Data channel keys are periodically regenarated and installed in
ovpn-dco.
However, there is a certain moment when keys are rotated in order
to elect the new primary one.
Check the key status in userspace so that kernelspace can be informed as
well when rotations happen.
Signed-off-by: Antonio Qua
As Frank said, "best viewed with diff -w" :-) - the cleanup bits are
also straightforward.
I do not have a good test case for this - but my usual client tests with
"expect AUTH_FAILED..." all pass.
Your patch has been applied to the master branch.
commit 88823adebac31958cee83572241cff9fc775a601
To better arrange the order DCO option conflict messages are printed, we
decided to first perform all needed checks on provided options and, only
at the end, if no conflict was detected, to check if DCO is really
available on the system.
This way a user gets prompted with all warnings about their
Hi,
On Mon, Dec 13, 2021 at 05:28:41PM +0100, Frank Lichtenheld wrote:
> The information provided by this is minimal
> and it makes it more difficult to provide
> deterministic builds. There are work-arounds
> for that but I think it is easier to just remove
> it completely.
>
> Allows the build
Acked-by: Gert Doering
I cannot test this (beyond "compile", but that is trivial) but the
description in
https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg24738.html
makes sense, so allowing "a limited amount" of recursion plus actually
logging when this is hit should make m
I'm not sure I understand what is happening here, exactly, but since
Arne understands management way better and ACKed this - in it goes :)
(it *looks* harmless enough).
Since I understand this to be a bugfix, applied to 2.5 as well.
Your patch has been applied to the master and release/2.5 branch
Hi,
On Thu, Jul 28, 2022 at 09:47:33PM +0200, Antonio Quartulli wrote:
> DCO will try to install keys upon generating them, however, this happens
> when parsing pushed cipher options (due to NCP).
>
> For this reason we need to postpone parsing pushed cipher options to *after*
> the tunnel interf
To better arrange the order DCO option conflict messages are printed, we
decided to first perform all needed checks on provided options and, only
at the end, if no conflict was detected, to check if DCO is really
available on the system.
This way a user gets prompted with all warnings about their
Hi,
On 01/08/2022 17:44, Frank Lichtenheld wrote:
On Thu, Jul 28, 2022 at 09:35:42PM +0200, Antonio Quartulli wrote:
Data channel keys are periodically regenarated and installed in
ovpn-dco.
However, there is a certain moment when keys are rotated in order
to elect the new primary one.
Check t
