module Test_OpenVPN =
let server_conf = "
daemon
local 10.0.5.20
port 1194
# TCP or UDP server?
proto udp
;dev tap
dev tun
dev-node MyTap
ca ca.crt
cert server.crt
key server.key # This file should be kept secret
# Diffie hellman parameters.
dh dh1024.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
client-config-dir /etc/openvpn/ccd
server-bridge 10.8.0.4 255.255.255.0 10.8.0.50 10.8.0.100
route 10.9.0.0 255.255.255.0
push \"route 192.168.10.0 255.255.255.0\"
learn-address ./script
push \"redirect-gateway\"
push \"dhcp-option DNS 10.8.0.1\"
push \"dhcp-option WINS 10.8.0.1\"
client-to-client
duplicate-cn
keepalive 10 120
tls-auth ta.key 0 # This file is secret
cipher BF-CBC # Blowfish (default)
;cipher AES-128-CBC # AES
;cipher DES-EDE3-CBC # Triple-DES
comp-lzo
max-clients 100
user nobody
group nobody
persist-key
persist-tun
status openvpn-status.log
log openvpn.log
log-append openvpn.log
verb 3
mute 20
management 10.0.5.20 1193 /etc/openvpn/mpass
"
test OpenVPN.lns get server_conf =
{}
{ "daemon" }
{ "local" = "10.0.5.20" }
{ "port" = "1194" }
{ "#comment" = "TCP or UDP server?" }
{ "proto" = "udp" }
{ "#comment" = "dev tap" }
{ "dev" = "tun" }
{}
{ "dev-node" = "MyTap" }
{ "ca" = "ca.crt" }
{ "cert" = "server.crt" }
{ "key" = "server.key"
{ "#comment" = "This file should be kept secret" } }
{}
{ "#comment" = "Diffie hellman parameters." }
{ "dh" = "dh1024.pem" }
{}
{ "server"
{ "address" = "10.8.0.0" }
{ "netmask" = "255.255.255.0" } }
{ "ifconfig-pool-persist"
{ "file" = "ipp.txt" }
}
{}
{ "client-config-dir" = "/etc/openvpn/ccd" }
{ "server-bridge"
{ "address" = "10.8.0.4" }
{ "netmask" = "255.255.255.0" }
{ "start" = "10.8.0.50" }
{ "end" = "10.8.0.100" } }
{ "route"
{ "address" = "10.9.0.0" }
{ "netmask" = "255.255.255.0" } }
{ "push" = "route 192.168.10.0 255.255.255.0" }
{ "learn-address" = "./script" }
{ "push" = "redirect-gateway" }
{ "push" = "dhcp-option DNS 10.8.0.1" }
{ "push" = "dhcp-option WINS 10.8.0.1" }
{ "client-to-client" }
{ "duplicate-cn" }
{ "keepalive"
{ "ping" = "10" }
{ "timeout" = "120" } }
{ "tls-auth"
{ "key" = "ta.key" }
{ "is_client" = "0" }
{ "#comment" = "This file is secret" } }
{ "cipher" = "BF-CBC"
{ "#comment" = "Blowfish (default)" } }
{ "#comment" = "cipher AES-128-CBC # AES" }
{ "#comment" = "cipher DES-EDE3-CBC # Triple-DES" }
{ "comp-lzo" }
{ "max-clients" = "100" }
{ "user" = "nobody" }
{ "group" = "nobody" }
{ "persist-key" }
{ "persist-tun" }
{ "status"
{ "file" = "openvpn-status.log" }
}
{ "log" = "openvpn.log" }
{ "log-append" = "openvpn.log" }
{ "verb" = "3" }
{ "mute" = "20" }
{ "management"
{ "server" = "10.0.5.20" }
{ "port" = "1193" }
{ "pwfile" = "/etc/openvpn/mpass" } }
let client_conf = "
client
remote my-server-1 1194
;remote my-server-2 1194
remote-random
resolv-retry infinite
nobind
http-proxy-retry # retry on connection failures
http-proxy mytest 1024
mute-replay-warnings
ns-cert-type server
"
test OpenVPN.lns get client_conf =
{}
{ "client" }
{ "remote"
{ "server" = "my-server-1" }
{ "port" = "1194" } }
{ "#comment" = "remote my-server-2 1194" }
{ "remote-random" }
{ "resolv-retry" = "infinite" }
{ "nobind" }
{ "http-proxy-retry"
{ "#comment" = "retry on connection failures" } }
{ "http-proxy"
{ "server" = "mytest" }
{ "port" = "1024" } }
{ "mute-replay-warnings" }
{ "ns-cert-type" = "server" }
(* Most (hopefully all) permutations for OpenVPN 2.3
* NOTE: This completely ignores IPv6 because it's hard to tell which OpenVPN
* options actually work with IPv6. Thar be dragons.
*)
let all_permutations_conf = "
config /a/canonical/file
config relative_file
mode p2p
mode server
local 192.168.1.1
local hostname
remote 192.168.1.1 1234
remote hostname 1234
remote hostname
remote 192.168.1.1
remote hostname 1234 tcp
remote 192.168.1.1 1234 tcp
remote hostname 1234 udp
remote-random-hostname
#comment square <connection> blocks should go here
proto-force udp
proto-force tcp
remote-random
proto udp
proto tcp-client
proto tcp-server
connect-retry 5
connect-timeout 10
connect-retry-max 0
show-proxy-settings
http-proxy servername 1234
http-proxy servername 1234 auto
http-proxy servername 1234 auto-nct
http-proxy servername 1234 auto none
http-proxy servername 1234 auto basic
http-proxy servername 1234 auto ntlm
http-proxy servername 1234 relative_filename ntlm
http-proxy servername 1234 /canonical/filename basic
http-proxy-retry
http-proxy-timeout 5
http-proxy-option VERSION 1.0
http-proxy-option AGENT an unquoted string with spaces
http-proxy-option AGENT an_unquoted_string_without_spaces
socks-proxy servername
socks-proxy servername 1234
socks-proxy servername 1234 /canonical/file
socks-proxy servername 1234 relative/file
socks-proxy-retry
resolv-retry 5
float
ipchange my command goes here
port 1234
lport 1234
rport 1234
bind
nobind
dev tun
dev tun0
dev tap
dev tap0
dev null
dev-type tun
dev-type tap
topology net30
topology p2p
topology subnet
tun-ipv6
dev-node /canonical/file
dev-node relative/file
lladdr 1.2.3.4
iproute my command goes here
ifconfig 1.2.3.4 5.6.7.8
ifconfig-noexec
ifconfig-nowarn
route 111.222.123.123
route networkname
route vpn_gateway
route net_gateway
route remote_host
route 111.222.123.123 255.123.255.221
route 111.222.123.123 default
route 111.222.123.123 255.123.255.231 111.222.123.1
route 111.222.123.123 default 111.222.123.1
route 111.222.123.123 255.123.255.231 default
route 111.222.123.123 default default
route 111.222.123.123 255.123.255.231 gatewayname
route 111.222.123.123 255.123.255.231 gatewayname 5
route 111.222.123.123 255.123.255.231 vpn_gateway
route 111.222.123.123 255.123.255.231 net_gateway
route 111.222.123.123 255.123.255.231 remote_host
route 111.222.123.123 255.123.255.231 111.222.123.1
route 111.222.123.123 255.123.255.231 111.222.123.1 5
max-routes 5
route-gateway gateway-name
route-gateway 111.222.123.1
route-gateway dhcp
route-metric 5
route-delay
route-delay 1
route-delay 1 2
route-up my command goes here
route-pre-down my command goes here
route-noexec
route-nopull
allow-pull-fqdn
client-nat snat 1.2.3.4 5.6.7.8 9.8.7.6
client-nat dnat 1.2.3.4 5.6.7.8 9.8.7.6
redirect-gateway local
redirect-gateway local autolocal
redirect-gateway local autolocal def1 bypass-dhcp bypass-dns block-local
link-mtu 5
redirect-private local
redirect-private local autolocal
redirect-private local autolocal def1 bypass-dhcp bypass-dns block-local
tun-mtu 5
tun-mtu-extra 5
mtu-disc no
mtu-disc maybe
mtu-disc yes
mtu-test
fragment 5
mssfix 1600
sndbuf 65536
rcvbuf 65535
mark blahvalue
socket-flags TCP_NODELAY
txqueuelen 5
shaper 50
inactive 5
inactive 5 1024
ping 10
ping-exit 10
ping-restart 10
keepalive 1 2
ping-timer-rem
persist-tun
persist-key
persist-local-ip
persist-remote-ip
mlock
up my command goes here
up-delay
down my command goes here
down-pre
up-restart
setenv myname myvalue
setenv my0-_name my value with spaces
setenv-safe myname myvalue
setenv-safe my-_name my value with spaces
ignore-unknown-option anopt
ignore-unknown-option anopt anotheropt
script-security 3
disable-occ
user username
group groupname
cd /canonical/dir
cd relative/dir/
chroot /canonical/dir
chroot relative/dir/
setcon selinux-context
daemon
daemon mydaemon_name
syslog
syslog my_syslog-name
errors-to-stderr
passtos
inetd
inetd wait
inetd nowait
inetd wait my-program_name
log myfilename
log-append myfilename
suppress-timestamps
writepid myfile
nice 5
fast-io
multihome
echo stuff to echo until end of line
remap-usr1 SIGHUP
remap-usr1 SIGTERM
verb 6
status myfile
status myfile 15
status-version
status-version 3
mute 20
comp-lzo
comp-lzo yes
comp-lzo no
comp-lzo adaptive
management 123.123.123.123 1234
management 123.123.123.123 1234 /canonical/file
management-client
management-query-passwords
management-query-proxy
management-query-remote
management-forget-disconnect
management-hold
management-signal
management-up-down
management-client-auth
management-client-pf
management-log-cache 5
management-client-user myuser
management-client-user mygroup
plugin /canonical/file
plugin relative/file
plugin myfile an init string
server 1.2.3.4 255.255.255.0
server 1.2.3.4 255.255.255.255 nopool
server-bridge 1.2.3.4 1.2.3.5 50.5.5.5 50.5.5.6
server-bridge nogw
push \"my push string\"
push-reset
push-peer-info
disable
ifconfig-pool 1.1.1.1 2.2.2.2
ifconfig-pool 1.1.1.1 2.2.2.2 255.255.255.0
ifconfig-pool-persist myfile
ifconfig-pool-persist myfile 50
ifconfig-pool-linear
ifconfig-push 1.1.1.1 2.2.2.2
ifconfig-push 1.1.1.1 2.2.2.2 alias-name
iroute 1.1.1.1
iroute 1.1.1.1 2.2.2.2
client-to-client
duplicate-cn
client-connect my command goes here
client-disconnect my command goes here
client-config-dir directory
ccd-exclusive
tmp-dir /directory
hash-size 1 2
bcast-buffers 5
tcp-queue-limit 50
tcp-nodelay
max-clients 50
max-routes-per-client 50
stale-routes-check 5
stale-routes-check 5 50
connect-freq 50 100
learn-address my command goes here
auth-user-pass-verify /my/script/with/no/arguments.sh via-env
auth-user-pass-verify \"myscript.sh arg1 arg2\" via-file
opt-verify
auth-user-pass-optional
client-cert-not-required
username-as-common-name
port-share 1.1.1.1 1234
port-share myhostname 1234
port-share myhostname 1234 /canonical/dir
client
pull
auth-user-pass
auth-user-pass /canonical/file
auth-user-pass relative/file
auth-retry none
auth-retry nointeract
auth-retry interact
static-challenge challenge_no_spaces 1
static-challenge \"my quoted challenge string\" 0
server-poll-timeout 50
explicit-exit-notify
explicit-exit-notify 5
secret /canonicalfile
secret relativefile
secret filename 1
secret filename 0
key-direction
auth none
auth sha1
cipher SHA1
cipher sha1
keysize 50
prng SHA1
prng SHA1 500
engine
engine blah
no-replay
replay-window 64
replay-window 64 16
mute-replay-warnings
replay-persist /my/canonical/filename
no-iv
use-prediction-resistance
test-crypto
tls-server
tls-client
ca myfile
capath /mydir/
dh myfile
cert myfile
extra-certs myfile
key myfile
tls-version-min 1.1
tls-version-min 2
tls-version-min 1.1 or-highest
tls-version-max 5.5
pkcs12 myfile
verify-hash AD:B0:95:D8:09:C8:36:45:12:A9:89:C8:90:09:CB:13:72:A6:AD:16
pkcs11-cert-private 0
pkcs11-cert-private 1
pkcs11-id myname
pkcs11-id-management
pkcs11-pin-cache 50
pkcs11-protected-authentication 0
pkcs11-protected-authentication 1
cryptoapicert \"SUBJ:Justin Akers\"
key-method 2
tls-cipher DEFAULT:!EXP:!PSK:!SRP:!kRSA
tls-timeout 50
reneg-bytes 50
reneg-pkts 50
reneg-sec 5
hand-window 123
tran-window 456
single-session
tls-exit
tls-auth filename 1
askpass /canonical/filename
auth-nocache
tls-verify my command goes here
tls-export-cert /a/directory/for/things
x509-username-field emailAddress
x509-username-field ext:subjectAltName
tls-remote myhostname
verify-x509-name hostname name
verify-x509-name hostname name-prefix
verify-x509-name hostname subject
ns-cert-type server
ns-cert-type client
remote-cert-tls server
remote-cert-tls client
remote-cert-ku 01
remote-cert-ku 01 02 fa FF b3
remote-cert-eku 123.3510.350.10
remote-cert-eku \"TLS Web Client Authentication\"
remote-cert-eku serverAuth
crl-verify /a/file/path
crl-verify /a/directory/ dir
show-ciphers
show-digests
show-tls
show-engines
genkey
mktun
rmtun
ifconfig-ipv6 2000:123:456::/64 1234:99:123::124
ifconfig-ipv6-push 2000:123:456::/64 1234:99:123::124
iroute-ipv6 2000:123:456::/64
route-ipv6 2000:123:456::/64
route-ipv6 2000:123:456::/64 1234:99:123::124
route-ipv6 2000:123:456::/64 1234:99:123::124 500
server-ipv6 2000:123:456::/64
ifconfig-ipv6-pool 2000:123:456::/64
"
test OpenVPN.lns get all_permutations_conf =
{ }
{ "config" = "/a/canonical/file" }
{ "config" = "relative_file" }
{ "mode" = "p2p" }
{ "mode" = "server" }
{ "local" = "192.168.1.1" }
{ "local" = "hostname" }
{ "remote"
{ "server" = "192.168.1.1" }
{ "port" = "1234" }
}
{ "remote"
{ "server" = "hostname" }
{ "port" = "1234" }
}
{ "remote"
{ "server" = "hostname" }
}
{ "remote"
{ "server" = "192.168.1.1" }
}
{ "remote"
{ "server" = "hostname" }
{ "port" = "1234" }
{ "proto" = "tcp" }
}
{ "remote"
{ "server" = "192.168.1.1" }
{ "port" = "1234" }
{ "proto" = "tcp" }
}
{ "remote"
{ "server" = "hostname" }
{ "port" = "1234" }
{ "proto" = "udp" }
}
{ "remote-random-hostname" }
{ "#comment" = "comment square <connection> blocks should go here" }
{ "proto-force" = "udp" }
{ "proto-force" = "tcp" }
{ "remote-random" }
{ "proto" = "udp" }
{ "proto" = "tcp-client" }
{ "proto" = "tcp-server" }
{ "connect-retry" = "5" }
{ "connect-timeout" = "10" }
{ "connect-retry-max" = "0" }
{ "show-proxy-settings" }
{ "http-proxy"
{ "server" = "servername" }
{ "port" = "1234" }
}
{ "http-proxy"
{ "server" = "servername" }
{ "port" = "1234" }
{ "auth" = "auto" }
}
{ "http-proxy"
{ "server" = "servername" }
{ "port" = "1234" }
{ "auth" = "auto-nct" }
}
{ "http-proxy"
{ "server" = "servername" }
{ "port" = "1234" }
{ "auth" = "auto" }
{ "auth-method" = "none" }
}
{ "http-proxy"
{ "server" = "servername" }
{ "port" = "1234" }
{ "auth" = "auto" }
{ "auth-method" = "basic" }
}
{ "http-proxy"
{ "server" = "servername" }
{ "port" = "1234" }
{ "auth" = "auto" }
{ "auth-method" = "ntlm" }
}
{ "http-proxy"
{ "server" = "servername" }
{ "port" = "1234" }
{ "auth" = "relative_filename" }
{ "auth-method" = "ntlm" }
}
{ "http-proxy"
{ "server" = "servername" }
{ "port" = "1234" }
{ "auth" = "/canonical/filename" }
{ "auth-method" = "basic" }
}
{ "http-proxy-retry" }
{ "http-proxy-timeout" = "5" }
{ "http-proxy-option"
{ "option" = "VERSION" }
{ "value" = "1.0" }
}
{ "http-proxy-option"
{ "option" = "AGENT" }
{ "value" = "an unquoted string with spaces" }
}
{ "http-proxy-option"
{ "option" = "AGENT" }
{ "value" = "an_unquoted_string_without_spaces" }
}
{ "socks-proxy"
{ "server" = "servername" }
}
{ "socks-proxy"
{ "server" = "servername" }
{ "port" = "1234" }
}
{ "socks-proxy"
{ "server" = "servername" }
{ "port" = "1234" }
{ "auth" = "/canonical/file" }
}
{ "socks-proxy"
{ "server" = "servername" }
{ "port" = "1234" }
{ "auth" = "relative/file" }
}
{ "socks-proxy-retry" }
{ "resolv-retry" = "5" }
{ "float" }
{ "ipchange" = "my command goes here" }
{ "port" = "1234" }
{ "lport" = "1234" }
{ "rport" = "1234" }
{ "bind" }
{ "nobind" }
{ "dev" = "tun" }
{ "dev" = "tun0" }
{ "dev" = "tap" }
{ "dev" = "tap0" }
{ "dev" = "null" }
{ "dev-type" = "tun" }
{ "dev-type" = "tap" }
{ "topology" = "net30" }
{ "topology" = "p2p" }
{ "topology" = "subnet" }
{ "tun-ipv6" }
{ "dev-node" = "/canonical/file" }
{ "dev-node" = "relative/file" }
{ "lladdr" = "1.2.3.4" }
{ "iproute" = "my command goes here" }
{ "ifconfig"
{ "local" = "1.2.3.4" }
{ "remote" = "5.6.7.8" }
}
{ "ifconfig-noexec" }
{ "ifconfig-nowarn" }
{ "route"
{ "address" = "111.222.123.123" }
}
{ "route"
{ "address" = "networkname" }
}
{ "route"
{ "address" = "vpn_gateway" }
}
{ "route"
{ "address" = "net_gateway" }
}
{ "route"
{ "address" = "remote_host" }
}
{ "route"
{ "address" = "111.222.123.123" }
{ "netmask" = "255.123.255.221" }
}
{ "route"
{ "address" = "111.222.123.123" }
{ "netmask" = "default" }
}
{ "route"
{ "address" = "111.222.123.123" }
{ "netmask" = "255.123.255.231" }
{ "gateway" = "111.222.123.1" }
}
{ "route"
{ "address" = "111.222.123.123" }
{ "netmask" = "default" }
{ "gateway" = "111.222.123.1" }
}
{ "route"
{ "address" = "111.222.123.123" }
{ "netmask" = "255.123.255.231" }
{ "gateway" = "default" }
}
{ "route"
{ "address" = "111.222.123.123" }
{ "netmask" = "default" }
{ "gateway" = "default" }
}
{ "route"
{ "address" = "111.222.123.123" }
{ "netmask" = "255.123.255.231" }
{ "gateway" = "gatewayname" }
}
{ "route"
{ "address" = "111.222.123.123" }
{ "netmask" = "255.123.255.231" }
{ "gateway" = "gatewayname" }
{ "metric" = "5" }
}
{ "route"
{ "address" = "111.222.123.123" }
{ "netmask" = "255.123.255.231" }
{ "gateway" = "vpn_gateway" }
}
{ "route"
{ "address" = "111.222.123.123" }
{ "netmask" = "255.123.255.231" }
{ "gateway" = "net_gateway" }
}
{ "route"
{ "address" = "111.222.123.123" }
{ "netmask" = "255.123.255.231" }
{ "gateway" = "remote_host" }
}
{ "route"
{ "address" = "111.222.123.123" }
{ "netmask" = "255.123.255.231" }
{ "gateway" = "111.222.123.1" }
}
{ "route"
{ "address" = "111.222.123.123" }
{ "netmask" = "255.123.255.231" }
{ "gateway" = "111.222.123.1" }
{ "metric" = "5" }
}
{ "max-routes" = "5" }
{ "route-gateway" = "gateway-name" }
{ "route-gateway" = "111.222.123.1" }
{ "route-gateway" = "dhcp" }
{ "route-metric" = "5" }
{ "route-delay" }
{ "route-delay"
{ "seconds" = "1" }
}
{ "route-delay"
{ "seconds" = "1" }
{ "win-seconds" = "2" }
}
{ "route-up" = "my command goes here" }
{ "route-pre-down" = "my command goes here" }
{ "route-noexec" }
{ "route-nopull" }
{ "allow-pull-fqdn" }
{ "client-nat"
{ "type" = "snat" }
{ "network" = "1.2.3.4" }
{ "netmask" = "5.6.7.8" }
{ "alias" = "9.8.7.6" }
}
{ "client-nat"
{ "type" = "dnat" }
{ "network" = "1.2.3.4" }
{ "netmask" = "5.6.7.8" }
{ "alias" = "9.8.7.6" }
}
{ "redirect-gateway"
{ "flag" = "local" }
}
{ "redirect-gateway"
{ "flag" = "local" }
{ "flag" = "autolocal" }
}
{ "redirect-gateway"
{ "flag" = "local" }
{ "flag" = "autolocal" }
{ "flag" = "def1" }
{ "flag" = "bypass-dhcp" }
{ "flag" = "bypass-dns" }
{ "flag" = "block-local" }
}
{ "link-mtu" = "5" }
{ "redirect-private"
{ "flag" = "local" }
}
{ "redirect-private"
{ "flag" = "local" }
{ "flag" = "autolocal" }
}
{ "redirect-private"
{ "flag" = "local" }
{ "flag" = "autolocal" }
{ "flag" = "def1" }
{ "flag" = "bypass-dhcp" }
{ "flag" = "bypass-dns" }
{ "flag" = "block-local" }
}
{ "tun-mtu" = "5" }
{ "tun-mtu-extra" = "5" }
{ "mtu-disc" = "no" }
{ "mtu-disc" = "maybe" }
{ "mtu-disc" = "yes" }
{ "mtu-test" }
{ "fragment" = "5" }
{ "mssfix" = "1600" }
{ "sndbuf" = "65536" }
{ "rcvbuf" = "65535" }
{ "mark" = "blahvalue" }
{ "socket-flags" = "TCP_NODELAY" }
{ "txqueuelen" = "5" }
{ "shaper" = "50" }
{ "inactive"
{ "seconds" = "5" }
}
{ "inactive"
{ "seconds" = "5" }
{ "bytes" = "1024" }
}
{ "ping" = "10" }
{ "ping-exit" = "10" }
{ "ping-restart" = "10" }
{ "keepalive"
{ "ping" = "1" }
{ "timeout" = "2" }
}
{ "ping-timer-rem" }
{ "persist-tun" }
{ "persist-key" }
{ "persist-local-ip" }
{ "persist-remote-ip" }
{ "mlock" }
{ "up" = "my command goes here" }
{ "up-delay" }
{ "down" = "my command goes here" }
{ "down-pre" }
{ "up-restart" }
{ "setenv"
{ "myname" = "myvalue" }
}
{ "setenv"
{ "my0-_name" = "my value with spaces" }
}
{ "setenv-safe"
{ "myname" = "myvalue" }
}
{ "setenv-safe"
{ "my-_name" = "my value with spaces" }
}
{ "ignore-unknown-option"
{ "opt" = "anopt" }
}
{ "ignore-unknown-option"
{ "opt" = "anopt" }
{ "opt" = "anotheropt" }
}
{ "script-security" = "3" }
{ "disable-occ" }
{ "user" = "username" }
{ "group" = "groupname" }
{ "cd" = "/canonical/dir" }
{ "cd" = "relative/dir/" }
{ "chroot" = "/canonical/dir" }
{ "chroot" = "relative/dir/" }
{ "setcon" = "selinux-context" }
{ "daemon" }
{ "daemon" = "mydaemon_name" }
{ "syslog" }
{ "syslog" = "my_syslog-name" }
{ "errors-to-stderr" }
{ "passtos" }
{ "inetd" }
{ "inetd"
{ "mode" = "wait" }
}
{ "inetd"
{ "mode" = "nowait" }
}
{ "inetd"
{ "mode" = "wait" }
{ "progname" = "my-program_name" }
}
{ "log" = "myfilename" }
{ "log-append" = "myfilename" }
{ "suppress-timestamps" }
{ "writepid" = "myfile" }
{ "nice" = "5" }
{ "fast-io" }
{ "multihome" }
{ "echo" = "stuff to echo until end of line" }
{ "remap-usr1" = "SIGHUP" }
{ "remap-usr1" = "SIGTERM" }
{ "verb" = "6" }
{ "status"
{ "file" = "myfile" }
}
{ "status"
{ "file" = "myfile" }
{ "repeat-seconds" = "15" }
}
{ "status-version" }
{ "status-version" = "3" }
{ "mute" = "20" }
{ "comp-lzo" }
{ "comp-lzo" = "yes" }
{ "comp-lzo" = "no" }
{ "comp-lzo" = "adaptive" }
{ "management"
{ "server" = "123.123.123.123" }
{ "port" = "1234" }
}
{ "management"
{ "server" = "123.123.123.123" }
{ "port" = "1234" }
{ "pwfile" = "/canonical/file" }
}
{ "management-client" }
{ "management-query-passwords" }
{ "management-query-proxy" }
{ "management-query-remote" }
{ "management-forget-disconnect" }
{ "management-hold" }
{ "management-signal" }
{ "management-up-down" }
{ "management-client-auth" }
{ "management-client-pf" }
{ "management-log-cache" = "5" }
{ "management-client-user" = "myuser" }
{ "management-client-user" = "mygroup" }
{ "plugin"
{ "file" = "/canonical/file" }
}
{ "plugin"
{ "file" = "relative/file" }
}
{ "plugin"
{ "file" = "myfile" }
{ "init-string" = "an init string" }
}
{ "server"
{ "address" = "1.2.3.4" }
{ "netmask" = "255.255.255.0" }
}
{ "server"
{ "address" = "1.2.3.4" }
{ "netmask" = "255.255.255.255" }
{ "nopool" }
}
{ "server-bridge"
{ "address" = "1.2.3.4" }
{ "netmask" = "1.2.3.5" }
{ "start" = "50.5.5.5" }
{ "end" = "50.5.5.6" }
}
{ "server-bridge" = "nogw" }
{ "push" = "my push string" }
{ "push-reset" }
{ "push-peer-info" }
{ "disable" }
{ "ifconfig-pool"
{ "start" = "1.1.1.1" }
{ "end" = "2.2.2.2" }
}
{ "ifconfig-pool"
{ "start" = "1.1.1.1" }
{ "end" = "2.2.2.2" }
{ "netmask" = "255.255.255.0" }
}
{ "ifconfig-pool-persist"
{ "file" = "myfile" }
}
{ "ifconfig-pool-persist"
{ "file" = "myfile" }
{ "seconds" = "50" }
}
{ "ifconfig-pool-linear" }
{ "ifconfig-push"
{ "local" = "1.1.1.1" }
{ "remote-netmask" = "2.2.2.2" }
}
{ "ifconfig-push"
{ "local" = "1.1.1.1" }
{ "remote-netmask" = "2.2.2.2" }
{ "alias" = "alias-name" }
}
{ "iroute"
{ "local" = "1.1.1.1" }
}
{ "iroute"
{ "local" = "1.1.1.1" }
{ "netmask" = "2.2.2.2" }
}
{ "client-to-client" }
{ "duplicate-cn" }
{ "client-connect" = "my command goes here" }
{ "client-disconnect" = "my command goes here" }
{ "client-config-dir" = "directory" }
{ "ccd-exclusive" }
{ "tmp-dir" = "/directory" }
{ "hash-size"
{ "real" = "1" }
{ "virtual" = "2" }
}
{ "bcast-buffers" = "5" }
{ "tcp-queue-limit" = "50" }
{ "tcp-nodelay" }
{ "max-clients" = "50" }
{ "max-routes-per-client" = "50" }
{ "stale-routes-check"
{ "age" = "5" }
}
{ "stale-routes-check"
{ "age" = "5" }
{ "interval" = "50" }
}
{ "connect-freq"
{ "num" = "50" }
{ "sec" = "100" }
}
{ "learn-address" = "my command goes here" }
{ "auth-user-pass-verify"
{
{ "command" = "/my/script/with/no/arguments.sh" }
}
{ "method" = "via-env" }
}
{ "auth-user-pass-verify"
{
{ "command" = "myscript.sh arg1 arg2" }
}
{ "method" = "via-file" }
}
{ "opt-verify" }
{ "auth-user-pass-optional" }
{ "client-cert-not-required" }
{ "username-as-common-name" }
{ "port-share"
{ "host" = "1.1.1.1" }
{ "port" = "1234" }
}
{ "port-share"
{ "host" = "myhostname" }
{ "port" = "1234" }
}
{ "port-share"
{ "host" = "myhostname" }
{ "port" = "1234" }
{ "dir" = "/canonical/dir" }
}
{ "client" }
{ "pull" }
{ "auth-user-pass" }
{ "auth-user-pass" = "/canonical/file" }
{ "auth-user-pass" = "relative/file" }
{ "auth-retry" = "none" }
{ "auth-retry" = "nointeract" }
{ "auth-retry" = "interact" }
{ "static-challenge"
{
{ "text" = "challenge_no_spaces" }
}
{ "echo" = "1" }
}
{ "static-challenge"
{
{ "text" = "my quoted challenge string" }
}
{ "echo" = "0" }
}
{ "server-poll-timeout" = "50" }
{ "explicit-exit-notify" }
{ "explicit-exit-notify" = "5" }
{ "secret"
{ "file" = "/canonicalfile" }
}
{ "secret"
{ "file" = "relativefile" }
}
{ "secret"
{ "file" = "filename" }
{ "direction" = "1" }
}
{ "secret"
{ "file" = "filename" }
{ "direction" = "0" }
}
{ "key-direction" }
{ "auth" = "none" }
{ "auth" = "sha1" }
{ "cipher" = "SHA1" }
{ "cipher" = "sha1" }
{ "keysize" = "50" }
{ "prng"
{ "algorithm" = "SHA1" }
}
{ "prng"
{ "algorithm" = "SHA1" }
{ "nsl" = "500" }
}
{ "engine" }
{ "engine" = "blah" }
{ "no-replay" }
{ "replay-window"
{ "window-size" = "64" }
}
{ "replay-window"
{ "window-size" = "64" }
{ "seconds" = "16" }
}
{ "mute-replay-warnings" }
{ "replay-persist" = "/my/canonical/filename" }
{ "no-iv" }
{ "use-prediction-resistance" }
{ "test-crypto" }
{ "tls-server" }
{ "tls-client" }
{ "ca" = "myfile" }
{ "capath" = "/mydir/" }
{ "dh" = "myfile" }
{ "cert" = "myfile" }
{ "extra-certs" = "myfile" }
{ "key" = "myfile" }
{ "tls-version-min" = "1.1" }
{ "tls-version-min" = "2" }
{ "tls-version-min" = "1.1"
{ "or-highest" }
}
{ "tls-version-max" = "5.5" }
{ "pkcs12" = "myfile" }
{ "verify-hash" = "AD:B0:95:D8:09:C8:36:45:12:A9:89:C8:90:09:CB:13:72:A6:AD:16" }
{ "pkcs11-cert-private" = "0" }
{ "pkcs11-cert-private" = "1" }
{ "pkcs11-id" = "myname" }
{ "pkcs11-id-management" }
{ "pkcs11-pin-cache" = "50" }
{ "pkcs11-protected-authentication" = "0" }
{ "pkcs11-protected-authentication" = "1" }
{ "cryptoapicert"
{ "SUBJ" = "Justin Akers" }
}
{ "key-method" = "2" }
{ "tls-cipher"
{ "cipher" = "DEFAULT" }
{ "cipher" = "!EXP" }
{ "cipher" = "!PSK" }
{ "cipher" = "!SRP" }
{ "cipher" = "!kRSA" }
}
{ "tls-timeout" = "50" }
{ "reneg-bytes" = "50" }
{ "reneg-pkts" = "50" }
{ "reneg-sec" = "5" }
{ "hand-window" = "123" }
{ "tran-window" = "456" }
{ "single-session" }
{ "tls-exit" }
{ "tls-auth"
{ "key" = "filename" }
{ "is_client" = "1" }
}
{ "askpass" = "/canonical/filename" }
{ "auth-nocache" }
{ "tls-verify" = "my command goes here" }
{ "tls-export-cert" = "/a/directory/for/things" }
{ "x509-username-field"
{ "subj" = "emailAddress" }
}
{ "x509-username-field"
{ "ext" = "subjectAltName" }
}
{ "tls-remote" = "myhostname" }
{ "verify-x509-name"
{ "name" = "hostname" }
{ "type" = "name" }
}
{ "verify-x509-name"
{ "name" = "hostname" }
{ "type" = "name-prefix" }
}
{ "verify-x509-name"
{ "name" = "hostname" }
{ "type" = "subject" }
}
{ "ns-cert-type" = "server" }
{ "ns-cert-type" = "client" }
{ "remote-cert-tls" = "server" }
{ "remote-cert-tls" = "client" }
{ "remote-cert-ku"
{ "usage" = "01" }
}
{ "remote-cert-ku"
{ "usage" = "01" }
{ "usage" = "02" }
{ "usage" = "fa" }
{ "usage" = "FF" }
{ "usage" = "b3" }
}
{ "remote-cert-eku"
{ "oid" = "123.3510.350.10" }
}
{ "remote-cert-eku"
{ "symbol" = "TLS Web Client Authentication" }
}
{ "remote-cert-eku"
{ "symbol" = "serverAuth" }
}
{ "crl-verify" = "/a/file/path" }
{ "crl-verify" = "/a/directory/"
{ "dir" }
}
{ "show-ciphers" }
{ "show-digests" }
{ "show-tls" }
{ "show-engines" }
{ "genkey" }
{ "mktun" }
{ "rmtun" }
{ "ifconfig-ipv6"
{ "address" = "2000:123:456::/64" }
{ "remote" = "1234:99:123::124" }
}
{ "ifconfig-ipv6-push"
{ "address" = "2000:123:456::/64" }
{ "remote" = "1234:99:123::124" }
}
{ "iroute-ipv6" = "2000:123:456::/64" }
{ "route-ipv6"
{ "network" = "2000:123:456::/64" }
}
{ "route-ipv6"
{ "network" = "2000:123:456::/64" }
{ "gateway" = "1234:99:123::124" }
}
{ "route-ipv6"
{ "network" = "2000:123:456::/64" }
{ "gateway" = "1234:99:123::124" }
{ "metric" = "500" }
}
{ "server-ipv6" = "2000:123:456::/64" }
{ "ifconfig-ipv6-pool" = "2000:123:456::/64" }
{ }