Dear Thomas,
> The ovpn_dco_v2 module built from the snapshot in trixie/stable
(0.0+git20241121-1) contains a use-after-free in the peer-deletion path
that causes a kernel NULL-pointer dereference under high client
connect/disconnect concurrency. It is fixed upstream (commit f74c59a7,
2026-05-14) but the fix is not present in any released Debian version.
Thanks for reporting this.
While I agree with Fabio's statement that bpo kernel+openvpn is a viable
alternative and possibly more battle-tested than ovpn-dco-v2 already,
this is still a bug that should be fixed in stable.
I have uploaded the most recent upstream version to unstable and I have
prepared a version for trixie cherry-picking both commits you mention. A
test package is available at
https://people.debian.org/~berni/openvpn-dco-dkms/openvpn-dco-dkms_0.0+git20241121-1+deb13u1_all.deb
Could you please give this package a test-run?
Bernhard