Attention is currently required from: flichtenheld, its_Giaan. plaisthos has posted comments on this change. ( http://gerrit.openvpn.net/c/openvpn/+/1089?usp=email )
Change subject: multipeer: introduce asymmetric peer-id ...................................................................... Patch Set 2: Code-Review-2 (6 comments) Patchset: PS2: I think there are still some things that need to be fixed. See comments File src/openvpn/multi.c: http://gerrit.openvpn.net/c/openvpn/+/1089/comment/7be28da8_ce83b435 : PS2, Line 1816: uint32_t peer_id = extract_asymmetric_peer_id(peer_info); I am somehow missing the client side/p2p that does the same and also calls extract_asymmetric_peer_id to figure out what peer-id the server wants to use. File src/openvpn/push.c: http://gerrit.openvpn.net/c/openvpn/+/1089/comment/ad29de27_05d54fe8 : PS2, Line 657: tls_multi->rx_peer_id); This will instruct the client to use that peer-id on both send/receive. The idea was to *not* push peer-id in this scenario but rather have both sides see that if the other peer has ID= in their peerinfo then they both switch to assymmetric peer-id File src/openvpn/ssl.c: http://gerrit.openvpn.net/c/openvpn/+/1089/comment/231475b7_833b9982 : PS2, Line 2043: buf_printf(&out, "ID=%x\n", peer_id); This need to be guarded by the actual DCO capability. We cannot announce this if the DCO module/implementation then cannot actually support assymetric ID support. File src/openvpn/ssl_ncp.c: http://gerrit.openvpn.net/c/openvpn/+/1089/comment/5800ddd8_05764f00 : PS2, Line 431: multi->tx_peer_id = 2033; Why the hardcoded 2033 here? Shouldn't be also 0x76706e; /* 'v' 'p' 'n' */ ? http://gerrit.openvpn.net/c/openvpn/+/1089/comment/5a725408_1afd7517 : PS2, Line 474: multi->rx_peer_id = (peerid[0] << 16) + (peerid[1] << 8) + peerid[2]; Shouldn't there be code here -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/1089?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: I0a13ee90b6706acf20eabcee3bab3f2dff639bf9 Gerrit-Change-Number: 1089 Gerrit-PatchSet: 2 Gerrit-Owner: its_Giaan <gianma...@mandelbit.com> Gerrit-Reviewer: flichtenheld <fr...@lichtenheld.com> Gerrit-Reviewer: plaisthos <arne-open...@rfc2549.org> Gerrit-CC: openvpn-devel <openvpn-devel@lists.sourceforge.net> Gerrit-Attention: its_Giaan <gianma...@mandelbit.com> Gerrit-Attention: flichtenheld <fr...@lichtenheld.com> Gerrit-Comment-Date: Thu, 17 Jul 2025 09:43:55 +0000 Gerrit-HasComments: Yes Gerrit-Has-Labels: Yes Gerrit-MessageType: comment
_______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
