Browse code
Do not include auth-token in pulled option digest
As change in auth-token is common on restart and does not
require tun-reopen, exclude it from the "pulled options digest"
calculation. Without this tun is always re-opened on SIGUSR1
if auth-token is in use which breaks persist-tun.
Github: Fixes OpenVPN/openvpn#200
v2: explcitly filter auth-token and auth-token-user
Signed-off-by: Selva Nair <selva.nair@gmail.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <20221219140405.1221341-1-selva.nair@gmail.com>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg25768.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
(cherry picked from commit f778f4f88e56851c0a68205e95110c021f3032b3)
Selva Nair authored on 2022/12/19 23:04:05Showing 1 changed files
| ... | ... |
@@ -779,8 +779,10 @@ push_update_digest(md_ctx_t *ctx, struct buffer *buf, const struct options *opt) |
| 779 | 779 |
char line[OPTION_PARM_SIZE]; |
| 780 | 780 |
while (buf_parse(buf, ',', line, sizeof(line))) |
| 781 | 781 |
{
|
| 782 |
- /* peer-id might change on restart and this should not trigger reopening tun */ |
|
| 783 |
- if (strprefix(line, "peer-id ")) |
|
| 782 |
+ /* peer-id and auth-token might change on restart and this should not trigger reopening tun */ |
|
| 783 |
+ if (strprefix(line, "peer-id ") |
|
| 784 |
+ || strprefix(line, "auth-token ") |
|
| 785 |
+ || strprefix(line, "auth-token-user ")) |
|
| 784 | 786 |
{
|
| 785 | 787 |
continue; |
| 786 | 788 |
} |