Hi, Gert > > That "fix for real" is about persist_remote_ip option as far as I > > understand, not directly related to this fatal assert fix. > > Well, the whole preresolve / connection entry "complex" is old and has been > extended and updated a few times, and your SVR patch also builds on top of > that.
That's true, I hit this assert for SRV initially, 'coz same advancing logic was used, v5 version is upcoming following this commit. > At some point, refactoring is needed... > (We have some other thing to consider which is even more intrusive - when we > reconnect to a different IP address, and that new IP address is currently routed > into the tunnel, we need to set up new /32 host routes before moving to a new > server can work... openvpn3, as I understand, sets up "all host routes!" right at > the start, but that might or might not be the best solution either) New address is being handled in disconnected (yet) state, so tunnel routes should not be active, since 2.x supports at most one tunnel active. While this is preserved, /32 host route can be made anytime between resolved state and connection attempt, sounds not so intrusive, if I got you right. Meanwhile, "--persist-remote-ip" documented as "Preserve most recently authenticated remote IP address and port number across SIGUSR1 and --ping-restart". Current implementation doesn't follow it precisely, instead it does "Preserve most recently authenticated remote host name and port...", if that remote name resolves into multiple addresses - they will be still iterated. Guess, this is what was meant by "fix by real" > > gert > -- > "If was one thing all people took for granted, was conviction that if you feed > honest figures into a computer, honest figures come out. Never doubted it > myself till I met a computer with a sense of humor." > Robert A. Heinlein, The Moon is a Harsh Mistress > > Gert Doering - Munich, Germany g...@greenie.muc.de _______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
