Package: openvpn Version: 2.7.0-1 Severity: normal Hi. Option "lport" worked inside <connection>..</connection> blocks in versions up to 2.6.15, and is broken in all 2.7.x (since alpha1-1). Example of typical configuration:
<connection> remote some.openvpn.srv 1234 udp lport 54321 </connection> should result in src_port=54321 in UDP packets. It works in 2.6.x, but in 2.7.x versions src_port is set to global default (1194). OpenVPN manual says: | The following OpenVPN options may be used inside of a <connection> | block: | | bind, connect-retry, connect-retry-max, connect-timeout, ex‐ | plicit-exit-notify, float, fragment, http-proxy, http-proxy-option, | key-direction, link-mtu, local, lport, mssfix, mtu-disc, nobind, port, | proto, remote, rport, socks-proxy, tls-auth, tls-crypt, tls-crypt-v2, | tun-mtu and, tun-mtu-extra. | | A defaulting mechanism exists for specifying options to apply to all | <connection> profiles. If any of the above options (with the exception | of remote ) appear outside of a <connection> block, but in a configura‐ | tion file which has one or more <connection> blocks, the option setting | will be used as a default for <connection> blocks which follow it in the | configuration file. If the lport value is redefined globally (outside <connection> blocks), it is applied for all blocks in 2.7.x, regardless of local definitions. In 2.6.x local definition supersede global default, as it should be. Ignorance of other directives inside <connection> is desirable to be checked for versions 2.7.x. Tested on amd64 systems. -- Eugene Berdnikov
