Document --daemon changes and consequences (--askpass, --auth-nocache).

author Gert Doering <gert@greenie.muc.de>

Tue, 14 Jul 2015 07:09:54 +0000 (09:09 +0200)

committer Gert Doering <gert@greenie.muc.de>

Tue, 14 Jul 2015 08:13:58 +0000 (10:13 +0200)
author Gert Doering <gert@greenie.muc.de>
Tue, 14 Jul 2015 07:09:54 +0000 (09:09 +0200)
committer Gert Doering <gert@greenie.muc.de>
Tue, 14 Jul 2015 08:13:58 +0000 (10:13 +0200)
diff --git a/doc/openvpn.8 b/doc/openvpn.8

index 9db640971502ed0dac44994e81d3d3ff737cb0b6..203dd465f82a534fbf50b4cf5d698da329a3b4c6 100644 (file)
--- a/doc/openvpn.8
+++ b/doc/openvpn.8
@@ -2198,6 +2198,22 @@ openvpn command for a fairly reliable indication of whether the command
  has correctly initialized and entered the packet forwarding event loop.
  
  In OpenVPN, the vast majority of errors which occur after initialization are non-fatal.
+
+Note: as soon as OpenVPN has daemonized, it can not ask for usernames,
+passwords, or key pass phrases anymore.  This has certain consequences,
+namely that using a password-protected private key will fail unless the
+.B \-\-askpass
+option is used to tell OpenVPN to ask for the pass phrase (this
+requirement is new in 2.3.7, and is a consequence of calling daemon()
+before initializing the crypto layer).
+
+Further, using
+.B \-\-daemon
+together with
+.B \-\-auth-user-pass
+(entered on console) and
+.B \-\-auth-nocache
+will fail as soon as key renegotiation (and reauthentication) occurs.
  .\"*********************************************************
  .TP
  .B \-\-syslog [progname]
author	Gert Doering <gert@greenie.muc.de>
	Tue, 14 Jul 2015 07:09:54 +0000 (09:09 +0200)
committer	Gert Doering <gert@greenie.muc.de>
	Tue, 14 Jul 2015 08:13:58 +0000 (10:13 +0200)