Hi, On Wed, Oct 21, 2015 at 4:48 PM, Gert Doering <g...@greenie.muc.de> wrote:
> Hi, > > On Wed, Oct 21, 2015 at 04:37:57PM -0400, Selva Nair wrote: > > If I'm not mistaken, persist-remote-ip pre-dates connection-list support. > > With multiple options conditionally depending on each other, such > seemingly > > unexpected behaviour is no surprise.. Call it feature or a bug. The user > > asked for persist-remote-ip which the manual says will persist both IP > and > > port, so why expect something else. > > If the documentation says so, it's not a bug. Just a weird feature, which > we might want to eventually print a warning about... > The manpage says --persist-remote-ip Preserve most recently authenticated remote IP address and port number across SIGUSR1 or --ping-restart restarts. Which is not totally correct -- the IP persists even when its not a previously authenticated one. Even if that is fixed, many users may not realize all the implications. So, yes, it would be useful to add a warning to not to use it with multiple remotes or connection lists. The strange thing is that it will most likely use the same IP even after a SIGHUP restart or SIGKILL + manual restart, unless the multiple IPs are obtained by name resolution or random is also specified. That's why I say its worth considering getting rid of that option. Selva
------------------------------------------------------------------------------
_______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users