cron2 has uploaded a new patch set (#8) to the change originally created by stipa. ( http://gerrit.openvpn.net/c/openvpn/+/856?usp=email )
The following approvals got outdated and were removed: Code-Review+2 by cron2 Change subject: multi.c: add iroutes after dco peer is added ...................................................................... multi.c: add iroutes after dco peer is added This doesn't matter for Linux and FreeBSD but matters for dco-win, where iroute subnet is mapped to a peer context, which means that peer has to be created before iroute is added. Change-Id: I1cac0f036504c87205a3c97589a94a662cf79b99 Signed-off-by: Lev Stipakov <l...@openvpn.net> Acked-by: Gert Doering <g...@greenie.muc.de> Message-Id: <20250201121102.27395-1-g...@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg30780.html Signed-off-by: Gert Doering <g...@greenie.muc.de> --- M src/openvpn/multi.c 1 file changed, 29 insertions(+), 24 deletions(-) git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/56/856/8 diff --git a/src/openvpn/multi.c b/src/openvpn/multi.c index b0e1941..96fa6cd 100644 --- a/src/openvpn/multi.c +++ b/src/openvpn/multi.c @@ -2442,6 +2442,35 @@ ifconfig_constraint_network, ifconfig_constraint_netmask); } + /* set our client's VPN endpoint for status reporting purposes */ + mi->reporting_addr = mi->context.c2.push_ifconfig_local; + mi->reporting_addr_ipv6 = mi->context.c2.push_ifconfig_ipv6_local; + + /* set context-level authentication flag */ + mi->context.c2.tls_multi->multi_state = CAS_CONNECT_DONE; + + /* Since dco-win maintains iroute routing table (subnet -> peer), + * peer must be added before iroutes. For other platforms it doesn't matter. */ + + /* authentication complete, calculate dynamic client specific options */ + if (!multi_client_set_protocol_options(&mi->context)) + { + mi->context.c2.tls_multi->multi_state = CAS_FAILED; + } + /* only continue if setting protocol options worked */ + else if (!multi_client_setup_dco_initial(m, mi, &gc)) + { + mi->context.c2.tls_multi->multi_state = CAS_FAILED; + } + /* Generate data channel keys only if setting protocol options + * and DCO initial setup has not failed */ + else if (!multi_client_generate_tls_keys(&mi->context)) + { + mi->context.c2.tls_multi->multi_state = CAS_FAILED; + } + + /* dco peer has been added, it is now safe for Windows to add iroutes */ + /* * For routed tunnels, set up internal route to endpoint * plus add all iroute routes. @@ -2489,30 +2518,6 @@ multi_instance_string(mi, false, &gc)); } - /* set our client's VPN endpoint for status reporting purposes */ - mi->reporting_addr = mi->context.c2.push_ifconfig_local; - mi->reporting_addr_ipv6 = mi->context.c2.push_ifconfig_ipv6_local; - - /* set context-level authentication flag */ - mi->context.c2.tls_multi->multi_state = CAS_CONNECT_DONE; - - /* authentication complete, calculate dynamic client specific options */ - if (!multi_client_set_protocol_options(&mi->context)) - { - mi->context.c2.tls_multi->multi_state = CAS_FAILED; - } - /* only continue if setting protocol options worked */ - else if (!multi_client_setup_dco_initial(m, mi, &gc)) - { - mi->context.c2.tls_multi->multi_state = CAS_FAILED; - } - /* Generate data channel keys only if setting protocol options - * and DCO initial setup has not failed */ - else if (!multi_client_generate_tls_keys(&mi->context)) - { - mi->context.c2.tls_multi->multi_state = CAS_FAILED; - } - /* send push reply if ready */ if (mi->context.c2.push_request_received) { -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/856?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: I1cac0f036504c87205a3c97589a94a662cf79b99 Gerrit-Change-Number: 856 Gerrit-PatchSet: 8 Gerrit-Owner: stipa <lstipa...@gmail.com> Gerrit-Reviewer: cron2 <g...@greenie.muc.de> Gerrit-Reviewer: flichtenheld <fr...@lichtenheld.com> Gerrit-Reviewer: ordex <a...@unstable.cc> Gerrit-Reviewer: plaisthos <arne-open...@rfc2549.org> Gerrit-CC: openvpn-devel <openvpn-devel@lists.sourceforge.net> Gerrit-MessageType: newpatchset
_______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
