Opened 4 years ago

Closed 3 years ago

#649 closed Bug / Defect (fixed)

Changing peer-id due to restart should not trigger ip commands

Reported by: nwf Owned by: stipa
Priority: major Milestone: release 2.3.13
Component: Generic / unclassified Version: OpenVPN 2.3.8 (Community Ed)
Severity: Not set (select this one, unless your'e a OpenVPN developer) Keywords:
Cc: stipa

Description

When running 2.3.8 against a git HEAD server, a client restart (caused by, e.g., ping-restart or SIGUSR1) will often get a different peer-id in its post-restart PUSH_REPLY message than it did at initial bringup. This triggers the "Pulled options changed on restart, will need to close and reopen TUN/TAP device." behavior; if privileges have been dropped, the interface configuration commands will fail, causing the OpenVPN process to exit.

Change History (10)

comment:1 Changed 4 years ago by Gert Döring

Cc: stipa added
Milestone: release 2.3.11

Indeed. If nothing else has changed, it should ignore that change as well...

Lev, care to look into this (client-side)?

comment:2 Changed 4 years ago by stipa

Ack, will take a look.

comment:3 Changed 4 years ago by plaisthos

We probably have more pushable options that should not trigger a interface reset. keepalive and compression settings come to mind.

Last edited 4 years ago by plaisthos (previous) (diff)

comment:4 Changed 4 years ago by stipa

Owner: set to stipa
Status: newassigned

comment:5 Changed 3 years ago by Samuli Seppänen

Milestone: release 2.3.11release 2.3.12

comment:6 Changed 3 years ago by stipa

Milestone: release 2.3.12release 2.3.13

comment:8 Changed 3 years ago by Gert Döring

merged!

commit 84022030dc2af8606e6a11c3dca1780419e7a534 (release/2.3)
commit 3cf51f613c4d0ac0982826cd2e27e1f34bcd1a83 (master)
Author: Lev Stipakov <lstipakov@…>
Date: Tue Oct 4 23:20:03 2016 +0300

Exclude peer-id from pulled options digest

comment:9 in reply to:  3 Changed 3 years ago by Gert Döring

Replying to plaisthos:

We probably have more pushable options that should not trigger a interface reset. keepalive and compression settings come to mind.

The way Lev has implemented this, it's now fairly easy to add further options to the no-restart-tun list.

comment:10 Changed 3 years ago by Gert Döring

Resolution: fixed
Status: assignedclosed

I think *this* ticket is done. If we want other options excluded, they should go to their own ticket.

Like, --ciper in 2.4, which is in #761 :-)

Closing, thanks Lev.

Note: See TracTickets for help on using tickets.