This disables DCO in both --secret mode and when no encryption/TLS is used. Also aligns the message with the deprecation warning we have in place.
Signed-off-by: Arne Schwabe <a...@rfc2549.org> --- src/openvpn/dco.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/src/openvpn/dco.c b/src/openvpn/dco.c index 6358d53f9..5cce3f641 100644 --- a/src/openvpn/dco.c +++ b/src/openvpn/dco.c @@ -275,9 +275,10 @@ dco_check_startup_option(int msglevel, const struct options *o) return false; } - if (o->shared_secret_file) + if (!o->tls_client && !o->tls_server) { - msg(msglevel, "--secret is set. Disabling data channel offload"); + msg(msglevel, "No tls-client or tls-server option in configuration " + "detected. Disabling data channel offload."); return false; } -- 2.37.1 (Apple Git-137.1) _______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel