P2P mode with pre-shared key is deprecated, unsecure and should NOT be
used. This said we still carry it around for a bit and we have to make
sure it does not fights with DCO.
Disable DCO at all when --secret is specified.
Signed-off-by: Antonio Quartulli <a...@unstable.cc>
---
src/openvpn/dco.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/src/openvpn/dco.c b/src/openvpn/dco.c
index d599dd7e..1cd698bf 100644
--- a/src/openvpn/dco.c
+++ b/src/openvpn/dco.c
@@ -274,6 +274,12 @@ dco_check_startup_option(int msglevel, const struct
options *o)
return false;
}
+ if (o->shared_secret_file)
+ {
+ msg(msglevel, "--secret is set. Disabling data channel offload");
+ return false;
+ }
+
if (dev_type_enum(o->dev, o->dev_type) != DEV_TYPE_TUN)
{
msg(msglevel, "Note: dev-type not tun, disabling data channel
offload.");
--
2.37.4
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
