From: Gert Doering <gert@greenie.muc.de>
Date: Wed, 9 Sep 2020 06:41:56 +0000 (+0200)
Subject: Document that --push-remove is generally more suitable than --push-reset
X-Git-Tag: v2.4.10~17
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=d61cbfcde78bf65ec677d164d5d03e00f092befd;p=thirdparty%2Fopenvpn.git

Document that --push-remove is generally more suitable than --push-reset

It's a long-standing and well-known problem that --push-reset removes
"critical" options from the push list (like "topology subnet") which
will then lead to non-working client configs.  This can not be
reasonably fixed, because the list of "critical" options depends on
overall server config.

So just document the fact, and point people towards --push-remove as
a more selective tool.

Trac: #29

Signed-off-by: Gert Doering <gert@greenie.muc.de>
Acked-by: Arne Schwabe <arne@rfc2549.org>
Acked-by: David Sommerseth <davids@openvpn.net>
Message-Id: <20200908111511.9271-1-gert@greenie.muc.de>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg20899.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
(cherry picked from commit 5fd66510dfdef628fa95f156c5f9d80af9ae1531)
---

diff --git a/doc/openvpn.8 b/doc/openvpn.8
index 8038e1f46..455a3247c 100644
--- a/doc/openvpn.8
+++ b/doc/openvpn.8
@@ -3014,6 +3014,19 @@ as with a
 configuration file.  This option will ignore
 .B \-\-push
 options at the global config file level.
+
+NOTE:
+.B \-\-push\-reset
+is very thorough: it will remove almost all options from the list of
+to-be-pushed options.  In many cases, some of these options will need
+to be re-configured afterwards - specifically,
+.B \-\-topology subnet
+and
+.B \-\-route-gateway
+will get lost and this will break client configs in many cases.  Thus,
+for most purposes,
+.B \-\-push-remove
+is better suited to selectively remove push options for individual clients.
 .\"*********************************************************
 .TP
 .B \-\-push\-remove opt