Hello!

The --float option lets OpenVPN accept authenticated packets from a
changed peer address. That only applies to UDP transports.

Document the transport limitation in the man page.

Github: fixes OpenVPN/openvpn#358
---
Changes from v1:
- Shorten the man-page wording per review.
- Leave the usage text unchanged.

 doc/man-sections/link-options.rst | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/doc/man-sections/link-options.rst 
b/doc/man-sections/link-options.rst
index edda1ca..df8c917 100644
--- a/doc/man-sections/link-options.rst
+++ b/doc/man-sections/link-options.rst
@@ -12,7 +12,9 @@ the local and the remote host.
 
 --float
   Allow remote peer to change its IP address and/or port number, such as
-  due to DHCP (this is the default if ``--remote`` is not used).
+  due to DHCP or NAT mappings changing. ``--float`` only works when
+  using UDP transport.
+
   ``--float`` when specified with ``--remote`` allows an OpenVPN session
   to initially connect to a peer at a known address, however if packets
   arrive from a new address and pass all authentication tests, the new
-- 
2.53.0




_______________________________________________
Openvpn-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Reply via email to