From b5039975bf629d33fbff0b0feae6d072378e7edc Mon Sep 17 00:00:00 2001 From: Gianmarco De Gregori Date: Mon, 16 Mar 2026 14:48:36 +0100 Subject: [PATCH] socket: restore per-connection lport override over global default OpenVPN 2.7.x introduced a regression where --lport specified inside a block did not override a globally defined local port. As a result, the socket was bound to the global default port instead of the per-connection value. Adjust the socket local_port selection logic to honour local_port_defined when set for the active connection profile. This change restores the documented and previously working behaviour from 2.6.x, where connection-level lport takes precedence over global defaults. Github: closes OpenVPN/openvpn#995 Change-Id: I7cf5d5ef7e2531f397ad97baf4663e3763072f6b Signed-off-by: Gianmarco De Gregori Acked-by: Antonio Quartulli Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1555 Message-Id: <20260316134841.28362-1-gert@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg36164.html Signed-off-by: Gert Doering (cherry picked from commit 7ac5f89023b2c2870a210016a862ec042f709bb7) --- src/openvpn/socket.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/src/openvpn/socket.c b/src/openvpn/socket.c index 1df1001e..44121d7b 100644 --- a/src/openvpn/socket.c +++ b/src/openvpn/socket.c @@ -1357,6 +1357,13 @@ link_socket_init_phase1(struct context *c, int sock_index, int mode) proto = o->ce.proto; } + /* If --lport is specified in a client connection block, + * it takes precedence over the global setting. */ + if (o->mode == MODE_POINT_TO_POINT && o->ce.local_port_defined) + { + port = o->ce.local_port; + } + if (c->mode == CM_CHILD_TCP || c->mode == CM_CHILD_UDP) { struct link_socket *tmp_sock = NULL;