On 22/10/16 18:53, Selva Nair wrote:
On Fri, Oct 21, 2016 at 10:45 AM, Ralf Hildebrandt <ralf.hildebra...@charite.de
<mailto:ralf.hildebra...@charite.de>> wrote:
#push "register-dns"
push "setenv opt register-dns"
#push "block-outside-dns"
push "setenv opt block-outside-dns"
and my linux client reports:
Fri Oct 21 14:41 options error: option 'setenv' cannot be used in this
context ([PUSH-OPTIONS])
Fri Oct 21 14:41 options error: option 'setenv' cannot be used in this
context ([PUSH-OPTIONS])
When pushed those options are optional (i.e will be ignored with a warning on unsupported platforms), so simple "push
register-dns" and "push block-outside-dns" should be enough. Use of "setenv opt" in this context is for those who want the
option in a common config file that may be used in different platforms, not for pushing it.
Now, pushing "setenv" was probably allowed in some very early versions but not for long time for security reasons (also see
setenv-safe in the manpage). As for push "setenv opt ..", that also is not currently supported though allowing it may not be
risky. It seems the manpage is wrong in saying setenv is pushable.
Indeed, it was allowed to do "push setenv" in version 2.0/early 2.1
I'd make a case for allowing a "push setenv opt", however: the whole idea behind "setenv opt" is to allow you to set an option
that is ignored on platforms that do not support it. Granted, this can also be achieved using "push-peer-info" and then examine
the client-side platform, but that requires more work (and a 2.4+ server).
JM2CW,
JJK
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
