Hi, On Sun, Nov 12, 2023 at 06:08:48PM +0000, Greg Cox wrote: > Spun this config up, then ran: > > iptables -t nat -A PREROUTING -i eth0 -p tcp -m multiport --dports 443,80 > -j REDIRECT --to-ports 1194 > > Within 5 minutes the random web scanners found and segfaulted me.
This sounds promising. Hopefully we can make it crash too with that :-)
(Focus so far was on UDP because that was the first report we got, but if
TCP gets the job done, even better).
Not totally trivial, though... "basic" openssl s_client or just plain
"GET / HTTP/1.0" will just make OpenVPN close the link, not crash...
*keeps trying*
(If you feel like debugging a bit more - could you compile an instance
without optimization, run from gdb, and when it segfaults print all
local variables of interest? i, j, ks, *ks, ks->send_reliable? We
got one variable print from Dmitry - thanks! - but the optimizer broke
printing "ks" things)
gert
--
"If was one thing all people took for granted, was conviction that if you
feed honest figures into a computer, honest figures come out. Never doubted
it myself till I met a computer with a sense of humor."
Robert A. Heinlein, The Moon is a Harsh Mistress
Gert Doering - Munich, Germany g...@greenie.muc.de
signature.asc
Description: PGP signature
_______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
