git.ipfire.org Git - thirdparty/openvpn.git/commit

author	Lev Stipakov <lev@openvpn.net>
	Sun, 22 Oct 2023 08:27:40 +0000 (10:27 +0200)
committer	Gert Doering <gert@greenie.muc.de>
	Sun, 22 Oct 2023 08:55:01 +0000 (10:55 +0200)
commit	df7beea404df48745a608c584d863c5a377b7a1e
tree	b42497daf1d45d487080a73b52984d451a0b3858	tree
parent	00685421aefcc294581d6e74371e744acdce6bbf	commit \| diff

dco: warn if DATA_V1 packets are sent to userspace

Servers 2.4.0 - 2.4.4 support peer-id and AEAD ciphers,
but only send DATA_V1 packets. With DCO enabled on the
client, connection is established but not working.

This is because DCO driver(s) are unable to handle
DATA_V1 packets and forwards them to userspace, where
they silently disappear since crypto context is in
DCO and not in userspace.

Starting from 2.4.5 server sends DATA_V2 so problem
doesn't happen.

We cannot switch to non-DCO on the fly, so we log this
and advice user to upgrade the server to 2.4.5 or newer.

Github: fixes OpenVPN/openvpn#422

Change-Id: I8cb2cb083e3cdadf187b7874979d79af3974e759
Signed-off-by: Lev Stipakov <lev@openvpn.net>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <20231022082751.8868-1-gert@greenie.muc.de>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg27272.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>