-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 28/02/10 14:44, David Sommerseth wrote:
> From: Enrico Scholz <enrico.sch...@sigma-chemnitz.de>
>
> I am running a multihomed host where 'local <extip>' must be specified
> for proper operation. Unfortunately, this implies 'lport 1194' or
> another static port.
>
> This causes problems with stateful firewalls which register the host/port
> pairs in the internal connection tracking table. On ungraceful reconnects,
> the new TCP connection will have same the host/port pairs but unexpected
> sequence numbers. The new connection will be assumed as invalid hence and
> be dropped.
>
> It would be nice when local port can be configured to be bound to a
> random port number. After reading code,
>
> | else if (streq (p[0], "lport") && p[1])
> | ...
> | port = atoi (p[1]);
> |- if (!legal_ipv4_port (port))
> |+ if (port != 0 && !legal_ipv4_port (port))
> | {
>
> in options.c seems to be the only required change.
>
> This has been discussed here:
> <http://thread.gmane.org/gmane.network.openvpn.user/28622>
>
> Signed-off-by: David Sommerseth <d...@users.sourceforge.net>
> ---
> options.c | 2 +-
> 1 files changed, 1 insertions(+), 1 deletions(-)
>
This patch has been applied to the bugfix2.1 branch
commit 9bd1cd1b0014041ebff2c2bc9d5614d0bec5f6db
It will be merged into the allmerged branch when we get in a few more
patches which are in the pipe now.
kind regards,
David Sommerseth
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAkuMR/8ACgkQDC186MBRfrosfwCfbo0XMqE6qshPUyNXA1FnbeKr
/BEAoJbPyBsGnfs8kDHrY4uIN5l9OHPj
=Ojpb
-----END PGP SIGNATURE-----
