Hi,
On 12/10/2022 22:43, Gert Doering wrote:
Hi,
On Wed, Oct 12, 2022 at 03:34:55PM +0200, Arne Schwabe wrote:
The lifetime and state machine of multi->peer_id does not exactly the
lifetime/state of DCO. This is especially for p2p NCP where a reconnection
can change the peer id. Also use this
Hi,
On Wed, Oct 12, 2022 at 03:34:55PM +0200, Arne Schwabe wrote:
> The lifetime and state machine of multi->peer_id does not exactly the
> lifetime/state of DCO. This is especially for p2p NCP where a reconnection
> can change the peer id. Also use this new field with value -1 to mean
> not insta
Hi Gert,
I’m still travelling today (and am due for my 5G chip update tomorrow), so
it’ll be another day or two before I can look at this in any detail, but at
first glance this looks sane.
Best regards,
Kristof
On 12 Oct 2022, at 15:38, Gert Doering wrote:
> Hi,
>
> people have alreadycomplai
For reasons unknown, OpenVPN has always put FreeBSD tun(4) interfaces
into point-to-point mode (IFF_POINTOPOINT), which means "local and
remote address, no on-link subnet".
"--topology subnet" was emulated by adding a subnet-route to the "remote"
(which was just picking a free address from the sub
To be able to configure a FreeBSD interface to "subnet" mode
(as opposed to point-to-point mode), it needs to have its
if_iflags set to IFF_BROADCAST. For tun(4) interface this is
done with the TUNSIFMODE ioctl(), but this does not work for
more modern interfaces like ovpn(4) which communicate ove
Hi,
people have alreadycomplained at me that I write so long e-mails today,
so I can write more...
On Wed, Oct 12, 2022 at 08:39:31AM +0200, Gert Doering wrote:
> Factor 1: single-peer (client or p2p) vs. multi-peer
>
> single-peer -> DCO has only 1 peer, all packets that go into the
>
This allows a reconnect in p2p mode and has the side effect of updating
the peer address with the peerid
Signed-off-by: Arne Schwabe
---
src/openvpn/forward.c | 7 +++
1 file changed, 7 insertions(+)
diff --git a/src/openvpn/forward.c b/src/openvpn/forward.c
index 8db4f2ce1..e56028c0c 10064
For tcp this makes no difference as the remote address of the
socket never changes. For udp this allows OpenVPN to differentiate
if a reconnecting client is using the same address as before or
from a different one. This allow sending via the normal userspace
socket in that case.
Signed-off-by: Arn
The lifetime and state machine of multi->peer_id does not exactly the
lifetime/state of DCO. This is especially for p2p NCP where a reconnection
can change the peer id. Also use this new field with value -1 to mean
not installed, replacing the dco_peer_added field.
Signed-off-by: Arne Schwabe
---
-}
-else
-{
-if (!write_empty_string(buf)) /* no peer info */
-{
+/* invalid value configured */
+default:
+msg(M_WARN, "Invalid peer-info-detail level %d",
session->opt->push_peer_info_detail);
goto error;
This should pro
10 matches
Mail list logo
