Acked-by: Gert Doering <g...@greenie.muc.de>
This fixes the "tls/p2p reconnect with DCO breaks" problem that has
haunting us for the last months, and does not break anything else -
subjected to excessive client/server testing on Linux with/without DCO,
FreeBSD with/without DCO, and things look mostly good now.
This is:
- on *Linux*, all p2p reconnect problems are gone.
- on *FreeBSD*, I can see that it instanciates a new peer, but ping
echo reply packets never arrive at the client - I assume that this
is due to ovpn(4) having no p2p mode, so "kernel goes multipoint,
and is confused about IP/peer-id mapping" - we might need a
"delete peer" call, or kernel-side fixes.
It *also* fixes the long-standing P2P NCP reconnection issue where
"connect with AES-256-GCM, ctrl-c, reconnect with only BF-CBC" would
lead to a confused peers (without any DCO involved). Now, this just
works. Party!
I wouldn't claim to understand all the fine grained details, but the
general approach "take note on reconnect that parts of do_up() need
to be redone, and later do that" seems logical, and the code is
fairly non-hacky.
I've taken the liberty to fix a few more comments ("wihout pull" etc).
Your patch has been applied to the master branch.
commit 6c24767aa5e068ba8a4328c9efec1c01d43d6d9f
Author: Arne Schwabe
Date: Wed Nov 30 17:57:05 2022 +0100
Introduce connection state for reconnecting peer in p2p
Signed-off-by: Arne Schwabe <a...@rfc2549.org>
Acked-by: Gert Doering <g...@greenie.muc.de>
Message-Id: <20221130165705.159610-1-a...@rfc2549.org>
URL:
https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg25595.html
Signed-off-by: Gert Doering <g...@greenie.muc.de>
--
kind regards,
Gert Doering
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
