From: Gert Doering <gert@greenie.muc.de>
Date: Tue, 14 Jul 2015 07:09:54 +0000 (+0200)
Subject: Document --daemon changes and consequences (--askpass, --auth-nocache).
X-Git-Tag: v2.4_alpha1~273
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b6ec7fbe96f4e200b8962ef6bb572bbb2228133e;p=thirdparty%2Fopenvpn.git

Document --daemon changes and consequences (--askpass, --auth-nocache).

Trac #574, #576

Signed-off-by: Gert Doering <gert@greenie.muc.de>
Acked-by: Steffan Karger <steffan.karger@fox-it.com>
Message-Id: <1436857794-29419-1-git-send-email-gert@greenie.muc.de>
URL: http://article.gmane.org/gmane.network.openvpn.devel/9923
---

diff --git a/doc/openvpn.8 b/doc/openvpn.8
index 3eb2493a8..0692a8017 100644
--- a/doc/openvpn.8
+++ b/doc/openvpn.8
@@ -2208,6 +2208,22 @@ openvpn command for a fairly reliable indication of whether the command
 has correctly initialized and entered the packet forwarding event loop.
 
 In OpenVPN, the vast majority of errors which occur after initialization are non-fatal.
+
+Note: as soon as OpenVPN has daemonized, it can not ask for usernames,
+passwords, or key pass phrases anymore.  This has certain consequences,
+namely that using a password-protected private key will fail unless the
+.B \-\-askpass
+option is used to tell OpenVPN to ask for the pass phrase (this
+requirement is new in 2.3.7, and is a consequence of calling daemon()
+before initializing the crypto layer).
+
+Further, using
+.B \-\-daemon
+together with
+.B \-\-auth-user-pass
+(entered on console) and
+.B \-\-auth-nocache
+will fail as soon as key renegotiation (and reauthentication) occurs.
 .\"*********************************************************
 .TP
 .B \-\-syslog [progname]