On 09/09/12 03:30, David Sommerseth wrote:
> From: David Sommerseth <dav...@redhat.com>
>
> When the server is configured with UDP and --push statements, reconnecting
> often fails by the client never receiving PUSH_REPLY. The client sends
> PUSH_REQUEST and the server logs these requests but does not send them.
>
> This bug got introduced in commit ff65da3a230b658b2c1d52dc1a48612e80a2eb42
> which tries to avoid sending duplicated PUSH messages if the client/server
> connection is slow.
>
> This patch keeps this behaviour, but instead of a session wide PUSH_REPLY
> block it sets an expiry time for the PUSH_REPLY block. The expiry time
> is set to 30 seconds.
>
> Signed-off-by: David Sommerseth <dav...@redhat.com>
> Cc: James Yonan <ja...@openvpn.net>
> ---
> The solution here probably isn't the optimal fix, as the PUSH_REPLY block
> should be reset when the client confirms the connection is established.
> However, resetting the context's sent_push_reply variable turned out to
> be tricky, as it already was set to '0' on places it would be natural
> to reset it. However, it was always '1' in process_incoming_push_msg().
>
> Going for the timeout solution is a quick-fix as we need to have this
> issue solved before the 2.3 beta releases. If anyone have a better
> solution, please submit a patch and we can drop this one.
>
> To trigger this bug and to test this fix, configure a UDP enabled server
> with PKI (--tls-{client,server}, --key, --cert, --ca, etc) and with add
> some --push statements as well. When the initial connection has been
> established, stop the openvpn client and reconnect. The bug will result
> in server receiving and ignoring PUSH_REQUEST and the client will send
> these requests until stopped. The result is that the connection cannot
> be re-established. Two workarounds have been identified for this
> behaviour. A) Add --explicit-exit-notify to the client config,
> or B) switch from UDP to TCP. I did not manage to reproduce this on
> a single computer running both client and server, but running on separate
> computers over the Internet made it possible to trigger this issue.
>
> src/openvpn/openvpn.h | 2 +-
> src/openvpn/push.c | 7 +++++--
> 2 files changed, 6 insertions(+), 3 deletions(-)
Applied to master.
commit 5d4f5435a421299ed047485d8d99bdf9a0d22fd1
Author: David Sommerseth <dav...@redhat.com>
List-Post: openvpn-devel@lists.sourceforge.net
Date: Sun Sep 9 03:30:46 2012 +0200
Fix reconnect issues when --push and UDP is used on the server
Signed-off-by: David Sommerseth <dav...@redhat.com>
Cc: James Yonan <ja...@openvpn.net>
Acked-by: Gert Doering <g...@greenie.muc.de>
Acked-by: James Yonan <ja...@openvpn.net>
Message-Id: 1347154246-20143-1-git-send-email-d...@users.sourceforge.net
URL: http://article.gmane.org/gmane.network.openvpn.devel/7044
kind regards,
David Sommerseth
signature.asc
Description: OpenPGP digital signature
