to authenticate the peer. The default is to use the key tagged
.IR peer .
.TP
+.B "\-mobile"
+The peer is a mobile device, and is likely to change address rapidly.
+If a packet arrives from an unknown address, the server's usual response
+is to log a warning and discard it. If the server knows of any mobile
+peers, however, it will attempt to decrypt the packet using their keys,
+and if one succeeds, the server will update its idea of the peer's
+address and emit an
+.B NEWADDR
+notification.
+.TP
.BI "\-tunnel " tunnel
Use the named tunnel driver, rather than the default.
.\"-opts
has begun or restarted. If key exchange keeps failing, this message
will be repeated periodically.
.SP
+.BI "NEWADDR " peer " " address
+The given mobile
+.IR peer 's
+IP address has been changed to
+.IR address .
+.SP
.BI "NEWIFNAME " peer " " old-name " " new-name
The given
.IR peer 's
.BI "TUN " ifname " " tun-name " read-error " ecode " " message
Reading from the tunnel device failed.
.SP
+.BI "TUN " ifname " " tun-name " write-error " ecode " " message
+Writing from the tunnel device failed.
+.SP
.BI "TUN " ifname " slip bad-escape"
The SLIP driver encountered a escaped byte it wasn't expecting to see.
The erroneous packet will be ignored.