mirror of
https://github.com/OpenVPN/openvpn.git
synced 2024-09-20 03:52:28 +02:00
b541a86948
Commit 21910ebc2e
removed
support for NTLMv1 authentication. This adjusts the
behavior for existing configurations that specify
"ntlm" keyword.
Do not error out hard, instead just try to upgrade. This
should work fine in many cases and will avoid breaking
user configs unnecessarily on upgrade.
In addition it fixes an issue with the mentioned patch
where "auto" wasn't working correctly for NTLM anymore.
Change-Id: Iec74e88f86cd15328f993b6cdd0317ebda81563c
Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com>
Acked-by: Arne Schwabe <arne-openvpn@rfc2549.org>
Message-Id: <20240118151242.12169-1-gert@greenie.muc.de>
URL: https://www.mail-archive.com/search?l=mid&q=20240118151242.12169-1-gert@greenie.muc.de
Signed-off-by: Gert Doering <gert@greenie.muc.de>
95 lines
3.7 KiB
ReStructuredText
95 lines
3.7 KiB
ReStructuredText
--http-proxy args
|
|
Connect to remote host through an HTTP proxy. This requires at least an
|
|
address ``server`` and ``port`` argument. If HTTP Proxy-Authenticate
|
|
is required, a file name to an ``authfile`` file containing a username
|
|
and password on 2 lines can be given, or :code:`stdin` to prompt from
|
|
console. Its content can also be specified in the config file with the
|
|
``--http-proxy-user-pass`` option (See `INLINE FILE SUPPORT`_).
|
|
|
|
The last optional argument is an ``auth-method`` which should be one
|
|
of :code:`none`, :code:`basic`, or :code:`ntlm2`.
|
|
|
|
HTTP Digest authentication is supported as well, but only via the
|
|
:code:`auto` or :code:`auto-nct` flags (below). This must replace
|
|
the ``authfile`` argument.
|
|
|
|
The :code:`auto` flag causes OpenVPN to automatically determine the
|
|
``auth-method`` and query stdin or the management interface for
|
|
username/password credentials, if required. This flag exists on OpenVPN
|
|
2.1 or higher.
|
|
|
|
The ``auto-nct`` flag (no clear-text auth) instructs OpenVPN to
|
|
automatically determine the authentication method, but to reject weak
|
|
authentication protocols such as HTTP Basic Authentication.
|
|
|
|
Examples:
|
|
::
|
|
|
|
# no authentication
|
|
http-proxy proxy.example.net 3128
|
|
# basic authentication, load credentials from file
|
|
http-proxy proxy.example.net 3128 authfile.txt
|
|
# basic authentication, ask user for credentials
|
|
http-proxy proxy.example.net 3128 stdin
|
|
# NTLM authentication, load credentials from file
|
|
http-proxy proxy.example.net 3128 authfile.txt ntlm2
|
|
# determine which authentication is required, ask user for credentials
|
|
http-proxy proxy.example.net 3128 auto
|
|
# determine which authentication is required, but reject basic
|
|
http-proxy proxy.example.net 3128 auto-nct
|
|
# determine which authentication is required, but set credentials
|
|
http-proxy proxy.example.net 3128 auto
|
|
http-proxy-user-pass authfile.txt
|
|
# basic authentication, specify credentials inline
|
|
http-proxy proxy.example.net 3128 "" basic
|
|
<http-proxy-user-pass>
|
|
username
|
|
password
|
|
</http-proxy-user-pass>
|
|
|
|
Note that support for NTLMv1 proxies was removed with OpenVPN 2.7.
|
|
:code:`ntlm` now is an alias for :code:`ntlm2`; i.e. OpenVPN will always
|
|
attempt to use NTLMv2 authentication.
|
|
|
|
--http-proxy-user-pass userpass
|
|
Overwrite the username/password information for ``--http-proxy``. If specified
|
|
as an inline option (see `INLINE FILE SUPPORT`_), it will be interpreted as
|
|
username/password separated by a newline. When specified on the command line
|
|
it is interpreted as a filename same as the third argument to ``--http-proxy``.
|
|
|
|
Example::
|
|
|
|
<http-proxy-user-pass>
|
|
username
|
|
password
|
|
</http-proxy-user-pass>
|
|
|
|
--http-proxy-option args
|
|
Set extended HTTP proxy options. Requires an option ``type`` as argument
|
|
and an optional ``parameter`` to the type. Repeat to set multiple
|
|
options.
|
|
|
|
:code:`VERSION` ``version``
|
|
Set HTTP version number to ``version`` (default :code:`1.0`).
|
|
|
|
:code:`AGENT` ``user-agent``
|
|
Set HTTP "User-Agent" string to ``user-agent``.
|
|
|
|
:code:`CUSTOM-HEADER` ``name`` ``content``
|
|
Adds the custom Header with ``name`` as name and ``content`` as
|
|
the content of the custom HTTP header.
|
|
|
|
Examples:
|
|
::
|
|
|
|
http-proxy-option VERSION 1.1
|
|
http-proxy-option AGENT OpenVPN/2.4
|
|
http-proxy-option X-Proxy-Flag some-flags
|
|
|
|
--socks-proxy args
|
|
Connect to remote host through a Socks5 proxy. A required ``server``
|
|
argument is needed. Optionally a ``port`` (default :code:`1080`) and
|
|
``authfile`` can be given. The ``authfile`` is a file containing a
|
|
username and password on 2 lines, or :code:`stdin` can be used to
|
|
prompt from console.
|