Сети‎ > ‎VPN‎ > ‎Параметры OpenVPN‎ > ‎


Client Mode
Use client mode when connecting to an OpenVPN server which has --server, --server-bridge, or --mode server in it's configuration.
A helper directive designed to simplify the configuration of OpenVPN's client mode. This directive is equivalent to:

This option must be used on a client which is connecting to a multi-client server. It indicates to OpenVPN that it should accept options pushed by the server, provided they are part of the legal set of pushable options (note that the --pull option is implied by --client ).

In particular, --pull allows the server to push routes to the client, so you should not use --pull or --client in situations where you don't trust the server to have control over the client's routing table.

--auth-user-pass [up]
Authenticate with server using username/password. up is a file containing username/password on 2 lines (Note: OpenVPN will only read passwords from a file if it has been built with the --enable-password-save configure option, or on Windows by defining ENABLE_PASSWORD_SAVE in win/settings.in).

If up is omitted, username/password will be prompted from the console.

The server configuration must specify an --auth-user-pass-verify script to verify the username/password provided by the client.

--auth-retry type
Controls how OpenVPN responds to username/password verification errors such as the client-side response to an AUTH_FAILED message from the server or verification failure of the private key password.

Normally used to prevent auth errors from being fatal on the client side, and to permit username/password requeries in case of error.

An AUTH_FAILED message is generated by the server if the client fails --auth-user-pass authentication, or if the server-side --client-connect script returns an error status when the client tries to connect.

type can be one of:

none -- Client will exit with a fatal error (this is the default).
nointeract -- Client will retry the connection without requerying for an --auth-user-pass username/password. Use this option for unattended clients.
interact -- Client will requery for an --auth-user-pass username/password and/or private key password before attempting a reconnection.

Note that while this option cannot be pushed, it can be controlled from the management interface.

--static-challenge t e
Enable static challenge/response protocol using challenge text t, with echo flag given by e (0|1).

The echo flag indicates whether or not the user's response to the challenge should be echoed.

See management-notes.txt in the OpenVPN distribution for a description of the OpenVPN challenge/response protocol.

--server-poll-timeout n
when polling possible remote servers to connect to in a round-robin fashion, spend no more than n seconds waiting for a response before trying the next server.
--explicit-exit-notify [n]
In UDP client mode or point-to-point mode, send server/peer an exit notification if tunnel is restarted or OpenVPN process is exited. In client mode, on exit/restart, this option will tell the server to immediately close its client instance object rather than waiting for a timeout. The n parameter (default=1) controls the maximum number of attempts that the client will try to resend the exit notification message. OpenVPN will not send any exit notifications unless this option is enabled.