@@ -225,7 +225,20 @@ dco_update_keys(dco_context_t *dco, struct tls_multi *multi)
bool
dco_check_startup_option_conflict(int msglevel, const struct options *o)
{
-#if defined(TARGET_LINUX)
+#if defined(_WIN32)
+ if (o->mode == MODE_SERVER)
+ {
+ msg(msglevel, "Only client and p2p data channel offload is supported "
+ "with ovpn-dco-win.");
+ return false;
+ }
+
+ if (o->persist_tun)
+ {
+ msg(msglevel, "--persist-tun is not supported with ovpn-dco-win.");
+ return false;
+ }
+#elif defined(TARGET_LINUX)
/* if the device name is fixed, we need to check if an interface with this
* name already exists. IF it does, it must be a DCO interface, otherwise
* DCO has to be disabled in order to continue.
@@ -250,7 +263,7 @@ dco_check_startup_option_conflict(int msglevel, const struct options *o)
strerror(-ret), ret);
}
}
-#endif /* if defined(TARGET_LINUX) */
+#endif /* if defined(_WIN32) */
#if defined(HAVE_LIBCAPNG)
/* DCO can't operate without CAP_NET_ADMIN. To retain it when switching user
@@ -3669,10 +3669,16 @@ options_postprocess_mutate(struct options *o, struct env_set *es)
"incompatible with each other.");
}
- /* check if any option should force disabling DCO */
#if defined(TARGET_LINUX) || defined(TARGET_FREEBSD)
+ /* check if any option should force disabling DCO */
o->tuntap_options.disable_dco = !dco_check_option_conflict(D_DCO, o)
|| !dco_check_startup_option_conflict(D_DCO, o);
+#elif defined(_WIN32)
+ /* in Windows we have no 'fallback to non-DCO' strategy, so if a conflicting
+ * option is found, we simply bail out by means of M_USAGE
+ */
+ dco_check_option_conflict(M_USAGE, o);
+ dco_check_startup_option_conflict(M_USAGE, o);
#endif
if (dco_enabled(o) && o->dev_node)