upstream/opnsense-src
1
0
Fork 0
mirror of https://github.com/opnsense/src.git synced 2026-06-12 10:10:24 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

if_ovpn: improve reconnect handling

Browse source 
When a DCO client reconnects (e.g. on server restart) OpenVPN may create a new
socket rather than reusing the existing one. This used to be rejected because we
expect all peers to use the same socket. However, if there are no peers it's
safe to release the previous socket and install the tunnel function on the new
one.

See also:	https://redmine.pfsense.org/issues/15928
MFC after:	2 weeks
Sponsored by:	Rubicon Communications, LLC ("Netgate")

(cherry picked from commit 3624de5394)
This commit is contained in:
Kristof Provost 2024-12-18 17:10:29 +01:00
parent 0fd06bd44a
commit e0a1a2e47f
1 changed files with 14 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

16
sys/net/if_ovpn.c
View file

@ -628,8 +628,20 @@ ovpn_new_peer(struct ifnet *ifp, const nvlist_t *nvl)
}
/* Must be the same socket as for other peers on this interface. */
if (sc->so != NULL && so != sc->so)
goto error_locked;
if (sc->so != NULL && so != sc->so) {
if (! RB_EMPTY(&sc->peers)) {
ret = EBUSY;
goto error_locked;
}
/*
* If we have no peers we can safely release the socket and accept
* a new one.
*/
ret = udp_set_kernel_tunneling(sc->so, NULL, NULL, NULL);
sorele(sc->so);
sc->so = NULL;
}
if (sc->so == NULL)
sc->so = so;