diff options
| author | Arne Schwabe | 2023-10-09 12:53:36 +0200 |
|---|---|---|
| committer | Gert Doering | 2023-10-18 12:00:29 +0200 |
| commit | 2574ae5e6961ed5b39531a7f98e537f72f87bcfb (patch) | |
| tree | 1052de8fff90765263ea3dd084bc7dfcee80e745 | |
| parent | e8e5f8a4c4f8e01dc7317ac87a85d3204882d6bf (diff) | |
| download | openvpn-2574ae5e6961ed5b39531a7f98e537f72f87bcfb.zip openvpn-2574ae5e6961ed5b39531a7f98e537f72f87bcfb.tar.gz | |
Add warning if a p2p NCP client connects to a p2mp server
Change-Id: I85ae4e1167e1395b4f59d5d0ecf6c38befcaa8a7
Acked-by: Frank Lichtenheld <frank@lichtenheld.com>
Message-Id: <20231009105336.34267-1-frank@lichtenheld.com>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg27191.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
| -rw-r--r-- | src/openvpn/multi.c | 9 | ||||
| -rw-r--r-- | src/openvpn/ssl_ncp.c | 6 | ||||
| -rw-r--r-- | src/openvpn/ssl_ncp.h | 2 |
3 files changed, 13 insertions, 4 deletions
diff --git a/src/openvpn/multi.c b/src/openvpn/multi.c index 0d4e6f9..8b490ed 100644 --- a/src/openvpn/multi.c +++ b/src/openvpn/multi.c @@ -1811,6 +1811,15 @@ multi_client_set_protocol_options(struct context *c) return false; } + /* Print a warning if we detect the client being in P2P mode and will + * not accept our pushed ciphers */ + if (proto & IV_PROTO_NCP_P2P) + { + msg(M_WARN, "Note: peer reports running in P2P mode (no --pull/--client" + "option). It will not negotiate ciphers with this server. " + "Expect this connection to fail."); + } + if (proto & IV_PROTO_REQUEST_PUSH) { c->c2.push_request_received = true; diff --git a/src/openvpn/ssl_ncp.c b/src/openvpn/ssl_ncp.c index dafaef1..0ca6d42 100644 --- a/src/openvpn/ssl_ncp.c +++ b/src/openvpn/ssl_ncp.c @@ -24,7 +24,7 @@ */ /** - * @file Control Channel SSL/Data dynamic negotion Module + * @file Control Channel SSL/Data dynamic negotiation Module * This file is split from ssl.c to be able to unit test it. */ @@ -258,8 +258,8 @@ ncp_get_best_cipher(const char *server_list, const char *peer_info, const char *peer_ncp_list = tls_peer_ncp_list(peer_info, &gc_tmp); - /* non-NCP client without OCC? "assume nothing" */ - /* For client doing the newer version of NCP (that send IV_CIPHER) + /* non-NCP clients without OCC? "assume nothing" */ + /* For client doing the newer version of NCP (that send IV_CIPHERS) * we cannot assume that they will accept remote_cipher */ if (remote_cipher == NULL || (peer_info && strstr(peer_info, "IV_CIPHERS="))) diff --git a/src/openvpn/ssl_ncp.h b/src/openvpn/ssl_ncp.h index d27ed24..de7a0e4 100644 --- a/src/openvpn/ssl_ncp.h +++ b/src/openvpn/ssl_ncp.h @@ -23,7 +23,7 @@ */ /** - * @file Control Channel SSL/Data dynamic negotion Module + * @file Control Channel SSL/Data dynamic negotiation Module * This file is split from ssl.h to be able to unit test it. */ |