The ssoca openvpn exec command is supposed to accept additional arguments to pass to openvpn in addition to the generated --config file.
For example, I expect the following to work, but the --tls-version-max doesn't seem to be respected.
$ ssoca openvpn exec -- --tls-version-max 1.2
Interestingly, typo'ing the argument does seem to suggest it's correctly being passed to openvpn because it errors.
$ ssoca -e pws-prod openvpn exec -- --tls-version-max=1.2
Options error: Unrecognized option or missing or extra parameter(s) in [CMD-LINE]:1: tls-version-max=1.2 (2.4.7)
Use --help for more information.
Make it work, or figure out why it's not actually supported.
Notes:
Perhaps they need to be located before the --config? But should make sure user args can override the default generated config, if needed.
Alternatively, is it safe to simply append them to the generated config? Would probably be hard to know if the args are key/values or just keys though.
Motivated by odd behavior in Debian where the default openvpn+openssl version have an issue with TLSv1.3 connections (reference).
This appears to be working as expected (verified with --verb 11). The underlying error suggesting this issue turned out to be caused by #13, which has nothing to do with missing, propagated options.
The
ssoca openvpn exec
command is supposed to accept additional arguments to pass toopenvpn
in addition to the generated--config
file.For example, I expect the following to work, but the
--tls-version-max
doesn't seem to be respected.Interestingly, typo'ing the argument does seem to suggest it's correctly being passed to
openvpn
because it errors.Make it work, or figure out why it's not actually supported.
Notes:
--config
? But should make sure user args can override the default generated config, if needed.