-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Resending it to openvpn-devel list, to hit the right audience.
kind regards,
David Sommerseth
On 08/01/10 10:39, Enrico Scholz wrote:
> Hi,
>
> I am running a multihomed host where 'local <extip>' must be specified
> for proper operation. Unfortunately, this implies 'lport 1194' or
> another static port.
>
> This causes problems with stateful firewalls which register the host/port
> pairs in the internal connection tracking table. On ungraceful reconnects,
> the new TCP connection will have same the host/port pairs but unexpected
> sequence numbers. The new connection will be assumed as invalid hence and
> be dropped.
>
> It would be nice when local port can be configured to be bound to a
> random port number. After reading code,
>
> | else if (streq (p[0], "lport") && p[1])
> | ...
> | port = atoi (p[1]);
> |- if (!legal_ipv4_port (port))
> |+ if (port != 0 && !legal_ipv4_port (port))
> | {
>
> in options.c seems to be the only required change.
>
>
>
> Enrico
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAktHTyMACgkQDC186MBRfrrceACfT7IdVvNZU5VxIVQG1A19pmue
4dEAn1FEYwDky5BekueF/rELX7jVOfUK
=zjPt
-----END PGP SIGNATURE-----
