Changes between Initial Version and Version 4 of Ticket #1310


Ignore:
Timestamp:
08/17/20 13:57:59 (18 months ago)
Author:
tct
Comment:

Legend:

Unmodified
Added
Removed
Modified
  • Ticket #1310

    • Property Cc tct added
    • Property Summary changed from --max-clients with --tls-crypt-v2-verify leads to potential DDOS to --tls-crypt-v2-verify leads to potential DDOS
    • Property Milestone changed from to release 2.5
  • Ticket #1310 – Description

    initial v4  
     1**Notice**: `--max-clients n` is not required. `--tls-crypt-v2-verify` is the root cause.  It was simply that I found it when testing with `--max-clients`
     2
    13When using `--max-clients n` with `--tls-crypt-v2-verify`, openvpn treats a failed connection from a client as a connected client until `Inactivity timeout (--ping-restart)` of the failed connection.  This can lead to a potential DDOS situation.
    24