diff options
| author | Enrico Scholz <enrico.scholz@sigma-chemnitz.de> | 2010-02-28 14:40:57 +0100 |
|---|---|---|
| committer | David Sommerseth <dazo@users.sourceforge.net> | 2010-03-01 23:30:18 +0100 |
| commit | 9bd1cd1b0014041ebff2c2bc9d5614d0bec5f6db (patch) | |
| tree | 48bbd3931eaeedb60da6a4abe448341ddbe6470e /options.c | |
| parent | 1ed4098663cc0fc5457bd2f6e67b44c0b24e6f6c (diff) | |
| download | openvpn-9bd1cd1b0014041ebff2c2bc9d5614d0bec5f6db.tar.gz openvpn-9bd1cd1b0014041ebff2c2bc9d5614d0bec5f6db.tar.xz openvpn-9bd1cd1b0014041ebff2c2bc9d5614d0bec5f6db.zip | |
Allow 'lport 0' setup for random port binding
I am running a multihomed host where 'local <extip>' must be specified
for proper operation. Unfortunately, this implies 'lport 1194' or
another static port.
This causes problems with stateful firewalls which register the host/port
pairs in the internal connection tracking table. On ungraceful reconnects,
the new TCP connection will have same the host/port pairs but unexpected
sequence numbers. The new connection will be assumed as invalid hence and
be dropped.
It would be nice when local port can be configured to be bound to a
random port number. After reading code,
| else if (streq (p[0], "lport") && p[1])
| ...
| port = atoi (p[1]);
|- if (!legal_ipv4_port (port))
|+ if (port != 0 && !legal_ipv4_port (port))
| {
in options.c seems to be the only required change.
This has been discussed here:
<http://thread.gmane.org/gmane.network.openvpn.user/28622>
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
Acked-by: Gert Doering <gert@greenie.muc.de>
Diffstat (limited to 'options.c')
| -rw-r--r-- | options.c | 2 |
1 files changed, 1 insertions, 1 deletions
@@ -4072,7 +4072,7 @@ add_option (struct options *options, VERIFY_PERMISSION (OPT_P_GENERAL|OPT_P_CONNECTION); port = atoi (p[1]); - if (!legal_ipv4_port (port)) + if ((port != 0) && !legal_ipv4_port (port)) { msg (msglevel, "Bad local port number: %s", p[1]); goto err; |