Attention is currently required from: flichtenheld, plaisthos.
Hello plaisthos, flichtenheld,
I'd like you to do a code review.
Please visit
http://gerrit.openvpn.net/c/openvpn/+/819?usp=email
to review the following change.
Change subject: man: extend --persist-tun section
......................................................................
man: extend --persist-tun section
The current persist-tun section has no mention of
retaining IP/routes and its potential usage in traffic
leaking protection.
Spell this out to allow the user to better understand
when this option can play an important role.
Change-Id: I6816f61b308ca9f6d1f9f687a6dc8e0aa2d044e0
Signed-off-by: Antonio Quartulli <[email protected]>
---
M doc/man-sections/vpn-network-options.rst
1 file changed, 9 insertions(+), 0 deletions(-)
git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/19/819/1
diff --git a/doc/man-sections/vpn-network-options.rst
b/doc/man-sections/vpn-network-options.rst
index fc76939..cfa6af9 100644
--- a/doc/man-sections/vpn-network-options.rst
+++ b/doc/man-sections/vpn-network-options.rst
@@ -312,6 +312,15 @@
:code:`SIGUSR1` is a restart signal similar to :code:`SIGHUP`, but which
offers finer-grained control over reset options.
+ On Linux, this option can be useful when OpenVPN is not executed as
+ root and the CAP_NET_ADMIN has not been granted, because the process
+ would otherwise not be allowed to bring the interface down and back up.
+
+ Alongside the above, using ``--persist-tun`` allows the tunnel interface
+ to retain all IP/route settings, thus allowing the user to implement
+ any advanced traffic leaking protection (please ntoe that for full
+ protection, extra route/firewall rules must be in place).
+
--redirect-gateway flags
Automatically execute routing commands to cause all outgoing IP traffic
to be redirected over the VPN. This is a client-side option.
--
To view, visit http://gerrit.openvpn.net/c/openvpn/+/819?usp=email
To unsubscribe, or for help writing mail filters, visit
http://gerrit.openvpn.net/settings
Gerrit-Project: openvpn
Gerrit-Branch: master
Gerrit-Change-Id: I6816f61b308ca9f6d1f9f687a6dc8e0aa2d044e0
Gerrit-Change-Number: 819
Gerrit-PatchSet: 1
Gerrit-Owner: ordex <[email protected]>
Gerrit-Reviewer: flichtenheld <[email protected]>
Gerrit-Reviewer: plaisthos <[email protected]>
Gerrit-CC: openvpn-devel <[email protected]>
Gerrit-Attention: plaisthos <[email protected]>
Gerrit-Attention: flichtenheld <[email protected]>
Gerrit-MessageType: newchange
_______________________________________________
Openvpn-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
