[Openvpn-users] TCP port bindings

[Ewan Bhamrah Harley <ewan@xxxxxxxxxxxxxxx>]

I've written a patch to enable the 'local' and 'lport' options on tcp-client
and proxied connections - the current behaviour is for all such connections
to implicitly assume the 'nobind' option. James has suggested I extend the
patch to add a 'bind' option to allow the desired binding states to be
exactly specified. 

However, I'm not sure of the best way for the defaults to work so am looking
for comments.

The current defaults are that all udp connections and tcp-server connections
default to bind behaviour (using INADDR_ANY and the default port unless
otherwise specified) while tcp-client connections and udp client connections
using a socks proxy both default to nobind. 

Looking at servers first, I find it difficult to think of a situation where
you'd want nobind behaviour at all on a server. Openvpn currently doesn't
allow nobind to be specified on server configurations and unless anyone has
a convincing reason otherwise I see no good reason to change that.

With clients, nobind behaviour is the default for most TCP/UDP applications.
Openvpn is currently inconsistent as going with the general default for TCP
but against it for UDP (except when a socks proxy is used, which uses an
underlying tcp connection anyway).

My feeling is to leave the defaults as they are, despite the
inconsistencies, but would be interested to hear what others think. Does
anyone think it would be better to default both connection types to the same
behaviour and, if so, should the default be nobind or bind.

Rgds
Ewan

____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users