faithful-
OpenVPN 2.1.1 mipsel-linux [SSL] [LZO2] [EPOLL] built on May 21 2010
General Options:
--config file
: Read configuration options from file.
--help
: Show options.
--version
: Show copyright and version information.
Tunnel Options:
--local host
: Local host name or ip address. Implies --bind.
--remote host [port] : Remote host name or ip address.
--remote-random : If multiple --remote options specified, choose one randomly.
--remote-random-hostname : Add a random string to remote DNS name.
--mode m
: Major mode, m = 'p2p' (default, point-to-point) or 'server'.
--proto p
: Use protocol p for communicating with peer.
p = udp (default), tcp-server, or tcp-client
--connect-retry n : For --proto tcp-client, number of seconds to wait
between connection retries (default=5).
--connect-timeout n : For --proto tcp-client, connection timeout (in seconds).
--connect-retry-max n : Maximum connection attempt retries, default infinite.
--auto-proxy
: Try to sense proxy settings (or lack thereof) automatically.
--http-proxy s p [up] [auth] : Connect to remote host
through an HTTP proxy at address s and port p.
If proxy authentication is required,
up is a file containing username/password on 2 lines, or
'stdin' to prompt from console.
Add auth='ntlm' if
the proxy requires NTLM authentication.
--http- proxy s p 'auto': Like the above directive, but automatically determine
auth method and query for username/password if needed.
--http-proxy-retry
: Retry indefinitely on HTTP proxy errors.
--http-proxy-timeout n : Proxy timeout in seconds, default=5.
--http-proxy-option type [parm] : Set extended HTTP proxy options.
Repeat to set multiple options.
VERSION version (default=1.0)
AGENT user-agent
--socks-proxy s [p]: Connect to remote host through a Socks5 proxy at address
s and port p (default port = 1080).
--socks-proxy-retry : Retry indefinitely on Socks proxy errors.
--resolv- retry n: If hostname resolve fails for --remote, retry
resolve for n seconds before failing (disabled by default).
Set n=
--float
: Allow remote to change its IP address/port, such as through
DHCP (this is the default if --remote is not used).
--ipchange cmd
: Execute shell command cmd on remote ip address initial
setting or change -- execute as: cmd ip-address port#
--port port
: TCP/UDP port # for both local and remote.
--lport port
: TCP/UDP port # for local (default=1194). Implies --bind.
--rport port
: TCP/UDP port # for remote (default=1194).
--bind
: Bind to local address and port. (This is the default unless
--proto tcp-client or --http-proxy or --socks-proxy is used).
--nobind
: Do not bind to local address and port.
--dev tunX|tapX : tun/tap device (X can be omitted for dynamic device.
--dev-type dt
: Which device type are we using? (dt = tun or tap) Use
this option only if the tun/tap device used with --dev
does not begin with
--dev-node node : Explicitly set the device node rather than using
/dev/net/tun, /dev/tun, /dev/tap, etc.
--lladdr hw
: Set the link layer address of the tap device.
--topology t
: Set --dev tun topology: 'net30', 'p2p', or 'subnet'.
--tun-ipv6
: Build tun link capable of forwarding IPv6 traffic.
--ifconfig l rn : TUN: configure device to use IP address l as a local
endpoint and rn as a remote endpoint.
l & rn should be
swapped on the other peer.
l & rn must be private
addresses outside of the subnets used by either peer.
TAP: configure device to use IP address l as a local
endpoint and rn as a subnet mask.
--ifconfig-noexec : Don't actually execute ifconfig/netsh command, instead
pass --ifconfig parms by environment to scripts.
--ifconfig-nowarn : Don't warn if the --ifconfig option on this side of the
connection doesn't match the remote side.
--route network [netmask] [gateway] [metric] :
Add route to routing table after connection
is established.
Multiple routes can be specified.
netmask default: 255.255.255.255
gateway default: taken from --route-gateway or --ifconfig
Specify default by leaving blank or setting to
--max-routes n :
Specify the maximum number of routes that may be defined
or pulled from a server.
--route-gateway gw|'dhcp' : Specify a default gateway for use with --route.
--route-metric m : Specify a default metric for use with --route.
--route-delay n [w] : Delay n seconds after connection initiation before
adding routes (may be 0).
If not specified, routes will
be added immediately after tun/tap open.
On Windows, wait
up to w seconds for TUN/TAP adapter to come up.
--route-up cmd
: Execute shell cmd after routes are added.
--route-noexec
: Don't add routes automatically.
Instead pass routes to
--route-up script using environmental variables.
--route-nopull
: When used with --client or --pull, accept options pushed
by server EXCEPT for routes.
--allow-pull-fqdn : Allow client to pull DNS names from server for
--ifconfig, --route, and --route-gateway.
--redirect-gateway [flags]: Automatically execute routing
commands to redirect all outgoing IP traffic through the
VPN.
Add 'local' flag if both OpenVPN servers are directly
connected via a common subnet, such as with WiFi.
Add 'def1' flag to set default route using using 0.0.0.0/1
and 128.0.0.0/1 rather than 0.0.0.0/0.
Add 'bypass-dhcp'
flag to add a direct route to DHCP server, bypassing tunnel.
Add 'bypass-dns' flag to similarly bypass tunnel for DNS.
--redirect-private [flags]: Like --redirect-gateway, but omit actually changing
the default gateway.
Useful when pushing private subnets.
--setenv name value : Set a custom environmental variable to pass to script.
--setenv FORWARD_COMPATIBLE 1 : Relax config file syntax checking to allow
directives for future OpenVPN versions to be ignored.
--script-security level mode : mode='execve' (default) or 'system', level=
0 -- strictly no calling of external programs
1 -- (default) only call built-ins such as ifconfig
2 -- allow calling of built-ins and scripts
3 -- allow password to be passed to scripts via env
--shaper n
: Restrict output to peer to n bytes per second.
--keepalive n m : Helper option for setting timeouts in server mode.
Send
ping once every n seconds, restart if ping not received
for m seconds.
--inactive n [bytes] : Exit after n seconds of activity on tun/tap device
produces a combined in/out byte count < bytes.
--ping- exit n
: Exit if n seconds pass without reception of remote ping.
--ping- restart n: Restart if n seconds pass without reception of remote ping.
--ping-timer-rem: Run the --ping-exit/--ping-restart timer only if we have a
remote address.
--ping n
: Ping remote once every n seconds over TCP/UDP port.
--multihome
: Configure a multi-homed UDP server.
--fast-io
: (experimental) Optimize TUN/TAP/UDP writes.
--remap-usr1 s
: On SIGUSR1 signals, remap signal (s='SIGHUP' or 'SIGTERM').
--persist-tun
: Keep tun/tap device open across SIGUSR1 or --ping-restart.
--persist-remote-ip : Keep remote IP address across SIGUSR1 or --ping-restart.
--persist- local-ip
: Keep local IP address across SIGUSR1 or --ping-restart.
--persist-key
: Don't re-read key files across SIGUSR1 or --ping-restart.
--passtos
: TOS passthrough (applies to IPv4 only).
--tun-mtu n
: Take the tun/tap device MTU to be n and derive the
TCP/UDP MTU from it (default=1500).
--tun- mtu-extra n : Assume that tun/tap device might return as many
as n bytes more than the tun-mtu size on read
(default TUN=0 TAP=32).
--link-mtu n
: Take the TCP/UDP device MTU to be n and derive the tun MTU
from it.
--mtu-disc type : Should we do Path MTU discovery on TCP/UDP channel?
'no'
-- Never send DF (Don't Fragment) frames
'maybe' -- Use per-route hints
'yes'
-- Always DF (Don't Fragment)
--mtu-test
: Empirically measure and report MTU.
--fragment max
: Enable internal datagram fragmentation so that no UDP
datagrams are sent which are larger than max bytes.
Adds 4 bytes of overhead per datagram.
--mssfix [n]
: Set upper bound on TCP MSS, default = tun- mtu size
or --fragment max value, whichever is lower.
--sndbuf size
: Set the TCP/UDP send buffer size.
--rcvbuf size
: Set the TCP/UDP receive buffer size.
--txqueuelen n
: Set the tun/tap TX queue length to n (Linux only).
--mlock
: Disable Paging -- ensures key material and tunnel
data will never be written to disk.
--up cmd
: Shell cmd to execute after successful tun device open.
Execute as: cmd tun/tap-dev tun-mtu link-mtu
ifconfig- local-ip ifconfig-remote-ip
(pre --user or --group UID/GID change)
--up-delay
: Delay tun/tap open and possible --up script execution
until after TCP/UDP connection establishment with peer.
--down cmd
: Shell cmd to run after tun device close.
(post --user/--group UID/GID change and/or --chroot)
(script parameters are same as --up option)
--down-pre
: Call --down cmd/script before TUN/TAP close.
--up-restart
: Run up/down scripts for all restarts including those
caused by --ping-restart or SIGUSR1
--user user
: Set UID to user after initialization.
--group group
: Set GID to group after initialization.
--chroot dir
: Chroot to this directory after initialization.
--cd dir
: Change to this directory before initialization.
--daemon [name] : Become a daemon after initialization.
The optional 'name' parameter will be passed
as the program name to the system logger.
--syslog [name] : Output to syslog, but do not become a daemon.
See --daemon above for a description of the 'name' parm.
--inetd [name] ['wait'|'nowait'] : Run as an inetd or xinetd server.
See --daemon above for a description of the 'name' parm.
--log file
: Output log to file which is created/truncated on open.
--log- append file : Append log to file, or create file if nonexistent.
--suppress-timestamps : Don't log timestamps to stdout/stderr.
--writepid file : Write main process ID to file.
--nice n
: Change process priority (>0 = lower, <0 = higher).
--echo [parms ...] : Echo parameters to log output.
--verb n
: Set output verbosity to n (default=1):
(Level 3 is recommended if you want a good summary
of what's happening without being swamped by output).
: 0 -- no output except fatal errors
: 1 -- startup info + connection initiated messages +
non-fatal encryption & net errors
: 2,3 -- show TLS negotiations & route info
: 4 -- show parameters
: 5 -- show 'RrWw' chars on console for each packet sent
and received from TCP/UDP (caps) or tun/tap (lc)
: 6 to 11 -- debug messages of increasing verbosity
--mute n
: Log at most n consecutive messages in the same category.
--status file n : Write operational status to file every n seconds.
--status-version [n] : Choose the status file format version number.
Currently, n can be 1, 2, or 3 (default=1).
--disable-occ
: Disable options consistency check between peers.
--gremlin mask
: Special stress testing mode (for debugging only).
--comp-lzo
: Use fast LZO compression -- may add up to 1 byte per
packet for uncompressible data.
--comp-noadapt
: Don't use adaptive compression when --comp-lzo
is specified.
--management ip port [pass] : Enable a TCP server on ip:port to handle
management functions.
pass is a password file
or 'stdin' to prompt from console.
To listen on a unix domain socket, specific the pathname
in place of ip and use 'unix' as the port number.
--management-client : Management interface will connect as a TCP client to
ip/port rather than listen as a TCP server.
--management-query-passwords : Query management channel for private key
and auth- user-pass passwords.
--management-hold : Start OpenVPN in a hibernating state, until a client
of the management interface explicitly starts it.
--management-signal : Issue SIGUSR1 when management disconnect event occurs.
--management-forget-disconnect : Forget passwords when management disconnect
event occurs.
--management-log-cache n : Cache n lines of log file history for usage
by the management channel.
--management-client-user u
: When management interface is a unix socket, only
allow connections from user u.
--management-client-group g : When management interface is a unix socket, only
allow connections from group g.
--management-client- auth : gives management interface client the responsibility
faithful-
faithful-
faithful-
faithful-
faithful-
faithful-
faithful-
faithful-
本文更新与2021-01-21 20:31,由作者提供,不代表本网站立场,转载请注明出处:https://www.bjmy2z.cn/gaokao/546010.html