From patchwork Mon Mar 16 13:48:36 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gert Doering X-Patchwork-Id: 4839 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7000:2755:b0:83c:d90d:321 with SMTP id j21csp2888451maq; Mon, 16 Mar 2026 06:48:56 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCVR/Wfk+QfyRRhkg2vgd9Waf+VgKEZOUxner37jGZzuu3R3rBlCIlDwWtxzLfeghdZtZnXhlqs7zqA=@openvpn.net X-Received: by 2002:a05:6808:10cb:b0:467:155f:8c4a with SMTP id 5614622812f47-46757557780mr7033116b6e.32.1773668935808; Mon, 16 Mar 2026 06:48:55 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1773668935; cv=none; d=google.com; s=arc-20240605; b=eE+SkGw/5d1zMgkI514IplF5GMU0jQo5Lf7b7wa1dq0RVLYJGkbOzBxQPUk3v4I8b2 HpxGIwfYzlbfQvDsOiUpAE7PMj1a/eMRzwxGNKEV09Pqg+41LwfPuwP1BS1q8/zxzmxu eDQkFCPnXy0Gkf4G483lc/LUMNKqd3HH33sP26OAjWYo/J3gsj2xtt2Hnzg8ekdJ9pwn vR9p4u+zPdoIvnlOD+jlcoKuAS1+3P4b3H2OjfkEIer1AMFE+EDmaFVacT9cA7TpNXbY NijAZV2F4iRqbOahzEjtA33vCuruI9Bfu4Q4qEdQfHq1oG3SF5JYS5atmU+ylT/WbMk2 QcJQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=errors-to:content-transfer-encoding:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:references:in-reply-to:message-id:date:to:from :dkim-signature:dkim-signature:dkim-signature; bh=wSYVWDrJA3izYiYGzV5DgoFzeTnA0Dru/OOEsAGkhTU=; fh=4NbAC/LsuMLI0S0hprUlLSLCiHwg6SCAifhH718Jh0Q=; b=Zw7vKRIYANOVwZ40WTkD61thu5O4RtX24K1AEP3V5sFuHtfFU4Be3+FAVGr0suBrCS n4oOFQ1oeE1rQeYEokoMMXQyC2PXYMmlwRLfCSB/apK14Is3q9eQlHykGsaRgMJh6Hia i7b7elMprZWMh24gXvld2J72m43Bmup4V+7YHZjFHE2NvjL44xgRPlCgvNmR0m9HFUrC fiTJQhuTTJcNmoE5TP2H3qXkG6sxUtHHucWtOLglFkfH5G533eUvhRhsY0PeXHmY2dar U+ZKDmAxUap5mRdCdpDsHV+HiId8TyBvldewwbFHwtXqSEoGJ7v4hJjf49D2/rS3ti68 ft+A==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b=IU+ZliDw; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=WQagF8zR; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=fWt7dQMe; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id 586e51a60fabf-4177e6e8563si10125414fac.230.2026.03.16.06.48.55 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Mon, 16 Mar 2026 06:48:55 -0700 (PDT) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b=IU+ZliDw; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=WQagF8zR; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=fWt7dQMe; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.sourceforge.net; s=beta; h=Content-Transfer-Encoding:Content-Type: List-Subscribe:List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id: Subject:MIME-Version:References:In-Reply-To:Message-ID:Date:To:From:Sender: Reply-To:Cc:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=wSYVWDrJA3izYiYGzV5DgoFzeTnA0Dru/OOEsAGkhTU=; b=IU+ZliDwXAGd3CMoFWnKV4c2+k r8eR57U3st3TPdbdq8dr9kqXT2ws5tqWWRY+mAjEQRQut8vkoZqoWQwVXj2U3F4S3AR/iUaVWmb3f KdOqPNoe1rmX5Cef3cKvh1sQ/CCUmZUo1iiEGh/yf+CdwhtInBkUtTuqwkRiyfjrSUyk=; Received: from [127.0.0.1] (helo=sfs-ml-1.v29.lw.sourceforge.com) by sfs-ml-1.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1w28JP-00075c-Au; Mon, 16 Mar 2026 13:48:51 +0000 Received: from [172.30.29.66] (helo=mx.sourceforge.net) by sfs-ml-1.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1w28JO-00075U-51 for openvpn-devel@lists.sourceforge.net; Mon, 16 Mar 2026 13:48:50 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-ID:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=P+f/7Vmfx6kVCRdS4mJVM9WVxHzVV8hm4/HG2rH+ch0=; b=WQagF8zRNZqzrs5AGYcZ8D14aO pPytGDAzNAB08H0ZuY32Ni7RJs51nGD7UkOFh9HF2Zs1OsAYOjdgE45BsdtKxVQezTaZAtjeWqEEb MQYs7kDLikpZogQfV5fUi6h1tXq665btUnmPtwGEGdC5QRuYgnkUz0KVGewfLJ7cmHfQ=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-ID: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=P+f/7Vmfx6kVCRdS4mJVM9WVxHzVV8hm4/HG2rH+ch0=; b=fWt7dQMe7Lzq3j5xfVs/NQ/azO fW2pzSmiPIzeKJf1WC7vXj4ozaB/pj+Ka5aS7Frf0B2U83naILKz6XQSHwBWJUalOzPFtTv/re4zw brOVWoSqH5WFoKxtOVm1ykyHKMsa14o86RBZiwIsOCdPClkc7AyW+k/2vG/+pFUgv6fA=; Received: from [193.149.48.129] (helo=blue.greenie.muc.de) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95) id 1w28JM-0007aH-PK for openvpn-devel@lists.sourceforge.net; Mon, 16 Mar 2026 13:48:50 +0000 Received: from blue.greenie.muc.de (localhost [127.0.0.1]) by blue.greenie.muc.de (8.18.1/8.18.1) with ESMTP id 62GDmfIa028379 for ; Mon, 16 Mar 2026 14:48:42 +0100 Received: (from gert@localhost) by blue.greenie.muc.de (8.18.1/8.18.1/Submit) id 62GDmf1g028378 for openvpn-devel@lists.sourceforge.net; Mon, 16 Mar 2026 14:48:41 +0100 From: Gert Doering To: openvpn-devel@lists.sourceforge.net Date: Mon, 16 Mar 2026 14:48:36 +0100 Message-ID: <20260316134841.28362-1-gert@greenie.muc.de> X-Mailer: git-send-email 2.52.0 In-Reply-To: References: MIME-Version: 1.0 X-Spam-Score: 1.3 (+) X-Spam-Report: Spam detection software, running on the system "sfi-spamd-1.hosts.colo.sdot.me", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: From: Gianmarco De Gregori OpenVPN 2.7.x introduced a regression where --lport specified inside a block did not override a globally defined local port. As a result, the socket was bound to the global default port i [...] Content analysis details: (1.3 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 1.3 RDNS_NONE Delivered to internal network by a host with no rDNS X-Headers-End: 1w28JM-0007aH-PK Subject: [Openvpn-devel] [PATCH v2] socket: restore per-connection lport override over global default X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1859826678077930220?= X-GMAIL-MSGID: =?utf-8?q?1859826678077930220?= From: Gianmarco De Gregori OpenVPN 2.7.x introduced a regression where --lport specified inside a block did not override a globally defined local port. As a result, the socket was bound to the global default port instead of the per-connection value. Adjust the socket local_port selection logic to honour local_port_defined when set for the active connection profile. This change restores the documented and previously working behaviour from 2.6.x, where connection-level lport takes precedence over global defaults. Github: #995 Change-Id: I7cf5d5ef7e2531f397ad97baf4663e3763072f6b Signed-off-by: Gianmarco De Gregori Acked-by: Antonio Quartulli Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1555 --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1555 This mail reflects revision 2 of this Change. Acked-by according to Gerrit (reflected above): Antonio Quartulli diff --git a/src/openvpn/socket.c b/src/openvpn/socket.c index 8d2d110..3c1d734 100644 --- a/src/openvpn/socket.c +++ b/src/openvpn/socket.c @@ -1357,6 +1357,13 @@ proto = o->ce.proto; } + /* If --lport is specified in a client connection block, + * it takes precedence over the global setting. */ + if (o->mode == MODE_POINT_TO_POINT && o->ce.local_port_defined) + { + port = o->ce.local_port; + } + if (c->mode == CM_CHILD_TCP || c->mode == CM_CHILD_UDP) { struct link_socket *tmp_sock = NULL;