OpenVPN
options.h
Go to the documentation of this file.
1/*
2 * OpenVPN -- An application to securely tunnel IP networks
3 * over a single UDP port, with support for SSL/TLS-based
4 * session authentication and key exchange,
5 * packet encryption, packet authentication, and
6 * packet compression.
7 *
8 * Copyright (C) 2002-2025 OpenVPN Inc <sales@openvpn.net>
9 *
10 * This program is free software; you can redistribute it and/or modify
11 * it under the terms of the GNU General Public License version 2
12 * as published by the Free Software Foundation.
13 *
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
18 *
19 * You should have received a copy of the GNU General Public License along
20 * with this program; if not, see <https://www.gnu.org/licenses/>.
21 */
22
23/*
24 * 2004-01-28: Added Socks5 proxy support
25 * (Christof Meerwald, http://cmeerw.org)
26 */
27
28#ifndef OPTIONS_H
29#define OPTIONS_H
30
31#include "basic.h"
32#include "common.h"
33#include "mtu.h"
34#include "route.h"
35#include "tun.h"
36#include "socket_util.h"
37#include "plugin.h"
38#include "manage.h"
39#include "proxy.h"
40#include "comp.h"
41#include "pushlist.h"
42#include "clinat.h"
43#include "crypto_backend.h"
44#include "dns.h"
45
46
47/*
48 * Maximum number of parameters associated with an option,
49 * including the option name itself.
50 */
51#define MAX_PARMS 16
52
53/*
54 * Max size of options line and parameter.
55 */
56#define OPTION_PARM_SIZE 256
57#define OPTION_LINE_SIZE 256
58
59extern const char title_string[];
60
61/* certain options are saved before --pull modifications are applied */
91
92#if !defined(ENABLE_CRYPTO_OPENSSL) && !defined(ENABLE_CRYPTO_MBEDTLS)
93#error "At least one of OpenSSL or mbed TLS needs to be defined."
94#endif
95
97{
98 const char *local;
99 const char *port;
100 int proto;
101};
102
104{
106 int proto;
108 const char *local_port;
110 const char *remote_port;
111 const char *remote;
121 const char *socks_proxy_port;
123
124 int tun_mtu; /* MTU of tun device */
125 int occ_mtu; /* if non-null, this is the MTU we announce to peers in OCC */
126 int tun_mtu_max; /* maximum MTU that can be pushed */
127
128 bool tun_mtu_defined; /* true if user overriding parm with command line option */
131 int link_mtu; /* MTU of device over which tunnel packets pass via TCP/UDP */
132 bool link_mtu_defined; /* true if user overriding parm with command line option */
133 int tls_mtu; /* Maximum MTU for the control channel messages */
134
135 /* Advanced MTU negotiation and datagram fragmentation options */
136 int mtu_discover_type; /* used if OS supports setting Path MTU discovery options on socket */
137
138 int fragment; /* internal fragmentation size */
139 bool fragment_encap; /* true if --fragment had the "mtu" parameter to
140 * include overhead from IP and TCP/UDP encapsulation */
141 int mssfix; /* Upper bound on TCP MSS */
142 bool mssfix_default; /* true if --mssfix should use the default parameters */
143 bool mssfix_encap; /* true if --mssfix had the "mtu" parameter to include
144 * overhead from IP and TCP/UDP encapsulation */
145 bool mssfix_fixed; /* use the mssfix value without any encapsulation adjustments */
146
147 int explicit_exit_notification; /* Explicitly tell peer when we are exiting via OCC_EXIT or
148 [RESTART] message */
149
150#define CE_DISABLED (1u << 0)
151#define CE_MAN_QUERY_PROXY (1u << 1)
152#define CE_MAN_QUERY_REMOTE_UNDEF 0
153#define CE_MAN_QUERY_REMOTE_QUERY 1
154#define CE_MAN_QUERY_REMOTE_ACCEPT 2
155#define CE_MAN_QUERY_REMOTE_MOD 3
156#define CE_MAN_QUERY_REMOTE_SKIP 4
157#define CE_MAN_QUERY_REMOTE_MASK (0x07u)
158#define CE_MAN_QUERY_REMOTE_SHIFT (2)
159 unsigned int flags;
160
161 /* Shared secret used for TLS control channel authentication */
162 const char *tls_auth_file;
165
166 /* Shared secret used for TLS control channel authenticated encryption */
167 const char *tls_crypt_file;
169
170 /* Client-specific secret or server key used for TLS control channel
171 * authenticated encryption v2 */
172 const char *tls_crypt_v2_file;
174
175 /* Allow only client that support resending the wrapped client key */
177};
178
180{
181 const char *remote;
182 const char *remote_port;
183 int proto;
185};
186
187#define CONNECTION_LIST_SIZE 64
188
190{
192 int len;
194};
195
203
205{
207 int len;
209};
210
212{
213 /* Names of the providers */
214 const char *names[MAX_PARMS];
215 /* Pointers to the loaded providers to unload them */
217};
218
225
227{
228#define RH_HOST_LEN 80
230#define RH_PORT_LEN 20
232};
233
241
243{
244 /* We support SHA256 and SHA1 fingerpint. In the case of using the
245 * deprecated SHA1, only the first 20 bytes of each list item are used */
248};
249
250/* Command line options */
252{
253 struct gc_arena gc;
255
256 /* first config file */
257 const char *config;
258
259 /* major mode */
260#define MODE_POINT_TO_POINT 0
261#define MODE_SERVER 1
262 int mode;
263
264 /* enable forward compatibility for post-2.1 features */
269
270 /* list of options that should be ignored even if unknown */
272
273 /* persist parms */
276
277 const char *key_pass_file;
283 bool genkey;
285 const char *genkey_filename;
286 const char *genkey_extra_data;
287
288 /* Networking parms */
292
294 /* Do not advance the connection or remote addr list */
296 /* Advance directly to the next remote, skipping remaining addresses of the
297 * current remote */
299 /* Counts the number of unsuccessful connection attempts */
301 /* count of connection entries to advance by when no_advance is not set */
303 /* the server can suggest a backoff time to the client, it
304 * will still be capped by the max timeout between connections
305 * (300s by default) */
307
308#if ENABLE_MANAGEMENT
310#endif
311
313
315
317 const char *ipchange;
318 const char *dev;
319 const char *dev_type;
320 const char *dev_node;
321 const char *lladdr;
322 int topology; /* one of the TOP_x values from proto.h */
323 const char *ifconfig_local;
331
333
335
336#ifdef ENABLE_MEMSTATS
337 char *memstats_fn;
338#endif
339
340 bool mlock;
341
342 int keepalive_ping; /* a proxy for ping/ping-restart */
344
345 int inactivity_timeout; /* --inactive */
347
348 int session_timeout; /* Force-kill session after n seconds */
349
350 int ping_send_timeout; /* Send a TCP/UDP ping to remote every n seconds */
351 int ping_rec_timeout; /* Expect a TCP/UDP ping from remote at least once every n seconds */
352 bool ping_timer_remote; /* Run ping timer only if we have a remote address */
353
354#define PING_UNDEF 0
355#define PING_EXIT 1
356#define PING_RESTART 2
357 int ping_rec_timeout_action; /* What action to take on ping_rec_timeout (exit or restart)? */
358
359 bool persist_tun; /* Don't close/reopen TUN/TAP dev on SIGUSR1 or PING_RESTART */
360 bool persist_local_ip; /* Don't re-resolve local address on SIGUSR1 or PING_RESTART */
361 bool persist_remote_ip; /* Don't re-resolve remote address on SIGUSR1 or PING_RESTART */
362
363#if PASSTOS_CAPABILITY
364 bool passtos;
365#endif
366
367 int resolve_retry_seconds; /* If hostname resolve fails, retry for n seconds */
369 const char *ip_remote_hint;
370
372 /* DCO is disabled and should not be used as backend driver for the
373 * tun/tap device */
375
376 /* Misc parms */
377 const char *username;
378 const char *groupname;
379 const char *chroot_dir;
380 const char *cd_dir;
381#ifdef ENABLE_SELINUX
382 char *selinux_context;
383#endif
384 const char *writepid;
385 const char *up_script;
386 const char *down_script;
391 bool daemon;
392
394
395 bool log;
398 int nice;
400 int mute;
401
402#ifdef ENABLE_DEBUG
403 int gremlin;
404#endif
405
406 const char *status_file;
409
410 /* optimize TUN/TAP/UDP writes */
412
414
415 /* buffer sizes */
418
419 /* mark value */
420 int mark;
421 char *bind_dev;
422
423 /* socket flags */
424 unsigned int sockflags;
425
426 /* route management */
427 const char *route_script;
442 bool allow_pull_fqdn; /* as a client, allow server to push a FQDN for certain parameters */
444
445 /* Enable options consistency check between peers */
446 bool occ;
447
448#ifdef ENABLE_MANAGEMENT
449 const char *management_addr;
450 const char *management_port;
455
458
460#endif
461 /* Mask of MF_ values of manage.h */
462 unsigned int management_flags;
463
464#ifdef ENABLE_PLUGIN
466#endif
467
468 /* the tmp dir is for now only used in the P2P server context */
469 const char *tmp_dir;
471 in_addr_t server_network;
472 in_addr_t server_netmask;
473 bool server_ipv6_defined; /* IPv6 */
474 struct in6_addr server_network_ipv6; /* IPv6 */
475 unsigned int server_netbits_ipv6; /* IPv6 */
476
477#define SF_NOPOOL (1 << 0)
478#define SF_TCP_NODELAY_HELPER (1 << 1)
479#define SF_NO_PUSH_ROUTE_GATEWAY (1 << 2)
480 unsigned int server_flags;
481
483
489
497
499 struct in6_addr ifconfig_ipv6_pool_base; /* IPv6 */
501
508 const char *client_config_dir;
511 const char *override_username;
515 struct iroute_ipv6 *iroutes_ipv6; /* IPv6 */
525 struct in6_addr push_ifconfig_ipv6_local; /* IPv6 */
527 struct in6_addr push_ifconfig_ipv6_remote; /* IPv6 */
531
534
537
542
551
552#if PORT_SHARE
553 char *port_share_host;
554 char *port_share_port;
555 const char *port_share_journal_dir;
556#endif
557
558 bool client;
559 bool pull; /* client pull of config options from server */
565
567
568#ifdef ENABLE_MANAGEMENT
570#endif
571 /* Cipher parms */
576 const char *ciphername;
580 const char *ncp_ciphers_conf;
581 const char *ncp_ciphers;
582 const char *authname;
583 const char *engine;
588 const char *packet_id_file;
590#ifdef ENABLE_PREDICTION_RESISTANCE
591 bool use_prediction_resistance;
592#endif
593
594 /* TLS (control channel) parms */
597 const char *ca_file;
599 const char *ca_path;
600 const char *dh_file;
602 const char *cert_file;
604 const char *extra_certs_file;
606 const char *priv_key_file;
608 const char *pkcs12_file;
610 const char *cipher_list;
611 const char *cipher_list_tls13;
612 const char *tls_groups;
613 const char *tls_cert_profile;
614 const char *ecdh_curve;
615 const char *tls_verify;
618 const char *verify_x509_name;
619 const char *crl_file;
621
622 int ns_cert_type; /* set to 0, NS_CERT_CHECK_SERVER, or NS_CERT_CHECK_CLIENT */
624 const char *remote_cert_eku;
629 unsigned int ssl_flags; /* set to SSLF_x flags from ssl.h */
630
631#ifdef ENABLE_PKCS11
632 const char *pkcs11_providers[MAX_PARMS];
633 unsigned pkcs11_private_mode[MAX_PARMS];
634 bool pkcs11_protected_authentication[MAX_PARMS];
635 bool pkcs11_cert_private[MAX_PARMS];
636 int pkcs11_pin_cache_period;
637 const char *pkcs11_id;
639#endif
640
641#ifdef ENABLE_CRYPTOAPI
642 const char *cryptoapi_cert;
643#endif
644 /* Per-packet timeout on control channel */
646
647 /* Data channel key renegotiation parameters */
652
653 /* Data channel key handshake must finalize
654 * within n seconds of handshake initiation. */
656
657#ifdef ENABLE_X509ALTUSERNAME
658 /* Field list used to be the username in X509 cert. */
659 char *x509_username_field[MAX_PARMS];
660#endif
661
662 /* Old key allowed to live n seconds after new key goes active */
664
665 /* Shared secret used for TLS control channel authentication */
666 const char *tls_auth_file;
668
669 /* Shared secret used for TLS control channel authenticated encryption */
670 const char *tls_crypt_file;
672
673 /* Client-specific secret or server key used for TLS control channel
674 * authenticated encryption v2 */
675 const char *tls_crypt_v2_file;
677
679
681
682 /* Allow only one session */
684
686
688
689 const struct x509_track *x509_track;
690
691 /* special state parms */
693
694#ifdef _WIN32
696 const char *exit_event_name;
702#endif
703
705 uint32_t peer_id;
706
707 /* Keying Material Exporters [RFC 5705] */
710 /* force using TLS key material export for data channel key generation */
712
715 uint16_t vlan_pvid;
716
718
719 /* Useful when packets sent by openvpn itself are not subject
720 * to the routing tables that would move packets into the tunnel. */
722
723 /* data channel crypto flags set by push/pull. Reuses the CO_* crypto_flags */
725};
726
727#define streq(x, y) (!strcmp((x), (y)))
728
729/*
730 * Option classes.
731 */
732#define OPT_P_GENERAL (1u << 0)
733#define OPT_P_UP (1u << 1)
734#define OPT_P_ROUTE (1u << 2)
735#define OPT_P_DHCPDNS (1u << 3) /* includes ip windows options like */
736#define OPT_P_SCRIPT (1u << 4)
737#define OPT_P_SETENV (1u << 5)
738#define OPT_P_SHAPER (1u << 6)
739#define OPT_P_TIMER (1u << 7)
740#define OPT_P_PERSIST (1u << 8)
741#define OPT_P_PERSIST_IP (1u << 9)
742#define OPT_P_COMP (1u << 10) /* TODO */
743#define OPT_P_MESSAGES (1u << 11)
744#define OPT_P_NCP (1u << 12)
745#define OPT_P_TLS_PARMS (1u << 13) /* TODO */
746#define OPT_P_MTU (1u << 14) /* TODO */
747#define OPT_P_NICE (1u << 15)
748#define OPT_P_PUSH (1u << 16)
749#define OPT_P_INSTANCE (1u << 17)
750#define OPT_P_CONFIG (1u << 18)
751#define OPT_P_EXPLICIT_NOTIFY (1u << 19)
752#define OPT_P_ECHO (1u << 20)
753#define OPT_P_INHERIT (1u << 21)
754#define OPT_P_ROUTE_EXTRAS (1u << 22)
755#define OPT_P_PULL_MODE (1u << 23)
756#define OPT_P_PLUGIN (1u << 24)
757#define OPT_P_SOCKBUF (1u << 25)
758#define OPT_P_SOCKFLAGS (1u << 26)
759#define OPT_P_CONNECTION (1u << 27)
760#define OPT_P_PEER_ID (1u << 28)
761#define OPT_P_INLINE (1u << 29)
762#define OPT_P_PUSH_MTU (1u << 30)
763#define OPT_P_ROUTE_TABLE (1u << 31)
764
765#define OPT_P_DEFAULT (~(OPT_P_INSTANCE | OPT_P_PULL_MODE))
766
767#define PULL_DEFINED(opt) ((opt)->pull)
768#define PUSH_DEFINED(opt) ((opt)->push_list)
769
770#ifndef PULL_DEFINED
771#define PULL_DEFINED(opt) (false)
772#endif
773
774#ifndef PUSH_DEFINED
775#define PUSH_DEFINED(opt) (false)
776#endif
777
778#ifdef _WIN32
779#define ROUTE_OPTION_FLAGS(o) ((o)->route_method & ROUTE_METHOD_MASK)
780#else
781#define ROUTE_OPTION_FLAGS(o) (0)
782#endif
783
784#define SHAPER_DEFINED(opt) ((opt)->shaper)
785
786#ifdef ENABLE_PLUGIN
787#define PLUGIN_OPTION_LIST(opt) ((opt)->plugin_list)
788#else
789#define PLUGIN_OPTION_LIST(opt) (NULL)
790#endif
791
792#ifdef ENABLE_MANAGEMENT
793#define MAN_CLIENT_AUTH_ENABLED(opt) ((opt)->management_flags & MF_CLIENT_AUTH)
794#else
795#define MAN_CLIENT_AUTH_ENABLED(opt) (false)
796#endif
797
798/*
799 * some PUSH_UPDATE options
800 */
801#define OPT_P_U_ROUTE (1 << 0)
802#define OPT_P_U_ROUTE6 (1 << 1)
803#define OPT_P_U_DNS (1 << 2)
804#define OPT_P_U_DHCP (1 << 3)
805#define OPT_P_U_REDIR_GATEWAY (1 << 4)
806
808{
809#define PUF_TYPE_UNDEF 0
810#define PUF_TYPE_ACCEPT 1
811#define PUF_TYPE_IGNORE 2
812#define PUF_TYPE_REJECT 3
813 int type;
814 int size;
815 char *pattern;
817};
818
820{
823};
824
825void parse_argv(struct options *options, const int argc, char *argv[], const int msglevel,
826 const unsigned int permission_mask, unsigned int *option_types_found,
827 struct env_set *es);
828
829void notnull(const char *arg, const char *description);
830
831void usage_small(void);
832
833void show_library_versions(const unsigned int flags);
834
835#ifdef _WIN32
836void show_windows_version(const unsigned int flags);
837
838#endif
839
840void show_dco_version(const unsigned int flags);
841
842void init_options(struct options *o, const bool init_gc);
843
844void uninit_options(struct options *o);
845
846void setenv_settings(struct env_set *es, const struct options *o);
847
848void show_settings(const struct options *o);
849
850bool string_defined_equal(const char *s1, const char *s2);
851
852const char *options_string_version(const char *s, struct gc_arena *gc);
853
854char *options_string(const struct options *o, const struct frame *frame, struct tuntap *tt,
855 openvpn_net_ctx_t *ctx, bool remote, struct gc_arena *gc);
856
857bool options_cmp_equal_safe(char *actual, const char *expected, size_t actual_n);
858
859void options_warning_safe(char *actual, const char *expected, size_t actual_n);
860
861bool options_cmp_equal(char *actual, const char *expected);
862
863void options_warning(char *actual, const char *expected);
864
875char *options_string_extract_option(const char *options_string, const char *opt_name,
876 struct gc_arena *gc);
877
878
879void options_postprocess(struct options *options, struct env_set *es);
880
881bool options_postprocess_pull(struct options *o, struct env_set *es);
882
883void pre_connect_restore(struct options *o, struct gc_arena *gc);
884
885bool apply_push_options(struct context *c, struct options *options, struct buffer *buf,
886 unsigned int permission_mask, unsigned int *option_types_found,
887 struct env_set *es, bool is_update);
888
889void options_detach(struct options *o);
890
891void options_server_import(struct options *o, const char *filename, int msglevel,
892 unsigned int permission_mask, unsigned int *option_types_found,
893 struct env_set *es);
894
895void pre_pull_default(struct options *o);
896
897void rol_check_alloc(struct options *options);
898
899int parse_line(const char *line, char *p[], const int n, const char *file, const int line_num,
900 int msglevel, struct gc_arena *gc);
901
902/*
903 * parse/print topology coding
904 */
905
906int parse_topology(const char *str, const int msglevel);
907
908const char *print_topology(const int topology);
909
910/*
911 * Manage auth-retry variable
912 */
913
914#define AR_NONE 0
915#define AR_INTERACT 1
916#define AR_NOINTERACT 2
917
918int auth_retry_get(void);
919
920bool auth_retry_set(const int msglevel, const char *option);
921
922const char *auth_retry_print(void);
923
924void options_string_import(struct options *options, const char *config, const int msglevel,
925 const unsigned int permission_mask, unsigned int *option_types_found,
926 struct env_set *es);
927
928bool key_is_external(const struct options *options);
929
930bool has_udp_in_local_list(const struct options *options);
931
935static inline bool
936dco_enabled(const struct options *o)
937{
938#ifdef ENABLE_DCO
939 return !o->disable_dco;
940#else
941 return false;
942#endif /* ENABLE_DCO */
943}
944
945#endif /* ifndef OPTIONS_H */
Data Channel Cryptography SSL library-specific backend interface.
hash_algo_type
Types referencing specific message digest hashing algorithms.
#define SHA256_DIGEST_LENGTH
void provider_t
void * openvpn_net_ctx_t
Definition networking.h:38
bool options_cmp_equal(char *actual, const char *expected)
Definition options.c:4543
void options_server_import(struct options *o, const char *filename, int msglevel, unsigned int permission_mask, unsigned int *option_types_found, struct env_set *es)
Definition options.c:5517
bool options_postprocess_pull(struct options *o, struct env_set *es)
Definition options.c:4285
void uninit_options(struct options *o)
Definition options.c:934
void show_windows_version(const unsigned int flags)
Definition options.c:4867
bool key_is_external(const struct options *options)
Definition options.c:6156
bool auth_retry_set(const int msglevel, const char *option)
Definition options.c:4788
void show_dco_version(const unsigned int flags)
Definition options.c:4876
void rol_check_alloc(struct options *options)
Definition options.c:1566
void show_settings(const struct options *o)
Definition options.c:1690
static bool dco_enabled(const struct options *o)
Returns whether the current configuration has dco enabled.
Definition options.h:936
bool options_cmp_equal_safe(char *actual, const char *expected, size_t actual_n)
Definition options.c:4662
void parse_argv(struct options *options, const int argc, char *argv[], const int msglevel, const unsigned int permission_mask, unsigned int *option_types_found, struct env_set *es)
Definition options.c:5391
bool string_defined_equal(const char *s1, const char *s2)
Definition options.c:4931
void options_postprocess(struct options *options, struct env_set *es)
Definition options.c:4271
int parse_topology(const char *str, const int msglevel)
Definition options.c:4732
void usage_small(void)
Definition options.c:4859
const char * auth_retry_print(void)
Definition options.c:4811
void options_warning_safe(char *actual, const char *expected, size_t actual_n)
Definition options.c:4685
void show_library_versions(const unsigned int flags)
Definition options.c:4886
void setenv_settings(struct env_set *es, const struct options *o)
Definition options.c:1013
#define RH_PORT_LEN
Definition options.h:230
genkey_type
Definition options.h:235
@ GENKEY_AUTH_TOKEN
Definition options.h:239
@ GENKEY_SECRET
Definition options.h:236
@ GENKEY_TLS_CRYPTV2_SERVER
Definition options.h:238
@ GENKEY_TLS_CRYPTV2_CLIENT
Definition options.h:237
bool apply_push_options(struct context *c, struct options *options, struct buffer *buf, unsigned int permission_mask, unsigned int *option_types_found, struct env_set *es, bool is_update)
Definition options.c:5453
int parse_line(const char *line, char *p[], const int n, const char *file, const int line_num, int msglevel, struct gc_arena *gc)
Definition options.c:4968
#define RH_HOST_LEN
Definition options.h:228
void options_detach(struct options *o)
Definition options.c:1557
void pre_connect_restore(struct options *o, struct gc_arena *gc)
Definition options.c:3157
const char * print_topology(const int topology)
Definition options.c:4754
void options_string_import(struct options *options, const char *config, const int msglevel, const unsigned int permission_mask, unsigned int *option_types_found, struct env_set *es)
Definition options.c:5527
char * options_string_extract_option(const char *options_string, const char *opt_name, struct gc_arena *gc)
Given an OpenVPN options string, extract the value of an option.
Definition options.c:4699
#define MAX_PARMS
Definition options.h:51
void pre_pull_default(struct options *o)
void init_options(struct options *o, const bool init_gc)
Definition options.c:806
void options_warning(char *actual, const char *expected)
Definition options.c:4549
const char * options_string_version(const char *s, struct gc_arena *gc)
Definition options.c:4691
const char title_string[]
Definition options.c:70
int auth_retry_get(void)
Definition options.c:4782
void notnull(const char *arg, const char *description)
Definition options.c:4922
bool has_udp_in_local_list(const struct options *options)
Definition options.c:9911
char * options_string(const struct options *o, const struct frame *frame, struct tuntap *tt, openvpn_net_ctx_t *ctx, bool remote, struct gc_arena *gc)
Definition options.c:4342
vlan_acceptable_frames
Definition options.h:220
@ VLAN_ONLY_UNTAGGED_OR_PRIORITY
Definition options.h:222
@ VLAN_ALL
Definition options.h:223
@ VLAN_ONLY_TAGGED
Definition options.h:221
Definition argv.h:35
Wrapper structure for dynamically allocated memory.
Definition buffer.h:60
Definition options.h:104
struct local_list * local_list
Definition options.h:105
int tun_mtu_max
Definition options.h:126
int connect_retry_seconds
Definition options.h:116
bool tls_crypt_v2_force_cookie
Definition options.h:176
int link_mtu
Definition options.h:131
bool link_mtu_defined
Definition options.h:132
int tun_mtu_extra
Definition options.h:129
int connect_retry_seconds_max
Definition options.h:117
bool bind_local
Definition options.h:115
int mssfix
Definition options.h:141
const char * tls_crypt_file
Definition options.h:167
const char * tls_crypt_v2_file
Definition options.h:172
bool tun_mtu_extra_defined
Definition options.h:130
const char * remote
Definition options.h:111
int connect_timeout
Definition options.h:118
const char * socks_proxy_port
Definition options.h:121
bool mssfix_default
Definition options.h:142
bool mssfix_encap
Definition options.h:143
int occ_mtu
Definition options.h:125
struct http_proxy_options * http_proxy_options
Definition options.h:119
bool tls_crypt_file_inline
Definition options.h:168
bool tls_auth_file_inline
Definition options.h:163
bool bind_ipv6_only
Definition options.h:114
bool tun_mtu_defined
Definition options.h:128
bool remote_float
Definition options.h:112
int tls_mtu
Definition options.h:133
int explicit_exit_notification
Definition options.h:147
const char * socks_proxy_authfile
Definition options.h:122
const char * remote_port
Definition options.h:110
bool fragment_encap
Definition options.h:139
const char * socks_proxy_server
Definition options.h:120
int fragment
Definition options.h:138
int mtu_discover_type
Definition options.h:136
int proto
Definition options.h:106
sa_family_t af
Definition options.h:107
const char * tls_auth_file
Definition options.h:162
bool local_port_defined
Definition options.h:109
int tun_mtu
Definition options.h:124
bool bind_defined
Definition options.h:113
const char * local_port
Definition options.h:108
int key_direction
Definition options.h:164
bool tls_crypt_v2_file_inline
Definition options.h:173
unsigned int flags
Definition options.h:159
bool mssfix_fixed
Definition options.h:145
struct connection_entry ** array
Definition options.h:201
Contains all state information for one tunnel.
Definition openvpn.h:474
Packet geometry parameters.
Definition mtu.h:103
Garbage collection arena used to keep track of dynamically allocated memory.
Definition buffer.h:116
Definition list.h:56
Definition options.h:97
const char * port
Definition options.h:99
int proto
Definition options.h:100
const char * local
Definition options.h:98
struct local_entry ** array
Definition options.h:193
int capacity
Definition options.h:191
int ping_rec_timeout_action
Definition options.h:86
bool tuntap_options_defined
Definition options.h:64
bool routes_ipv6_defined
Definition options.h:70
struct route_option_list * routes
Definition options.h:68
struct compress_options comp
Definition options.h:89
const char * ciphername
Definition options.h:81
const char * route_default_gateway
Definition options.h:73
const char * authname
Definition options.h:82
struct route_ipv6_option_list * routes_ipv6
Definition options.h:71
bool client_nat_defined
Definition options.h:76
struct client_nat_option_list * client_nat
Definition options.h:77
const char * route_ipv6_default_gateway
Definition options.h:74
int resolve_retry_seconds
Definition options.h:367
int rcvbuf
Definition options.h:416
bool resolve_in_advance
Definition options.h:368
bool route_nopull
Definition options.h:440
const char * genkey_extra_data
Definition options.h:286
struct compress_options comp
Definition options.h:413
struct http_proxy_options * http_proxy_override
Definition options.h:309
int push_ifconfig_ipv6_netbits
Definition options.h:526
int proto_force
Definition options.h:332
bool persist_config
Definition options.h:274
struct connection_list * connection_list
Definition options.h:291
const char * management_port
Definition options.h:450
bool tls_crypt_file_inline
Definition options.h:671
const char * ifconfig_ipv6_remote
Definition options.h:327
int max_routes_per_client
Definition options.h:539
const char * ncp_ciphers_conf
The original ncp_ciphers specified by the user in the configuration.
Definition options.h:580
int status_file_version
Definition options.h:407
int server_backoff_time
Definition options.h:306
enum vlan_acceptable_frames vlan_accept
Definition options.h:714
int auth_token_renewal
Definition options.h:548
in_addr_t push_ifconfig_constraint_network
Definition options.h:521
const char * tmp_dir
Definition options.h:469
bool push_peer_info
Definition options.h:685
bool daemon
Definition options.h:391
struct options_pre_connect * pre_connect
Definition options.h:564
int route_default_metric
Definition options.h:432
int renegotiate_seconds_min
Definition options.h:651
const char * auth_token_secret_file
Definition options.h:549
unsigned int imported_protocol_flags
Definition options.h:724
const char * tls_export_peer_cert_dir
Definition options.h:616
bool crl_file_inline
Definition options.h:620
const char * cryptoapi_cert
Definition options.h:642
const char * down_script
Definition options.h:386
unsigned int backwards_compatible
What version we should try to be compatible with as major * 10000 + minor * 100 + patch,...
Definition options.h:268
hash_algo_type verify_hash_algo
Definition options.h:626
int scheduled_exit_interval
Definition options.h:566
int stale_routes_ageing_time
Definition options.h:541
bool pkcs12_file_inline
Definition options.h:609
int replay_time
Definition options.h:587
unsigned int push_option_types_found
Definition options.h:561
int management_state_buffer_size
Definition options.h:454
const char * ca_file
Definition options.h:597
const char * tls_auth_file
Definition options.h:666
struct provider_list providers
Definition options.h:584
bool duplicate_cn
Definition options.h:530
struct in6_addr server_network_ipv6
Definition options.h:474
int shaper
Definition options.h:330
int management_echo_buffer_size
Definition options.h:453
in_addr_t server_network
Definition options.h:471
bool show_net_up
Definition options.h:698
bool verify_hash_no_ca
Definition options.h:628
bool allow_pull_fqdn
Definition options.h:442
bool use_peer_id
Definition options.h:704
unsigned remote_cert_ku[MAX_PARMS]
Definition options.h:623
bool server_bridge_defined
Definition options.h:484
const char * keying_material_exporter_label
Definition options.h:708
const char * status_file
Definition options.h:406
unsigned int ssl_flags
Definition options.h:629
bool route_noexec
Definition options.h:433
bool ifconfig_nowarn
Definition options.h:329
const char * remote_cert_eku
Definition options.h:624
in_addr_t ifconfig_pool_netmask
Definition options.h:494
in_addr_t server_netmask
Definition options.h:472
int tls_timeout
Definition options.h:645
bool test_crypto
Definition options.h:589
bool up_delay
Definition options.h:389
bool server_bridge_proxy_dhcp
Definition options.h:482
bool allow_recursive_routing
Definition options.h:721
const char * authname
Definition options.h:582
const char * exit_event_name
Definition options.h:696
const char * ifconfig_ipv6_local
Definition options.h:325
int cf_max
Definition options.h:532
bool dh_file_inline
Definition options.h:601
int replay_window
Definition options.h:586
bool disable
Definition options.h:510
int mute
Definition options.h:400
bool auth_user_pass_verify_script_via_file
Definition options.h:544
const char * dev_type
Definition options.h:319
int persist_mode
Definition options.h:275
int ifconfig_pool_persist_refresh_freq
Definition options.h:496
bool show_digests
Definition options.h:279
const char * up_script
Definition options.h:385
int ce_advance_count
Definition options.h:302
bool single_session
Definition options.h:683
bool push_ifconfig_defined
Definition options.h:516
bool ifconfig_pool_defined
Definition options.h:491
struct remote_host_store * rh_store
Definition options.h:312
int verify_hash_depth
Definition options.h:627
bool route_delay_defined
Definition options.h:436
const char * packet_id_file
Definition options.h:588
const char * tls_crypt_v2_file
Definition options.h:675
int management_log_history_cache
Definition options.h:452
in_addr_t server_bridge_netmask
Definition options.h:486
const char * ip_remote_hint
Definition options.h:369
bool vlan_tagging
Definition options.h:713
uint32_t peer_id
Definition options.h:705
struct route_option_list * routes
Definition options.h:437
in_addr_t ifconfig_pool_end
Definition options.h:493
int keepalive_timeout
Definition options.h:343
const char * writepid
Definition options.h:384
int64_t inactivity_minimum_bytes
Definition options.h:346
bool ifconfig_ipv6_pool_defined
Definition options.h:498
bool fast_io
Definition options.h:411
unsigned int server_flags
Definition options.h:480
bool block_outside_dns
Definition options.h:700
bool push_ifconfig_ipv6_blocked
Definition options.h:528
bool tls_exit
Definition options.h:687
const char * pkcs12_file
Definition options.h:608
const char * client_disconnect_script
Definition options.h:505
bool show_engines
Definition options.h:280
struct remote_list * remote_list
Definition options.h:293
HANDLE msg_channel
Definition options.h:695
const char * key_pass_file
Definition options.h:277
bool mute_replay_warnings
Definition options.h:585
const char * tls_crypt_file
Definition options.h:670
int inactivity_timeout
Definition options.h:345
int n_bcast_buf
Definition options.h:512
unsigned int unsuccessful_attempts
Definition options.h:300
int handshake_window
Definition options.h:655
bool server_defined
Definition options.h:470
const char * ifconfig_local
Definition options.h:323
struct connection_entry ce
Definition options.h:290
struct iroute_ipv6 * iroutes_ipv6
Definition options.h:515
bool user_script_used
Definition options.h:387
const char * tls_groups
Definition options.h:612
bool show_tls_ciphers
Definition options.h:281
int route_method
Definition options.h:699
struct verify_hash_list * verify_hash
Definition options.h:625
const char * tls_cert_profile
Definition options.h:613
int64_t renegotiate_packets
Definition options.h:649
unsigned int management_flags
Definition options.h:462
int push_continuation
Definition options.h:560
const char * route_default_gateway
Definition options.h:429
in_addr_t push_ifconfig_local_alias
Definition options.h:519
bool exit_event_initial_state
Definition options.h:697
struct static_challenge_info sc_info
Definition options.h:569
bool auth_token_call_auth
Definition options.h:546
const char * ipchange
Definition options.h:317
int topology
Definition options.h:322
bool disable_dco
Definition options.h:374
const char * ncp_ciphers
Definition options.h:581
bool genkey
Definition options.h:283
const char * learn_address_script
Definition options.h:506
const char * ciphername
Definition options.h:576
const char * auth_user_pass_file
Definition options.h:562
bool forward_compatible
Definition options.h:265
const char * username
Definition options.h:377
int cf_initial_max
Definition options.h:535
int stale_routes_check_interval
Definition options.h:540
struct plugin_option_list * plugin_list
Definition options.h:465
int auth_token_lifetime
Definition options.h:547
uint16_t vlan_pvid
Definition options.h:715
int ns_cert_type
Definition options.h:622
const char * tls_crypt_v2_verify_script
Definition options.h:680
int mode
Definition options.h:262
bool tls_server
Definition options.h:595
const char * auth_user_pass_verify_script
Definition options.h:543
int connect_retry_max
Definition options.h:289
char * bind_dev
Definition options.h:421
const char * extra_certs_file
Definition options.h:604
bool client
Definition options.h:558
bool pull
Definition options.h:559
int ifconfig_ipv6_pool_netbits
Definition options.h:500
in_addr_t push_ifconfig_constraint_netmask
Definition options.h:522
bool show_curves
Definition options.h:282
const char * tls_crypt_v2_metadata
Definition options.h:678
const char * route_ipv6_default_gateway
Definition options.h:430
bool tls_client
Definition options.h:596
bool ping_timer_remote
Definition options.h:352
bool auth_token_generate
Definition options.h:545
bool priv_key_file_inline
Definition options.h:607
const char * tls_verify
Definition options.h:615
const char * crl_file
Definition options.h:619
int ping_rec_timeout_action
Definition options.h:357
bool auth_user_pass_file_inline
Definition options.h:563
bool show_ciphers
Definition options.h:278
bool enable_ncp_fallback
If defined fall back to ciphername if NCP fails.
Definition options.h:577
int real_hash_size
Definition options.h:502
const char * route_predown_script
Definition options.h:428
const char * dh_file
Definition options.h:600
int route_delay_window
Definition options.h:435
in_addr_t push_ifconfig_local
Definition options.h:517
bool mlock
Definition options.h:340
const char ** ignore_unknown_option
Definition options.h:271
int sndbuf
Definition options.h:417
int foreign_option_index
Definition options.h:692
struct gc_arena gc
Definition options.h:253
bool gc_owned
Definition options.h:254
bool down_pre
Definition options.h:388
bool persist_tun
Definition options.h:359
int route_default_table_id
Definition options.h:431
bool ca_file_inline
Definition options.h:598
bool auth_token_secret_file_inline
Definition options.h:550
bool block_ipv6
Definition options.h:439
const char * config
Definition options.h:257
bool extra_certs_file_inline
Definition options.h:605
bool push_ifconfig_constraint_defined
Definition options.h:520
int mark
Definition options.h:420
int cf_initial_per
Definition options.h:536
int keying_material_exporter_length
Definition options.h:709
bool suppress_timestamps
Definition options.h:396
bool force_key_material_export
Definition options.h:711
bool mtu_test
Definition options.h:334
struct iroute * iroutes
Definition options.h:514
int verify_x509_type
Definition options.h:617
const char * cipher_list_tls13
Definition options.h:611
const char * ecdh_curve
Definition options.h:614
int status_file_update_freq
Definition options.h:408
const char * management_client_user
Definition options.h:456
const char * cipher_list
Definition options.h:610
bool ccd_exclusive
Definition options.h:509
bool allow_deprecated_insecure_static_crypto
Definition options.h:574
struct pull_filter_list * pull_filter_list
Definition options.h:717
const char * management_certificate
Definition options.h:459
const char * genkey_filename
Definition options.h:285
const struct x509_track * x509_track
Definition options.h:689
const char * chroot_dir
Definition options.h:379
bool log
Definition options.h:395
bool shared_secret_file_inline
Definition options.h:573
struct in6_addr push_ifconfig_ipv6_remote
Definition options.h:527
const char * ca_path
Definition options.h:599
int renegotiate_seconds
Definition options.h:650
int ping_rec_timeout
Definition options.h:351
unsigned int sockflags
Definition options.h:424
const char * engine
Definition options.h:583
const char * management_addr
Definition options.h:449
const char * client_connect_script
Definition options.h:504
const char * verify_x509_name
Definition options.h:618
int ping_send_timeout
Definition options.h:350
bool route_gateway_via_dhcp
Definition options.h:441
bool remote_random
Definition options.h:316
bool push_ifconfig_ipv6_defined
Definition options.h:524
int tcp_queue_limit
Definition options.h:513
int route_delay
Definition options.h:434
const char * dev_node
Definition options.h:320
const char * override_username
Definition options.h:511
const char * client_crresponse_script
Definition options.h:507
struct route_ipv6_option_list * routes_ipv6
Definition options.h:438
bool machine_readable_output
Definition options.h:397
int key_direction
Definition options.h:575
bool server_ipv6_defined
Definition options.h:473
const char * priv_key_file
Definition options.h:606
bool persist_remote_ip
Definition options.h:361
bool up_restart
Definition options.h:390
int keepalive_ping
Definition options.h:342
int virtual_hash_size
Definition options.h:503
bool no_advance
Definition options.h:295
bool tls_auth_file_inline
Definition options.h:667
bool tls_crypt_v2_file_inline
Definition options.h:676
const char * groupname
Definition options.h:378
in_addr_t server_bridge_pool_start
Definition options.h:487
const char * cd_dir
Definition options.h:380
struct client_nat_option_list * client_nat
Definition options.h:443
struct in6_addr push_ifconfig_ipv6_local
Definition options.h:525
int nice
Definition options.h:398
int max_clients
Definition options.h:538
int transition_window
Definition options.h:663
const char * ifconfig_remote_netmask
Definition options.h:324
const char * lladdr
Definition options.h:321
int verbosity
Definition options.h:399
int session_timeout
Definition options.h:348
const char * cert_file
Definition options.h:602
bool enable_c2c
Definition options.h:529
in_addr_t server_bridge_pool_end
Definition options.h:488
bool push_ifconfig_ipv4_blocked
Definition options.h:523
int cf_per
Definition options.h:533
enum tun_driver_type windows_driver
Definition options.h:701
bool cert_file_inline
Definition options.h:603
int remap_sigusr1
Definition options.h:393
int64_t renegotiate_bytes
Definition options.h:648
const char * route_script
Definition options.h:427
in_addr_t ifconfig_pool_start
Definition options.h:492
const char * management_user_pass
Definition options.h:451
unsigned int server_netbits_ipv6
Definition options.h:475
in_addr_t push_ifconfig_remote_netmask
Definition options.h:518
bool occ
Definition options.h:446
in_addr_t server_bridge_ip
Definition options.h:485
const char * shared_secret_file
Definition options.h:572
bool ifconfig_noexec
Definition options.h:328
const char * dev
Definition options.h:318
const char * management_client_group
Definition options.h:457
struct in6_addr ifconfig_ipv6_pool_base
Definition options.h:499
const char * client_config_dir
Definition options.h:508
enum genkey_type genkey_type
Definition options.h:284
bool advance_next_remote
Definition options.h:298
const char * ifconfig_pool_persist_filename
Definition options.h:495
int ifconfig_ipv6_netbits
Definition options.h:326
bool persist_local_ip
Definition options.h:360
provider_t * providers[MAX_PARMS]
Definition options.h:216
const char * names[MAX_PARMS]
Definition options.h:214
struct pull_filter * tail
Definition options.h:822
struct pull_filter * head
Definition options.h:821
struct pull_filter * next
Definition options.h:816
char * pattern
Definition options.h:815
Definition options.h:180
int proto
Definition options.h:183
const char * remote
Definition options.h:181
const char * remote_port
Definition options.h:182
sa_family_t af
Definition options.h:184
char port[RH_PORT_LEN]
Definition options.h:231
char host[RH_HOST_LEN]
Definition options.h:229
struct remote_entry ** array
Definition options.h:208
int capacity
Definition options.h:206
Definition tun.h:183
struct verify_hash_list * next
Definition options.h:247
unsigned short sa_family_t
Definition syshead.h:396
struct env_set * es
static bool pkcs11_id_management
struct gc_arena gc
Definition test_ssl.c:154
tun_driver_type
Definition tun.h:44