Ticket #715: no-ncp-unless-p2mp.txt

File no-ncp-unless-p2mp.txt, 615 bytes (added by Gert Döring, 6 years ago)

disable NCP unless p2mp --client or --mode server

Line 
1diff --git a/src/openvpn/options.c b/src/openvpn/options.c
2index 7e08fcd..2695ab0 100644
3--- a/src/openvpn/options.c
4+++ b/src/openvpn/options.c
5@@ -2614,6 +2614,14 @@ options_postprocess_mutate (struct options *o)
6       if (streq (o->dh_file, "none"))
7        o->dh_file = NULL;
8     }
9+
10+  /* cipher negotiation (NCP) currently assumes --pull or --mode server */
11+  if ( o->ncp_enabled &&
12+        ! (o->pull || o->mode == MODE_SERVER) )
13+    {
14+      msg( M_WARN, "disabling NCP mode (--ncp-disable) because not in P2MP client or server mode" );
15+      o->ncp_enabled = false;
16+    }
17 #endif
18 
19 #if ENABLE_MANAGEMENT