Apply the connect-retry backoff to only one side of a connection

p2p connections with both ends backing off seldom succeed as their connection attempt durations becomes increasingly unlikely to overlap when the retry wait time is long. Avoid this by applying the backoff logic only on TCP clients or the tls_client side for UDP. Regression warning: shared secret setups are left out of the backoff logic. Trac: #1010, #1384 Signed-off-by: Selva Nair <selva.nair@gmail.com> Acked-by: Gert Doering <gert@greenie.muc.de> Message-Id: <20210602194739.29488-1-selva.nair@gmail.com> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg22485.html Signed-off-by: Gert Doering <gert@greenie.muc.de> (cherry picked from commit 063d55a)
OpenVPN · Jun 17, 2021 · d8dee82 · d8dee82
1 parent ad4f8e3
commit d8dee82
Showing 1 changed file with 3 additions and 2 deletions.
diff --git a/src/openvpn/init.c b/src/openvpn/init.c
@@ -2455,8 +2455,9 @@ socket_restart_pause(struct context *c)
     }
 #endif
 
-    /* Slow down reconnection after 5 retries per remote -- for tcp only in client mode */
-    if (c->options.ce.proto != PROTO_TCP_SERVER)
+    /* Slow down reconnection after 5 retries per remote -- for TCP client or UDP tls-client only */
+    if (c->options.ce.proto == PROTO_TCP_CLIENT
+        || (c->options.ce.proto == PROTO_UDP && c->options.tls_client))
     {
         backoff = (c->options.unsuccessful_attempts / c->options.connection_list->len) - 4;
         if (backoff > 0)