Hello! The --float option lets OpenVPN accept authenticated packets from a changed peer address. That only applies to UDP transports.
Document the transport limitation in the man page. Github: fixes OpenVPN/openvpn#358 --- Changes from v1: - Shorten the man-page wording per review. - Leave the usage text unchanged. doc/man-sections/link-options.rst | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/doc/man-sections/link-options.rst b/doc/man-sections/link-options.rst index edda1ca..df8c917 100644 --- a/doc/man-sections/link-options.rst +++ b/doc/man-sections/link-options.rst @@ -12,7 +12,9 @@ the local and the remote host. --float Allow remote peer to change its IP address and/or port number, such as - due to DHCP (this is the default if ``--remote`` is not used). + due to DHCP or NAT mappings changing. ``--float`` only works when + using UDP transport. + ``--float`` when specified with ``--remote`` allows an OpenVPN session to initially connect to a peer at a known address, however if packets arrive from a new address and pass all authentication tests, the new -- 2.53.0 _______________________________________________ Openvpn-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openvpn-devel
