Once set, a variable is persisted indefinitely until it is reset by a new value or a restart,

As of OpenVPN 2.0-beta12, in server mode, environmental variables set by OpenVPN are scoped according to the client objects they are associated with, so there should not be any issues with scripts having access to stale, previously set variables which refer to different client instances.

bytes_received
Total number of bytes received from client during VPN session. Set prior to execution of the –client-disconnect script.
bytes_sent
Total number of bytes sent to client during VPN session. Set prior to execution of the –client-disconnect script.
common_name
The X509 common name of an authenticated client. Set prior to execution of –client-connect, –client-disconnect, and –auth-user-pass-verify scripts.
config
Name of first –config file. Set on program initiation and reset on SIGHUP.
daemon
Set to "1" if the –daemon directive is specified, or "0" otherwise. Set on program initiation and reset on SIGHUP.
daemon_log_redirect
Set to "1" if the –log or –log-append directives are specified, or "0" otherwise. Set on program initiation and reset on SIGHUP.
dev
The actual name of the TUN/TAP device, including a unit number if it exists. Set prior to –up or –down script execution.
foreign_option_{n}
An option pushed via –push to a client which does not natively support it, such as –dhcp-option on a non-Windows system, will be recorded to this environmental variable sequence prior to –up script execution.
ifconfig_broadcast
The broadcast address for the virtual ethernet segment which is derived from the –ifconfig option when –dev tap is used. Set prior to OpenVPN calling the ifconfig or netsh (windows version of ifconfig) commands which normally occurs prior to –up script execution.
ifconfig_local
The local VPN endpoint IP address specified in the –ifconfig option (first parameter). Set prior to OpenVPN calling theifconfig or netsh (windows version of ifconfig) commands which normally occurs prior to –up script execution.
ifconfig_remote
The remote VPN endpoint IP address specified in the –ifconfig option (second parameter) when –dev tun is used. Set prior to OpenVPN calling the ifconfig or netsh (windows version of ifconfig) commands which normally occurs prior to –upscript execution.
ifconfig_netmask
The subnet mask of the virtual ethernet segment that is specified as the second parameter to –ifconfig when –dev tap is being used. Set prior to OpenVPN calling the ifconfig or netsh (windows version of ifconfig) commands which normally occurs prior to –up script execution.
ifconfig_pool_local_ip
The local virtual IP address for the TUN/TAP tunnel taken from an –ifconfig-push directive if specified, or otherwise from the ifconfig pool (controlled by the –ifconfig-pool config file directive). Only set for –dev tun tunnels. This option is set on the server prior to execution of the –client-connect and –client-disconnect scripts.
ifconfig_pool_netmask
The virtual IP netmask for the TUN/TAP tunnel taken from an –ifconfig-push directive if specified, or otherwise from the ifconfig pool (controlled by the –ifconfig-pool config file directive). Only set for –dev tap tunnels. This option is set on the server prior to execution of the –client-connect and –client-disconnect scripts.
ifconfig_pool_remote_ip
The remote virtual IP address for the TUN/TAP tunnel taken from an –ifconfig-push directive if specified, or otherwise from the ifconfig pool (controlled by the –ifconfig-pool config file directive). This option is set on the server prior to execution of the –client-connect and –client-disconnect scripts.
link_mtu
The maximum packet size (not including the IP header) of tunnel data in UDP tunnel transport mode. Set prior to –up or –down script execution.
local
             The –local parameter. Set on program initiation and reset on SIGHUP.
local_port
The local port number, specified by –port or –lport. Set on program initiation and reset on SIGHUP.
password
The password provided by a connecting client. Set prior to –auth-user-pass-verify script execution only when the via-envmodifier is specified, and deleted from the environment after the script returns.
proto
The –proto parameter. Set on program initiation and reset on SIGHUP.
remote_{n}
The –remote parameter. Set on program initiation and reset on SIGHUP.
remote_port_{n}
The remote port number, specified by –port or –rport. Set on program initiation and reset on SIGHUP.
route_net_gateway
The pre-existing default IP gateway in the system routing table. Set prior to –up script execution.
route_vpn_gateway
The default gateway used by –route options, as specified in either the –route-gateway option or the second parameter to–ifconfig when –dev tun is specified. Set prior to –up script execution.
route_{parm}_{n}
A set of variables which define each route to be added, and are set prior to –up script execution.

parm will be one of "network", "netmask", "gateway", or "metric".

n is the OpenVPN route number, starting from 1.

If the network or gateway are resolvable DNS names, their IP address translations will be recorded rather than their names as denoted on the command line or configuration file.

script_context
Set to "init" or "restart" prior to up/down script execution. For more information, see documentation for –up.
script_type
One of up, down, ipchange, route-up, tls-verify, auth-user-pass-verify, client-connect, client-disconnect, or learn-address. Set prior to execution of any script.
signal
The reason for exit or restart. Can be one of sigusr1, sighup, sigterm, sigint, inactive (controlled by –inactive option),ping-exit (controlled by –ping-exit option), ping-restart (controlled by –ping-restart option), connection-reset (triggered on TCP connection reset), error, or unknown (unknown signal). This variable is set just prior to down script execution.
tls_id_{n}
A series of certificate fields from the remote peer, where n is the verification level. Only set for TLS connections. Set prior to execution of –tls-verify script.
tls_serial_{n}
The serial number of the certificate from the remote peer, where n is the verification level. Only set for TLS connections. Set prior to execution of –tls-verify script.
tun_mtu
The MTU of the TUN/TAP device. Set prior to –up or –down script execution.
trusted_ip
Actual IP address of connecting client or peer which has been authenticated. Set prior to execution of –ipchange, –client-connect, and –client-disconnect scripts.
trusted_port
Actual port number of connecting client or peer which has been authenticated. Set prior to execution of –ipchange, –client-connect, and –client-disconnect scripts.
untrusted_ip
Actual IP address of connecting client or peer which has not been authenticated yet. Sometimes used to nmap the connecting host in a –tls-verify script to ensure it is firewalled properly. Set prior to execution of –tls-verify and –auth-user-pass-verify scripts.
untrusted_port
Actual port number of connecting client or peer which has not been authenticated yet. Set prior to execution of –tls-verifyand –auth-user-pass-verify scripts.
username
The username provided by a connecting client. Set prior to –auth-user-pass-verify script execution only when the via-envmodifier is specified.

Comments



Name (required)

Email (required)

站点

Speak your mind

  • 时间在流失

    2017年十一月
    « 9月    
     12345
    6789101112
    13141516171819
    20212223242526
    27282930