@@ -378,7 +378,13 @@ block.  The effect would be as if

 were declared in all

 .B <connection>

 blocks below it.

-

+.\"*********************************************************

+.TP

+.B --proto-force p

+When iterating through connection profiles,

+only consider profiles using protocol

+.B p

+('tcp'|'udp'). 

 .\"*********************************************************

 .TP

 .B --remote-random

@@ -94,6 +94,7 @@ static const char usage_message[] =

   "--mode m        : Major mode, m = 'p2p' (default, point-to-point) or 'server'.\n"

   "--proto p       : Use protocol p for communicating with peer.\n"

   "                  p = udp (default), tcp-server, or tcp-client\n"

+  "--proto-force p : only consider protocol p in list of connection profiles.\n"

   "--connect-retry n : For --proto tcp-client, number of seconds to wait\n"

   "                    between connection retries (default=%d).\n"

   "--connect-timeout n : For --proto tcp-client, connection timeout (in seconds).\n"

@@ -693,6 +694,7 @@ init_options (struct options *o, const bool init_gc)

   o->route_delay_window = 30;

   o->max_routes = MAX_ROUTES_DEFAULT;

   o->resolve_retry_seconds = RESOLV_RETRY_INFINITE;

+  o->proto_force = -1;

 #ifdef ENABLE_OCC

   o->occ = true;

 #endif

@@ -2129,6 +2131,10 @@ options_postprocess_mutate_ce (struct options *o, struct connection_entry *ce)

   if (!ce->bind_local)

     ce->local_port = 0;

+

+  /* if protocol forcing is enabled, disable all protocols except for the forced one */

+  if (o->proto_force >= 0 && is_proto_tcp(o->proto_force) != is_proto_tcp(ce->proto))

+    ce->flags |= CE_DISABLED;

 }

 static void

@@ -4311,6 +4317,19 @@ add_option (struct options *options,

 	}

       options->ce.proto = proto;

     }

+  else if (streq (p[0], "proto-force") && p[1])

+    {

+      int proto_force;

+      VERIFY_PERMISSION (OPT_P_GENERAL);

+      proto_force = ascii2proto (p[1]);

+      if (proto_force < 0)

+	{

+	  msg (msglevel, "Bad --proto-force protocol: '%s'", p[1]);

+	  goto err;

+	}

+      options->proto_force = proto_force;

+      options->force_connection_list = true;

+    }

 #ifdef GENERAL_PROXY_SUPPORT

   else if (streq (p[0], "auto-proxy"))

     {

@@ -216,6 +216,8 @@ struct options

   bool tun_mtu_defined;  /* true if user overriding parm with command line option */

   bool link_mtu_defined; /* true if user overriding parm with command line option */

+  int proto_force;

+

   /* Advanced MTU negotiation and datagram fragmentation options */

   int mtu_discover_type; /* used if OS supports setting Path MTU discovery options on socket */

@@ -509,6 +509,12 @@ legal_ipv4_port (int port)

   return port > 0 && port < 65536;

 }

+static inline int

+is_proto_tcp(const int p)

+{

+  return p > 0; /* depends on the definition of PROTO_x */

+}

+

 static inline bool

 link_socket_proto_connection_oriented (int proto)

 {

@@ -1,5 +1,5 @@

 dnl define the OpenVPN version

-define(PRODUCT_VERSION,[2.1.3])

+define(PRODUCT_VERSION,[2.1.3a])

 dnl define the TAP version

 define(PRODUCT_TAP_ID,[tap0901])

 define(PRODUCT_TAP_WIN32_MIN_MAJOR,[9])