Hi, On 16/05/2022 20:56, Kristof Provost via Openvpn-devel wrote:
From: Kristof Provost <k...@freebsd.org>Signed-off-by: Kristof Provost <kprov...@netgate.com> --- src/openvpn/init.c | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/src/openvpn/init.c b/src/openvpn/init.c index 0d991ba4..701749cd 100644 --- a/src/openvpn/init.c +++ b/src/openvpn/init.c @@ -2232,6 +2232,21 @@ do_deferred_p2p_ncp(struct context *c) msg(D_TLS_ERRORS, "ERROR: failed to set crypto cipher"); return false; } + + if (dco_enabled(&c->options) && (c->options.ping_send_timeout || c->c2.frame.mss_fix)) + { + int ret = dco_set_peer(&c->c1.tuntap->dco, + c->c2.tls_multi->peer_id, + c->options.ping_send_timeout, + c->options.ping_rec_timeout, + c->c2.frame.mss_fix); + if (ret < 0) + { + msg(D_DCO, "Cannot set DCO peer: %s", strerror(-ret)); + return false; + } + } +
unless I am missing something, I don't think we need another dco_set_peer call.
It should be enough to move the invocation of dco_set_peer in finish_options at the very top, before any attempt of bailing out.
Regards, -- Antonio Quartulli _______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
