> From: Gert Doering [mailto:g...@greenie.muc.de] > Sent: dinsdag 14 juli 2015 9:10 > > Trac #574, #576 > > Signed-off-by: Gert Doering <g...@greenie.muc.de> > --- > doc/openvpn.8 | 16 ++++++++++++++++ > 1 file changed, 16 insertions(+) > > diff --git a/doc/openvpn.8 b/doc/openvpn.8 > index 3eb2493..0692a80 100644 > --- a/doc/openvpn.8 > +++ b/doc/openvpn.8 > @@ -2208,6 +2208,22 @@ openvpn command for a fairly reliable indication > of whether the command > has correctly initialized and entered the packet forwarding event loop. > > In OpenVPN, the vast majority of errors which occur after > initialization are non-fatal. > + > +Note: as soon as OpenVPN has daemonized, it can not ask for usernames, > +passwords, or key pass phrases anymore. This has certain consequences, > +namely that using a password-protected private key will fail unless the > +.B \-\-askpass > +option is used to tell OpenVPN to ask for the pass phrase (this > +requirement is new in 2.3.7, and is a consequence of calling daemon() > +before initializing the crypto layer). > + > +Further, using > +.B \-\-daemon > +together with > +.B \-\-auth-user-pass > +(entered on console) and > +.B \-\-auth-nocache > +will fail as soon as key renegotiation (and reauthentication) occurs. > .\"********************************************************* > .TP > .B \-\-syslog [progname] > -- > 2.3.6
ACK -Steffan
