Hi, On Mon, Nov 28, 2022 at 02:35:24PM +0100, Gert Doering wrote: > Now testing the actual patch.
Doesn't work... without 3/3, I have the ubuntu2004 kernel: [22034799.495703] ovpn_udp_encap_recv: received data from unknown peer (id: 1114473) on reconnect, but at least TLS handshake succeeds. *With* 3/3, I am back to "after half the handshake, UDP packets are sent to the *old* peer IP+port" 2022-11-28 16:51:27 us=427942 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 2048 bit RSA, signature: RSA-SHA256 2022-11-28 16:54:06 us=24986 TLS: new session incoming connection from [AF_INET6]::ffff:194.97.140.5:43940 2022-11-28 16:54:06 us=26336 read UDPv6 [ECONNREFUSED]: Connection refused (fd=4,code=111) 2022-11-28 16:54:08 us=115117 read UDPv6 [ECONNREFUSED]: Connection refused (fd=4,code=111) 2022-11-28 16:54:08 us=379075 read UDPv6 [ECONNREFUSED]: Connection refused (fd=4,code=111) and in tcpdump... client -> server 16:54:37.726666 IP 194.97.140.5.43940 > 195.30.8.84.51201: UDP, length 14 server -> client 16:54:37.728030 IP6 2001:608:1:995a:250:56ff:febb:2084.51201 > 2001:608:0:814::fb00:14.14151: UDP, length 22 16:54:37.728081 IP6 2001:608:0:814::fb00:14 > 2001:608:1:995a:250:56ff:febb:2084: ICMP6, destination unreachable, unreachable port, 2001:608:0:814::fb00:14 udp port 14151, length 78 meh. gert -- "If was one thing all people took for granted, was conviction that if you feed honest figures into a computer, honest figures come out. Never doubted it myself till I met a computer with a sense of humor." Robert A. Heinlein, The Moon is a Harsh Mistress Gert Doering - Munich, Germany g...@greenie.muc.de
signature.asc
Description: PGP signature
_______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel