On 11/05/16 17:54, Eric F Crist wrote: > Why try to connect to the process itself? I think a standard ICMP ping > to the server address should be sufficient for your test.
This implies that the OpenVPN servers respond to ICMP echo requests, and that there is no "firewall" in between which lets ICMP pass but not OpenVPN connections. I think it makes a lot of sense to probe servers using a real connect - even though it usually takes longer time ... and it will be far more complex process all in all. -- kind regards, David Sommerseth > On 2016-05-11 10:41, Paul Garnier wrote: >> Hello, >> >> I’m actually trying to add an option in openvpn which will allow the >> client to connect to the server with the lowest latency in his remote >> list. For now there are only two options to choose between servers : >> “--REMOTE-RANDOM” which randomize the order of the address list, >> the default one which will try the hosts in the order of the config >> file, and I want to add a 3rd one. To start I want to do it for udp >> and unix servers and clients. >> >> I’m a beginner in things like this so I started very simply : I >> wrote a little program in C to ping a host:port using udp but I >> can’t get an answer from an openvpn server. The only way I found to >> get an answer was to make the packet I send look like the start of a >> TLS transaction, but because of the TLS processing I can only get the >> first ping right, after it takes way too long to come back to be >> accurate. >> >> So I started digging in the source code to find where my packet is >> thrown away and why I don’t get any answer (even an error message >> would be enough). I’ve found how a “normal” packet is sent but >> what I want is the latency with the server, not in the tunnel. I >> don’t want to establish a connection to test my link with each >> server and, how I understand it, if I want use function like >> ENCRYPT_SIGN() so my packet is recognized I need to have a tunnel set. >> I can’t replicate how the existing PING and OCC packets are sent. >> >> What I would like to know is : >> >> - where my packet is processed and rejected ? >> >> - why I don't get any answer at all nor an error message on my server >> ? >> >> - is there a major issue making what I want to do impossible ? >> >> Kind regards, >> >> Paul Garnier >> ------------------------------------------------------------------------------ >> Mobile security can be enabling, not merely restricting. Employees who >> bring their own devices (BYOD) to work are irked by the imposition of >> MDM >> restrictions. Mobile Device Manager Plus allows you to control only the >> apps on BYO-devices by containerizing them, leaving personal data >> untouched! >> https://ad.doubleclick.net/ddm/clk/304595813;131938128;j >> _______________________________________________ >> Openvpn-devel mailing list >> Openvpn-devel@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/openvpn-devel > > ------------------------------------------------------------------------------ > Mobile security can be enabling, not merely restricting. Employees who > bring their own devices (BYOD) to work are irked by the imposition of MDM > restrictions. Mobile Device Manager Plus allows you to control only the > apps on BYO-devices by containerizing them, leaving personal data untouched! > https://ad.doubleclick.net/ddm/clk/304595813;131938128;j > _______________________________________________ > Openvpn-devel mailing list > Openvpn-devel@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/openvpn-devel >
signature.asc
Description: OpenPGP digital signature
