diff mbox series

[Openvpn-devel,v2] socket: restore per-connection lport override over global default

Message ID 20260316134841.28362-1-gert@greenie.muc.de
State New
Headers show
Series [Openvpn-devel,v2] socket: restore per-connection lport override over global default | expand

Commit Message

Gert Doering March 16, 2026, 1:48 p.m. UTC 
From: Gianmarco De Gregori <gianmarco@mandelbit.com>

OpenVPN 2.7.x introduced a regression where --lport specified
inside a <connection> block did not override a globally defined
local port. As a result, the socket was bound to the global
default port instead of the per-connection value.

Adjust the socket local_port selection logic to honour
local_port_defined when set for the active connection profile.

This change restores the documented and previously working
behaviour from 2.6.x, where connection-level lport takes
precedence over global defaults.

Github: #995

Change-Id: I7cf5d5ef7e2531f397ad97baf4663e3763072f6b
Signed-off-by: Gianmarco De Gregori <gianmarco@mandelbit.com>
Acked-by: Antonio Quartulli <antonio@mandelbit.com>
Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1555
---

This change was reviewed on Gerrit and approved by at least one
developer. I request to merge it to master.

Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1555
This mail reflects revision 2 of this Change.

Acked-by according to Gerrit (reflected above):
Antonio Quartulli <antonio@mandelbit.com>

Comments

Gert Doering March 30, 2026, 11:28 a.m. UTC | #1 
Thanks for the fix.

The change passes all BB and t_server tests, though this is mostly 
meaningless here - no <connection> blocks are excercised.  So I ran
this with a quick local config setup, with a global --lport and 
two <connection> profiles, one of them with a local --lport, verifying
that it indeed is honoured.

Your patch has been applied to the master and release/2.7 branch (bugfix).

commit 7ac5f89023b2c2870a210016a862ec042f709bb7 (master)
commit b5039975bf629d33fbff0b0feae6d072378e7edc (release/2.7)
Author: Gianmarco De Gregori
Date:   Mon Mar 16 14:48:36 2026 +0100

     socket: restore per-connection lport override over global default

     Signed-off-by: Gianmarco De Gregori <gianmarco@mandelbit.com>
     Acked-by: Antonio Quartulli <antonio@mandelbit.com>
     Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1555
     Message-Id: <20260316134841.28362-1-gert@greenie.muc.de>
     URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg36164.html
     Signed-off-by: Gert Doering <gert@greenie.muc.de>


--
kind regards,

Gert Doering
diff mbox series

Patch

diff --git a/src/openvpn/socket.c b/src/openvpn/socket.c
index 8d2d110..3c1d734 100644
--- a/src/openvpn/socket.c
+++ b/src/openvpn/socket.c
@@ -1357,6 +1357,13 @@ 
         proto = o->ce.proto;
     }
 
+    /* If --lport is specified in a client connection block,
+     * it takes precedence over the global setting. */
+    if (o->mode == MODE_POINT_TO_POINT && o->ce.local_port_defined)
+    {
+        port = o->ce.local_port;
+    }
+
     if (c->mode == CM_CHILD_TCP || c->mode == CM_CHILD_UDP)
     {
         struct link_socket *tmp_sock = NULL;