[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Web openvpn.net

Re: [Openvpn-users] Maximum PUSH options size problem

  • Subject: Re: [Openvpn-users] Maximum PUSH options size problem
  • From: Mathias Sundman <mathias@xxxxxxxxxx>
  • Date: Wed, 19 Jan 2005 13:03:42 +0100 (CET)

On Wed, 19 Jan 2005, James Yonan wrote:

On Tue, 18 Jan 2005, James Yonan wrote:

On Tue, 18 Jan 2005, Mathias Sundman wrote:

Two things:

1. I have a site where I push a lot of routes, and no, I don't want to
redirect the default gw, and I can't aggregate any of these routes to a
larger one.

Today, I added a few more routes to my ccd file, which caused the PUSH
list to get bigger than 1024 bytes.

Is there a practical reason for this limit, or could the default value be
increased to perhaps 4096 or so in next 2.0-rc-release?

There are some minor practical issues, though I'd definitely like to see this limit raised or eliminated.

2. This error caused OpenVPN to terminate. That's not good, it caused all
my users to get disconnected. It would be enough if only new connections
are rejected if this happends.

What was the error message?

mathias/xxx.xx.xx.xx:3730 Maximum length of --push buffer (1024) has been exceeded mathias/xxx.xx.xx.xx:3730 Exiting

Agreed, this error should be nonfatal.

I don't want to rewrite this code to make the size dynamic for 2.0 because it feels like we're too late in the release cycle. One could certainly increase the fixed buffer size to 4096, but I'd rather not do that by default because for the vast majority of users, it will waste memory.

For 2.0, I would rather ask people who are pushing large routing tables
to rebuild OpenVPN with a higher constant.  I will make this easy in rc9
with a simple constant in a .h file which can be edited.

That's okay with me. Will I have to rebuild both the server and all clients, or is it enough with the server?

Mathias Sundman                  (^)   ASCII Ribbon Campaign
OpenVPN GUI for Windows           X    NO HTML/RTF in e-mail
http://www.nilings.se/openvpn    / \   NO Word docs in e-mail