Hi Gert, Yes the problem remains (see below)..
On Wed, Oct 21, 2015 at 2:50 PM, Gert Doering <g...@greenie.muc.de> wrote: > hi, > On Wed, Oct 21, 2015 at 01:14:26PM -0400, Selva Nair wrote: > > Why? Because of this line in the config: > > > > persist-remote-ip > [..] > > That will keep trying X:1194 only with whatever protocol is defined > before > > those lines (or udp by default), if persist-remote-ip is also specified. > > This is an unfortunate side-effect of that option. > Ouch. > Could you re-test whether this is still true with git master, please? > (That part of the socked/IP handling got totally rewritten, so "it should > not do that" anymore - but if it does, it's a bug, and should be fixed) I never use persist-remote-ip, noticed it only on testing the OP's config. But it looks like this problem was there for a long time ever since connection lists were introduced. Surely a weird "feature", if not a bug. Just tested using git (master/825b3272acb353e0) from github -- github is refusing connections right now so I'm behind last three commits.. The problem is still there.. In config: <connection> remote myserver 443 <-- myserver resolves to a single ipv4 IP proto tcp </connection> <connection> remote myserver 1194 <-- same server as above, different port and udp proto udp </connection> persist-remote-ip TCP port 443 is firewalled, so it should connect to 1194 with udp Log: Wed Oct 21 15:57:18 2015 OpenVPN 2.3_git [git:master/825b3272acb353e0] x86_64-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH] [IPv6] built on Oct 21 2015 Wed Oct 21 15:57:18 2015 library versions: OpenSSL 1.0.1e 11 Feb 2013, LZO 2.06 Wed Oct 21 15:57:18 2015 setsockopt(IPV6_V6ONLY=0) Wed Oct 21 15:57:18 2015 MANAGEMENT: TCP Socket listening on [AF_INET6]::1:7500 Wed Oct 21 15:57:18 2015 Control Channel Authentication: using 'keys/xx_ta.key' as a OpenVPN static key file ... Wed Oct 21 15:57:18 2015 TCP/UDP: Preserving recently used remote address: [AF_INET]xx.xx.xx.xx:443 Wed Oct 21 15:57:18 2015 Socket Buffers: R=[87380->131072] S=[16384->131072] Wed Oct 21 15:57:18 2015 Attempting to establish TCP connection with [AF_INET]xx.xx.xx.xx:443 [nonblock] Wed Oct 21 15:57:19 2015 TCP connection established with [AF_INET]xx.xx.xx.xx:443 Wed Oct 21 15:57:19 2015 TCP_CLIENT link local: (not bound) Wed Oct 21 15:57:19 2015 TCP_CLIENT link remote: [AF_INET]xx.xx.xx.xx:443 Wed Oct 21 15:57:19 2015 Connection reset, restarting [0] Wed Oct 21 15:57:19 2015 SIGUSR1[soft,connection-reset] received, process restarting Wed Oct 21 15:57:19 2015 Restart pause, 5 second(s) So far so good Wed Oct 21 15:57:24 2015 Control Channel Authentication: using 'keys/xx_ta.key' as a OpenVPN static key file Wed Oct 21 15:57:24 2015 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication Wed Oct 21 15:57:24 2015 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication Wed Oct 21 15:57:24 2015 TCP/UDP: Preserving recently used remote address: [AF_INET]xx.xx.xx.xx:443 Wed Oct 21 15:57:24 2015 TCP/UDP: Preserving recently used remote address: [AF_INET]xx.xx.xx.xx:443 Wed Oct 21 15:57:24 2015 Socket Buffers: R=[87380->131072] S=[16384->131072] Wed Oct 21 15:57:24 2015 UDP link local (bound): [AF_INET][undef]:1194 Wed Oct 21 15:57:24 2015 UDP link remote: [AF_INET]xx.xx.xx.xx:443 Its trying UDP next but port stays at 443 Thanks, Selva
------------------------------------------------------------------------------
_______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
