Currently we default to local binding with udp. But the majority of configuration files actually uses --nobind in the configuration to change the default for --client. And client protocols should normally use a random source port. This changes the default. Local binding with --client can still be done using --bind. --- Changes.rst | 3 ++- src/openvpn/options.c | 11 ++++------- 2 files changed, 6 insertions(+), 8 deletions(-)
diff --git a/Changes.rst b/Changes.rst index c1a04deed..95bebc4ab 100644 --- a/Changes.rst +++ b/Changes.rst @@ -120,7 +120,8 @@ PF (Packet Filtering) support has been removed User-visible Changes -------------------- - CHACHA20-POLY1305 is included in the default of ``--data-ciphers`` when available. -- Option ``--prng`` is ignored as we rely on the SSL library radnom generator. +- Option ``--prng`` is ignored as we rely on the SSL library random number generator. +- Option ``--nobind`` is default when ``--client`` or ``--pull`` is used in the configuration Overview of changes in 2.5 ========================== diff --git a/src/openvpn/options.c b/src/openvpn/options.c index 312efb36c..3aaad7bc8 100644 --- a/src/openvpn/options.c +++ b/src/openvpn/options.c @@ -2859,14 +2859,11 @@ options_postprocess_mutate_ce(struct options *o, struct connection_entry *ce) } } - if (ce->proto == PROTO_TCP_CLIENT && !ce->local - && !ce->local_port_defined && !ce->bind_defined) - { - ce->bind_local = false; - } - if (ce->proto == PROTO_UDP && ce->socks_proxy_server && !ce->local - && !ce->local_port_defined && !ce->bind_defined) + bool need_bind = ce->local || ce->local_port_defined || ce->bind_defined; + bool uses_socks = ce->proto == PROTO_UDP && ce->socks_proxy_server; + + if (!need_bind && (ce->proto == PROTO_TCP_CLIENT || uses_socks || o->pull)) { ce->bind_local = false; } -- 2.33.0 _______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel