Enum OvpnCommand 

pub enum OvpnCommand {
    Status(StatusFormat),
    State,
    StateStream(StreamMode),
    Version,
    Pid,
    Help,
    Verb(Option<u8>),
    Mute(Option<u32>),
    Net,
    Log(StreamMode),
    Echo(StreamMode),
    ByteCount(u32),
    Signal(Signal),
    Kill(KillTarget),
    HoldQuery,
    HoldOn,
    HoldOff,
    HoldRelease,
    Username {
        auth_type: AuthType,
        value: String,
    },
    Password {
        auth_type: AuthType,
        value: String,
    },
    AuthRetry(AuthRetryMode),
    ForgetPasswords,
    ChallengeResponse {
        state_id: String,
        response: String,
    },
    StaticChallengeResponse {
        password_b64: String,
        response_b64: String,
    },
    NeedOk {
        name: String,
        response: NeedOkResponse,
    },
    NeedStr {
        name: String,
        value: String,
    },
    Pkcs11IdCount,
    Pkcs11IdGet(u32),
    RsaSig {
        base64_lines: Vec<String>,
    },
    ClientAuth {
        cid: u64,
        kid: u64,
        config_lines: Vec<String>,
    },
    ClientAuthNt {
        cid: u64,
        kid: u64,
    },
    ClientDeny {
        cid: u64,
        kid: u64,
        reason: String,
        client_reason: Option<String>,
    },
    ClientKill {
        cid: u64,
        message: Option<String>,
    },
    Remote(RemoteAction),
    Proxy(ProxyAction),
    LoadStats,
    ClientPendingAuth {
        cid: u64,
        kid: u64,
        extra: String,
        timeout: u32,
    },
    CrResponse {
        response: String,
    },
    Certificate {
        pem_lines: Vec<String>,
    },
    ManagementPassword(String),
    Exit,
    Quit,
    Raw(String),
    RawMultiLine(String),
}

Every command the management interface accepts, modeled as a typed enum.

The encoder handles all serialization — escaping, quoting, multi-line block framing — so callers never assemble raw strings. The Raw variant exists as an escape hatch for commands not yet modeled here.

Variants

Status(StatusFormat)

Request connection status in the given format. Wire: status / status 2 / status 3

State

Print current state (single comma-delimited line). Wire: state

StateStream(StreamMode)

Control real-time state notifications and/or dump history. Wire: state on / state off / state all / state on all / state 3

Version

Print the OpenVPN and management interface version. Wire: version

Pid

Show the PID of the OpenVPN process. Wire: pid

Help

List available management commands. Wire: help

Verb(Option<u8>)

Get or set the log verbosity level (0–15). Verb(None) queries the current level; Verb(Some(n)) sets it. Wire: verb / verb 4

Mute(Option<u32>)

Get or set the mute threshold (suppress repeating messages). Wire: mute / mute 40

Net

(Windows only) Show network adapter list and routing table. Wire: net

Log(StreamMode)

Control real-time log streaming and/or dump log history. Wire: log on / log off / log all / log on all / log 20

Echo(StreamMode)

Control real-time echo parameter notifications. Wire: echo on / echo off / echo all / echo on all

ByteCount(u32)

Enable/disable byte count notifications at N-second intervals. Pass 0 to disable. Wire: bytecount 5 / bytecount 0

Signal(Signal)

Send a signal to the OpenVPN daemon. Wire: signal SIGUSR1

Kill(KillTarget)

Kill a specific client connection (server mode). Wire: kill Test-Client / kill 1.2.3.4:4000

HoldQuery

Query the current hold flag. Wire: hold Response: SUCCESS: hold=0 or SUCCESS: hold=1

HoldOn

Set the hold flag on — future restarts will pause until released. Wire: hold on

HoldOff

Clear the hold flag. Wire: hold off

HoldRelease

Release from hold state and start OpenVPN. Does not change the hold flag itself. Wire: hold release

Username

Supply a username for the given auth type. Wire: username "Auth" myuser

Fields

auth_type: AuthType

Which credential set this username belongs to.

value: String

The username value.

Password

Supply a password for the given auth type. The value is escaped and double-quoted per the OpenVPN config-file lexer rules. Wire: password "Private Key" "foo\"bar"

Fields

auth_type: AuthType

Which credential set this password belongs to.

value: String

The password value (will be escaped on the wire).

AuthRetry(AuthRetryMode)

Set the auth-retry strategy. Wire: auth-retry interact

ForgetPasswords

Forget all passwords entered during this management session. Wire: forget-passwords

ChallengeResponse

Respond to a CRV1 dynamic challenge. Wire: password "Auth" "CRV1::state_id::response"

Fields

state_id: String

The opaque state ID from the >PASSWORD: CRV1 notification.

response: String

The user’s response to the challenge.

StaticChallengeResponse

Respond to a static challenge (SC). Wire: password "Auth" "SCRV1::base64_password::base64_response"

The caller must pre-encode password and response as base64 — this crate does not include a base64 dependency.

Fields

password_b64: String

Base64-encoded password.

response_b64: String

Base64-encoded challenge response.

NeedOk

Respond to a >NEED-OK: prompt. Wire: needok token-insertion-request ok / needok ... cancel

Fields

name: String

The prompt name from the >NEED-OK: notification.

response: NeedOkResponse

Accept or cancel.

NeedStr

Respond to a >NEED-STR: prompt with a string value. Wire: needstr name "John"

Fields

name: String

The prompt name from the >NEED-STR: notification.

value: String

The string value to send (will be escaped on the wire).

Pkcs11IdCount

Query available PKCS#11 certificate count. Wire: pkcs11-id-count

Pkcs11IdGet(u32)

Retrieve a PKCS#11 certificate by index. Wire: pkcs11-id-get 1

RsaSig

Provide an RSA signature in response to >RSA_SIGN:. This is a multi-line command: the encoder writes rsa-sig, then each base64 line, then END.

Fields

base64_lines: Vec<String>

Base64-encoded signature lines.

ClientAuth

Authorize a >CLIENT:CONNECT or >CLIENT:REAUTH and push config directives. Multi-line command: header, config lines, END. An empty config_lines produces a null block (header + immediate END), which is equivalent to client-auth-nt in effect.

Fields

cid: u64

Client ID from the >CLIENT: notification.

kid: u64

Key ID from the >CLIENT: notification.

config_lines: Vec<String>

Config directives to push (e.g. push "route ...").

ClientAuthNt

Authorize a client without pushing any config. Wire: client-auth-nt {CID} {KID}

Fields

cid: u64

Client ID.

kid: u64

Key ID.

ClientDeny

Deny a >CLIENT:CONNECT or >CLIENT:REAUTH. Wire: client-deny {CID} {KID} "reason" ["client-reason"]

Fields

cid: u64

Client ID.

kid: u64

Key ID.

reason: String

Server-side reason string (logged but not sent to client).

client_reason: Option<String>

Optional message sent to the client as part of AUTH_FAILED.

ClientKill

Kill a client session by CID, optionally with a custom message. Wire: client-kill {CID} or client-kill {CID} {message} Default message is RESTART if omitted.

Fields

cid: u64

Client ID.

message: Option<String>

Optional kill message (e.g. "HALT", "RESTART"). Defaults to RESTART on the server if None.

Remote(RemoteAction)

Respond to a >REMOTE: notification (requires --management-query-remote). Wire: remote ACCEPT / remote SKIP / remote MOD host port

Proxy(ProxyAction)

Respond to a >PROXY: notification (requires --management-query-proxy). Wire: proxy NONE / proxy HTTP host port [nct] / proxy SOCKS host port

LoadStats

Request aggregated server stats. Wire: load-stats Response: SUCCESS: nclients=N,bytesin=N,bytesout=N

ClientPendingAuth

Defer authentication for a client, allowing async auth backends. Wire: client-pending-auth {CID} {KID} {EXTRA} {TIMEOUT}

Fields

cid: u64

Client ID.

kid: u64

Key ID.

extra: String

Extra opaque string passed to the auth backend.

timeout: u32

Timeout in seconds before the pending auth expires.

CrResponse

Respond to a CR_TEXT challenge (client-side, OpenVPN 2.6+). Wire: cr-response {base64-response}

Fields

response: String

The base64-encoded challenge-response answer.

Certificate

Supply an external certificate in response to >NEED-CERTIFICATE. Multi-line command: header, PEM lines, END. Wire: certificate\n{pem_lines}\nEND

Fields

pem_lines: Vec<String>

PEM-encoded certificate lines.

ManagementPassword(String)

Authenticate to the management interface itself. Sent as a bare line (no command prefix, no quoting) in response to crate::OvpnMessage::PasswordPrompt. Wire: {password}\n

Exit

Close the management session. OpenVPN keeps running and resumes listening for new management connections.

Quit

Identical to Exit.

Raw(String)

Send a raw command string for anything not yet modeled above. The decoder expects a SUCCESS:/ERROR: response.

RawMultiLine(String)

Send a raw command string, expecting a multi-line (END-terminated) response.

Like [Raw], the string is sanitized (newlines/NUL stripped) before sending. Unlike Raw, the decoder accumulates the response into [OvpnMessage::MultiLine].

Trait Implementations

impl Clone for OvpnCommand

fn clone(&self) -> OvpnCommand

Returns a duplicate of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl Debug for OvpnCommand

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl Encoder<OvpnCommand> for OvpnCodec

type Error = Error

The type of encoding errors.

fn encode( &mut self, item: OvpnCommand, dst: &mut BytesMut, ) -> Result<(), Self::Error>

Encodes a frame into the buffer provided.

impl PartialEq for OvpnCommand

fn eq(&self, other: &OvpnCommand) -> bool

Tests for self and other values to be equal, and is used by ==.

fn ne(&self, other: &Rhs) -> bool

Tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.

impl Eq for OvpnCommand

impl StructuralPartialEq for OvpnCommand