Disable UDP protocol by default for OpenVPN tunnels

UDP protocol is useless if nothing is done to prevent fragmentation. Otherwise, it is at best unefficient. There exist routers on the internet that filter fragmented packets with specific data. This is hard to debug because TCP connections hang randomly when there is no OpenVPN encryption. Now, only TCP is enabled by default. A second protocol should be there for better performance when possible, either existing UDP one (provided it is guaranteed there is no fragmentation) or something better (GRE ?).

Disable UDP protocol by default for OpenVPN tunnels
UDP protocol is useless if nothing is done to prevent fragmentation. Otherwise, it is at best unefficient. There exist routers on the internet that filter fragmented packets with specific data. This is hard to debug because TCP connections hang randomly when there is no OpenVPN encryption. Now, only TCP is enabled by default. A second protocol should be there for better performance when possible, either existing UDP one (provided it is guaranteed there is no fragmentation) or something better (GRE ?).
cd653523 · Julien Muchembled · a6be6881 · cd653523 · cd653523 · cd653523
Commit cd653523 authored Nov 20, 2013 by Julien Muchembled
9 changed files
--- a/demo/m1/re6stnet.conf
+++ b/demo/m1/re6stnet.conf
 log m1/
 state m1/
 babel-pidfile m1/babeld.pid
-pp 1194 udp
+pp 1194 tcp
 hello 4
 dh dh2048.pem
 ca ca.crt

--- a/demo/m2/re6stnet.conf
+++ b/demo/m2/re6stnet.conf
 log m2/
 state m2/
 babel-pidfile m2/babeld.pid
-pp 1194 udp
+pp 1194 tcp
 hello 4
 dh dh2048.pem
 ca ca.crt

--- a/demo/m3/re6stnet.conf
+++ b/demo/m3/re6stnet.conf
 log m3/
 state m3/
 babel-pidfile m3/babeld.pid
-pp 1194 udp
+pp 1194 tcp
 hello 4
 dh dh2048.pem
 ca ca.crt

--- a/demo/m4/re6stnet.conf
+++ b/demo/m4/re6stnet.conf
 log m4/
 state m4/
 babel-pidfile m4/babeld.pid
-pp 1194 udp
+pp 1194 tcp
 hello 4
 dh dh2048.pem
 ca ca.crt

--- a/demo/m6/re6stnet.conf
+++ b/demo/m6/re6stnet.conf
 log m6/
 state m6/
 babel-pidfile m6/babeld.pid
-pp 1194 udp
+pp 1194 tcp
 hello 4
 dh dh2048.pem
 ca ca.crt

--- a/demo/m7/re6stnet.conf
+++ b/demo/m7/re6stnet.conf
 log m7/
 state m7/
 babel-pidfile m7/babeld.pid
-pp 1194 udp
+pp 1194 tcp
 hello 4
 dh dh2048.pem
 ca ca.crt

--- a/demo/m8/re6stnet.conf
+++ b/demo/m8/re6stnet.conf
@@ -6,4 +6,4 @@ ca ca.crt
 cert m8/cert.crt
 key m8/cert.key
 table 0
-client 10.0.1.2,1194,udp;10.0.1.3,1194,udp
+client 10.0.1.2,1194,tcp;10.0.1.3,1194,tcp
--- a/re6st-conf
+++ b/re6st-conf
@@ -156,8 +156,6 @@ ca %s
 cert %s
 key %s
 dh %s
-# for udp only:
-#pp 1194 udp
 # increase re6stnet verbosity:
 #verbose 3
 # enable OpenVPN logging:

--- a/re6stnet
+++ b/re6stnet
@@ -107,8 +107,10 @@ def getConfig():
    _('--remote-gateway', action='append', dest='gw_list',
        help="Force each tunnel to be created through one the given gateways,"
             " in a round-robin fashion.")
-    _('--disable-proto', action='append', choices=('udp', 'tcp'), default=[],
-        help="Do never try to create tunnels using given protocols.")
+    _('--disable-proto', action='append', choices=('none', 'udp', 'tcp'),
+        default=['udp'],
+        help="Do never try to create tunnels using given protocols."
+             " 'none' has precedence over other options.")
    _('--client', metavar='HOST,PORT,PROTO[;...]',
        help="Do not run any OpenVPN server, but only 1 OpenVPN client,"
             " with specified remotes. Any other option not required in this"
@@ -192,6 +194,8 @@ def main():
    if config.max_clients is None:
        config.max_clients = config.client_count * 2

+    if 'none' in config.disable_proto:
+        config.disable_proto = ()
    address = []
    server_tunnels = {}
    if config.client:
@@ -199,8 +203,13 @@ def main():
    elif config.max_clients:
        if config.pp:
            pp = [(int(port), proto) for port, proto in config.pp]
+            for port, proto in pp:
+                if proto in config.disable_proto:
+                    sys.exit("error: conflicting options --disable-proto %s"
+                             " and --pp %u %s" % (proto, port, proto))
        else:
-            pp = (1194, 'udp'), (1194, 'tcp')
+            pp = [x for x in ((1194, 'udp'), (1194, 'tcp'))
+                    if x[1] not in config.disable_proto]
        ip_changed = lambda ip: [(ip, str(port), proto) for port, proto in pp]
        if config.gw_list:
          gw_list = deque(config.gw_list)
@@ -306,10 +315,14 @@ def main():
            ip('addrlabel', 'prefix', my_network, 'label', '99')
            # prepare persistent interfaces
            if config.client:
+                address_list = [x for x in utils.parse_address(config.client)
+                                  if x[2] not in config.disable_proto]
+                if not address_list:
+                    sys.exit("error: --disable_proto option disables"
+                             " all addresses given by --client")
                cleanup.append(plib.client('re6stnet',
-                    utils.parse_address(config.client),
-                    config.encrypt, '--ping-restart', str(timeout),
-                    *config.openvpn_args).stop)
+                    address_list, config.encrypt, '--ping-restart',
+                    str(timeout), *config.openvpn_args).stop)
            elif server_tunnels:
                required('dh')
                for iface, (port, proto) in server_tunnels.iteritems():