P2P mode with pre-shared key is deprecated, unsecure and should NOT be used. This said we still carry it around for a bit and we have to make sure it does not fights with DCO.
Disable DCO at all when --secret is specified. Signed-off-by: Antonio Quartulli <a...@unstable.cc> --- src/openvpn/dco.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/src/openvpn/dco.c b/src/openvpn/dco.c index d599dd7e..1cd698bf 100644 --- a/src/openvpn/dco.c +++ b/src/openvpn/dco.c @@ -274,6 +274,12 @@ dco_check_startup_option(int msglevel, const struct options *o) return false; } + if (o->shared_secret_file) + { + msg(msglevel, "--secret is set. Disabling data channel offload"); + return false; + } + if (dev_type_enum(o->dev, o->dev_type) != DEV_TYPE_TUN) { msg(msglevel, "Note: dev-type not tun, disabling data channel offload."); -- 2.37.4 _______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel