@@ -1811,6 +1811,7 @@ do_init_socket_1 (struct context *c, int mode)

 			   c->plugins,

 			   c->options.resolve_retry_seconds,

 			   c->options.connect_retry_seconds,

+			   c->options.connect_retry_max,

 			   c->options.mtu_discover_type,

 			   c->options.rcvbuf,

 			   c->options.sndbuf,

@@ -2371,6 +2372,14 @@ init_instance_handle_signals (struct context *c, const struct env_set *env, cons

   pre_init_signal_catch ();

   init_instance (c, env, flags);

   post_init_signal_catch ();

+

+  /*

+   * This is done so that signals thrown during

+   * initialization can bring us back to

+   * a management hold.

+   */

+  if (IS_SIG (c))

+    uninit_management_callback ();  

 }

 /*

@@ -119,6 +119,7 @@ openvpn \- secure IP tunnel daemon.

 [\ \fB\-\-config\fR\ \fIfile\fR\ ]

 [\ \fB\-\-connect\-freq\fR\ \fIn\ sec\fR\ ]

 [\ \fB\-\-connect\-retry\fR\ \fIn\fR\ ]

+[\ \fB\-\-connect\-retry\-max\fR\ \fIn\fR\ ]

 [\ \fB\-\-crl\-verify\fR\ \fIcrl\fR\ ]

 [\ \fB\-\-cryptoapicert\fR\ \fIselect\-string\fR\ ]

 [\ \fB\-\-daemon\fR\ \fI[progname]\fR\ ]

@@ -553,7 +554,9 @@ started with

 will attempt to connect, and if that fails, will sleep for 5

 seconds (adjustable via the

 .B --connect-retry

-option) and try again.  Both TCP client and server will simulate

+option) and try again infinite or up to N retries (adjustable via the

+.B --connect-retry-max

+option).  Both TCP client and server will simulate

 a SIGUSR1 restart signal if either side resets the connection.

 OpenVPN is designed to operate optimally over UDP, but TCP capability is provided

@@ -582,6 +585,15 @@ number of seconds to wait

 between connection retries (default=5).

 .\"*********************************************************

 .TP

+.B --connect-retry-max n

+For

+.B --proto tcp-client,

+take

+.B n

+as the

+number of retries of connection attempt (default=infinite).

+.\"*********************************************************

+.TP

 .B --http-proxy server port [authfile] [auth-method]

 Connect to remote host through an HTTP proxy at address

 .B server

@@ -95,6 +95,7 @@ static const char usage_message[] =

   "                  p = udp (default), tcp-server, or tcp-client\n"

   "--connect-retry n : For --proto tcp-client, number of seconds to wait\n"

   "                  between connection retries (default=%d).\n"

+  "--connect-retry-max n : Maximum connection attempt retries, default infinite.\n"

 #ifdef ENABLE_HTTP_PROXY

   "--http-proxy s p [up] [auth] : Connect to remote host through an HTTP proxy at\n"

   "                  address s and port p.  If proxy authentication is required,\n"

@@ -586,6 +587,7 @@ init_options (struct options *o)

   o->topology = TOP_NET30;

   o->proto = PROTO_UDPv4;

   o->connect_retry_seconds = 5;

+  o->connect_retry_max = 0;

   o->local_port = o->remote_port = OPENVPN_PORT;

   o->verbosity = 1;

   o->status_file_update_freq = 60;

@@ -1086,6 +1088,7 @@ show_settings (const struct options *o)

   SHOW_INT (resolve_retry_seconds);

   SHOW_INT (connect_retry_seconds);

+  SHOW_INT (connect_retry_max);

   SHOW_STR (username);

   SHOW_STR (groupname);

@@ -3218,6 +3221,11 @@ add_option (struct options *options,

       options->connect_retry_seconds = positive_atoi (p[1]);

       options->connect_retry_defined = true;

     }

+  else if (streq (p[0], "connect-retry-max") && p[1])

+    {

+      VERIFY_PERMISSION (OPT_P_GENERAL);

+      options->connect_retry_max = positive_atoi (p[1]);

+    }

   else if (streq (p[0], "ipchange") && p[1])

     {

       VERIFY_PERMISSION (OPT_P_SCRIPT);

@@ -147,6 +147,7 @@ struct options

   /* Protocol type (PROTO_UDP or PROTO_TCP) */

   int proto;

   int connect_retry_seconds;

+  int connect_retry_max;

   bool connect_retry_defined;

   /* Advanced MTU negotiation and datagram fragmentation options */

@@ -721,9 +721,11 @@ socket_connect (socket_descriptor_t *sd,

 		const char *remote_dynamic,

 		bool *remote_changed,

 		const int connect_retry_seconds,

+		const int connect_retry_max,

 		volatile int *signal_received)

 {

   struct gc_arena gc = gc_new ();

+  int retry = 0;

   msg (M_INFO, "Attempting to establish TCP connection with %s", 

        print_sockaddr (remote, &gc));

@@ -732,6 +734,9 @@ socket_connect (socket_descriptor_t *sd,

       const int status = connect (*sd, (struct sockaddr *) &remote->sa,

 				  sizeof (remote->sa));

+      if (connect_retry_max != 0 && retry++ >= connect_retry_max)

+	*signal_received = SIGUSR1;

+

       get_signal (signal_received);

       if (*signal_received)

 	goto done;

@@ -987,6 +992,7 @@ link_socket_init_phase1 (struct link_socket *sock,

 			 const struct plugin_list *plugins,

 			 int resolve_retry_seconds,

 			 int connect_retry_seconds,

+			 int connect_retry_max,

 			 int mtu_discover_type,

 			 int rcvbuf,

 			 int sndbuf,

@@ -1017,6 +1023,7 @@ link_socket_init_phase1 (struct link_socket *sock,

   sock->inetd = inetd;

   sock->resolve_retry_seconds = resolve_retry_seconds;

   sock->connect_retry_seconds = connect_retry_seconds;

+  sock->connect_retry_max = connect_retry_max;

   sock->mtu_discover_type = mtu_discover_type;

 #ifdef ENABLE_DEBUG

@@ -1215,6 +1222,7 @@ link_socket_init_phase2 (struct link_socket *sock,

 			  remote_dynamic,

 			  &remote_changed,

 			  sock->connect_retry_seconds,

+			  sock->connect_retry_max,

 			  signal_received);

 	  if (*signal_received)

@@ -1255,6 +1263,7 @@ link_socket_init_phase2 (struct link_socket *sock,

 			  remote_dynamic,

 			  &remote_changed,

 			  sock->connect_retry_seconds,

+			  sock->connect_retry_max,

 			  signal_received);

 	  if (*signal_received)

@@ -189,6 +189,7 @@ struct link_socket

   int resolve_retry_seconds;

   int connect_retry_seconds;

+  int connect_retry_max;

   int mtu_discover_type;

   struct socket_buffer_size socket_buffer_sizes;

@@ -299,6 +300,7 @@ link_socket_init_phase1 (struct link_socket *sock,

 			 const struct plugin_list *plugins,

 			 int resolve_retry_seconds,

 			 int connect_retry_seconds,

+			 int connect_retry_max,

 			 int mtu_discover_type,

 			 int rcvbuf,

 			 int sndbuf,