Support NCP in pure P2P VPN setups
Currently P2P mode of OpenVPN is on of the few places that cannot negotiate
modern OpenVPN features. This becomes more and more problematic since P2P
and P2MP code diverge more and more and also the lack of switching to more
advanced features like Data v2 currently blocks P2P mode from working
together with the upcoming ovpn-dco support.
This NCP support is a lot simpler and works in the following way:
- P2P peer announce an extremely limited IV_ variable set
(IV_PROTO and IV_CIPHERS)
- Both peers check if the IV_PROTO_NCP_P2P bit is present in IV_PROTO
- if yes both sides deterministically determine according to
IV_PROTO and IV_CIPHER what options can be used and start using these
There are no poor man's NCP or other compatibility workaround like in the
normal NCP, making this NCP leaner and more deterministic.
Patch v2: remove empty lines, add doxygen comment to push_peer_info, fix
push_peer_info >= 2 that should be > 2
Signed-off-by: Arne Schwabe <arne@rfc2549.org>
Acked-by: Antonio Quartulli <antonio@openvpn.net>
Message-Id: <
20210728123050.564595-1-arne@rfc2549.org>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg22671.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
projects / thirdparty / openvpn.git / commit
