Attention is currently required from: flichtenheld, ordex, stipa.
Hello flichtenheld, ordex, plaisthos,
I'd like you to reexamine a change. Please visit
http://gerrit.openvpn.net/c/openvpn/+/856?usp=email
to look at the new patch set (#2).
The following approvals got outdated and were removed:
Code-Review+1 by ordex
Change subject: multi.c: add iroutes after dco peer is added
......................................................................
multi.c: add iroutes after dco peer is added
This doesn't matter for Linux and FreeBSD but matters
for dco-win, where iroute subnet is mapped to a peer
context, which means that peer has to be created before
iroute is added.
Change-Id: I1cac0f036504c87205a3c97589a94a662cf79b99
Signed-off-by: Lev Stipakov <[email protected]>
---
M src/openvpn/multi.c
1 file changed, 29 insertions(+), 24 deletions(-)
git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/56/856/2
diff --git a/src/openvpn/multi.c b/src/openvpn/multi.c
index d1b2c8c..82fcf17 100644
--- a/src/openvpn/multi.c
+++ b/src/openvpn/multi.c
@@ -2441,6 +2441,35 @@
ifconfig_constraint_network, ifconfig_constraint_netmask);
}
+ /* set our client's VPN endpoint for status reporting purposes */
+ mi->reporting_addr = mi->context.c2.push_ifconfig_local;
+ mi->reporting_addr_ipv6 = mi->context.c2.push_ifconfig_ipv6_local;
+
+ /* set context-level authentication flag */
+ mi->context.c2.tls_multi->multi_state = CAS_CONNECT_DONE;
+
+ /* Since dco-win maintains iroute routing table (subnet -> peer),
+ * peer must be added before iroutes. For other platforms it doesn't
matter. */
+
+ /* authentication complete, calculate dynamic client specific options */
+ if (!multi_client_set_protocol_options(&mi->context))
+ {
+ mi->context.c2.tls_multi->multi_state = CAS_FAILED;
+ }
+ /* only continue if setting protocol options worked */
+ else if (!multi_client_setup_dco_initial(m, mi, &gc))
+ {
+ mi->context.c2.tls_multi->multi_state = CAS_FAILED;
+ }
+ /* Generate data channel keys only if setting protocol options
+ * and DCO initial setup has not failed */
+ else if (!multi_client_generate_tls_keys(&mi->context))
+ {
+ mi->context.c2.tls_multi->multi_state = CAS_FAILED;
+ }
+
+ /* dco peer has been added, it is now safe for Windows to add iroutes */
+
/*
* For routed tunnels, set up internal route to endpoint
* plus add all iroute routes.
@@ -2488,30 +2517,6 @@
multi_instance_string(mi, false, &gc));
}
- /* set our client's VPN endpoint for status reporting purposes */
- mi->reporting_addr = mi->context.c2.push_ifconfig_local;
- mi->reporting_addr_ipv6 = mi->context.c2.push_ifconfig_ipv6_local;
-
- /* set context-level authentication flag */
- mi->context.c2.tls_multi->multi_state = CAS_CONNECT_DONE;
-
- /* authentication complete, calculate dynamic client specific options */
- if (!multi_client_set_protocol_options(&mi->context))
- {
- mi->context.c2.tls_multi->multi_state = CAS_FAILED;
- }
- /* only continue if setting protocol options worked */
- else if (!multi_client_setup_dco_initial(m, mi, &gc))
- {
- mi->context.c2.tls_multi->multi_state = CAS_FAILED;
- }
- /* Generate data channel keys only if setting protocol options
- * and DCO initial setup has not failed */
- else if (!multi_client_generate_tls_keys(&mi->context))
- {
- mi->context.c2.tls_multi->multi_state = CAS_FAILED;
- }
-
/* send push reply if ready */
if (mi->context.c2.push_request_received)
{
--
To view, visit http://gerrit.openvpn.net/c/openvpn/+/856?usp=email
To unsubscribe, or for help writing mail filters, visit
http://gerrit.openvpn.net/settings
Gerrit-Project: openvpn
Gerrit-Branch: master
Gerrit-Change-Id: I1cac0f036504c87205a3c97589a94a662cf79b99
Gerrit-Change-Number: 856
Gerrit-PatchSet: 2
Gerrit-Owner: stipa <[email protected]>
Gerrit-Reviewer: flichtenheld <[email protected]>
Gerrit-Reviewer: ordex <[email protected]>
Gerrit-Reviewer: plaisthos <[email protected]>
Gerrit-CC: openvpn-devel <[email protected]>
Gerrit-Attention: flichtenheld <[email protected]>
Gerrit-Attention: ordex <[email protected]>
Gerrit-Attention: stipa <[email protected]>
Gerrit-MessageType: newpatchset
_______________________________________________
Openvpn-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
