[2.6 beta1 w/ dco] server side explicit-exit-notify not working

[Originalimoc]

---

server client both 2.6 beta1 w/ dco
server config:

daemon
port 1080
proto udp
float
explicit-exit-notify 1
tun-mtu 1428
dev tun21
txqueuelen 1000
client-config-dir /etc/openvpn/ccd1
persist-tun
persist-key
data-ciphers AES-128-GCM
auth SHA512
auth-nocache
allow-compression no
tls-crypt tlscrypt.key
ca ca.crt
cert server.crt
key server.key
dh dh.pem
remote-cert-eku "TLS Web Client Authentication"
reneg-sec 0
hand-window 5
tran-window 86000
server 10.0.0.0 255.255.255.0
block-ipv6
topology subnet
client-to-client
replay-window 5000 3
connect-retry 3 15
ping 0
ping-restart 3600
sndbuf 11796480
rcvbuf 11796480
mlock
push "sndbuf 11796480"
push "rcvbuf 11796480"

client config:

daemon
dev tun11
persist-tun
proto udp
tun-mtu 1428
remote 127.0.0.1 1080
nobind
explicit-exit-notify 2
connect-retry 1 3
client
allow-compression no
data-ciphers AES-128-GCM
auth SHA512
auth-nocache
script-security 2
remote-cert-tls server
tls-crypt tlscrypt.key
ca ca.crt
cert main1.crt
key main1.key
reneg-sec 0
hand-window 5
tran-window 86000
persist-key
ping 0
ping-restart 3600
replay-window 5000 3
mute 20
mlock

Describe the bug/To Reproduce
Establish a TLS config connection first
then send server a SIGUSR1/SIGHUP/SIGTERM
server will log(this one is SIGTERM):

2022-12-07 11:26:09 event_wait : Interrupted system call (fd=-1,code=4)
2022-12-07 11:26:09 SENT CONTROL [Client]: 'RESTART' (status=1)
2022-12-07 11:26:11 Closing DCO interface

but client receives nothing/log nothing, need a manual SIGUSR1 on client to reestablish connection.

Expected behavior
Client receives RESTART then generates an internal SIGUSR1. This makes client will reconnect after server reboot.

Version information (please complete the following information):

• Server OS: Ubuntu 20/22 5.15.0-1026-aws/5.4.0-135-generic/5.15.0-56-generic
• Client OS: Ubuntu 22 5.15.0-56-generic
• OpenVPN version: 2.6 beta1 w/ dco

[cron2]

Do not randomly open new issues for the same problem.

This is a duplicate of #189 and what we wrote there still holds - remove all the bits from your config that should not be there (hand-window 5, reneg-sec, tran-window, connect-retry with very aggressive timers, etc.).

[Originalimoc]

I want to start clean, this time disable reneg.

[Originalimoc]

IT'S NOT THERE.

[cron2]

There is a boatload of lines in your config that should not be there - no matter if reneg-sec is in that list right now or not. About half the lines could go out, and make the resulting config work the same or better, letting OpenVPN pick values that are much better tested.

Let me be more blunt, dutch style: we are not interested in debugging problems that are caused by randomly copy-pasting ill-understood options together. We have better things to do.

[schwabe]

And you still refusing to provide complete log files. I asked for them several times.