OpenVPN Support Forum

Community Support Forum
https://forums.openvpn.net/

failure in the manual of OpenVPN + question about float

https://forums.openvpn.net/viewtopic.php?t=9

Page 1 of 1

failure in the manual of OpenVPN + question about float

Posted: Sun Sep 14, 2008 7:22 pm
by tobias
Hello,

I think there is a failure in the manuals on openvpn.org.
They write there, that the pings are send over the control channel:

*--ping n*
Ping remote over the TCP/UDP control channel if no packets have been
sent for at least *n* seconds (


but there are some reasons why the pings are send over the data channel:
-p2p mode dont has a control channel:

Packet opcode/key_id (8 bits) -- TLS only, not used in
* pre-shared secret mode.

-both sites must send the ping. if it would be send over control channel, the sender would get an ACK and so the other peer dont have to send the ping too.
- in the logs the pings come in P_DATA_V1, there is no P_CONTROL_ACK or something. There is no op code for a ping. I think it comes on the data channel with a speciale bit sequence.

What do you say ?


Regards
Tobias

Posted: Wed Sep 17, 2008 6:44 am
by krzee
personally i have no clue, is there a reason it matters for you?

Posted: Wed Sep 17, 2008 9:21 am
by tobias
yes, because i am writing my diplomarbeit about this. I am quite sure the keepalives are send over data channel. You must only look in the log files. there is no Control_Packet wenn keepalives are send.

It would be nice if someone could test it

Posted: Wed Oct 15, 2008 9:52 pm
by krzee
Here was Jan's response to you on the mail list:

-----------------
I saw the question the first time but filed it away as I didn't have a
clue. I must confess that I still don't have a clue. Perhaps someone on
the openvpn-devel list can answer this question?
All I can say is that 'p2p' mode vs 'client/server' mode shows the
history of openvpn a bit: p2p mode was the first mode that was supported
(openvpn v1) and 'client/server' mode came with openvpn 2.0 . There are
quite a few options available in the client/server set up that do more
or less the same thing in p2p mode. The 'ping' flag seems to be one of
them.
Remember that in p2p mode you have predefined endpoints , which are
completely useless for the purpose that you originally looked at Openvpn.

cheers,

JJK

-----------------

So it seems this could be left-over from the days of p2p mode. They should be more careful to be correct when they say how the internals work, but otherwise I dont see that this effects anything.
-krzee
All times are UTC
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/