From: Lev Stipakov Date: Sat, 1 Feb 2025 12:11:02 +0000 (+0100) Subject: multi.c: add iroutes after dco peer is added X-Git-Tag: v2.7_alpha1~93 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=e6b2df0ce618f1fe1f28bbd287b3580147ce34b4;p=thirdparty%2Fopenvpn.git multi.c: add iroutes after dco peer is added This doesn't matter for Linux and FreeBSD but matters for dco-win, where iroute subnet is mapped to a peer context, which means that peer has to be created before iroute is added. Change-Id: I1cac0f036504c87205a3c97589a94a662cf79b99 Signed-off-by: Lev Stipakov Acked-by: Gert Doering Message-Id: <20250201121102.27395-1-gert@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg30780.html Signed-off-by: Gert Doering --- diff --git a/src/openvpn/multi.c b/src/openvpn/multi.c index b0e1941c..96fa6cd0 100644 --- a/src/openvpn/multi.c +++ b/src/openvpn/multi.c @@ -2442,6 +2442,35 @@ multi_client_connect_late_setup(struct multi_context *m, ifconfig_constraint_network, ifconfig_constraint_netmask); } + /* set our client's VPN endpoint for status reporting purposes */ + mi->reporting_addr = mi->context.c2.push_ifconfig_local; + mi->reporting_addr_ipv6 = mi->context.c2.push_ifconfig_ipv6_local; + + /* set context-level authentication flag */ + mi->context.c2.tls_multi->multi_state = CAS_CONNECT_DONE; + + /* Since dco-win maintains iroute routing table (subnet -> peer), + * peer must be added before iroutes. For other platforms it doesn't matter. */ + + /* authentication complete, calculate dynamic client specific options */ + if (!multi_client_set_protocol_options(&mi->context)) + { + mi->context.c2.tls_multi->multi_state = CAS_FAILED; + } + /* only continue if setting protocol options worked */ + else if (!multi_client_setup_dco_initial(m, mi, &gc)) + { + mi->context.c2.tls_multi->multi_state = CAS_FAILED; + } + /* Generate data channel keys only if setting protocol options + * and DCO initial setup has not failed */ + else if (!multi_client_generate_tls_keys(&mi->context)) + { + mi->context.c2.tls_multi->multi_state = CAS_FAILED; + } + + /* dco peer has been added, it is now safe for Windows to add iroutes */ + /* * For routed tunnels, set up internal route to endpoint * plus add all iroute routes. @@ -2489,30 +2518,6 @@ multi_client_connect_late_setup(struct multi_context *m, multi_instance_string(mi, false, &gc)); } - /* set our client's VPN endpoint for status reporting purposes */ - mi->reporting_addr = mi->context.c2.push_ifconfig_local; - mi->reporting_addr_ipv6 = mi->context.c2.push_ifconfig_ipv6_local; - - /* set context-level authentication flag */ - mi->context.c2.tls_multi->multi_state = CAS_CONNECT_DONE; - - /* authentication complete, calculate dynamic client specific options */ - if (!multi_client_set_protocol_options(&mi->context)) - { - mi->context.c2.tls_multi->multi_state = CAS_FAILED; - } - /* only continue if setting protocol options worked */ - else if (!multi_client_setup_dco_initial(m, mi, &gc)) - { - mi->context.c2.tls_multi->multi_state = CAS_FAILED; - } - /* Generate data channel keys only if setting protocol options - * and DCO initial setup has not failed */ - else if (!multi_client_generate_tls_keys(&mi->context)) - { - mi->context.c2.tls_multi->multi_state = CAS_FAILED; - } - /* send push reply if ready */ if (mi->context.c2.push_request_received) {