Allow 'lport 0' setup for random port binding

I am running a multihomed host where 'local <extip>' must be specified
for proper operation.  Unfortunately, this implies 'lport 1194' or
another static port.

This causes problems with stateful firewalls which register the host/port
pairs in the internal connection tracking table. On ungraceful reconnects,
the new TCP connection will have same the host/port pairs but unexpected
sequence numbers. The new connection will be assumed as invalid hence and
be dropped.

It would be nice when local port can be configured to be bound to a
random port number.  After reading code,

|    else if (streq (p[0], "lport") && p[1])
|  ...
|        port = atoi (p[1]);
|-       if (!legal_ipv4_port (port))
|+       if (port != 0 && !legal_ipv4_port (port))
|          {

in options.c seems to be the only required change.

This has been discussed here:
<http://thread.gmane.org/gmane.network.openvpn.user/28622>

Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
Acked-by: Gert Doering <gert@greenie.muc.de>

diff --git a/options.c b/options.c
index 5f1efc5ddbf7d73560836011818b4871c06be1b0..6d3ef8e51f9ee8c8d97e717959e30c99148bf4ef 100644 (file)
--- a/options.c
+++ b/options.c
@@ -4258,7 +4258,7 @@ add_option (struct options *options,
 
       VERIFY_PERMISSION (OPT_P_GENERAL|OPT_P_CONNECTION);
       port = atoi (p[1]);
-      if (!legal_ipv4_port (port))
+      if ((port != 0) && !legal_ipv4_port (port))
        {
          msg (msglevel, "Bad local port number: %s", p[1]);
          goto err;