These options were probably introduced long before we had multiple
remote/connection entries. For all other connection entries, OpenVPN will
go on with the next connection if it fails. For proxies, if it fails in
some ways it works the same, for other failures it completely stops.
Removing the *-proxy-retry and defaulting to retry makes the behavior more
predictiable. Stopping after one try (regardless of reason) can be achieved
with --max-connect-retry 1
V2: Add reason for removing, remove from manpage, give a hint at
--max-connet-retry
V3: Collapse the two ifs in options.c to one block
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <
1466771230-5266-1-git-send-email-arne@rfc2549.org>
URL: http://article.gmane.org/gmane.network.openvpn.devel/11988
Signed-off-by: Gert Doering <gert@greenie.muc.de>
proxies graciously. The old "fail TCP fast" behaviour can be achieved by
adding "--connect-timeout 10" to the client config.
+- --http-proxy-retry and --sock-proxy-retry have been removed. Proxy connections
+ will now behave like regular connection entries and generate a USR1 on failure.
Maintainer-visible changes
--------------------------
<connection>
remote 198.19.34.56 443 tcp
http\-proxy 192.168.0.8 8080
-http\-proxy\-retry
</connection>
<connection>
remote 198.19.36.99 443 tcp
http\-proxy 192.168.0.8 8080
-http\-proxy\-retry
</connection>
persist\-key
.B fragment,
.B http\-proxy,
.B http\-proxy\-option,
-.B http\-proxy\-retry,
.B link\-mtu,
.B local,
.B lport,
.B remote,
.B rport,
.B socks\-proxy,
-.B socks\-proxy\-retry,
.B tun\-mtu and
.B tun\-mtu\-extra.
authentication protocols such as HTTP Basic Authentication.
.\"*********************************************************
.TP
-.B \-\-http\-proxy\-retry
-Retry indefinitely on HTTP proxy errors. If an HTTP proxy error
-occurs, simulate a SIGUSR1 reset.
-.\"*********************************************************
-.TP
.B \-\-http\-proxy\-option type [parm]
Set extended HTTP proxy options.
Repeat to set multiple options.
"stdin" to prompt from console.
.\"*********************************************************
.TP
-.B \-\-socks\-proxy\-retry
-Retry indefinitely on Socks proxy errors. If a Socks proxy error
-occurs, simulate a SIGUSR1 reset.
-.\"*********************************************************
-.TP
.B \-\-resolv\-retry n
If hostname resolve fails for
.B \-\-remote,
ho = init_http_proxy_options_once (&ce->http_proxy_options, gc);
ho->server = string_alloc (p[2], gc);
ho->port = string_alloc (p[3], gc);
- ho->retry = true;
ho->auth_retry = (p[4] && streq (p[4], "nct") ? PAR_NCT : PAR_ALL);
ret = true;
}
{
c->c1.socks_proxy = socks_proxy_new (c->options.ce.socks_proxy_server,
c->options.ce.socks_proxy_port,
- c->options.ce.socks_proxy_authfile,
- c->options.ce.socks_proxy_retry);
+ c->options.ce.socks_proxy_authfile);
if (c->c1.socks_proxy)
{
c->c1.socks_proxy_owned = true;
"--http-proxy s p 'auto[-nct]' : Like the above directive, but automatically\n"
" determine auth method and query for username/password\n"
" if needed. auto-nct disables weak proxy auth methods.\n"
- "--http-proxy-retry : Retry indefinitely on HTTP proxy errors.\n"
"--http-proxy-option type [parm] : Set extended HTTP proxy options.\n"
" Repeat to set multiple options.\n"
" VERSION version (default=1.0)\n"
SHOW_STR (port);
SHOW_STR (auth_method_string);
SHOW_STR (auth_file);
- SHOW_BOOL (retry);
SHOW_STR (http_version);
SHOW_STR (user_agent);
for (i=0; i < MAX_CUSTOM_HTTP_HEADER && o->custom_headers[i].name;i++)
show_http_proxy_options (o->http_proxy_options);
SHOW_STR (socks_proxy_server);
SHOW_STR (socks_proxy_port);
- SHOW_BOOL (socks_proxy_retry);
SHOW_INT (tun_mtu);
SHOW_BOOL (tun_mtu_defined);
SHOW_INT (link_mtu);
ALLOC_OBJ_CLEAR_GC (ho, struct http_proxy_options, gc);
ho->server = string_alloc(server, gc);
ho->port = port;
- ho->retry = true;
if (flags && !strcmp(flags, "nct"))
ho->auth_retry = PAR_NCT;
else
else
ho->auth_file = p[1];
}
- else if (streq (p[0], "http-proxy-retry") && !p[1])
+ else if (streq (p[0], "http-proxy-retry") || streq (p[0], "socks-proxy-retry"))
{
- struct http_proxy_options *ho;
VERIFY_PERMISSION (OPT_P_GENERAL|OPT_P_CONNECTION);
- ho = init_http_proxy_options_once (&options->ce.http_proxy_options, &options->gc);
- ho->retry = true;
+ msg (M_WARN, "DEPRECATED OPTION: http-proxy-retry and socks-proxy-retry: "
+ "In OpenVPN 2.4 proxy connection retries are handled like regular connections. "
+ "Use connect-retry-max 1 to get a similar behavior as before.");
}
else if (streq (p[0], "http-proxy-timeout") && p[1] && !p[2])
{
options->ce.socks_proxy_server = p[1];
options->ce.socks_proxy_authfile = p[3]; /* might be NULL */
}
- else if (streq (p[0], "socks-proxy-retry") && !p[1])
- {
- VERIFY_PERMISSION (OPT_P_GENERAL|OPT_P_CONNECTION);
- options->ce.socks_proxy_retry = true;
- }
else if (streq (p[0], "keepalive") && p[1] && p[2] && !p[3])
{
VERIFY_PERMISSION (OPT_P_GENERAL);
const char *socks_proxy_server;
const char *socks_proxy_port;
const char *socks_proxy_authfile;
- bool socks_proxy_retry;
int tun_mtu; /* MTU of tun device */
bool tun_mtu_defined; /* true if user overriding parm with command line option */
return ret;
error:
- /* on error, should we exit or restart? */
if (!*signal_received)
- *signal_received = (p->options.retry ? SIGUSR1 : SIGTERM); /* SOFT-SIGUSR1 -- HTTP proxy error */
+ *signal_received = SIGUSR1; /* SOFT-SIGUSR1 -- HTTP proxy error */
gc_free (&gc);
return ret;
}
struct http_proxy_options {
const char *server;
const char *port;
- bool retry;
# define PAR_NO 0 /* don't support any auth retries */
# define PAR_ALL 1 /* allow all proxy auth protocols */
struct socks_proxy_info *
socks_proxy_new (const char *server,
const char *port,
- const char *authfile,
- bool retry)
+ const char *authfile)
{
struct socks_proxy_info *p;
else
p->authfile[0] = 0;
- p->retry = retry;
p->defined = true;
return p;
return;
error:
- /* on error, should we exit or restart? */
if (!*signal_received)
- *signal_received = (p->retry ? SIGUSR1 : SIGTERM); /* SOFT-SIGUSR1 -- socks error */
+ *signal_received = SIGUSR1; /* SOFT-SIGUSR1 -- socks error */
return;
}
return;
error:
- /* on error, should we exit or restart? */
if (!*signal_received)
- *signal_received = (p->retry ? SIGUSR1 : SIGTERM); /* SOFT-SIGUSR1 -- socks error */
+ *signal_received = SIGUSR1; /* SOFT-SIGUSR1 -- socks error */
return;
}
struct socks_proxy_info {
bool defined;
- bool retry;
char server[128];
const char *port;
struct socks_proxy_info *socks_proxy_new (const char *server,
const char *port,
- const char *authfile,
- bool retry);
+ const char *authfile);
void socks_proxy_close (struct socks_proxy_info *sp);
projects / thirdparty / openvpn.git / commitdiff
