starcalc
/
flm01
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
flm01/mote/v2/openwrt/package/luci/applications/luci-openvpn/root/lib/uci/schema/default/openvpn

300 lines
9.4 KiB
Plaintext
Raw Blame History

mode m
Set OpenVPN major mode
local host
Local host name or IP address for bind
remote host [port]
Remote host name or IP address
remote-random
When multiple --remote address/ports are specified, initially randomize the order of the list as a kind of basic load-balancing measure
proto p
Use protocol p for communicating with remote host
connect-retry n
For --proto tcp-client, take n as the number of seconds to wait between connection retries (default=5)
connect-retry-max n
For --proto tcp-client, take n as the number of retries of connection attempt (default=infinite)
auto-proxy
Try to sense HTTP or SOCKS proxy settings automatically
http-proxy server port [authfile|'auto'] [auth-method]
Connect to remote host through an HTTP proxy at address server and port port
http-proxy-retry
Retry indefinitely on HTTP proxy errors
http-proxy-timeout n
Set proxy timeout to n seconds, default=5
http-proxy-option type [parm]
Set extended HTTP proxy options
socks-proxy server [port]
Connect to remote host through a Socks5 proxy at address server and port port (default=1080)
socks-proxy-retry
Retry indefinitely on Socks proxy errors
resolv-retry n
If hostname resolve fails for --remote, retry resolve for n seconds before failing
float
Allow remote peer to change its IP address and/or port number, such as due to DHCP (this is the default if --remote is not used)
ipchange cmd
Execute shell command cmd when our remote ip-address is initially authenticated or changes
port port
TCP/UDP port number for both local and remote
lport port
TCP/UDP port number for bind
rport port
TCP/UDP port number for remote
bind
Bind to local address and port
nobind
Do not bind to local address and port
dev tunX | tapX | null
TUN/TAP virtual network device ( X can be omitted for a dynamic device
dev-type device-type
Which device type are we using? device-type should be tun or tap
topology mode
Configure virtual addressing topology when running in --dev tun mode
tun-ipv6
Build a tun link capable of forwarding IPv6 traffic
dev-node node
Explicitly set the device node rather than using /dev/net/tun, /dev/tun, /dev/tap, etc
lladdr address
Specify the link layer address, more commonly known as the MAC address
iproute cmd
Set alternate command to execute instead of default iproute2 command
ifconfig l rn
Set TUN/TAP adapter parameters
ifconfig-noexec
Don't actually execute ifconfig/netsh commands, instead pass --ifconfig parameters to scripts using environmental variables
ifconfig-nowarn
Don't output an options consistency check warning if the --ifconfig option on this side of the connection doesn't match the remote side
route network/IP [netmask] [gateway] [metric]
Add route to routing table after connection is established
route-gateway gw
Specify a default gateway gw for use with --route
route-metric m
Specify a default metric m for use with --route
route-delay [n] [w]
Delay n seconds (default=0) after connection establishment, before adding routes
route-up cmd
Execute shell command cmd after routes are added, subject to --route-delay
route-noexec
Don't add or remove routes automatically
route-nopull
When used with --client or --pull, accept options pushed by server EXCEPT for routes
redirect-gateway flags...
(Experimental) Automatically execute routing commands to cause all outgoing IP traffic to be redirected over the VPN
link-mtu n
Sets an upper bound on the size of UDP packets which are sent between OpenVPN peers
tun-mtu n
Take the TUN device MTU to be n and derive the link MTU from it (default=1500)
tun-mtu-extra n
Assume that the TUN/TAP device might return as many as n bytes more than the --tun-mtu size on read
mtu-disc type
Should we do Path MTU discovery on TCP/UDP channel? Only supported on OSes such as Linux that supports the necessary system call to set
mtu-test
To empirically measure MTU on connection startup, add the --mtu-test option to your configuration
fragment max
Enable internal datagram fragmentation so that no UDP datagrams are sent which are larger than max bytes
mssfix max
Announce to TCP sessions running over the tunnel that they should limit their send packet sizes such that after OpenVPN has encapsulated them, the resulting UDP packet size that OpenVPN sends to its peer will not exceed max bytes
sndbuf size
Set the TCP/UDP socket send buffer size
rcvbuf size
Set the TCP/UDP socket receive buffer size
socket-flags flags...
Apply the given flags to the OpenVPN transport socket
txqueuelen n
(Linux only) Set the TX queue length on the TUN/TAP interface
shaper n
Limit bandwidth of outgoing tunnel data to n bytes per second on the TCP/UDP port
inactive n [bytes]
Causes OpenVPN to exit after n seconds of inactivity on the TUN/TAP device
ping n
Ping remote over the TCP/UDP control channel if no packets have been sent for at least n seconds (specify --ping on both peers to cause ping packets to be sent in both directions since OpenVPN ping packets are not echoed like IP ping packets)
ping-exit n
Causes OpenVPN to exit after n seconds pass without reception of a ping or other packet from remote
ping-restart n
Similar to --ping-exit, but trigger a SIGUSR1 restart after n seconds pass without reception of a ping or other packet from remote
keepalive n m
A helper directive designed to simplify the expression of --ping and --ping-restart in server mode configurations
ping-timer-rem
Run the --ping-exit / --ping-restart timer only if we have a remote address
persist-tun
Don't close and reopen TUN/TAP device or run up/down scripts across SIGUSR1 or --ping-restart restarts
persist-key
Don't re-read key files across SIGUSR1 or --ping-restart
persist-local-ip
Preserve initially resolved local IP address and port number across SIGUSR1 or --ping-restart restarts
persist-remote-ip
Preserve most recently authenticated remote IP address and port number across SIGUSR1 or --ping-restart restarts
mlock
Disable paging by calling the POSIX mlockall function
up cmd
Shell command to run after successful TUN/TAP device open (pre --user UID change)
up-delay
Delay TUN/TAP open and possible --up script execution until after TCP/UDP connection establishment with peer
down cmd
Shell command to run after TUN/TAP device close (post --user UID change and/or --chroot )
down-pre
Call --down cmd/script before, rather than after, TUN/TAP close
up-restart
Enable the --up and --down scripts to be called for restarts as well as initial program start
setenv name value
Set a custom environmental variable name=value to pass to script
setenv-safe name value
Set a custom environmental variable OPENVPN_name=value to pass to script
disable-occ
Don't output a warning message if option inconsistencies are detected between peers
user user
Change the user ID of the OpenVPN process to user after initialization, dropping privileges in the process
group group
Similar to the --user option, this option changes the group ID of the OpenVPN process to group after initialization
cd dir
Change directory to dir prior to reading any files such as configuration files, key files, scripts, etc
chroot dir
Chroot to dir after initialization
#daemon [progname]
#Become a daemon after all initialization functions are completed
#syslog [progname]
#Direct log output to system logger, but do not become a daemon
passtos
Set the TOS field of the tunnel packet to what the payload's TOS is
inetd [wait|nowait] [progname]
Use this option when OpenVPN is being run from the inetd or xinetd(8) server
log file
Output logging messages to file, including output to stdout/stderr which is generated by called scripts
log-append file
Append logging messages to file
suppress-timestamps
Avoid writing timestamps to log messages, even when they otherwise would be prepended
writepid file
Write OpenVPN's main process ID to file
nice n
Change process priority after initialization ( n greater than 0 is lower priority, n less than zero is higher priority)
fast-io
(Experimental) Optimize TUN/TAP/UDP I/O writes by avoiding a call to poll/epoll/select prior to the write operation
echo [parms...]
Echo parms to log output
remap-usr1 signal
Control whether internally or externally generated SIGUSR1 signals are remapped to SIGHUP (restart without persisting state) or SIGTERM (exit)
verb n
Set output verbosity to n (default=1)
status file [n]
Write operational status to file every n seconds
status-version [n]
Choose the status file format version number
mute n
Log at most n consecutive messages in the same category
comp-lzo [mode]
Use fast LZO compression -- may add up to 1 byte per packet for incompressible data
comp-noadapt
When used in conjunction with --comp-lzo, this option will disable OpenVPN's adaptive compression algorithm
management IP port [pw-file]
Enable management interface on <IP> <port> to handle daemon management functions
management-query-passwords
Query management channel for private key password and --auth-user-pass username/password
management-forget-disconnect
Make OpenVPN forget passwords when management session disconnects
management-hold
Start OpenVPN in a hibernating state, until a client of the management interface explicitly starts it with the hold release command
management-signal
Send SIGUSR1 signal to OpenVPN if management session disconnects
management-log-cache n
Cache the most recent n lines of log file history for usage by the management channel
plugin module-pathname [init-string]
Load plug-in module from the file module-pathname, passing init-string as an argument to the module initialization function
Reference in New Issue View Git Blame Copy Permalink