cron2 has uploaded a new patch set (#3) to the change originally created by ordex. ( http://gerrit.openvpn.net/c/openvpn/+/819?usp=email )
The following approvals got outdated and were removed: Code-Review+2 by flichtenheld Change subject: man: extend --persist-tun section ...................................................................... man: extend --persist-tun section The current persist-tun section has no mention of retaining IP/routes and its potential usage in traffic leaking protection. Spell this out to allow the user to better understand when this option can play an important role. Change-Id: I6816f61b308ca9f6d1f9f687a6dc8e0aa2d044e0 Signed-off-by: Antonio Quartulli <anto...@mandelbit.com> Acked-by: Frank Lichtenheld <fr...@lichtenheld.com> Message-Id: <20250129094125.13420-1-g...@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg30684.html Signed-off-by: Gert Doering <g...@greenie.muc.de> --- M doc/man-sections/vpn-network-options.rst 1 file changed, 9 insertions(+), 0 deletions(-) git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/19/819/3 diff --git a/doc/man-sections/vpn-network-options.rst b/doc/man-sections/vpn-network-options.rst index fc76939..67f7e1f 100644 --- a/doc/man-sections/vpn-network-options.rst +++ b/doc/man-sections/vpn-network-options.rst @@ -312,6 +312,15 @@ :code:`SIGUSR1` is a restart signal similar to :code:`SIGHUP`, but which offers finer-grained control over reset options. + On Linux, this option can be useful when OpenVPN is not executed as + root and the CAP_NET_ADMIN has not been granted, because the process + would otherwise not be allowed to bring the interface down and back up. + + Alongside the above, using ``--persist-tun`` allows the tunnel interface + to retain all IP/route settings, thus allowing the user to implement + any advanced traffic leaking protection (please note that for full + protection, extra route/firewall rules must be in place). + --redirect-gateway flags Automatically execute routing commands to cause all outgoing IP traffic to be redirected over the VPN. This is a client-side option. -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/819?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: I6816f61b308ca9f6d1f9f687a6dc8e0aa2d044e0 Gerrit-Change-Number: 819 Gerrit-PatchSet: 3 Gerrit-Owner: ordex <a...@unstable.cc> Gerrit-Reviewer: flichtenheld <fr...@lichtenheld.com> Gerrit-Reviewer: plaisthos <arne-open...@rfc2549.org> Gerrit-CC: openvpn-devel <openvpn-devel@lists.sourceforge.net> Gerrit-MessageType: newpatchset
_______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
