Hi,
On Wed, Oct 21, 2015 at 4:48 PM, Gert Doering <g...@greenie.muc.de> wrote:
> Hi,
>
> On Wed, Oct 21, 2015 at 04:37:57PM -0400, Selva Nair wrote:
> > If I'm not mistaken, persist-remote-ip pre-dates connection-list support.
> > With multiple options conditionally depending on each other, such
> seemingly
> > unexpected behaviour is no surprise.. Call it feature or a bug. The user
> > asked for persist-remote-ip which the manual says will persist both IP
> and
> > port, so why expect something else.
>
> If the documentation says so, it's not a bug. Just a weird feature, which
> we might want to eventually print a warning about...
>
The manpage says
--persist-remote-ip
Preserve most recently authenticated remote IP address
and port number across SIGUSR1 or
--ping-restart restarts.
Which is not totally correct -- the IP persists even when its not a
previously authenticated one. Even if that is fixed, many users may not
realize all the implications. So, yes, it would be useful to add a warning
to not to use it with multiple remotes or connection lists. The strange
thing is that it will most likely use the same IP even after a SIGHUP
restart or SIGKILL + manual restart, unless the multiple IPs are obtained
by name resolution or random is also specified.
That's why I say its worth considering getting rid of that option.
Selva
------------------------------------------------------------------------------
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
