OpenVPN
options.h
Go to the documentation of this file.
1/*
2 * OpenVPN -- An application to securely tunnel IP networks
3 * over a single UDP port, with support for SSL/TLS-based
4 * session authentication and key exchange,
5 * packet encryption, packet authentication, and
6 * packet compression.
7 *
8 * Copyright (C) 2002-2025 OpenVPN Inc <sales@openvpn.net>
9 *
10 * This program is free software; you can redistribute it and/or modify
11 * it under the terms of the GNU General Public License version 2
12 * as published by the Free Software Foundation.
13 *
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
18 *
19 * You should have received a copy of the GNU General Public License along
20 * with this program; if not, write to the Free Software Foundation, Inc.,
21 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
22 */
23
24/*
25 * 2004-01-28: Added Socks5 proxy support
26 * (Christof Meerwald, http://cmeerw.org)
27 */
28
29#ifndef OPTIONS_H
30#define OPTIONS_H
31
32#include "basic.h"
33#include "common.h"
34#include "mtu.h"
35#include "route.h"
36#include "tun.h"
37#include "socket.h"
38#include "plugin.h"
39#include "manage.h"
40#include "proxy.h"
41#include "comp.h"
42#include "pushlist.h"
43#include "clinat.h"
44#include "crypto_backend.h"
45#include "dns.h"
46
47
48/*
49 * Maximum number of parameters associated with an option,
50 * including the option name itself.
51 */
52#define MAX_PARMS 16
53
54/*
55 * Max size of options line and parameter.
56 */
57#define OPTION_PARM_SIZE 256
58#define OPTION_LINE_SIZE 256
59
60extern const char title_string[];
61
62/* certain options are saved before --pull modifications are applied */
92
93#if !defined(ENABLE_CRYPTO_OPENSSL) && !defined(ENABLE_CRYPTO_MBEDTLS)
94#error "At least one of OpenSSL or mbed TLS needs to be defined."
95#endif
96
98{
99 const char *local;
100 const char *port;
101 int proto;
102};
103
105{
107 int proto;
109 const char *local_port;
111 const char *remote_port;
112 const char *remote;
122 const char *socks_proxy_port;
124
125 int tun_mtu; /* MTU of tun device */
126 int occ_mtu; /* if non-null, this is the MTU we announce to peers in OCC */
127 int tun_mtu_max; /* maximum MTU that can be pushed */
128
129 bool tun_mtu_defined; /* true if user overriding parm with command line option */
132 int link_mtu; /* MTU of device over which tunnel packets pass via TCP/UDP */
133 bool link_mtu_defined; /* true if user overriding parm with command line option */
134 int tls_mtu; /* Maximum MTU for the control channel messages */
135
136 /* Advanced MTU negotiation and datagram fragmentation options */
137 int mtu_discover_type; /* used if OS supports setting Path MTU discovery options on socket */
138
139 int fragment; /* internal fragmentation size */
140 bool fragment_encap; /* true if --fragment had the "mtu" parameter to
141 * include overhead from IP and TCP/UDP encapsulation */
142 int mssfix; /* Upper bound on TCP MSS */
143 bool mssfix_default; /* true if --mssfix should use the default parameters */
144 bool mssfix_encap; /* true if --mssfix had the "mtu" parameter to include
145 * overhead from IP and TCP/UDP encapsulation */
146 bool mssfix_fixed; /* use the mssfix value without any encapsulation adjustments */
147
148 int explicit_exit_notification; /* Explicitly tell peer when we are exiting via OCC_EXIT or [RESTART] message */
149
150#define CE_DISABLED (1<<0)
151#define CE_MAN_QUERY_PROXY (1<<1)
152#define CE_MAN_QUERY_REMOTE_UNDEF 0
153#define CE_MAN_QUERY_REMOTE_QUERY 1
154#define CE_MAN_QUERY_REMOTE_ACCEPT 2
155#define CE_MAN_QUERY_REMOTE_MOD 3
156#define CE_MAN_QUERY_REMOTE_SKIP 4
157#define CE_MAN_QUERY_REMOTE_MASK (0x07)
158#define CE_MAN_QUERY_REMOTE_SHIFT (2)
159 unsigned int flags;
160
161 /* Shared secret used for TLS control channel authentication */
162 const char *tls_auth_file;
165
166 /* Shared secret used for TLS control channel authenticated encryption */
167 const char *tls_crypt_file;
169
170 /* Client-specific secret or server key used for TLS control channel
171 * authenticated encryption v2 */
172 const char *tls_crypt_v2_file;
174
175 /* Allow only client that support resending the wrapped client key */
177};
178
180{
181 const char *remote;
182 const char *remote_port;
183 int proto;
185};
186
187#define CONNECTION_LIST_SIZE 64
188
190{
192 int len;
194};
195
203
205{
207 int len;
209};
210
212{
213 /* Names of the providers */
214 const char *names[MAX_PARMS];
215 /* Pointers to the loaded providers to unload them */
217};
218
225
227{
228#define RH_HOST_LEN 80
230#define RH_PORT_LEN 20
232};
233
240
242{
243 /* We support SHA256 and SHA1 fingerpint. In the case of using the
244 * deprecated SHA1, only the first 20 bytes of each list item are used */
247};
248
249/* Command line options */
251{
252 struct gc_arena gc;
254
255 /* first config file */
256 const char *config;
257
258 /* major mode */
259#define MODE_POINT_TO_POINT 0
260#define MODE_SERVER 1
261 int mode;
262
263 /* enable forward compatibility for post-2.1 features */
268
269 /* list of options that should be ignored even if unknown */
271
272 /* persist parms */
275
276 const char *key_pass_file;
282 bool genkey;
284 const char *genkey_filename;
285 const char *genkey_extra_data;
286
287 /* Networking parms */
291
293 /* Do not advance the connection or remote addr list */
295 /* Advance directly to the next remote, skipping remaining addresses of the
296 * current remote */
298 /* Counts the number of unsuccessful connection attempts */
300 /* count of connection entries to advance by when no_advance is not set */
302 /* the server can suggest a backoff time to the client, it
303 * will still be capped by the max timeout between connections
304 * (300s by default) */
306
307#if ENABLE_MANAGEMENT
309#endif
310
312
314
316 const char *ipchange;
317 const char *dev;
318 const char *dev_type;
319 const char *dev_node;
320 const char *lladdr;
321 int topology; /* one of the TOP_x values from proto.h */
322 const char *ifconfig_local;
330
332
334
335#ifdef ENABLE_MEMSTATS
336 char *memstats_fn;
337#endif
338
339 bool mlock;
340
341 int keepalive_ping; /* a proxy for ping/ping-restart */
343
344 int inactivity_timeout; /* --inactive */
346
347 int session_timeout; /* Force-kill session after n seconds */
348
349 int ping_send_timeout; /* Send a TCP/UDP ping to remote every n seconds */
350 int ping_rec_timeout; /* Expect a TCP/UDP ping from remote at least once every n seconds */
351 bool ping_timer_remote; /* Run ping timer only if we have a remote address */
352
353#define PING_UNDEF 0
354#define PING_EXIT 1
355#define PING_RESTART 2
356 int ping_rec_timeout_action; /* What action to take on ping_rec_timeout (exit or restart)? */
357
358 bool persist_tun; /* Don't close/reopen TUN/TAP dev on SIGUSR1 or PING_RESTART */
359 bool persist_local_ip; /* Don't re-resolve local address on SIGUSR1 or PING_RESTART */
360 bool persist_remote_ip; /* Don't re-resolve remote address on SIGUSR1 or PING_RESTART */
361
362#if PASSTOS_CAPABILITY
363 bool passtos;
364#endif
365
366 int resolve_retry_seconds; /* If hostname resolve fails, retry for n seconds */
368 const char *ip_remote_hint;
369
371 /* DCO is disabled and should not be used as backend driver for the
372 * tun/tap device */
374
375 /* Misc parms */
376 const char *username;
377 const char *groupname;
378 const char *chroot_dir;
379 const char *cd_dir;
380#ifdef ENABLE_SELINUX
381 char *selinux_context;
382#endif
383 const char *writepid;
384 const char *up_script;
385 const char *down_script;
390 bool daemon;
391
393
394 bool log;
397 int nice;
399 int mute;
400
401#ifdef ENABLE_DEBUG
402 int gremlin;
403#endif
404
405 const char *status_file;
408
409 /* optimize TUN/TAP/UDP writes */
411
413
414 /* buffer sizes */
417
418 /* mark value */
419 int mark;
420 char *bind_dev;
421
422 /* socket flags */
423 unsigned int sockflags;
424
425 /* route management */
426 const char *route_script;
441 bool allow_pull_fqdn; /* as a client, allow server to push a FQDN for certain parameters */
443
444 /* Enable options consistency check between peers */
445 bool occ;
446
447#ifdef ENABLE_MANAGEMENT
448 const char *management_addr;
449 const char *management_port;
454
457
459#endif
460 /* Mask of MF_ values of manage.h */
461 unsigned int management_flags;
462
463#ifdef ENABLE_PLUGIN
465#endif
466
467 /* the tmp dir is for now only used in the P2P server context */
468 const char *tmp_dir;
470 in_addr_t server_network;
471 in_addr_t server_netmask;
472 bool server_ipv6_defined; /* IPv6 */
473 struct in6_addr server_network_ipv6; /* IPv6 */
474 unsigned int server_netbits_ipv6; /* IPv6 */
475
476#define SF_NOPOOL (1<<0)
477#define SF_TCP_NODELAY_HELPER (1<<1)
478#define SF_NO_PUSH_ROUTE_GATEWAY (1<<2)
479 unsigned int server_flags;
480
482
488
496
498 struct in6_addr ifconfig_ipv6_pool_base; /* IPv6 */
500
507 const char *client_config_dir;
510 const char *override_username;
514 struct iroute_ipv6 *iroutes_ipv6; /* IPv6 */
524 struct in6_addr push_ifconfig_ipv6_local; /* IPv6 */
526 struct in6_addr push_ifconfig_ipv6_remote; /* IPv6 */
530
533
536
541
550
551#if PORT_SHARE
552 char *port_share_host;
553 char *port_share_port;
554 const char *port_share_journal_dir;
555#endif
556
557 bool client;
558 bool pull; /* client pull of config options from server */
564
566
567#ifdef ENABLE_MANAGEMENT
569#endif
570 /* Cipher parms */
575 const char *ciphername;
579 const char *ncp_ciphers_conf;
580 const char *ncp_ciphers;
581 const char *authname;
582 const char *engine;
587 const char *packet_id_file;
589#ifdef ENABLE_PREDICTION_RESISTANCE
590 bool use_prediction_resistance;
591#endif
592
593 /* TLS (control channel) parms */
596 const char *ca_file;
598 const char *ca_path;
599 const char *dh_file;
601 const char *cert_file;
603 const char *extra_certs_file;
605 const char *priv_key_file;
607 const char *pkcs12_file;
609 const char *cipher_list;
610 const char *cipher_list_tls13;
611 const char *tls_groups;
612 const char *tls_cert_profile;
613 const char *ecdh_curve;
614 const char *tls_verify;
617 const char *verify_x509_name;
618 const char *crl_file;
620
621 int ns_cert_type; /* set to 0, NS_CERT_CHECK_SERVER, or NS_CERT_CHECK_CLIENT */
623 const char *remote_cert_eku;
628 unsigned int ssl_flags; /* set to SSLF_x flags from ssl.h */
629
630#ifdef ENABLE_PKCS11
631 const char *pkcs11_providers[MAX_PARMS];
632 unsigned pkcs11_private_mode[MAX_PARMS];
633 bool pkcs11_protected_authentication[MAX_PARMS];
634 bool pkcs11_cert_private[MAX_PARMS];
635 int pkcs11_pin_cache_period;
636 const char *pkcs11_id;
638#endif
639
640#ifdef ENABLE_CRYPTOAPI
641 const char *cryptoapi_cert;
642#endif
643 /* Per-packet timeout on control channel */
645
646 /* Data channel key renegotiation parameters */
651
652 /* Data channel key handshake must finalize
653 * within n seconds of handshake initiation. */
655
656#ifdef ENABLE_X509ALTUSERNAME
657 /* Field list used to be the username in X509 cert. */
658 char *x509_username_field[MAX_PARMS];
659#endif
660
661 /* Old key allowed to live n seconds after new key goes active */
663
664 /* Shared secret used for TLS control channel authentication */
665 const char *tls_auth_file;
667
668 /* Shared secret used for TLS control channel authenticated encryption */
669 const char *tls_crypt_file;
671
672 /* Client-specific secret or server key used for TLS control channel
673 * authenticated encryption v2 */
674 const char *tls_crypt_v2_file;
676
678
680
681 /* Allow only one session */
683
685
687
688 const struct x509_track *x509_track;
689
690 /* special state parms */
692
693#ifdef _WIN32
695 const char *exit_event_name;
701#endif
702
704 uint32_t peer_id;
705
706 /* Keying Material Exporters [RFC 5705] */
709 /* force using TLS key material export for data channel key generation */
711
714 uint16_t vlan_pvid;
715
717
718 /* Useful when packets sent by openvpn itself are not subject
719 * to the routing tables that would move packets into the tunnel. */
721
722 /* data channel crypto flags set by push/pull. Reuses the CO_* crypto_flags */
724};
725
726#define streq(x, y) (!strcmp((x), (y)))
727
728/*
729 * Option classes.
730 */
731#define OPT_P_GENERAL (1<<0)
732#define OPT_P_UP (1<<1)
733#define OPT_P_ROUTE (1<<2)
734#define OPT_P_DHCPDNS (1<<3) /* includes ip windows options like */
735#define OPT_P_SCRIPT (1<<4)
736#define OPT_P_SETENV (1<<5)
737#define OPT_P_SHAPER (1<<6)
738#define OPT_P_TIMER (1<<7)
739#define OPT_P_PERSIST (1<<8)
740#define OPT_P_PERSIST_IP (1<<9)
741#define OPT_P_COMP (1<<10) /* TODO */
742#define OPT_P_MESSAGES (1<<11)
743#define OPT_P_NCP (1<<12)
744#define OPT_P_TLS_PARMS (1<<13) /* TODO */
745#define OPT_P_MTU (1<<14) /* TODO */
746#define OPT_P_NICE (1<<15)
747#define OPT_P_PUSH (1<<16)
748#define OPT_P_INSTANCE (1<<17)
749#define OPT_P_CONFIG (1<<18)
750#define OPT_P_EXPLICIT_NOTIFY (1<<19)
751#define OPT_P_ECHO (1<<20)
752#define OPT_P_INHERIT (1<<21)
753#define OPT_P_ROUTE_EXTRAS (1<<22)
754#define OPT_P_PULL_MODE (1<<23)
755#define OPT_P_PLUGIN (1<<24)
756#define OPT_P_SOCKBUF (1<<25)
757#define OPT_P_SOCKFLAGS (1<<26)
758#define OPT_P_CONNECTION (1<<27)
759#define OPT_P_PEER_ID (1<<28)
760#define OPT_P_INLINE (1<<29)
761#define OPT_P_PUSH_MTU (1<<30)
762#define OPT_P_ROUTE_TABLE (1<<31)
763
764#define OPT_P_DEFAULT (~(OPT_P_INSTANCE|OPT_P_PULL_MODE))
765
766#define PULL_DEFINED(opt) ((opt)->pull)
767#define PUSH_DEFINED(opt) ((opt)->push_list)
768
769#ifndef PULL_DEFINED
770#define PULL_DEFINED(opt) (false)
771#endif
772
773#ifndef PUSH_DEFINED
774#define PUSH_DEFINED(opt) (false)
775#endif
776
777#ifdef _WIN32
778#define ROUTE_OPTION_FLAGS(o) ((o)->route_method & ROUTE_METHOD_MASK)
779#else
780#define ROUTE_OPTION_FLAGS(o) (0)
781#endif
782
783#define SHAPER_DEFINED(opt) ((opt)->shaper)
784
785#ifdef ENABLE_PLUGIN
786#define PLUGIN_OPTION_LIST(opt) ((opt)->plugin_list)
787#else
788#define PLUGIN_OPTION_LIST(opt) (NULL)
789#endif
790
791#ifdef ENABLE_MANAGEMENT
792#define MAN_CLIENT_AUTH_ENABLED(opt) ((opt)->management_flags & MF_CLIENT_AUTH)
793#else
794#define MAN_CLIENT_AUTH_ENABLED(opt) (false)
795#endif
796
797void parse_argv(struct options *options,
798 const int argc,
799 char *argv[],
800 const int msglevel,
801 const unsigned int permission_mask,
802 unsigned int *option_types_found,
803 struct env_set *es);
804
805void notnull(const char *arg, const char *description);
806
807void usage_small(void);
808
809void show_library_versions(const unsigned int flags);
810
811#ifdef _WIN32
812void show_windows_version(const unsigned int flags);
813
814#endif
815
816void show_dco_version(const unsigned int flags);
817
818void init_options(struct options *o, const bool init_gc);
819
820void uninit_options(struct options *o);
821
822void setenv_settings(struct env_set *es, const struct options *o);
823
824void show_settings(const struct options *o);
825
826bool string_defined_equal(const char *s1, const char *s2);
827
828const char *options_string_version(const char *s, struct gc_arena *gc);
829
830char *options_string(const struct options *o,
831 const struct frame *frame,
832 struct tuntap *tt,
834 bool remote,
835 struct gc_arena *gc);
836
837bool options_cmp_equal_safe(char *actual, const char *expected, size_t actual_n);
838
839void options_warning_safe(char *actual, const char *expected, size_t actual_n);
840
841bool options_cmp_equal(char *actual, const char *expected);
842
843void options_warning(char *actual, const char *expected);
844
856 const char *opt_name, struct gc_arena *gc);
857
858
859void options_postprocess(struct options *options, struct env_set *es);
860
861bool options_postprocess_pull(struct options *o, struct env_set *es);
862
863void pre_connect_restore(struct options *o, struct gc_arena *gc);
864
866 struct buffer *buf,
867 unsigned int permission_mask,
868 unsigned int *option_types_found,
869 struct env_set *es);
870
871void options_detach(struct options *o);
872
873void options_server_import(struct options *o,
874 const char *filename,
875 int msglevel,
876 unsigned int permission_mask,
877 unsigned int *option_types_found,
878 struct env_set *es);
879
880void pre_pull_default(struct options *o);
881
882void rol_check_alloc(struct options *options);
883
884int parse_line(const char *line,
885 char *p[],
886 const int n,
887 const char *file,
888 const int line_num,
889 int msglevel,
890 struct gc_arena *gc);
891
892/*
893 * parse/print topology coding
894 */
895
896int parse_topology(const char *str, const int msglevel);
897
898const char *print_topology(const int topology);
899
900/*
901 * Manage auth-retry variable
902 */
903
904#define AR_NONE 0
905#define AR_INTERACT 1
906#define AR_NOINTERACT 2
907
908int auth_retry_get(void);
909
910bool auth_retry_set(const int msglevel, const char *option);
911
912const char *auth_retry_print(void);
913
915 const char *config,
916 const int msglevel,
917 const unsigned int permission_mask,
918 unsigned int *option_types_found,
919 struct env_set *es);
920
921bool key_is_external(const struct options *options);
922
923bool has_udp_in_local_list(const struct options *options);
924
928static inline bool
929dco_enabled(const struct options *o)
930{
931#ifdef ENABLE_DCO
932 return !o->disable_dco;
933#else
934 return false;
935#endif /* ENABLE_DCO */
936}
937
938#endif /* ifndef OPTIONS_H */
Data Channel Cryptography SSL library-specific backend interface.
hash_algo_type
Types referencing specific message digest hashing algorithms.
#define SHA256_DIGEST_LENGTH
void provider_t
void * openvpn_net_ctx_t
Definition networking.h:39
bool options_cmp_equal(char *actual, const char *expected)
Definition options.c:4566
void options_server_import(struct options *o, const char *filename, int msglevel, unsigned int permission_mask, unsigned int *option_types_found, struct env_set *es)
Definition options.c:5589
bool options_postprocess_pull(struct options *o, struct env_set *es)
Definition options.c:4290
void uninit_options(struct options *o)
Definition options.c:933
void show_windows_version(const unsigned int flags)
Definition options.c:4920
bool key_is_external(const struct options *options)
Definition options.c:5764
bool auth_retry_set(const int msglevel, const char *option)
Definition options.c:4835
void show_dco_version(const unsigned int flags)
Definition options.c:4929
void rol_check_alloc(struct options *options)
Definition options.c:1570
void show_settings(const struct options *o)
Definition options.c:1694
static bool dco_enabled(const struct options *o)
Returns whether the current configuration has dco enabled.
Definition options.h:929
bool apply_push_options(struct options *options, struct buffer *buf, unsigned int permission_mask, unsigned int *option_types_found, struct env_set *es)
Definition options.c:5559
bool options_cmp_equal_safe(char *actual, const char *expected, size_t actual_n)
Definition options.c:4708
void parse_argv(struct options *options, const int argc, char *argv[], const int msglevel, const unsigned int permission_mask, unsigned int *option_types_found, struct env_set *es)
Definition options.c:5446
bool string_defined_equal(const char *s1, const char *s2)
Definition options.c:4985
void options_postprocess(struct options *options, struct env_set *es)
Definition options.c:4276
int parse_topology(const char *str, const int msglevel)
Definition options.c:4779
void usage_small(void)
Definition options.c:4912
const char * auth_retry_print(void)
Definition options.c:4858
void options_warning_safe(char *actual, const char *expected, size_t actual_n)
Definition options.c:4731
void show_library_versions(const unsigned int flags)
Definition options.c:4939
void setenv_settings(struct env_set *es, const struct options *o)
Definition options.c:1036
#define RH_PORT_LEN
Definition options.h:230
genkey_type
Definition options.h:234
@ GENKEY_AUTH_TOKEN
Definition options.h:238
@ GENKEY_SECRET
Definition options.h:235
@ GENKEY_TLS_CRYPTV2_SERVER
Definition options.h:237
@ GENKEY_TLS_CRYPTV2_CLIENT
Definition options.h:236
int parse_line(const char *line, char *p[], const int n, const char *file, const int line_num, int msglevel, struct gc_arena *gc)
Definition options.c:5022
#define RH_HOST_LEN
Definition options.h:228
void options_detach(struct options *o)
Definition options.c:1561
void pre_connect_restore(struct options *o, struct gc_arena *gc)
Definition options.c:3159
const char * print_topology(const int topology)
Definition options.c:4801
void options_string_import(struct options *options, const char *config, const int msglevel, const unsigned int permission_mask, unsigned int *option_types_found, struct env_set *es)
Definition options.c:5609
char * options_string_extract_option(const char *options_string, const char *opt_name, struct gc_arena *gc)
Given an OpenVPN options string, extract the value of an option.
Definition options.c:4745
#define MAX_PARMS
Definition options.h:52
void pre_pull_default(struct options *o)
void init_options(struct options *o, const bool init_gc)
Definition options.c:805
void options_warning(char *actual, const char *expected)
Definition options.c:4572
const char * options_string_version(const char *s, struct gc_arena *gc)
Definition options.c:4737
const char title_string[]
Definition options.c:69
int auth_retry_get(void)
Definition options.c:4829
void notnull(const char *arg, const char *description)
Definition options.c:4976
bool has_udp_in_local_list(const struct options *options)
Definition options.c:9677
char * options_string(const struct options *o, const struct frame *frame, struct tuntap *tt, openvpn_net_ctx_t *ctx, bool remote, struct gc_arena *gc)
Definition options.c:4347
vlan_acceptable_frames
Definition options.h:220
@ VLAN_ONLY_UNTAGGED_OR_PRIORITY
Definition options.h:222
@ VLAN_ALL
Definition options.h:223
@ VLAN_ONLY_TAGGED
Definition options.h:221
Definition argv.h:35
Wrapper structure for dynamically allocated memory.
Definition buffer.h:61
Definition options.h:105
struct local_list * local_list
Definition options.h:106
int tun_mtu_max
Definition options.h:127
int connect_retry_seconds
Definition options.h:117
bool tls_crypt_v2_force_cookie
Definition options.h:176
int link_mtu
Definition options.h:132
bool link_mtu_defined
Definition options.h:133
int tun_mtu_extra
Definition options.h:130
int connect_retry_seconds_max
Definition options.h:118
bool bind_local
Definition options.h:116
int mssfix
Definition options.h:142
const char * tls_crypt_file
Definition options.h:167
const char * tls_crypt_v2_file
Definition options.h:172
bool tun_mtu_extra_defined
Definition options.h:131
const char * remote
Definition options.h:112
int connect_timeout
Definition options.h:119
const char * socks_proxy_port
Definition options.h:122
bool mssfix_default
Definition options.h:143
bool mssfix_encap
Definition options.h:144
int occ_mtu
Definition options.h:126
struct http_proxy_options * http_proxy_options
Definition options.h:120
bool tls_crypt_file_inline
Definition options.h:168
bool tls_auth_file_inline
Definition options.h:163
bool bind_ipv6_only
Definition options.h:115
bool tun_mtu_defined
Definition options.h:129
bool remote_float
Definition options.h:113
int tls_mtu
Definition options.h:134
int explicit_exit_notification
Definition options.h:148
const char * socks_proxy_authfile
Definition options.h:123
const char * remote_port
Definition options.h:111
bool fragment_encap
Definition options.h:140
const char * socks_proxy_server
Definition options.h:121
int fragment
Definition options.h:139
int mtu_discover_type
Definition options.h:137
int proto
Definition options.h:107
sa_family_t af
Definition options.h:108
const char * tls_auth_file
Definition options.h:162
bool local_port_defined
Definition options.h:110
int tun_mtu
Definition options.h:125
bool bind_defined
Definition options.h:114
const char * local_port
Definition options.h:109
int key_direction
Definition options.h:164
bool tls_crypt_v2_file_inline
Definition options.h:173
unsigned int flags
Definition options.h:159
bool mssfix_fixed
Definition options.h:146
struct connection_entry ** array
Definition options.h:201
Packet geometry parameters.
Definition mtu.h:98
Garbage collection arena used to keep track of dynamically allocated memory.
Definition buffer.h:117
Definition list.h:57
Definition options.h:98
const char * port
Definition options.h:100
int proto
Definition options.h:101
const char * local
Definition options.h:99
struct local_entry ** array
Definition options.h:193
int capacity
Definition options.h:191
int ping_rec_timeout_action
Definition options.h:87
bool tuntap_options_defined
Definition options.h:65
bool routes_ipv6_defined
Definition options.h:71
struct route_option_list * routes
Definition options.h:69
struct compress_options comp
Definition options.h:90
const char * ciphername
Definition options.h:82
const char * route_default_gateway
Definition options.h:74
const char * authname
Definition options.h:83
struct route_ipv6_option_list * routes_ipv6
Definition options.h:72
bool client_nat_defined
Definition options.h:77
struct client_nat_option_list * client_nat
Definition options.h:78
const char * route_ipv6_default_gateway
Definition options.h:75
int resolve_retry_seconds
Definition options.h:366
int rcvbuf
Definition options.h:415
bool resolve_in_advance
Definition options.h:367
bool route_nopull
Definition options.h:439
const char * genkey_extra_data
Definition options.h:285
struct compress_options comp
Definition options.h:412
struct http_proxy_options * http_proxy_override
Definition options.h:308
int push_ifconfig_ipv6_netbits
Definition options.h:525
int proto_force
Definition options.h:331
bool persist_config
Definition options.h:273
struct connection_list * connection_list
Definition options.h:290
const char * management_port
Definition options.h:449
bool tls_crypt_file_inline
Definition options.h:670
const char * ifconfig_ipv6_remote
Definition options.h:326
int max_routes_per_client
Definition options.h:538
const char * ncp_ciphers_conf
The original ncp_ciphers specified by the user in the configuration.
Definition options.h:579
int status_file_version
Definition options.h:406
int server_backoff_time
Definition options.h:305
enum vlan_acceptable_frames vlan_accept
Definition options.h:713
int auth_token_renewal
Definition options.h:547
in_addr_t push_ifconfig_constraint_network
Definition options.h:520
const char * tmp_dir
Definition options.h:468
bool push_peer_info
Definition options.h:684
bool daemon
Definition options.h:390
struct options_pre_connect * pre_connect
Definition options.h:563
int route_default_metric
Definition options.h:431
int renegotiate_seconds_min
Definition options.h:650
const char * auth_token_secret_file
Definition options.h:548
unsigned int imported_protocol_flags
Definition options.h:723
const char * tls_export_peer_cert_dir
Definition options.h:615
bool crl_file_inline
Definition options.h:619
const char * cryptoapi_cert
Definition options.h:641
const char * down_script
Definition options.h:385
unsigned int backwards_compatible
What version we should try to be compatible with as major * 10000 + minor * 100 + patch,...
Definition options.h:267
hash_algo_type verify_hash_algo
Definition options.h:625
int scheduled_exit_interval
Definition options.h:565
int stale_routes_ageing_time
Definition options.h:540
bool pkcs12_file_inline
Definition options.h:608
int replay_time
Definition options.h:586
unsigned int push_option_types_found
Definition options.h:560
int management_state_buffer_size
Definition options.h:453
const char * ca_file
Definition options.h:596
const char * tls_auth_file
Definition options.h:665
struct provider_list providers
Definition options.h:583
bool duplicate_cn
Definition options.h:529
struct in6_addr server_network_ipv6
Definition options.h:473
int shaper
Definition options.h:329
int management_echo_buffer_size
Definition options.h:452
in_addr_t server_network
Definition options.h:470
bool show_net_up
Definition options.h:697
bool verify_hash_no_ca
Definition options.h:627
bool allow_pull_fqdn
Definition options.h:441
bool use_peer_id
Definition options.h:703
unsigned remote_cert_ku[MAX_PARMS]
Definition options.h:622
bool server_bridge_defined
Definition options.h:483
const char * keying_material_exporter_label
Definition options.h:707
const char * status_file
Definition options.h:405
unsigned int ssl_flags
Definition options.h:628
bool route_noexec
Definition options.h:432
bool ifconfig_nowarn
Definition options.h:328
const char * remote_cert_eku
Definition options.h:623
in_addr_t ifconfig_pool_netmask
Definition options.h:493
in_addr_t server_netmask
Definition options.h:471
int tls_timeout
Definition options.h:644
bool test_crypto
Definition options.h:588
bool up_delay
Definition options.h:388
bool server_bridge_proxy_dhcp
Definition options.h:481
bool allow_recursive_routing
Definition options.h:720
const char * authname
Definition options.h:581
const char * exit_event_name
Definition options.h:695
const char * ifconfig_ipv6_local
Definition options.h:324
int cf_max
Definition options.h:531
bool dh_file_inline
Definition options.h:600
int replay_window
Definition options.h:585
bool disable
Definition options.h:509
int mute
Definition options.h:399
bool auth_user_pass_verify_script_via_file
Definition options.h:543
const char * dev_type
Definition options.h:318
int persist_mode
Definition options.h:274
int ifconfig_pool_persist_refresh_freq
Definition options.h:495
bool show_digests
Definition options.h:278
const char * up_script
Definition options.h:384
int ce_advance_count
Definition options.h:301
bool single_session
Definition options.h:682
bool push_ifconfig_defined
Definition options.h:515
bool ifconfig_pool_defined
Definition options.h:490
struct remote_host_store * rh_store
Definition options.h:311
int verify_hash_depth
Definition options.h:626
bool route_delay_defined
Definition options.h:435
const char * packet_id_file
Definition options.h:587
const char * tls_crypt_v2_file
Definition options.h:674
int management_log_history_cache
Definition options.h:451
in_addr_t server_bridge_netmask
Definition options.h:485
const char * ip_remote_hint
Definition options.h:368
bool vlan_tagging
Definition options.h:712
uint32_t peer_id
Definition options.h:704
struct route_option_list * routes
Definition options.h:436
in_addr_t ifconfig_pool_end
Definition options.h:492
int keepalive_timeout
Definition options.h:342
const char * writepid
Definition options.h:383
int64_t inactivity_minimum_bytes
Definition options.h:345
bool ifconfig_ipv6_pool_defined
Definition options.h:497
bool fast_io
Definition options.h:410
unsigned int server_flags
Definition options.h:479
bool block_outside_dns
Definition options.h:699
bool push_ifconfig_ipv6_blocked
Definition options.h:527
bool tls_exit
Definition options.h:686
const char * pkcs12_file
Definition options.h:607
const char * client_disconnect_script
Definition options.h:504
bool show_engines
Definition options.h:279
struct remote_list * remote_list
Definition options.h:292
HANDLE msg_channel
Definition options.h:694
const char * key_pass_file
Definition options.h:276
bool mute_replay_warnings
Definition options.h:584
const char * tls_crypt_file
Definition options.h:669
int inactivity_timeout
Definition options.h:344
int n_bcast_buf
Definition options.h:511
unsigned int unsuccessful_attempts
Definition options.h:299
int handshake_window
Definition options.h:654
bool server_defined
Definition options.h:469
const char * ifconfig_local
Definition options.h:322
struct connection_entry ce
Definition options.h:289
struct iroute_ipv6 * iroutes_ipv6
Definition options.h:514
bool user_script_used
Definition options.h:386
const char * tls_groups
Definition options.h:611
bool show_tls_ciphers
Definition options.h:280
int route_method
Definition options.h:698
struct verify_hash_list * verify_hash
Definition options.h:624
const char * tls_cert_profile
Definition options.h:612
int64_t renegotiate_packets
Definition options.h:648
unsigned int management_flags
Definition options.h:461
int push_continuation
Definition options.h:559
const char * route_default_gateway
Definition options.h:428
in_addr_t push_ifconfig_local_alias
Definition options.h:518
bool exit_event_initial_state
Definition options.h:696
struct static_challenge_info sc_info
Definition options.h:568
bool auth_token_call_auth
Definition options.h:545
const char * ipchange
Definition options.h:316
int topology
Definition options.h:321
bool disable_dco
Definition options.h:373
const char * ncp_ciphers
Definition options.h:580
bool genkey
Definition options.h:282
const char * learn_address_script
Definition options.h:505
const char * ciphername
Definition options.h:575
const char * auth_user_pass_file
Definition options.h:561
bool forward_compatible
Definition options.h:264
const char * username
Definition options.h:376
int cf_initial_max
Definition options.h:534
int stale_routes_check_interval
Definition options.h:539
struct plugin_option_list * plugin_list
Definition options.h:464
int auth_token_lifetime
Definition options.h:546
uint16_t vlan_pvid
Definition options.h:714
int ns_cert_type
Definition options.h:621
const char * tls_crypt_v2_verify_script
Definition options.h:679
int mode
Definition options.h:261
bool tls_server
Definition options.h:594
const char * auth_user_pass_verify_script
Definition options.h:542
int connect_retry_max
Definition options.h:288
char * bind_dev
Definition options.h:420
const char * extra_certs_file
Definition options.h:603
bool client
Definition options.h:557
bool pull
Definition options.h:558
int ifconfig_ipv6_pool_netbits
Definition options.h:499
in_addr_t push_ifconfig_constraint_netmask
Definition options.h:521
bool show_curves
Definition options.h:281
const char * tls_crypt_v2_metadata
Definition options.h:677
const char * route_ipv6_default_gateway
Definition options.h:429
bool tls_client
Definition options.h:595
bool ping_timer_remote
Definition options.h:351
bool auth_token_generate
Definition options.h:544
bool priv_key_file_inline
Definition options.h:606
const char * tls_verify
Definition options.h:614
const char * crl_file
Definition options.h:618
int ping_rec_timeout_action
Definition options.h:356
bool auth_user_pass_file_inline
Definition options.h:562
bool show_ciphers
Definition options.h:277
bool enable_ncp_fallback
If defined fall back to ciphername if NCP fails.
Definition options.h:576
int real_hash_size
Definition options.h:501
const char * route_predown_script
Definition options.h:427
const char * dh_file
Definition options.h:599
int route_delay_window
Definition options.h:434
in_addr_t push_ifconfig_local
Definition options.h:516
bool mlock
Definition options.h:339
const char ** ignore_unknown_option
Definition options.h:270
int sndbuf
Definition options.h:416
int foreign_option_index
Definition options.h:691
struct gc_arena gc
Definition options.h:252
bool gc_owned
Definition options.h:253
bool down_pre
Definition options.h:387
bool persist_tun
Definition options.h:358
int route_default_table_id
Definition options.h:430
bool ca_file_inline
Definition options.h:597
bool auth_token_secret_file_inline
Definition options.h:549
bool block_ipv6
Definition options.h:438
const char * config
Definition options.h:256
bool extra_certs_file_inline
Definition options.h:604
bool push_ifconfig_constraint_defined
Definition options.h:519
int mark
Definition options.h:419
int cf_initial_per
Definition options.h:535
int keying_material_exporter_length
Definition options.h:708
bool suppress_timestamps
Definition options.h:395
bool force_key_material_export
Definition options.h:710
bool mtu_test
Definition options.h:333
struct iroute * iroutes
Definition options.h:513
int verify_x509_type
Definition options.h:616
const char * cipher_list_tls13
Definition options.h:610
const char * ecdh_curve
Definition options.h:613
int status_file_update_freq
Definition options.h:407
const char * management_client_user
Definition options.h:455
const char * cipher_list
Definition options.h:609
bool ccd_exclusive
Definition options.h:508
bool allow_deprecated_insecure_static_crypto
Definition options.h:573
struct pull_filter_list * pull_filter_list
Definition options.h:716
const char * management_certificate
Definition options.h:458
const char * genkey_filename
Definition options.h:284
const struct x509_track * x509_track
Definition options.h:688
const char * chroot_dir
Definition options.h:378
bool log
Definition options.h:394
bool shared_secret_file_inline
Definition options.h:572
struct in6_addr push_ifconfig_ipv6_remote
Definition options.h:526
const char * ca_path
Definition options.h:598
int renegotiate_seconds
Definition options.h:649
int ping_rec_timeout
Definition options.h:350
unsigned int sockflags
Definition options.h:423
const char * engine
Definition options.h:582
const char * management_addr
Definition options.h:448
const char * client_connect_script
Definition options.h:503
const char * verify_x509_name
Definition options.h:617
int ping_send_timeout
Definition options.h:349
bool route_gateway_via_dhcp
Definition options.h:440
bool remote_random
Definition options.h:315
bool push_ifconfig_ipv6_defined
Definition options.h:523
int tcp_queue_limit
Definition options.h:512
int route_delay
Definition options.h:433
const char * dev_node
Definition options.h:319
const char * override_username
Definition options.h:510
const char * client_crresponse_script
Definition options.h:506
struct route_ipv6_option_list * routes_ipv6
Definition options.h:437
bool machine_readable_output
Definition options.h:396
int key_direction
Definition options.h:574
bool server_ipv6_defined
Definition options.h:472
const char * priv_key_file
Definition options.h:605
bool persist_remote_ip
Definition options.h:360
bool up_restart
Definition options.h:389
int keepalive_ping
Definition options.h:341
int virtual_hash_size
Definition options.h:502
bool no_advance
Definition options.h:294
bool tls_auth_file_inline
Definition options.h:666
bool tls_crypt_v2_file_inline
Definition options.h:675
const char * groupname
Definition options.h:377
in_addr_t server_bridge_pool_start
Definition options.h:486
const char * cd_dir
Definition options.h:379
struct client_nat_option_list * client_nat
Definition options.h:442
struct in6_addr push_ifconfig_ipv6_local
Definition options.h:524
int nice
Definition options.h:397
int max_clients
Definition options.h:537
int transition_window
Definition options.h:662
const char * ifconfig_remote_netmask
Definition options.h:323
const char * lladdr
Definition options.h:320
int verbosity
Definition options.h:398
int session_timeout
Definition options.h:347
const char * cert_file
Definition options.h:601
bool enable_c2c
Definition options.h:528
in_addr_t server_bridge_pool_end
Definition options.h:487
bool push_ifconfig_ipv4_blocked
Definition options.h:522
int cf_per
Definition options.h:532
enum tun_driver_type windows_driver
Definition options.h:700
bool cert_file_inline
Definition options.h:602
int remap_sigusr1
Definition options.h:392
int64_t renegotiate_bytes
Definition options.h:647
const char * route_script
Definition options.h:426
in_addr_t ifconfig_pool_start
Definition options.h:491
const char * management_user_pass
Definition options.h:450
unsigned int server_netbits_ipv6
Definition options.h:474
in_addr_t push_ifconfig_remote_netmask
Definition options.h:517
bool occ
Definition options.h:445
in_addr_t server_bridge_ip
Definition options.h:484
const char * shared_secret_file
Definition options.h:571
bool ifconfig_noexec
Definition options.h:327
const char * dev
Definition options.h:317
const char * management_client_group
Definition options.h:456
struct in6_addr ifconfig_ipv6_pool_base
Definition options.h:498
const char * client_config_dir
Definition options.h:507
enum genkey_type genkey_type
Definition options.h:283
bool advance_next_remote
Definition options.h:297
const char * ifconfig_pool_persist_filename
Definition options.h:494
int ifconfig_ipv6_netbits
Definition options.h:325
bool persist_local_ip
Definition options.h:359
provider_t * providers[MAX_PARMS]
Definition options.h:216
const char * names[MAX_PARMS]
Definition options.h:214
Definition options.h:180
int proto
Definition options.h:183
const char * remote
Definition options.h:181
const char * remote_port
Definition options.h:182
sa_family_t af
Definition options.h:184
char port[RH_PORT_LEN]
Definition options.h:231
char host[RH_HOST_LEN]
Definition options.h:229
struct remote_entry ** array
Definition options.h:208
int capacity
Definition options.h:206
Definition tun.h:178
struct verify_hash_list * next
Definition options.h:246
unsigned short sa_family_t
Definition syshead.h:395
struct env_set * es
static bool pkcs11_id_management
struct gc_arena gc
Definition test_ssl.c:155
tun_driver_type
Definition tun.h:44