Message ID | 20221130165712.159683-1-arne@rfc2549.org |
---|---|
State | Accepted |
Headers | show |
Series | [Openvpn-devel] Signal USR1 when connection initialising fails | expand |
Acked-by: Gert Doering <gert@greenie.muc.de> Lovingly called "the Lala Land patch" - without this, on P2P NCP fail, openvpn goes to lala land, sitting there, knowing it has no way to encrypt a packet for the peer, and happily throwing away all packets (and on a p2p server, being generally unwilling to do anything useful even on reconnect). With the patch, it restarts the instance (SIGUSR1), and the next "proper" client connection can then succeed. 2022-11-30 21:42:09 us=594531 ERROR: failed to negotiate cipher with peer and --data-ciphers-fallback not enabled. No usable data channel cipher 2022-11-30 21:42:09 us=594617 ERROR: Failed to apply P2P negotiated protocol options 2022-11-30 21:42:09 us=594852 TCP/UDP: Closing socket 2022-11-30 21:42:09 us=594925 Closing TUN/TAP interface Your patch has been applied to the master branch. commit 8187bbba5cdfa46fec2595f5f05384fd77eb5714 Author: Arne Schwabe Date: Wed Nov 30 17:57:12 2022 +0100 Signal USR1 when connection initialising fails Signed-off-by: Arne Schwabe <arne@rfc2549.org> Acked-by: Gert Doering <gert@greenie.muc.de> Message-Id: <20221130165712.159683-1-arne@rfc2549.org> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg25596.html Signed-off-by: Gert Doering <gert@greenie.muc.de> -- kind regards, Gert Doering
diff --git a/src/openvpn/forward.c b/src/openvpn/forward.c index 37340aef5..1b418b1bc 100644 --- a/src/openvpn/forward.c +++ b/src/openvpn/forward.c @@ -344,7 +344,10 @@ check_connection_established(struct context *c) } else { - do_up(c, false, 0); + if (!do_up(c, false, 0)) + { + register_signal(c, SIGUSR1, "connection initialisation failed"); + } } event_timeout_clear(&c->c2.wait_for_connect);
When we fail initialisation the connection (e.g. P2P cipher NCP), we have a non-working connection. Even though previous version would then stay in this state, it does not really make sense to be in this state until the keepalive timeout expires and triggers a USR1 anyway. Signed-off-by: Arne Schwabe <arne@rfc2549.org> --- src/openvpn/forward.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-)