Hi, On 26/04/2019 15:32, Pieter Hulshoff wrote: >> Any thoughts on this matter? Is it true that this only happens with >> mbedtls, and as such should this issue be taken up with that community in >> stead of this one? Any idea on why the server would refuse a PUSH request >> for an already existing connection? >>
mbedtls is not responsible for answering PUSH_REQUEST messages. mbedtls is just the SSL library providing a number of functionalities and does not know anything about the OpenVPN protocol (which PUSH messages belong to). So, if this behaviour is different compared to when using OpenSSL, then it means there is something else behind. This said, OpenVPN has a protection that prevents a server to reply to a PUSH_REQUEST from the same client more than once within 30 seconds. Therefore if you are shutting down a client and restarting it within this short timeframe, it is expected that you won't get any PUSH_REPLY. Does this match your observations? If not, could you please mention step by step what to do to reproduce the faulty problem? This will help on two fronts: 1) allow us to better understand your case 2) allow us to replicate the issue Note: that using nobind probably fools this logic because the client will re-connect using a different source port and thus will be recognized as different. Thanks. Regards, -- Antonio Quartulli
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
