diff options
| -rw-r--r-- | init.c | 9 | ||||
| -rw-r--r-- | openvpn.8 | 14 | ||||
| -rw-r--r-- | options.c | 8 | ||||
| -rw-r--r-- | options.h | 1 | ||||
| -rw-r--r-- | socket.c | 9 | ||||
| -rw-r--r-- | socket.h | 2 |
6 files changed, 42 insertions, 1 deletions
@@ -1811,6 +1811,7 @@ do_init_socket_1 (struct context *c, int mode) c->plugins, c->options.resolve_retry_seconds, c->options.connect_retry_seconds, + c->options.connect_retry_max, c->options.mtu_discover_type, c->options.rcvbuf, c->options.sndbuf, @@ -2371,6 +2372,14 @@ init_instance_handle_signals (struct context *c, const struct env_set *env, cons pre_init_signal_catch (); init_instance (c, env, flags); post_init_signal_catch (); + + /* + * This is done so that signals thrown during + * initialization can bring us back to + * a management hold. + */ + if (IS_SIG (c)) + uninit_management_callback (); } /* @@ -119,6 +119,7 @@ openvpn \- secure IP tunnel daemon. [\ \fB\-\-config\fR\ \fIfile\fR\ ] [\ \fB\-\-connect\-freq\fR\ \fIn\ sec\fR\ ] [\ \fB\-\-connect\-retry\fR\ \fIn\fR\ ] +[\ \fB\-\-connect\-retry\-max\fR\ \fIn\fR\ ] [\ \fB\-\-crl\-verify\fR\ \fIcrl\fR\ ] [\ \fB\-\-cryptoapicert\fR\ \fIselect\-string\fR\ ] [\ \fB\-\-daemon\fR\ \fI[progname]\fR\ ] @@ -553,7 +554,9 @@ started with will attempt to connect, and if that fails, will sleep for 5 seconds (adjustable via the .B --connect-retry -option) and try again. Both TCP client and server will simulate +option) and try again infinite or up to N retries (adjustable via the +.B --connect-retry-max +option). Both TCP client and server will simulate a SIGUSR1 restart signal if either side resets the connection. OpenVPN is designed to operate optimally over UDP, but TCP capability is provided @@ -582,6 +585,15 @@ number of seconds to wait between connection retries (default=5). .\"********************************************************* .TP +.B --connect-retry-max n +For +.B --proto tcp-client, +take +.B n +as the +number of retries of connection attempt (default=infinite). +.\"********************************************************* +.TP .B --http-proxy server port [authfile] [auth-method] Connect to remote host through an HTTP proxy at address .B server @@ -95,6 +95,7 @@ static const char usage_message[] = " p = udp (default), tcp-server, or tcp-client\n" "--connect-retry n : For --proto tcp-client, number of seconds to wait\n" " between connection retries (default=%d).\n" + "--connect-retry-max n : Maximum connection attempt retries, default infinite.\n" #ifdef ENABLE_HTTP_PROXY "--http-proxy s p [up] [auth] : Connect to remote host through an HTTP proxy at\n" " address s and port p. If proxy authentication is required,\n" @@ -586,6 +587,7 @@ init_options (struct options *o) o->topology = TOP_NET30; o->proto = PROTO_UDPv4; o->connect_retry_seconds = 5; + o->connect_retry_max = 0; o->local_port = o->remote_port = OPENVPN_PORT; o->verbosity = 1; o->status_file_update_freq = 60; @@ -1086,6 +1088,7 @@ show_settings (const struct options *o) SHOW_INT (resolve_retry_seconds); SHOW_INT (connect_retry_seconds); + SHOW_INT (connect_retry_max); SHOW_STR (username); SHOW_STR (groupname); @@ -3218,6 +3221,11 @@ add_option (struct options *options, options->connect_retry_seconds = positive_atoi (p[1]); options->connect_retry_defined = true; } + else if (streq (p[0], "connect-retry-max") && p[1]) + { + VERIFY_PERMISSION (OPT_P_GENERAL); + options->connect_retry_max = positive_atoi (p[1]); + } else if (streq (p[0], "ipchange") && p[1]) { VERIFY_PERMISSION (OPT_P_SCRIPT); @@ -147,6 +147,7 @@ struct options /* Protocol type (PROTO_UDP or PROTO_TCP) */ int proto; int connect_retry_seconds; + int connect_retry_max; bool connect_retry_defined; /* Advanced MTU negotiation and datagram fragmentation options */ @@ -721,9 +721,11 @@ socket_connect (socket_descriptor_t *sd, const char *remote_dynamic, bool *remote_changed, const int connect_retry_seconds, + const int connect_retry_max, volatile int *signal_received) { struct gc_arena gc = gc_new (); + int retry = 0; msg (M_INFO, "Attempting to establish TCP connection with %s", print_sockaddr (remote, &gc)); @@ -732,6 +734,9 @@ socket_connect (socket_descriptor_t *sd, const int status = connect (*sd, (struct sockaddr *) &remote->sa, sizeof (remote->sa)); + if (connect_retry_max != 0 && retry++ >= connect_retry_max) + *signal_received = SIGUSR1; + get_signal (signal_received); if (*signal_received) goto done; @@ -987,6 +992,7 @@ link_socket_init_phase1 (struct link_socket *sock, const struct plugin_list *plugins, int resolve_retry_seconds, int connect_retry_seconds, + int connect_retry_max, int mtu_discover_type, int rcvbuf, int sndbuf, @@ -1017,6 +1023,7 @@ link_socket_init_phase1 (struct link_socket *sock, sock->inetd = inetd; sock->resolve_retry_seconds = resolve_retry_seconds; sock->connect_retry_seconds = connect_retry_seconds; + sock->connect_retry_max = connect_retry_max; sock->mtu_discover_type = mtu_discover_type; #ifdef ENABLE_DEBUG @@ -1215,6 +1222,7 @@ link_socket_init_phase2 (struct link_socket *sock, remote_dynamic, &remote_changed, sock->connect_retry_seconds, + sock->connect_retry_max, signal_received); if (*signal_received) @@ -1255,6 +1263,7 @@ link_socket_init_phase2 (struct link_socket *sock, remote_dynamic, &remote_changed, sock->connect_retry_seconds, + sock->connect_retry_max, signal_received); if (*signal_received) @@ -189,6 +189,7 @@ struct link_socket int resolve_retry_seconds; int connect_retry_seconds; + int connect_retry_max; int mtu_discover_type; struct socket_buffer_size socket_buffer_sizes; @@ -299,6 +300,7 @@ link_socket_init_phase1 (struct link_socket *sock, const struct plugin_list *plugins, int resolve_retry_seconds, int connect_retry_seconds, + int connect_retry_max, int mtu_discover_type, int rcvbuf, int sndbuf, |