Hi, On Mon, Nov 28, 2022 at 02:35:24PM +0100, Gert Doering wrote: > Now testing the actual patch.
Doesn't work...
without 3/3, I have the
ubuntu2004 kernel: [22034799.495703] ovpn_udp_encap_recv: received data from
unknown peer (id: 1114473)
on reconnect, but at least TLS handshake succeeds.
*With* 3/3, I am back to "after half the handshake, UDP packets are
sent to the *old* peer IP+port"
2022-11-28 16:51:27 us=427942 Control Channel: TLSv1.3, cipher TLSv1.3
TLS_AES_256_GCM_SHA384, peer certificate: 2048 bit RSA, signature: RSA-SHA256
2022-11-28 16:54:06 us=24986 TLS: new session incoming connection from
[AF_INET6]::ffff:194.97.140.5:43940
2022-11-28 16:54:06 us=26336 read UDPv6 [ECONNREFUSED]: Connection refused
(fd=4,code=111)
2022-11-28 16:54:08 us=115117 read UDPv6 [ECONNREFUSED]: Connection refused
(fd=4,code=111)
2022-11-28 16:54:08 us=379075 read UDPv6 [ECONNREFUSED]: Connection refused
(fd=4,code=111)
and in tcpdump...
client -> server
16:54:37.726666 IP 194.97.140.5.43940 > 195.30.8.84.51201: UDP, length 14
server -> client
16:54:37.728030 IP6 2001:608:1:995a:250:56ff:febb:2084.51201 >
2001:608:0:814::fb00:14.14151: UDP, length 22
16:54:37.728081 IP6 2001:608:0:814::fb00:14 >
2001:608:1:995a:250:56ff:febb:2084: ICMP6, destination unreachable, unreachable
port, 2001:608:0:814::fb00:14 udp port 14151, length 78
meh.
gert
--
"If was one thing all people took for granted, was conviction that if you
feed honest figures into a computer, honest figures come out. Never doubted
it myself till I met a computer with a sense of humor."
Robert A. Heinlein, The Moon is a Harsh Mistress
Gert Doering - Munich, Germany [email protected]
signature.asc
Description: PGP signature
_______________________________________________ Openvpn-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openvpn-devel
