openvpn icon indicating copy to clipboard operation
openvpn copied to clipboard

Published 20 hours ago verified publisher icon OpenVPN

SOCKS proxy 5 second handshake/auth/connect hard-coded timeout

Open ValdikSS opened this issue 2 years ago • 1 comments

Describe the bug OpenVPN 2.5, 2.6 and master have a hard-coded timeout of 5 seconds for SOCKS communications, which may not be enough for slow proxies, such as when the connection is performed over Tor.

To Reproduce

  1. Setup OpenVPN server using TCP
  2. Configure Tor Hidden Service to that server
  3. On another machine, configure client to Tor hidden service VPN using Tor's SOCKS port socks-proxy 127.0.0.1 9050

Expected behavior Proxy timeout follow --server-poll-timeout value

--server-poll-timeout n When connecting to a remote server do not wait for more than n seconds for a response before trying the next server. The de‐fault value is 120s. This timeout includes proxy and TCP connect timeouts.

Actual behavior Socks code has a 5 second hard-coded timeout in numerous places https://github.com/OpenVPN/openvpn/blob/9c52e0c610ef1229561c2d038ca41fe2cbefe8da/src/openvpn/socks.c#L95 https://github.com/OpenVPN/openvpn/blob/9c52e0c610ef1229561c2d038ca41fe2cbefe8da/src/openvpn/socks.c#L194 https://github.com/OpenVPN/openvpn/blob/9c52e0c610ef1229561c2d038ca41fe2cbefe8da/src/openvpn/socks.c#L312

ValdikSS avatar Mar 02 '23 08:03 ValdikSS