Acked-by: Gert Doering <g...@greenie.muc.de> Indeed, that fixes the p2p dco reconnect problem we had with FreeBSD, and with "verb 6" debugging one can nicely see what happens:
14:28:55 P2P mode NCP negotiation result: TLS_export=1, DATA_v2=1, peer-id 10167064, cipher=AES-256-GCM reconnect, then 14:29:17 P2P mode NCP negotiation result: TLS_export=1, DATA_v2=1, peer-id 3502029, cipher=AES-256-GCM 14:29:17 dco_del_key: peer-id 10167064, slot 0 14:29:18 dco_del_peer: peer-id 10167064 14:29:18 dco_new_peer: peer-id 3502029, fd 7 14:29:18 process_incoming_dco: received message for mismatching peer-id 10167064, expected 3502029 (and we ignore this, not killing the new 3502029 peer) My own pokings in kernel space confirmed what I assumed - we just add peers, and they do not expire quickly. So after the first reconnect, without this patch, we have 2 peers in kernel with no vpn_ip address, so "lookup on nexthop" is not working, and that particular ovpn(4) interface is dead until ifdown/ifup or all the peers expire. I did experiment with a kernel patch that will remove all existing peers on install of a new p2p peer - and that worked, kernel side, but confused OpenVPN for the reasons we have a new "check the peer id!" check in this patch... so we need this patch anyway, obsoleting the need for a kernel patch... Tested on - FreeBSD 14 / CURRENT DCO, client and server - Ubuntu 20.04, Linux DCO, client and server - Gentoo, Linux with no DCO, client and server Your patch has been sho(u|o)ted into to the master branch. commit 0f7c5dde1bbd23353467ebd549ae955a6a03746f Author: Arne Schwabe Date: Thu Dec 1 12:01:28 2022 +0100 Allow reconnecting in p2p mode work under FreeBSD Signed-off-by: Arne Schwabe <a...@rfc2549.org> Acked-by: Gert Doering <g...@greenie.muc.de> Message-Id: <20221201110128.271064-1-a...@rfc2549.org> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg25602.html Signed-off-by: Gert Doering <g...@greenie.muc.de> -- kind regards, Gert Doering _______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel