Attention is currently required from: flichtenheld, mrbff, plaisthos, stipa.
cron2 has posted comments on this change. ( http://gerrit.openvpn.net/c/openvpn/+/869?usp=email ) Change subject: PUSH_UPDATE message sender: enabling the server to send PUSH_UPDATE control messages ...................................................................... Patch Set 23: Code-Review-2 (2 comments) Patchset: PS23: There's two things that need fixing - one is a (trivial) rebase accident in manage.c (and please check if there are more of them). The other is a lack of robustness on invalid pushed options on the server side - that is, you do on the management interface ``` push-update-broad blab SUCCESS: 1 client(s) updated SUCCESS: push-update command succeeded ``` (so it claims "success") but what really happens is "the full server restarts" ``` Aug 17 18:11:40 gentoo tun-udp-p2mp[4243]: MANAGEMENT: CMD 'push-update-cid 20 -dns' Aug 17 18:11:46 gentoo tun-udp-p2mp[4243]: MANAGEMENT: CMD 'push-update-broad blab' Aug 17 18:11:46 gentoo tun-udp-p2mp[4243]: SENT CONTROL [cron2-freebsd-tc-amd64]: 'PUSH_UPDATE,blab' (status=1) Aug 17 18:11:46 gentoo tun-udp-p2mp[4243]: Pushed option is not updatable: 'blab'. Restarting. Aug 17 18:11:46 gentoo tun-udp-p2mp[4243]: Failed to process push update message sent to client ID: 0 Aug 17 18:11:46 gentoo tun-udp-p2mp[4243]: TCP/UDP: Closing socket Aug 17 18:11:46 gentoo tun-udp-p2mp[4243]: TCP/UDP: Close Socket failed: Bad file descriptor (errno=9) Aug 17 18:11:46 gentoo tun-udp-p2mp[4243]: TCP/UDP: Closing socket Aug 17 18:11:46 gentoo tun-udp-p2mp[4243]: TCP/UDP: Closing socket Aug 17 18:11:46 gentoo tun-udp-p2mp[4243]: TCP/UDP: Closing socket Aug 17 18:11:46 gentoo tun-udp-p2mp[4243]: TCP/UDP: Closing socket Aug 17 18:11:46 gentoo tun-udp-p2mp[4243]: TCP/UDP: Closing socket Aug 17 18:11:46 gentoo tun-udp-p2mp[4243]: SIGUSR1[soft,Offending option received from server] received, process restarting Aug 17 18:11:46 gentoo tun-udp-p2mp[4243]: Restart pause, 1 second(s) ``` it should not do that, but give an error on the management interface instead. If pushing "correct" stuff it works, even if the timing is a bit odd server: ``` Aug 17 18:16:01 gentoo tun-udp-p2mp[4243]: MANAGEMENT: CMD 'push-update-broad "route 10.204.0.0 255.255.240.0"' ``` client ``` 2025-08-17 18:16:12 PUSH: Received control message: 'PUSH_UPDATE,route 10.204.0.0 255.255.240.0' ``` so it took 11 seconds for the message to actually get out (clocks are in sync, and this is observable, so not a "clocks are wrong" artefact). There is something else that isn't right with pushing ifconfigs, but maybe I am doing it wrong ``` push-update-cid 2 "ifconfig 10.204.2.46 10.204.2.45" SUCCESS: 1 client(s) updated ``` client does new ifconfig. Ping server gives ``` Aug 17 18:20:08 gentoo tun-udp-p2mp[4243]: cron2-freebsd-tc-amd64/udp6:194.97.140.21:14092 MULTI: bad source address from client [10.204.2.46], packet dropped ``` so the client is using the correct source IP, but the server has not learned it. The server claims it has, though ``` Aug 17 18:19:54 gentoo tun-udp-p2mp[4243]: MULTI: Learn: 10.204.2.46/0 -> cron2-freebsd-tc-amd64/udp6:194.97.140.21:14092 ``` The /0 is a bit suspicious, for "regular" learning it prints ``` Aug 17 18:17:32 gentoo tun-udp-p2mp[4243]: MULTI: Learn: 10.204.2.6 -> cron2-freebsd-tc-amd64/udp6:194.97.140.21:14092 ``` For IPv6 it does not work either ``` Aug 17 18:23:37 gentoo tun-udp-p2mp[4243]: SENT CONTROL [cron2-freebsd-tc-amd64]: 'PUSH_UPDATE,ifconfig-ipv6 fd00:abcd:204:2::9a9a/64 fd00:abcd:204:2::1' (status=1) Aug 17 18:23:37 gentoo tun-udp-p2mp[4243]: MULTI: Learn: ::/0 -> cron2-freebsd-tc-amd64/udp6:194.97.140.21:14092 Aug 17 18:23:46 gentoo tun-udp-p2mp[4243]: cron2-freebsd-tc-amd64/udp6:194.97.140.21:14092 MULTI: bad source address from client [fd00:abcd:204:2::9a9a], packet dropped ``` why ::/0 ?!? File src/openvpn/manage.c: http://gerrit.openvpn.net/c/openvpn/+/869/comment/9d6db2f0_20959fe8 : PS23, Line 136: msg(M_CLIENT, "version [n] : Set client's version to n or show current version of daemon."); Unfortunately a rebase accident has happened here, and now this line is printed twice. While trivial to correct, project rules require that I do not do code-changes on merge. -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/869?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: Ie82bcc7a8e583de9156b185d71d1a323ed8df3fc Gerrit-Change-Number: 869 Gerrit-PatchSet: 23 Gerrit-Owner: mrbff <ma...@mandelbit.com> Gerrit-Reviewer: cron2 <g...@greenie.muc.de> Gerrit-Reviewer: flichtenheld <fr...@lichtenheld.com> Gerrit-Reviewer: plaisthos <arne-open...@rfc2549.org> Gerrit-Reviewer: stipa <lstipa...@gmail.com> Gerrit-CC: openvpn-devel <openvpn-devel@lists.sourceforge.net> Gerrit-Attention: plaisthos <arne-open...@rfc2549.org> Gerrit-Attention: flichtenheld <fr...@lichtenheld.com> Gerrit-Attention: mrbff <ma...@mandelbit.com> Gerrit-Attention: stipa <lstipa...@gmail.com> Gerrit-Comment-Date: Sun, 17 Aug 2025 16:24:32 +0000 Gerrit-HasComments: Yes Gerrit-Has-Labels: Yes Gerrit-MessageType: comment
_______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
