[Openvpn-devel] Signal USR1 when connection initialising fails

Message ID 20221130165712.159683-1-arne@rfc2549.org
State Accepted
Headers show
Series [Openvpn-devel] Signal USR1 when connection initialising fails | expand

Commit Message

Arne Schwabe Nov. 30, 2022, 4:57 p.m. UTC
When we fail initialisation the connection (e.g. P2P cipher NCP), we have
a non-working connection. Even though previous version would then stay in
this state, it does not really make sense to be in this state until the
keepalive timeout expires and triggers a USR1 anyway.

Signed-off-by: Arne Schwabe <arne@rfc2549.org>
 src/openvpn/forward.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)


Gert Doering Nov. 30, 2022, 8:52 p.m. UTC | #1
Acked-by: Gert Doering <gert@greenie.muc.de>

Lovingly called "the Lala Land patch" - without this, on P2P NCP fail,
openvpn goes to lala land, sitting there, knowing it has no way to
encrypt a packet for the peer, and happily throwing away all packets
(and on a p2p server, being generally unwilling to do anything useful
even on reconnect).

With the patch, it restarts the instance (SIGUSR1), and the next
"proper" client connection can then succeed.

2022-11-30 21:42:09 us=594531 ERROR: failed to negotiate cipher with peer and --data-ciphers-fallback not enabled. No usable data channel cipher
2022-11-30 21:42:09 us=594617 ERROR: Failed to apply P2P negotiated protocol options
2022-11-30 21:42:09 us=594852 TCP/UDP: Closing socket
2022-11-30 21:42:09 us=594925 Closing TUN/TAP interface

Your patch has been applied to the master branch.

commit 8187bbba5cdfa46fec2595f5f05384fd77eb5714
Author: Arne Schwabe
Date:   Wed Nov 30 17:57:12 2022 +0100

     Signal USR1 when connection initialising fails

     Signed-off-by: Arne Schwabe <arne@rfc2549.org>
     Acked-by: Gert Doering <gert@greenie.muc.de>
     Message-Id: <20221130165712.159683-1-arne@rfc2549.org>
     URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg25596.html
     Signed-off-by: Gert Doering <gert@greenie.muc.de>

kind regards,

Gert Doering


diff --git a/src/openvpn/forward.c b/src/openvpn/forward.c
index 37340aef5..1b418b1bc 100644
--- a/src/openvpn/forward.c
+++ b/src/openvpn/forward.c
@@ -344,7 +344,10 @@  check_connection_established(struct context *c)
-            do_up(c, false, 0);
+            if (!do_up(c, false, 0))
+            {
+                register_signal(c, SIGUSR1, "connection initialisation failed");
+            }