From: David Sommerseth Date: Fri, 9 Jul 2021 13:48:49 +0000 (+0200) Subject: man: Clarify IV_HWADDR X-Git-Tag: v2.5.4~8 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=6204dc7cb8e1731fc0fdf6c2fcd016f9c049ac69;p=thirdparty%2Fopenvpn.git man: Clarify IV_HWADDR The IV_HWADDR description was only partially correct, as there are more implementations using other values than the MAC address of the default gateway. The intention of this value is to provide a unique identifier of the client and on some platforms this is not possible to retrieve other than to generate this information. The 64 bytes limitation is an arbitrary value, it is not enforced by OpenVPN 2.x. But it was considered a good idea to at least have some reasonable upper limit of how long this string can be, at least for those implementing support for this information. Signed-off-by: David Sommerseth Acked-by: Gert Doering Message-Id: <20210709134849.161728-1-openvpn@sf.lists.topphemmelig.net> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg22625.html Signed-off-by: Gert Doering (cherry picked from commit 51d85a9d287f44c373eaa514c6a52e1078c27c43) --- diff --git a/doc/man-sections/server-options.rst b/doc/man-sections/server-options.rst index 98a1641bd..ac0df5585 100644 --- a/doc/man-sections/server-options.rst +++ b/doc/man-sections/server-options.rst @@ -494,8 +494,14 @@ fast hardware. SSL/TLS authentication must be used in this mode. When ``--push-peer-info`` is enabled the additional information consists of the following data: - :code:`IV_HWADDR=` - The MAC address of clients default gateway + :code:`IV_HWADDR=` + This is intended to be a unique and persistent ID of the client. + The string value can be any readable ASCII string up to 64 bytes. + OpenVPN 2.x and some other implementations use the MAC address of + the client's interface used to reach the default gateway. If this + string is generated by the client, it should be consistent and + preserved across independent session and preferably + re-installations and upgrades. :code:`IV_SSL=` The ssl version used by the client, e.g.