> Is it a different problem than with an unknown ip address allowed to connect > to a single port ? > > Does somebody know about an udp server forking and using different ports, with > code available, of course ;-). > > I may be wrong, but I think that it is not common because in the classical > udp servers all the datagramms carry an identifier, or just need a response > and no long term association. Thus there is no need of forking. In the > openvpn case, there is a need of multi packet exchange during tls auth and > afterwards a long term tunnel is established.
When I first read this, I thought as you did, no udp server forks like that. Stuff like dns-servers respond as soon as they can and drop what they can't handle. But then nfs-servers struck me. Whatever they do, when they have literally hundreds of udp clients transferring files must work for OpenVPN too. I can't really see a difference between nfs handles and OpenVPN tls-stuff, but that might be me. =) I know NFS is stateless, but in this case I can't see what that might make nfs differ from OpenVPN in regards of handling hundreds of clients that all "call in" on the same udp port (2049 IIRC) and start long conversations with the fileserver. nfs clients might talk less in regards of authentications and have some u_int32 for id, but apart from that, they do function somewhat alike. Just my 0.02 euros. -- Jan Johansson (jan.johans...@biomatsys.com) BioMat System AB Klarabergsgatan 37, III SE-111 21 Stockholm, Sweden Phone: +46-(0)8-233500, Fax: +46-(0)70-3873952 THIS COMMUNICATION IS ONLY INTENDED FOR THE USE OF THE INDIVIDUAL, OR ENTITY, TO WHICH IT IS DIRECTED AND MAY CONTAIN INFORMATION THAT IS PRIVILEGED, CONFIDENTIAL AND EXEMPT FROM DISCLOSURE UNDER APPLICABLE LAW. IF RECEIVED IN ERROR: PLEASE NOTIFY US IMMEDIATELY THROUGH i...@biomatsys.com.
signature.asc
Description: This is a digitally signed message part
