documentation: Update and fix documentation for --push-peer-info

- description of IV_PROTO was outdated, missing a lot of flags - complete list of compression flags, but separate them out - various other style/grammar/typo fixes Change-Id: I7f854a5a14d2a2a391ebb78a2a92b3e14cfd8be6 Signed-off-by: Frank Lichtenheld <[email protected]> Acked-by: Arne Schwabe <[email protected]> Message-Id: <[email protected]> URL: https://www.mail-archive.com/[email protected]/msg28178.html Signed-off-by: Gert Doering <[email protected]>
OpenVPN · Feb 6, 2024 · b66d545 · b66d545
1 parent 53b16d0
commit b66d545
Showing 1 changed file with 31 additions and 13 deletions.
diff --git a/doc/man-sections/client-options.rst b/doc/man-sections/client-options.rst
@@ -339,31 +339,31 @@ configuration.
   :code:`IV_PLAT=[linux|solaris|openbsd|mac|netbsd|freebsd|win]`
         The client OS platform
 
-  :code:`IV_LZO_STUB=1`
-        If client was built with LZO stub capability
-
-  :code:`IV_LZ4=1`
-        If the client supports LZ4 compressions.
-
   :code:`IV_PROTO`
     Details about protocol extensions that the peer supports. The
-    variable is a bitfield and the bits are defined as follows
-    (starting a bit 0 for the first (unused) bit:
+    variable is a bitfield and the bits are defined as follows:
 
+    - bit 0: Reserved, should always be zero
     - bit 1: The peer supports peer-id floating mechanism
     - bit 2: The client expects a push-reply and the server may
       send this reply without waiting for a push-request first.
     - bit 3: The client is capable of doing key derivation using
       RFC5705 key material exporter.
     - bit 4: The client is capable of accepting additional arguments
-      to the `AUTH_PENDING` message.
+      to the ``AUTH_PENDING`` message.
+    - bit 5: The client supports doing feature negotiation in P2P mode
+    - bit 6: The client is capable of parsing and receiving the ``--dns`` pushed option
+    - bit 7: The client is capable of sending exit notification via control channel using ``EXIT`` message. Also, the client is accepting the protocol-flags pushed option for the EKM capability
+    - bit 8: The client is capable of accepting ``AUTH_FAILED,TEMP`` messages
+    - bit 9: The client is capable of dynamic tls-crypt
 
   :code:`IV_NCP=2`
         Negotiable ciphers, client supports ``--cipher`` pushed by
         the server, a value of 2 or greater indicates client supports
-        *AES-GCM-128* and *AES-GCM-256*.
+        *AES-GCM-128* and *AES-GCM-256*. IV_NCP is *deprecated* in
+        favor of ``IV_CIPHERS``.
 
-  :code:`IV_CIPHERS=<ncp-ciphers>`
+  :code:`IV_CIPHERS=<data-ciphers>`
         The client announces the list of supported ciphers configured with the
         ``--data-ciphers`` option to the server.
 
@@ -379,6 +379,23 @@ configuration.
         Additional authentication methods supported by the client.
         This may be set by the client UI/GUI using ``--setenv``
 
+  The following flags depend on which compression formats are compiled in
+  and whether compression is allowed by options. See `Protocol options`_
+  for more details.
+
+    :code:`IV_LZO=1`
+        If client supports LZO compression.
+
+    :code:`IV_LZO_STUB=1`
+        If client was built with LZO stub capability. This is only sent if
+        ``IV_LZO=1`` is not sent.
+
+    :code:`IV_LZ4=1` and :code:`IV_LZ4v2=1`
+        If the client supports LZ4 compression.
+
+    :code:`IV_COMP_STUB=1` and :code:`IV_COMP_STUBv2=1`
+        If the client supports stub compression.
+
   When ``--push-peer-info`` is enabled the additional information consists
   of the following data:
 
@@ -388,15 +405,16 @@ configuration.
         OpenVPN 2.x and some other implementations use the MAC address of
         the client's interface used to reach the default gateway. If this
         string is generated by the client, it should be consistent and
-        preserved across independent session and preferably
+        preserved across independent sessions and preferably
         re-installations and upgrades.
 
   :code:`IV_SSL=<version string>`
-        The ssl version used by the client, e.g.
+        The ssl library version used by the client, e.g.
         :code:`OpenSSL 1.0.2f 28 Jan 2016`.
 
   :code:`IV_PLAT_VER=x.y`
         The version of the operating system, e.g. 6.1 for Windows 7.
+        This is only sent on Windows operating systems.
 
   :code:`UV_<name>=<value>`
         Client environment variables whose names start with