GitList

Browse code

Fix reconnect issues when --push and UDP is used on the server

When the server is configured with UDP and --push statements, reconnecting
often fails by the client never receiving PUSH_REPLY. The client sends
PUSH_REQUEST and the server logs these requests but does not send them.

This bug got introduced in commit ff65da3a230b658b2c1d52dc1a48612e80a2eb42
which tries to avoid sending duplicated PUSH messages if the client/server
connection is slow.

This patch keeps this behaviour, but instead of a session wide PUSH_REPLY
block it sets an expiry time for the PUSH_REPLY block. The expiry time
is set to 30 seconds.

Signed-off-by: David Sommerseth <davids@redhat.com>
Cc: James Yonan <james@openvpn.net>
Acked-by: Gert Doering <gert@greenie.muc.de>
Acked-by: James Yonan <james@openvpn.net>
Message-Id: 1347154246-20143-1-git-send-email-dazo@users.sourceforge.net
URL: http://article.gmane.org/gmane.network.openvpn.devel/7044

David Sommerseth authored on 2012/09/09 10:30:46
Showing 2 changed files

src/openvpn/openvpn.h

History View file @ 5d4f543

@@ -448,7 +448,7 @@ struct context_2
                        /* --ifconfig endpoints to be pushed to client */
                        bool push_reply_deferred;
                        bool push_ifconfig_defined;
                     -  bool sent_push_reply;
                     +  time_t sent_push_reply_expiry;
                        in_addr_t push_ifconfig_local;
                        in_addr_t push_ifconfig_remote_netmask;
                      #ifdef ENABLE_CLIENT_NAT

src/openvpn/push.c

History View file @ 5d4f543

@@ -416,7 +416,10 @@ process_incoming_push_msg (struct context *c,
 	}
       else if (!c->c2.push_reply_deferred && c->c2.context_auth == CAS_SUCCEEDED)
 	{
-	  if (c->c2.sent_push_reply)
+	  time_t now;
+
+	  openvpn_time(&now);
+	  if (c->c2.sent_push_reply_expiry > now)
 	    {
 	      ret = PUSH_MSG_ALREADY_REPLIED;
 	    }
@@ -425,7 +428,7 @@ process_incoming_push_msg (struct context *c,
 	      if (send_push_reply (c))
 		{
 		  ret = PUSH_MSG_REQUEST;
-		  c->c2.sent_push_reply = true;
+		  c->c2.sent_push_reply_expiry = now + 30;
 		}
 	    }
 	}

...	...	@@ -416,7 +416,10 @@ process_incoming_push_msg (struct context *c,
416	416	}
417	417	else if (!c->c2.push_reply_deferred && c->c2.context_auth == CAS_SUCCEEDED)
418	418	{
419		- if (c->c2.sent_push_reply)
	419	+ time_t now;
	420	+
	421	+ openvpn_time(&now);
	422	+ if (c->c2.sent_push_reply_expiry > now)
420	423	{
421	424	ret = PUSH_MSG_ALREADY_REPLIED;
422	425	}
...	...	@@ -425,7 +428,7 @@ process_incoming_push_msg (struct context *c,
425	425	if (send_push_reply (c))
426	426	{
427	427	ret = PUSH_MSG_REQUEST;
428		- c->c2.sent_push_reply = true;
	428	+ c->c2.sent_push_reply_expiry = now + 30;
429	429	}
430	430	}
431	431	}