From cdeef20bc6ea4c15824427055f2ffeff53651dee Mon Sep 17 00:00:00 2001 From: Gert Doering Date: Tue, 8 Sep 2020 13:15:11 +0200 Subject: [PATCH] Document that --push-remove is generally more suitable than --push-reset It's a long-standing and well-known problem that --push-reset removes "critical" options from the push list (like "topology subnet") which will then lead to non-working client configs. This can not be reasonably fixed, because the list of "critical" options depends on overall server config. So just document the fact, and point people towards --push-remove as a more selective tool. Trac: #29 Signed-off-by: Gert Doering Acked-by: Arne Schwabe Acked-by: David Sommerseth Message-Id: <20200908111511.9271-1-gert@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg20899.html Signed-off-by: Gert Doering (cherry picked from commit 5fd66510dfdef628fa95f156c5f9d80af9ae1531) --- doc/man-sections/server-options.rst | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/doc/man-sections/server-options.rst b/doc/man-sections/server-options.rst index f1f0667a9..2009953c2 100644 --- a/doc/man-sections/server-options.rst +++ b/doc/man-sections/server-options.rst @@ -530,6 +530,14 @@ fast hardware. SSL/TLS authentication must be used in this mode. ``--client-config-dir`` configuration file. This option will ignore ``--push`` options at the global config file level. + *NOTE*: ``--push-reset`` is very thorough: it will remove almost + all options from the list of to-be-pushed options. In many cases, + some of these options will need to be re-configured afterwards - + specifically, ``--topology subnet`` and ``--route-gateway`` will get + lost and this will break client configs in many cases. Thus, for most + purposes, ``--push-remove`` is better suited to selectively remove + push options for individual clients. + --server args A helper directive designed to simplify the configuration of OpenVPN's server mode. This directive will set up an OpenVPN server which will -- 2.47.2