You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The tls-crypt-v2 hmac cookie support in #158 works fine, but it is somewhat brittle. For the CONTROL_WKC_V1 packet it is important it arrives first before any subsequent CONTROL_V1 packets as the server will not know how to decrypt and authenticate them. We don't do any particular effort to ensure the CONTROL_WKC_V1 packet has arrived before sending any remaining CONTROL_V1 or ACK_V1 packets - which OpenVPN seems to do.
I'm not sure how much this affects the reliability. It would be nice to test this with (artificial) packet loss.
The text was updated successfully, but these errors were encountered:
The tls-crypt-v2 hmac cookie support in #158 works fine, but it is somewhat brittle. For the
CONTROL_WKC_V1packet it is important it arrives first before any subsequentCONTROL_V1packets as the server will not know how to decrypt and authenticate them. We don't do any particular effort to ensure theCONTROL_WKC_V1packet has arrived before sending any remainingCONTROL_V1orACK_V1packets - which OpenVPN seems to do.I'm not sure how much this affects the reliability. It would be nice to test this with (artificial) packet loss.
The text was updated successfully, but these errors were encountered: