Opened 14 years ago

Closed 12 years ago

#19 closed Bug / Defect (fixed)

Enhance <connection> profile logic

Reported by: David Sommerseth Owned by:
Priority: major Milestone: beta 2.3
Component: Configuration Version: OpenVPN git master branch (Community Ed)
Severity: Not set (select this one, unless your'e a OpenVPN developer) Keywords:


Based on a bug report:

The <connection> profile logic is not too advanced at the moment, and some configuration options are not allowed inside a <connection> even though it would be beneficial to have them there. Some of these options are even documented that should work inside <connection> blocks, but still doesn't.

Known options which should work but doesn't:

Options which should be considered suported:
--auto-proxy, --mssfix, --fragment, --link-mtu, --socket-flags

Some options which needs even more careful considerations
--no-replay, --replay-window, --cipher, --tls-cipher

Those last options should be considered as it might be you need different replay algorithms or cipher algorithms if switching from UDP to TCP via proxy, etc. This might be a useful last-attempt tweak around connection stability and/or performance issues between profiles.

Change History (1)

comment:1 Changed 12 years ago by David Sommerseth

Milestone: beta 2.3
Resolution: fixed
Status: newclosed

Considering this solved for now.

commit 76809cae0eae07817160b423d3f9551df1a1d68e
Author: Jan Just Keijser <>
Date:   Tue Feb 7 16:29:47 2012 +0100

    Made some options connection-entry specific
    The following options may now be used in a connection block:
    In order to support stuff like
      remote host
      proto udp
      explicit-exit-notification 3
      remote host
      proto tcp
    Signed-off-by: Jan Just Keijser <>
    Acked-by: David Sommerseth <>
    Signed-off-by: David Sommerseth <>

Note: See TracTickets for help on using tickets.