From: Selva Nair <selva.nair@gmail.com>
Date: Wed, 2 Jun 2021 19:47:39 +0000 (-0400)
Subject: Apply the connect-retry backoff to only one side of a connection
X-Git-Tag: v2.6_beta1~476
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=063d55afeea723fc6df0af29a19df257a8ab6920;p=thirdparty%2Fopenvpn.git

Apply the connect-retry backoff to only one side of a connection

p2p connections with both ends backing off seldom succeed
as their connection attempt durations becomes increasingly
unlikely to overlap when the retry wait time is long.

Avoid this by applying the backoff logic only on TCP clients
or the tls_client side for UDP.

Regression warning: shared secret setups are left out of the
backoff logic.

Trac: #1010, #1384

Signed-off-by: Selva Nair <selva.nair@gmail.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <20210602194739.29488-1-selva.nair@gmail.com>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg22485.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
---

diff --git a/src/openvpn/init.c b/src/openvpn/init.c
index 29897af94..1c674a243 100644
--- a/src/openvpn/init.c
+++ b/src/openvpn/init.c
@@ -2423,8 +2423,9 @@ socket_restart_pause(struct context *c)
         sec = 10;
     }
 
-    /* Slow down reconnection after 5 retries per remote -- for tcp only in client mode */
-    if (c->options.ce.proto != PROTO_TCP_SERVER)
+    /* Slow down reconnection after 5 retries per remote -- for TCP client or UDP tls-client only */
+    if (c->options.ce.proto == PROTO_TCP_CLIENT
+        || (c->options.ce.proto == PROTO_UDP && c->options.tls_client))
     {
         backoff = (c->options.unsuccessful_attempts / c->options.connection_list->len) - 4;
         if (backoff > 0)