Project

General

Profile

Actions

Todo #11684

closed

Set ``explicit-exit-notify`` option by default for new OpenVPN server instances

Added by Viktor Gurov almost 4 years ago. Updated about 3 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
Viktor Gurov
Category:
OpenVPN
Target version:
Start date:
03/16/2021
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
22.01
Release Notes:
Default

Description

https://openvpn-users.narkive.com/bjhC5hVo/tls-error-local-remote-tls-keys-are-out-of-sync#post8:
Suppose you have a UDP OpenVPN connection between "Client" and "Server".
If Client is restarted, because it is a client, it will renegotiate new
TLS keys with the server, and the keys will immediately be in sync.
However if the Server is restarted, it will not know that it must force a
key renegotiation with a previously connected client because servers don't
initiate connections, they wait for them to be initiated by clients.

Actions #2

Updated by Jim Pingle almost 4 years ago

  • Status changed from New to Pull Request Review
  • Target version set to CE-Next
Actions #3

Updated by Jim Pingle over 3 years ago

  • Plus Target Version set to 21.05
Actions #4

Updated by Jim Pingle over 3 years ago

  • Target version changed from CE-Next to 2.5.2
  • Plus Target Version changed from 21.05 to 21.09

Moving ahead.

Actions #5

Updated by Renato Botelho over 3 years ago

  • Status changed from Pull Request Review to Feedback
  • Assignee set to Viktor Gurov

PR has been merged 3 weeks ago and is already present on 2.5.2

Actions #6

Updated by Jim Pingle over 3 years ago

  • Tracker changed from Bug to Todo
  • Subject changed from add the "explicit-exit-notify" option as a default for OpenVPN Server instances to Set ``explicit-exit-notify`` option by default for new OpenVPN server instances
  • Affected Version deleted (2.5.0)

Updating subject for release notes.

Actions #7

Updated by Chris Linstruth over 3 years ago

This is not enabled for new servers created by the Remote Access Wizard.

Reconnect to this server / Retry once is enabled by default in the webgui form for manual server creation.

Actions #8

Updated by Renato Botelho over 3 years ago

Chris Linstruth wrote:

This is not enabled for new servers created by the Remote Access Wizard.

Reconnect to this server / Retry once is enabled by default in the webgui form for manual server creation.

Fixed on both 2.6.0 and 2.5.2

Actions #9

Updated by Renato Botelho over 3 years ago

  • Status changed from Feedback to Resolved

Confirmed fix on wizard

Actions #10

Updated by Jim Pingle about 3 years ago

  • Plus Target Version changed from 21.09 to 22.01
Actions

Also available in: Atom PDF