update_option
void update_option(struct context *c, struct options *options, char *p[], bool is_inline, const char *file, int line, const int level, const msglvl_t msglevel, const unsigned int permission_mask, unsigned int *option_types_found, struct env_set *es)
Processes an option to update.
Definition options.c:5367

usage_small
void usage_small(void)
Definition options.c:4844

auth_retry_print
const char * auth_retry_print(void)
Definition options.c:4796

options_warning_safe
void options_warning_safe(char *actual, const char *expected, size_t actual_n)
Definition options.c:4661

show_library_versions
void show_library_versions(const unsigned int flags)
Definition options.c:4871

setenv_settings
void setenv_settings(struct env_set *es, const struct options *o)
Definition options.c:992

options_server_import
void options_server_import(struct options *o, const char *filename, msglvl_t msglevel, unsigned int permission_mask, unsigned int *option_types_found, struct env_set *es)
Definition options_parse.c:580

RH_PORT_LEN
#define RH_PORT_LEN
Definition options.h:233

genkey_type
genkey_type
Definition options.h:238

GENKEY_AUTH_TOKEN
@ GENKEY_AUTH_TOKEN
Definition options.h:242

GENKEY_SECRET
@ GENKEY_SECRET
Definition options.h:239

GENKEY_TLS_CRYPTV2_SERVER
@ GENKEY_TLS_CRYPTV2_SERVER
Definition options.h:241

GENKEY_TLS_CRYPTV2_CLIENT
@ GENKEY_TLS_CRYPTV2_CLIENT
Definition options.h:240

apply_push_options
bool apply_push_options(struct context *c, struct options *options, struct buffer *buf, unsigned int permission_mask, unsigned int *option_types_found, struct env_set *es, bool is_update)
Definition options_parse.c:512

add_option
void add_option(struct options *options, char *p[], bool is_inline, const char *file, int line, const int level, const msglvl_t msglevel, const unsigned int permission_mask, unsigned int *option_types_found, struct env_set *es)
Definition options.c:5557

RH_HOST_LEN
#define RH_HOST_LEN
Definition options.h:231

options_detach
void options_detach(struct options *o)
Definition options.c:1533

pre_connect_restore
void pre_connect_restore(struct options *o, struct gc_arena *gc)
Definition options.c:3133

print_topology
const char * print_topology(const int topology)
Definition options.c:4739

options_string_extract_option
char * options_string_extract_option(const char *options_string, const char *opt_name, struct gc_arena *gc)
Given an OpenVPN options string, extract the value of an option.
Definition options.c:4680

MAX_PARMS
#define MAX_PARMS
Definition options.h:51

pre_pull_default
void pre_pull_default(struct options *o)

options_warning
void options_warning(char *actual, const char *expected)
Definition options.c:4524

options_string_version
const char * options_string_version(const char *s, struct gc_arena *gc)
Definition options.c:4667

title_string
const char title_string[]
Definition options.c:72

auth_retry_set
bool auth_retry_set(const msglvl_t msglevel, const char *option)
Definition options.c:4773

auth_retry_get
int auth_retry_get(void)
Definition options.c:4767

notnull
void notnull(const char *arg, const char *description)
Definition options.c:4907

usage
void usage(void)
Definition options.c:4818

read_config_string
void read_config_string(const char *prefix, struct options *options, const char *config, const msglvl_t msglevel, const unsigned int permission_mask, unsigned int *option_types_found, struct env_set *es)
Definition options_parse.c:421

has_udp_in_local_list
bool has_udp_in_local_list(const struct options *options)
Definition options.c:9278

options_string
char * options_string(const struct options *o, const struct frame *frame, struct tuntap *tt, openvpn_net_ctx_t *ctx, bool remote, struct gc_arena *gc)
Definition options.c:4324

vlan_acceptable_frames
vlan_acceptable_frames
Definition options.h:223

VLAN_ONLY_UNTAGGED_OR_PRIORITY
@ VLAN_ONLY_UNTAGGED_OR_PRIORITY
Definition options.h:225

VLAN_ALL
@ VLAN_ALL
Definition options.h:226

VLAN_ONLY_TAGGED
@ VLAN_ONLY_TAGGED
Definition options.h:224

plugin.h

proxy.h

pushlist.h

route.h

socket_util.h

argv
Definition argv.h:35

buffer
Wrapper structure for dynamically allocated memory.
Definition buffer.h:60

client_nat_option_list
Definition clinat.h:44

compress_options
Definition comp.h:75

connection_entry
Definition options.h:107

connection_entry::local_list
struct local_list * local_list
Definition options.h:108

connection_entry::tun_mtu_max
int tun_mtu_max
Definition options.h:129

connection_entry::connect_retry_seconds
int connect_retry_seconds
Definition options.h:119

connection_entry::tls_crypt_v2_force_cookie
bool tls_crypt_v2_force_cookie
Definition options.h:179

connection_entry::link_mtu
int link_mtu
Definition options.h:134

connection_entry::link_mtu_defined
bool link_mtu_defined
Definition options.h:135

connection_entry::tun_mtu_extra
int tun_mtu_extra
Definition options.h:132

connection_entry::connect_retry_seconds_max
int connect_retry_seconds_max
Definition options.h:120

connection_entry::bind_local
bool bind_local
Definition options.h:118

connection_entry::mssfix
int mssfix
Definition options.h:144

connection_entry::tls_crypt_file
const char * tls_crypt_file
Definition options.h:170

connection_entry::tls_crypt_v2_file
const char * tls_crypt_v2_file
Definition options.h:175

connection_entry::tun_mtu_extra_defined
bool tun_mtu_extra_defined
Definition options.h:133

connection_entry::remote
const char * remote
Definition options.h:114

connection_entry::connect_timeout
int connect_timeout
Definition options.h:121

connection_entry::socks_proxy_port
const char * socks_proxy_port
Definition options.h:124

connection_entry::mssfix_default
bool mssfix_default
Definition options.h:145

connection_entry::mssfix_encap
bool mssfix_encap
Definition options.h:146

connection_entry::occ_mtu
int occ_mtu
Definition options.h:128

connection_entry::http_proxy_options
struct http_proxy_options * http_proxy_options
Definition options.h:122

connection_entry::tls_crypt_file_inline
bool tls_crypt_file_inline
Definition options.h:171

connection_entry::tls_auth_file_inline
bool tls_auth_file_inline
Definition options.h:166

connection_entry::bind_ipv6_only
bool bind_ipv6_only
Definition options.h:117

connection_entry::tun_mtu_defined
bool tun_mtu_defined
Definition options.h:131

connection_entry::remote_float
bool remote_float
Definition options.h:115

connection_entry::tls_mtu
int tls_mtu
Definition options.h:136

connection_entry::explicit_exit_notification
int explicit_exit_notification
Definition options.h:150

connection_entry::socks_proxy_authfile
const char * socks_proxy_authfile
Definition options.h:125

connection_entry::remote_port
const char * remote_port
Definition options.h:113

connection_entry::fragment_encap
bool fragment_encap
Definition options.h:142

connection_entry::socks_proxy_server
const char * socks_proxy_server
Definition options.h:123

connection_entry::fragment
int fragment
Definition options.h:141

connection_entry::mtu_discover_type
int mtu_discover_type
Definition options.h:139

connection_entry::proto
int proto
Definition options.h:109

connection_entry::af
sa_family_t af
Definition options.h:110

connection_entry::tls_auth_file
const char * tls_auth_file
Definition options.h:165

connection_entry::local_port_defined
bool local_port_defined
Definition options.h:112

connection_entry::tun_mtu
int tun_mtu
Definition options.h:127

connection_entry::bind_defined
bool bind_defined
Definition options.h:116

connection_entry::local_port
const char * local_port
Definition options.h:111

connection_entry::key_direction
int key_direction
Definition options.h:167

connection_entry::tls_crypt_v2_file_inline
bool tls_crypt_v2_file_inline
Definition options.h:176

connection_entry::flags
unsigned int flags
Definition options.h:162

connection_entry::mssfix_fixed
bool mssfix_fixed
Definition options.h:148

connection_list
Definition options.h:200

connection_list::array
struct connection_entry ** array
Definition options.h:204

connection_list::current
int current
Definition options.h:203

connection_list::capacity
int capacity
Definition options.h:201

connection_list::len
int len
Definition options.h:202

context
Contains all state information for one tunnel.
Definition openvpn.h:471

dns_options
Definition dns.h:113

env_set
Definition env_set.h:43

frame
Packet geometry parameters.
Definition mtu.h:108

gc_arena
Garbage collection arena used to keep track of dynamically allocated memory.
Definition buffer.h:116

hash
Definition list.h:53

http_proxy_options
Definition proxy.h:45

iroute_ipv6
Definition route.h:268

iroute
Definition route.h:261

local_entry
Definition options.h:100

local_entry::port
const char * port
Definition options.h:102

local_entry::proto
int proto
Definition options.h:103

local_entry::local
const char * local
Definition options.h:101

local_list
Definition options.h:193

local_list::array
struct local_entry ** array
Definition options.h:196

local_list::len
int len
Definition options.h:195

local_list::capacity
int capacity
Definition options.h:194

options_pre_connect
Definition options.h:63

options_pre_connect::routes_defined
bool routes_defined
Definition options.h:70

options_pre_connect::ping_rec_timeout_action
int ping_rec_timeout_action
Definition options.h:89

options_pre_connect::foreign_option_index
int foreign_option_index
Definition options.h:91

options_pre_connect::tuntap_options_defined
bool tuntap_options_defined
Definition options.h:64

options_pre_connect::routes_ipv6_defined
bool routes_ipv6_defined
Definition options.h:73

options_pre_connect::ping_rec_timeout
int ping_rec_timeout
Definition options.h:88

options_pre_connect::routes
struct route_option_list * routes
Definition options.h:71

options_pre_connect::comp
struct compress_options comp
Definition options.h:92

options_pre_connect::ciphername
const char * ciphername
Definition options.h:84

options_pre_connect::ifconfig_local
const char * ifconfig_local
Definition options.h:67

options_pre_connect::route_default_gateway
const char * route_default_gateway
Definition options.h:76

options_pre_connect::ping_send_timeout
int ping_send_timeout
Definition options.h:87

options_pre_connect::ifconfig_ipv6_local
const char * ifconfig_ipv6_local
Definition options.h:68

options_pre_connect::authname
const char * authname
Definition options.h:85

options_pre_connect::routes_ipv6
struct route_ipv6_option_list * routes_ipv6
Definition options.h:74

options_pre_connect::client_nat_defined
bool client_nat_defined
Definition options.h:79

options_pre_connect::client_nat
struct client_nat_option_list * client_nat
Definition options.h:80

options_pre_connect::route_ipv6_default_gateway
const char * route_ipv6_default_gateway
Definition options.h:77

options
Definition options.h:255

options::resolve_retry_seconds
int resolve_retry_seconds
Definition options.h:365

options::rcvbuf
int rcvbuf
Definition options.h:411

options::resolve_in_advance
bool resolve_in_advance
Definition options.h:366

options::route_nopull
bool route_nopull
Definition options.h:435

options::genkey_extra_data
const char * genkey_extra_data
Definition options.h:288

options::comp
struct compress_options comp
Definition options.h:408

options::http_proxy_override
struct http_proxy_options * http_proxy_override
Definition options.h:311

options::push_ifconfig_ipv6_netbits
int push_ifconfig_ipv6_netbits
Definition options.h:521

options::proto_force
int proto_force
Definition options.h:334

options::persist_config
bool persist_config
Definition options.h:276

options::connection_list
struct connection_list * connection_list
Definition options.h:293

options::management_port
const char * management_port
Definition options.h:445

options::tls_crypt_file_inline
bool tls_crypt_file_inline
Definition options.h:662

options::ifconfig_ipv6_remote
const char * ifconfig_ipv6_remote
Definition options.h:329

options::max_routes_per_client
int max_routes_per_client
Definition options.h:534

options::ncp_ciphers_conf
const char * ncp_ciphers_conf
The original ncp_ciphers specified by the user in the configuration.
Definition options.h:576

options::status_file_version
int status_file_version
Definition options.h:405

options::server_backoff_time
int server_backoff_time
Definition options.h:308

options::vlan_accept
enum vlan_acceptable_frames vlan_accept
Definition options.h:707

options::auth_token_renewal
int auth_token_renewal
Definition options.h:543

options::push_ifconfig_constraint_network
in_addr_t push_ifconfig_constraint_network
Definition options.h:516

options::tmp_dir
const char * tmp_dir
Definition options.h:464

options::push_peer_info
bool push_peer_info
Definition options.h:678

options::daemon
bool daemon
Definition options.h:389

options::pre_connect
struct options_pre_connect * pre_connect
Definition options.h:560

options::route_default_metric
int route_default_metric
Definition options.h:427

options::renegotiate_seconds_min
int renegotiate_seconds_min
Definition options.h:644

options::auth_token_secret_file
const char * auth_token_secret_file
Definition options.h:544

options::imported_protocol_flags
unsigned int imported_protocol_flags
Definition options.h:717

options::tls_export_peer_cert_dir
const char * tls_export_peer_cert_dir
Definition options.h:609

options::crl_file_inline
bool crl_file_inline
Definition options.h:613

options::cryptoapi_cert
const char * cryptoapi_cert
Definition options.h:635

options::down_script
const char * down_script
Definition options.h:384

options::backwards_compatible
unsigned int backwards_compatible
What version we should try to be compatible with as major * 10000 + minor * 100 + patch,...
Definition options.h:270

options::verify_hash_algo
hash_algo_type verify_hash_algo
Definition options.h:619

options::scheduled_exit_interval
int scheduled_exit_interval
Definition options.h:562

options::stale_routes_ageing_time
int stale_routes_ageing_time
Definition options.h:536

options::pkcs12_file_inline
bool pkcs12_file_inline
Definition options.h:602

options::replay_time
int replay_time
Definition options.h:583

options::push_option_types_found
unsigned int push_option_types_found
Definition options.h:556

options::management_state_buffer_size
int management_state_buffer_size
Definition options.h:449

options::ca_file
const char * ca_file
Definition options.h:590

options::tls_auth_file
const char * tls_auth_file
Definition options.h:657

options::providers
struct provider_list providers
Definition options.h:580

options::duplicate_cn
bool duplicate_cn
Definition options.h:525

options::server_network_ipv6
struct in6_addr server_network_ipv6
Definition options.h:469

options::shaper
int shaper
Definition options.h:332

options::management_echo_buffer_size
int management_echo_buffer_size
Definition options.h:448

options::server_network
in_addr_t server_network
Definition options.h:466

options::real_hash_size
uint32_t real_hash_size
Definition options.h:497

options::show_net_up
bool show_net_up
Definition options.h:691

options::verify_hash_no_ca
bool verify_hash_no_ca
Definition options.h:621

options::allow_pull_fqdn
bool allow_pull_fqdn
Definition options.h:437

options::use_peer_id
bool use_peer_id
Definition options.h:697

options::remote_cert_ku
unsigned remote_cert_ku[MAX_PARMS]
Definition options.h:616

options::server_bridge_defined
bool server_bridge_defined
Definition options.h:479

options::keying_material_exporter_label
const char * keying_material_exporter_label
Definition options.h:701

options::status_file
const char * status_file
Definition options.h:404

options::ssl_flags
unsigned int ssl_flags
Definition options.h:622

options::route_noexec
bool route_noexec
Definition options.h:428

options::ifconfig_nowarn
bool ifconfig_nowarn
Definition options.h:331

options::remote_cert_eku
const char * remote_cert_eku
Definition options.h:617

options::ifconfig_pool_netmask
in_addr_t ifconfig_pool_netmask
Definition options.h:489

options::server_netmask
in_addr_t server_netmask
Definition options.h:467

options::tls_timeout
int tls_timeout
Definition options.h:638

options::test_crypto
bool test_crypto
Definition options.h:585

options::up_delay
bool up_delay
Definition options.h:387

options::server_bridge_proxy_dhcp
bool server_bridge_proxy_dhcp
Definition options.h:477

options::allow_recursive_routing
bool allow_recursive_routing
Definition options.h:714

options::authname
const char * authname
Definition options.h:578

options::exit_event_name
const char * exit_event_name
Definition options.h:689

options::ifconfig_ipv6_local
const char * ifconfig_ipv6_local
Definition options.h:327

options::cf_max
int cf_max
Definition options.h:527

options::dh_file_inline
bool dh_file_inline
Definition options.h:594

options::push_update_options_found
unsigned int push_update_options_found
Definition options.h:557

options::replay_window
int replay_window
Definition options.h:582

options::disable
bool disable
Definition options.h:505

options::mute
int mute
Definition options.h:398

options::auth_user_pass_verify_script_via_file
bool auth_user_pass_verify_script_via_file
Definition options.h:539

options::dev_type
const char * dev_type
Definition options.h:321

options::persist_mode
int persist_mode
Definition options.h:277

options::ifconfig_pool_persist_refresh_freq
int ifconfig_pool_persist_refresh_freq
Definition options.h:491

options::show_digests
bool show_digests
Definition options.h:281

options::up_script
const char * up_script
Definition options.h:383

options::ce_advance_count
int ce_advance_count
Definition options.h:304

options::single_session
bool single_session
Definition options.h:676

options::push_ifconfig_defined
bool push_ifconfig_defined
Definition options.h:511

options::ifconfig_pool_defined
bool ifconfig_pool_defined
Definition options.h:486

options::rh_store
struct remote_host_store * rh_store
Definition options.h:314

options::verify_hash_depth
int verify_hash_depth
Definition options.h:620

options::route_delay_defined
bool route_delay_defined
Definition options.h:431

options::packet_id_file
const char * packet_id_file
Definition options.h:584

options::tls_crypt_v2_file
const char * tls_crypt_v2_file
Definition options.h:666

options::management_log_history_cache
int management_log_history_cache
Definition options.h:447

options::server_bridge_netmask
in_addr_t server_bridge_netmask
Definition options.h:481

options::ip_remote_hint
const char * ip_remote_hint
Definition options.h:367

options::vlan_tagging
bool vlan_tagging
Definition options.h:706

options::peer_id
uint32_t peer_id
Definition options.h:698

options::routes
struct route_option_list * routes
Definition options.h:432

options::ifconfig_pool_end
in_addr_t ifconfig_pool_end
Definition options.h:488

options::keepalive_timeout
int keepalive_timeout
Definition options.h:341

options::writepid
const char * writepid
Definition options.h:382

options::inactivity_minimum_bytes
int64_t inactivity_minimum_bytes
Definition options.h:344

options::ifconfig_ipv6_pool_defined
bool ifconfig_ipv6_pool_defined
Definition options.h:493

options::server_flags
unsigned int server_flags
Definition options.h:475

options::block_outside_dns
bool block_outside_dns
Definition options.h:693

options::push_ifconfig_ipv6_blocked
bool push_ifconfig_ipv6_blocked
Definition options.h:523

options::tls_exit
bool tls_exit
Definition options.h:680

options::pkcs12_file
const char * pkcs12_file
Definition options.h:601

options::client_disconnect_script
const char * client_disconnect_script
Definition options.h:500

options::show_engines
bool show_engines
Definition options.h:282

options::remote_list
struct remote_list * remote_list
Definition options.h:295

options::msg_channel
HANDLE msg_channel
Definition options.h:688

options::key_pass_file
const char * key_pass_file
Definition options.h:279

options::mute_replay_warnings
bool mute_replay_warnings
Definition options.h:581

options::tls_crypt_file
const char * tls_crypt_file
Definition options.h:661

options::inactivity_timeout
int inactivity_timeout
Definition options.h:343

options::n_bcast_buf
int n_bcast_buf
Definition options.h:507

options::unsuccessful_attempts
unsigned int unsuccessful_attempts
Definition options.h:302

options::handshake_window
int handshake_window
Definition options.h:648

options::server_defined
bool server_defined
Definition options.h:465

options::ifconfig_local
const char * ifconfig_local
Definition options.h:325

options::x509_username_field
char * x509_username_field[MAX_PARMS]
Definition options.h:651

options::ce
struct connection_entry ce
Definition options.h:292

options::iroutes_ipv6
struct iroute_ipv6 * iroutes_ipv6
Definition options.h:510

options::user_script_used
bool user_script_used
Definition options.h:385

options::tls_groups
const char * tls_groups
Definition options.h:605

options::show_tls_ciphers
bool show_tls_ciphers
Definition options.h:283

options::route_method
int route_method
Definition options.h:692

options::verify_hash
struct verify_hash_list * verify_hash
Definition options.h:618

options::tls_cert_profile
const char * tls_cert_profile
Definition options.h:606

options::renegotiate_packets
int64_t renegotiate_packets
Definition options.h:642

options::management_flags
unsigned int management_flags
Definition options.h:457

options::push_continuation
int push_continuation
Definition options.h:555

options::route_default_gateway
const char * route_default_gateway
Definition options.h:424

options::push_ifconfig_local_alias
in_addr_t push_ifconfig_local_alias
Definition options.h:514

options::exit_event_initial_state
bool exit_event_initial_state
Definition options.h:690

options::sc_info
struct static_challenge_info sc_info
Definition options.h:565

options::auth_token_call_auth
bool auth_token_call_auth
Definition options.h:541

options::ipchange
const char * ipchange
Definition options.h:319

options::topology
int topology
Definition options.h:324

options::disable_dco
bool disable_dco
Definition options.h:372

options::ncp_ciphers
const char * ncp_ciphers
Definition options.h:577

options::genkey
bool genkey
Definition options.h:285

options::virtual_hash_size
uint32_t virtual_hash_size
Definition options.h:498

options::learn_address_script
const char * learn_address_script
Definition options.h:501

options::ciphername
const char * ciphername
Definition options.h:572

options::auth_user_pass_file
const char * auth_user_pass_file
Definition options.h:558

options::tls_crypt_v2_max_age
int tls_crypt_v2_max_age
Definition options.h:673

options::forward_compatible
bool forward_compatible
Definition options.h:267

options::username
const char * username
Definition options.h:375

options::cf_initial_max
int cf_initial_max
Definition options.h:530

options::stale_routes_check_interval
int stale_routes_check_interval
Definition options.h:535

options::plugin_list
struct plugin_option_list * plugin_list
Definition options.h:460

options::auth_token_lifetime
int auth_token_lifetime
Definition options.h:542

options::vlan_pvid
uint16_t vlan_pvid
Definition options.h:708

options::ns_cert_type
int ns_cert_type
Definition options.h:615

options::tls_crypt_v2_verify_script
const char * tls_crypt_v2_verify_script
Definition options.h:671

options::mode
int mode
Definition options.h:264

options::tls_server
bool tls_server
Definition options.h:588

options::auth_user_pass_verify_script
const char * auth_user_pass_verify_script
Definition options.h:538

options::connect_retry_max
int connect_retry_max
Definition options.h:291

options::bind_dev
char * bind_dev
Definition options.h:416

options::extra_certs_file
const char * extra_certs_file
Definition options.h:597

options::client
bool client
Definition options.h:553

options::pull
bool pull
Definition options.h:554

options::ifconfig_ipv6_pool_netbits
int ifconfig_ipv6_pool_netbits
Definition options.h:495

options::push_ifconfig_constraint_netmask
in_addr_t push_ifconfig_constraint_netmask
Definition options.h:517

options::show_curves
bool show_curves
Definition options.h:284

options::tls_crypt_v2_metadata
const char * tls_crypt_v2_metadata
Definition options.h:669

options::route_ipv6_default_gateway
const char * route_ipv6_default_gateway
Definition options.h:425

options::tls_client
bool tls_client
Definition options.h:589

options::ping_timer_remote
bool ping_timer_remote
Definition options.h:350

options::auth_token_generate
bool auth_token_generate
Definition options.h:540

options::priv_key_file_inline
bool priv_key_file_inline
Definition options.h:600

options::tls_verify
const char * tls_verify
Definition options.h:608

options::crl_file
const char * crl_file
Definition options.h:612

options::ping_rec_timeout_action
int ping_rec_timeout_action
Definition options.h:355

options::auth_user_pass_file_inline
bool auth_user_pass_file_inline
Definition options.h:559

options::show_ciphers
bool show_ciphers
Definition options.h:280

options::enable_ncp_fallback
bool enable_ncp_fallback
If defined fall back to ciphername if NCP fails.
Definition options.h:573

options::route_predown_script
const char * route_predown_script
Definition options.h:423

options::dh_file
const char * dh_file
Definition options.h:593

options::route_delay_window
int route_delay_window
Definition options.h:430

options::push_ifconfig_local
in_addr_t push_ifconfig_local
Definition options.h:512

options::mlock
bool mlock
Definition options.h:338

options::ignore_unknown_option
const char ** ignore_unknown_option
Definition options.h:273

options::sndbuf
int sndbuf
Definition options.h:412

options::foreign_option_index
int foreign_option_index
Definition options.h:685

options::gc
struct gc_arena gc
Definition options.h:256

options::down_pre
bool down_pre
Definition options.h:386

options::persist_tun
bool persist_tun
Definition options.h:357

options::route_default_table_id
int route_default_table_id
Definition options.h:426

options::ca_file_inline
bool ca_file_inline
Definition options.h:591

options::auth_token_secret_file_inline
bool auth_token_secret_file_inline
Definition options.h:545

options::block_ipv6
bool block_ipv6
Definition options.h:434

options::config
const char * config
Definition options.h:259

options::extra_certs_file_inline
bool extra_certs_file_inline
Definition options.h:598

options::push_ifconfig_constraint_defined
bool push_ifconfig_constraint_defined
Definition options.h:515

options::mark
int mark
Definition options.h:415

options::cf_initial_per
int cf_initial_per
Definition options.h:531

options::keying_material_exporter_length
int keying_material_exporter_length
Definition options.h:702

options::suppress_timestamps
bool suppress_timestamps
Definition options.h:394

options::force_key_material_export
bool force_key_material_export
Definition options.h:704

options::mtu_test
bool mtu_test
Definition options.h:336

options::iroutes
struct iroute * iroutes
Definition options.h:509

options::verify_x509_type
int verify_x509_type
Definition options.h:610

options::cipher_list_tls13
const char * cipher_list_tls13
Definition options.h:604

options::ecdh_curve
const char * ecdh_curve
Definition options.h:607

options::status_file_update_freq
int status_file_update_freq
Definition options.h:406

options::management_client_user
const char * management_client_user
Definition options.h:451

options::cipher_list
const char * cipher_list
Definition options.h:603

options::ccd_exclusive
bool ccd_exclusive
Definition options.h:504

options::allow_deprecated_insecure_static_crypto
bool allow_deprecated_insecure_static_crypto
Definition options.h:570

options::pull_filter_list
struct pull_filter_list * pull_filter_list
Definition options.h:710

options::management_certificate
const char * management_certificate
Definition options.h:454

options::genkey_filename
const char * genkey_filename
Definition options.h:287

options::x509_track
const struct x509_track * x509_track
Definition options.h:682

options::chroot_dir
const char * chroot_dir
Definition options.h:377

options::log
bool log
Definition options.h:393

options::shared_secret_file_inline
bool shared_secret_file_inline
Definition options.h:569

options::push_ifconfig_ipv6_remote
struct in6_addr push_ifconfig_ipv6_remote
Definition options.h:522

options::ca_path
const char * ca_path
Definition options.h:592

options::renegotiate_seconds
int renegotiate_seconds
Definition options.h:643

options::ping_rec_timeout
int ping_rec_timeout
Definition options.h:349

options::sockflags
unsigned int sockflags
Definition options.h:419

options::engine
const char * engine
Definition options.h:579

options::management_addr
const char * management_addr
Definition options.h:444

options::client_connect_script
const char * client_connect_script
Definition options.h:499

options::verify_x509_name
const char * verify_x509_name
Definition options.h:611

options::ping_send_timeout
int ping_send_timeout
Definition options.h:348

options::route_gateway_via_dhcp
bool route_gateway_via_dhcp
Definition options.h:436

options::remote_random
bool remote_random
Definition options.h:318

options::push_ifconfig_ipv6_defined
bool push_ifconfig_ipv6_defined
Definition options.h:519

options::tcp_queue_limit
int tcp_queue_limit
Definition options.h:508

options::route_delay
int route_delay
Definition options.h:429

options::dev_node
const char * dev_node
Definition options.h:322

options::override_username
const char * override_username
Definition options.h:506

options::client_crresponse_script
const char * client_crresponse_script
Definition options.h:502

options::routes_ipv6
struct route_ipv6_option_list * routes_ipv6
Definition options.h:433

options::machine_readable_output
bool machine_readable_output
Definition options.h:395

options::key_direction
int key_direction
Definition options.h:571

options::server_ipv6_defined
bool server_ipv6_defined
Definition options.h:468

options::priv_key_file
const char * priv_key_file
Definition options.h:599

options::persist_remote_ip
bool persist_remote_ip
Definition options.h:359

options::up_restart
bool up_restart
Definition options.h:388

options::keepalive_ping
int keepalive_ping
Definition options.h:340

options::no_advance
bool no_advance
Definition options.h:297

options::tls_auth_file_inline
bool tls_auth_file_inline
Definition options.h:658

options::tls_crypt_v2_file_inline
bool tls_crypt_v2_file_inline
Definition options.h:667

options::groupname
const char * groupname
Definition options.h:376

options::server_bridge_pool_start
in_addr_t server_bridge_pool_start
Definition options.h:482

options::cd_dir
const char * cd_dir
Definition options.h:378

options::client_nat
struct client_nat_option_list * client_nat
Definition options.h:438

options::push_ifconfig_ipv6_local
struct in6_addr push_ifconfig_ipv6_local
Definition options.h:520

options::nice
int nice
Definition options.h:396

options::max_clients
int max_clients
Definition options.h:533

options::transition_window
int transition_window
Definition options.h:654

options::ifconfig_remote_netmask
const char * ifconfig_remote_netmask
Definition options.h:326

options::lladdr
const char * lladdr
Definition options.h:323

options::verbosity
int verbosity
Definition options.h:397

options::session_timeout
int session_timeout
Definition options.h:346

options::cert_file
const char * cert_file
Definition options.h:595

options::enable_c2c
bool enable_c2c
Definition options.h:524

options::server_bridge_pool_end
in_addr_t server_bridge_pool_end
Definition options.h:483

options::push_ifconfig_ipv4_blocked
bool push_ifconfig_ipv4_blocked
Definition options.h:518

options::cf_per
int cf_per
Definition options.h:528

options::windows_driver
enum tun_driver_type windows_driver
Definition options.h:694

options::cert_file_inline
bool cert_file_inline
Definition options.h:596

options::remap_sigusr1
int remap_sigusr1
Definition options.h:391

options::renegotiate_bytes
int64_t renegotiate_bytes
Definition options.h:641

options::route_script
const char * route_script
Definition options.h:422

options::ifconfig_pool_start
in_addr_t ifconfig_pool_start
Definition options.h:487

options::management_user_pass
const char * management_user_pass
Definition options.h:446

options::server_netbits_ipv6
unsigned int server_netbits_ipv6
Definition options.h:470

options::push_ifconfig_remote_netmask
in_addr_t push_ifconfig_remote_netmask
Definition options.h:513

options::occ
bool occ
Definition options.h:441

options::server_bridge_ip
in_addr_t server_bridge_ip
Definition options.h:480

options::shared_secret_file
const char * shared_secret_file
Definition options.h:568

options::ifconfig_noexec
bool ifconfig_noexec
Definition options.h:330

options::dev
const char * dev
Definition options.h:320

options::management_client_group
const char * management_client_group
Definition options.h:452

options::ifconfig_ipv6_pool_base
struct in6_addr ifconfig_ipv6_pool_base
Definition options.h:494

options::client_config_dir
const char * client_config_dir
Definition options.h:503

options::genkey_type
enum genkey_type genkey_type
Definition options.h:286

options::advance_next_remote
bool advance_next_remote
Definition options.h:300

options::ifconfig_pool_persist_filename
const char * ifconfig_pool_persist_filename
Definition options.h:490

options::ifconfig_ipv6_netbits
int ifconfig_ipv6_netbits
Definition options.h:328

options::persist_local_ip
bool persist_local_ip
Definition options.h:358

plugin_option_list
Definition plugin.h:51

provider_list
Definition options.h:215

provider_list::providers
provider_t * providers[MAX_PARMS]
Definition options.h:219

provider_list::names
const char * names[MAX_PARMS]
Definition options.h:217

pull_filter_list
Definition options.h:804

pull_filter_list::tail
struct pull_filter * tail
Definition options.h:806

pull_filter_list::head
struct pull_filter * head
Definition options.h:805

pull_filter
Definition options.h:792

pull_filter::type
int type
Definition options.h:797

pull_filter::next
struct pull_filter * next
Definition options.h:800

pull_filter::pattern
char * pattern
Definition options.h:799

pull_filter::size
size_t size
Definition options.h:798

push_list
Definition pushlist.h:36

remote_entry
Definition options.h:183

remote_entry::proto
int proto
Definition options.h:186

remote_entry::remote
const char * remote
Definition options.h:184

remote_entry::remote_port
const char * remote_port
Definition options.h:185

remote_entry::af
sa_family_t af
Definition options.h:187

remote_host_store
Definition options.h:230

remote_host_store::port
char port[RH_PORT_LEN]
Definition options.h:234

remote_host_store::host
char host[RH_HOST_LEN]
Definition options.h:232

remote_list
Definition options.h:208

remote_list::len
int len
Definition options.h:210

remote_list::array
struct remote_entry ** array
Definition options.h:211

remote_list::capacity
int capacity
Definition options.h:209

route_ipv6_option_list
Definition route.h:112

route_option_list
Definition route.h:96

static_challenge_info
Definition misc.h:90

tuntap_options
Definition tun.h:73

tuntap
Definition tun.h:181

verify_hash_list
Definition options.h:246

verify_hash_list::next
struct verify_hash_list * next
Definition options.h:250

x509_track
Definition ssl_verify.h:238

sa_family_t
unsigned short sa_family_t
Definition syshead.h:409

in_addr_t
uint32_t in_addr_t
Definition syshead.h:52

basic.h

es
struct env_set * es
Definition test_pkcs11.c:138

pkcs11_id_management
static bool pkcs11_id_management
Definition test_pkcs11.c:133

gc
struct gc_arena gc
Definition test_ssl.c:131

tun.h

tun_driver_type
tun_driver_type
Definition tun.h:44