From patchwork Thu Oct 23 15:56:08 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gert Doering X-Patchwork-Id: 4526 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7000:7d42:b0:72f:f16c:e055 with SMTP id fr2csp8077283mab; Thu, 23 Oct 2025 08:56:31 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCUczvcsga+jK0mr0UcywUwtbLakv+xDLNmT2g60t0V9KtOOA9HhBJem/YOWsnxyyl/29zJxZlSm+rA=@openvpn.net X-Google-Smtp-Source: AGHT+IH2xHwTVqgloAUOhmjItERYA8dpzFl8Fg+duf9T6mToOjUTsCDzeMthQD7ixfZnAd5sXq2q X-Received: by 2002:a05:6808:189c:b0:43f:5634:29ba with SMTP id 5614622812f47-443a2fb2c78mr11565168b6e.35.1761234990704; Thu, 23 Oct 2025 08:56:30 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1761234990; cv=none; d=google.com; s=arc-20240605; b=Jp9QO3LJGmcJN1dxht/K/KwBkTanHZa26LQoUcVXxg5HO27QzfSXcUr84OQSRxMelm 72Utnkx7NDsFRJE8tnKdO4rO6t3g7rb0mVOD8Ee8Ab+kFdXKaWGpEr6gmpkmBbOroc3T EsfBRHxVPyP0RS+W4FEfC/EeiS1dVG426ysG9OAIFffv7Sbt+uhC7ianDA1oFMJ5zqki vp1MPGITA6pb5Il/fLNC26S4HG6ce6H5pv6022Cb0kVYF3+hpXPYtaR3iffUhFdVR0hl 6cWp/WXj731WWjvYKfGrbGL4oY+mMPp04/zK2Yo3tuJHdnFOeaYn2lACc1S/0Osbb6v7 Wd5A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=errors-to:content-transfer-encoding:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:references:in-reply-to:message-id:date:to:from :dkim-signature:dkim-signature:dkim-signature; bh=olKoctyn1T4AyrUH052S0hX1B30jfggXVXmnJS7s9fQ=; fh=4NbAC/LsuMLI0S0hprUlLSLCiHwg6SCAifhH718Jh0Q=; b=KgM2Qoq/9VPmm+5fIshwXFVIQAevPnzd4JHEvW3vc1oYAujNaX8ICM6dWen59vbyRh EPMLLjmZqhFFyVCPjJKjZMJTlCWvsTYtyanNbiTSpfValtvb7Xy8/Vv7ogr/nDMdY3W8 EUfv8gFppRhgPx40Llc86I5+T3JnjqjgNlDhf8I444RdIPiPQVHBK/a76JYLrcnqbqan ZUStIO0vbxl6hoNgAm0joEE76duNLao8YFqew9FgmW7WEqSr4K8Bs+j4D+DgS6aa7KaD 877u69wQwNqogtV/9uh991p4c3jCv8xTdhRkSlfOslgJFcXq04p+BBKmBp6GiLegGltw XNrw==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b=DSIFR348; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=gPddwsZi; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=lnhcJ1nm; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id 5614622812f47-44bd448cc33si512401b6e.163.2025.10.23.08.56.30 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Thu, 23 Oct 2025 08:56:30 -0700 (PDT) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b=DSIFR348; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=gPddwsZi; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=lnhcJ1nm; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.sourceforge.net; s=beta; h=Content-Transfer-Encoding:Content-Type: List-Subscribe:List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id: Subject:MIME-Version:References:In-Reply-To:Message-ID:Date:To:From:Sender: Reply-To:Cc:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=olKoctyn1T4AyrUH052S0hX1B30jfggXVXmnJS7s9fQ=; b=DSIFR348HUTYC5BJgRh5bdJ/PY YIVFMSH/9ZmBSQcLD224crHgZHw2Hvz73XgWbuoRKub4FFSvunrMDNwQ4tj+viA/Hhtupkx/CW97p p7bg9cg2BoqhrqJM1AEOV2oT0vzEMQeRpYNfDUXkjQDEMZYJRfwHElacu/ORT6MHZyqM=; Received: from [127.0.0.1] (helo=sfs-ml-2.v29.lw.sourceforge.com) by sfs-ml-2.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1vBxfv-0007Ju-08; Thu, 23 Oct 2025 15:56:27 +0000 Received: from [172.30.29.66] (helo=mx.sourceforge.net) by sfs-ml-2.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1vBxfu-0007Jo-0j for openvpn-devel@lists.sourceforge.net; Thu, 23 Oct 2025 15:56:26 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-ID:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=oxbRkD10H9G9Tpn27n6Bq+KTirUWJLKA4cFoYd5Knbg=; b=gPddwsZitunZihxQo3If3UjdiX +xobjkMqp9nXGuYIvRya0KTQ0N49kCumdtzK/3AOrCuUTvM72y51jv/R3T8shFlsGPXDJtuwRFguA COws9RSuFYP3vezGf3dHA7prYIP0exdCmVeo6angSS6eq48v0MJNUiO9TbcYFi0pUSrU=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-ID: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=oxbRkD10H9G9Tpn27n6Bq+KTirUWJLKA4cFoYd5Knbg=; b=lnhcJ1nmcb3/L4nrYByePLiAIB FFg81CPh87SKcZ4pb9Y7O+MveQNNwM4k5gu/xjqP5eZxRp/WJ1mjGFi0YjgCeaGhkHb8vCb4o8LSo Bfxd7GkOFhJZmgLNgkA5+Vmx013F4EUVvDeNfuMBtdQHsrTyQA148XKw0BiiQ8qNaaWY=; Received: from [193.149.48.134] (helo=blue.greenie.muc.de) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95) id 1vBxft-0002g4-VZ for openvpn-devel@lists.sourceforge.net; Thu, 23 Oct 2025 15:56:26 +0000 Received: from blue.greenie.muc.de (localhost [127.0.0.1]) by blue.greenie.muc.de (8.18.1/8.18.1) with ESMTP id 59NFuEhc020659 for ; Thu, 23 Oct 2025 17:56:14 +0200 Received: (from gert@localhost) by blue.greenie.muc.de (8.18.1/8.18.1/Submit) id 59NFuEQt020658 for openvpn-devel@lists.sourceforge.net; Thu, 23 Oct 2025 17:56:14 +0200 From: Gert Doering To: openvpn-devel@lists.sourceforge.net Date: Thu, 23 Oct 2025 17:56:08 +0200 Message-ID: <20251023155614.20642-1-gert@greenie.muc.de> X-Mailer: git-send-email 2.49.1 In-Reply-To: References: MIME-Version: 1.0 X-Spam-Score: 1.3 (+) X-Spam-Report: Spam detection software, running on the system "sfi-spamd-1.hosts.colo.sdot.me", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: From: Arne Schwabe This is not a supported configuration and will often work good enough to get a connection working but will operate more in a weird pre P2P negotiation compatibility way rather than actually negotiatin [...] Content analysis details: (1.3 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 1.3 RDNS_NONE Delivered to internal network by a host with no rDNS X-Headers-End: 1vBxft-0002g4-VZ Subject: [Openvpn-devel] [PATCH v2] Warn if push is used without --mode server/--server/--server-bridge X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1846788741817468458?= X-GMAIL-MSGID: =?utf-8?q?1846788741817468458?= From: Arne Schwabe This is not a supported configuration and will often work good enough to get a connection working but will operate more in a weird pre P2P negotiation compatibility way rather than actually negotiating protocol features. Also remove an anused macro. Change-Id: I82c7c61be07593ecd5bf2f854767dda74ab5170c Signed-off-by: Arne Schwabe Acked-by: Frank Lichtenheld Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1288 --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1288 This mail reflects revision 2 of this Change. Acked-by according to Gerrit (reflected above): Frank Lichtenheld diff --git a/doc/man-sections/server-options.rst b/doc/man-sections/server-options.rst index ccc1374..347a251 100644 --- a/doc/man-sections/server-options.rst +++ b/doc/man-sections/server-options.rst @@ -497,6 +497,9 @@ ``--echo``, ``--comp-lzo``, ``--socket-flags``, ``--sndbuf``, ``--rcvbuf``, ``--session-timeout`` + Note: using ``--push`` requires OpenVPN to run in ``--mode server`` (or + using of one of `--server`, `--server-bridge` helper directives). + --push-remove opt Selectively remove all ``--push`` options matching "opt" from the option list for a client. ``opt`` is matched as a substring against the whole diff --git a/src/openvpn/options.c b/src/openvpn/options.c index 65c6b3b..9c02a8c 100644 --- a/src/openvpn/options.c +++ b/src/openvpn/options.c @@ -2690,6 +2690,13 @@ MUST_BE_UNDEF(vlan_accept, "vlan-accept"); MUST_BE_UNDEF(vlan_pvid, "vlan-pvid"); MUST_BE_UNDEF(force_key_material_export, "force-key-material-export"); + + if (options->push_list.head) + { + msg(M_WARN, "Note: Using --push without --mode server is an " + "unsupported configuration. Negotiation of OpenVPN " + "features is expected to fail."); + } } /* diff --git a/src/openvpn/options.h b/src/openvpn/options.h index 009904a..24253af 100644 --- a/src/openvpn/options.h +++ b/src/openvpn/options.h @@ -768,16 +768,11 @@ #define OPT_P_DEFAULT (~(OPT_P_INSTANCE | OPT_P_PULL_MODE)) #define PULL_DEFINED(opt) ((opt)->pull) -#define PUSH_DEFINED(opt) ((opt)->push_list) #ifndef PULL_DEFINED #define PULL_DEFINED(opt) (false) #endif -#ifndef PUSH_DEFINED -#define PUSH_DEFINED(opt) (false) -#endif - #ifdef _WIN32 #define ROUTE_OPTION_FLAGS(o) ((o)->route_method & ROUTE_METHOD_MASK) #else