diff options
| author | Selva Nair | 2016-07-05 11:32:50 -0400 |
|---|---|---|
| committer | Gert Doering | 2016-07-11 16:19:12 +0200 |
| commit | 5d429efd9720109b9c9f1265f5d351a75a401942 (patch) | |
| tree | 3ef9a6eca1081468ef2acbd61a340df5af0a354d /Changes.rst | |
| parent | 365506d1704f91f827f6e063dc87b325c40e9f29 (diff) | |
| download | openvpn-5d429efd9720109b9c9f1265f5d351a75a401942.zip openvpn-5d429efd9720109b9c9f1265f5d351a75a401942.tar.gz | |
Exponentially back off on repeated connect retries
- When the number of retries per remote exceeds a limit
(hard coded to 5), double the restart pause interval
for each additional retry per remote.
- Trigger a SIGHUP to reset the retry count when the pause
interval exceeds 1024 times the base value of restart pause.
(removed in v2 of the patch)
The base value of restart pause is set using --connect-retry
(5 seconds by default).
v2 changes (based on suggestions from Arne Schwabe <arne@rfc2549.org>)
- Do not throw SIGHUP.
- Add an optional argument to "--connect-retry n [m]" where 'm'
specifies the max value of restart pause interval (default
300 sec).
E.g., "--connect-retry 5 1800" will cause the restart pause to
scale up starting at 5 until it exceeds 1800 seconds at which
point it gets capped at 1800.
- If n == m no slow down will occur.
- While at it, fix typos and clarify the description of connect-retry-max
in the man page and Changes.rst
v3 changes (on further feedback from arne@rfc2549.org):
- Limiting the base value of retry wait interval to 16 bits moved
to options.c
- Apply backoff only in the udp and tcp-client modes. Backing off on
tcp-server could be exploited by a client in p2p-mode to maliciously
slow it down (thanks to Arne Schwabe for pointing this out.
- Fix typo in Changes.rst: "third argument" -> "second argument"
Signed-off-by: Selva Nair <selva.nair@gmail.com>
Acked-by: Arne Schwabe <arne@rfc2549.org>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <1467732770-19110-1-git-send-email-selva.nair@gmail.com>
URL: http://article.gmane.org/gmane.network.openvpn.devel/12050
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Diffstat (limited to 'Changes.rst')
| -rw-r--r-- | Changes.rst | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/Changes.rst b/Changes.rst index d12cdad..55fca95 100644 --- a/Changes.rst +++ b/Changes.rst @@ -75,8 +75,8 @@ User-visible Changes In --static mode connect-timeout specifies the timeout for TCP and proxy connection establishment -- connect-retry now specifies the maximum number of unsucessfully - trying all remote/connection entries before exiting. +- connect-retry-max now specifies the maximum number of unsuccessful + attempts of each remote/connection entry before exiting. - sndbuf and recvbuf default now to OS default instead of 64k @@ -120,6 +120,10 @@ User-visible Changes - --http-proxy-retry and --sock-proxy-retry have been removed. Proxy connections will now behave like regular connection entries and generate a USR1 on failure. +- --connect-retry gets an optional second argument that specifies the maximum + time in seconds to wait between reconnection attempts when an exponential + backoff is triggered due to repeated retries. Default = 300 seconds. + Maintainer-visible changes -------------------------- - OpenVPN no longer supports building with crypto support, but without TLS |