)]}'
{"id":"openvpn~1683","triplet_id":"openvpn~master~I0ba723d12d433e6e020588b7b0c3ba10bcf8c44f","project":"openvpn","branch":"master","attention_set":{"1000003":{"account":{"_account_id":1000003,"name":"plaisthos","display_name":"Arne Schwabe","email":"arne-openvpn@rfc2549.org","username":"plaisthos"},"last_update":"2026-05-20 08:23:37.000000000","reason":"Reviewer was added"},"1000001":{"account":{"_account_id":1000001,"name":"flichtenheld","display_name":"Frank Lichtenheld","email":"frank@lichtenheld.com","username":"flichtenheld","status":"OpenVPN Inc."},"last_update":"2026-05-21 13:52:50.000000000","reason":"Vote got outdated and was removed: Code-Review-1"}},"removed_from_attention_set":{"1000007":{"account":{"_account_id":1000007,"name":"ordex","display_name":"Antonio Quartulli","email":"antonio@mandelbit.com","username":"ordex"},"last_update":"2026-05-21 12:15:32.000000000","reason":"\u003cGERRIT_ACCOUNT_1000007\u003e replied on the change","reason_account":{"_account_id":1000007,"name":"ordex","display_name":"Antonio Quartulli","email":"antonio@mandelbit.com","username":"ordex"}}},"hashtags":[],"change_id":"I0ba723d12d433e6e020588b7b0c3ba10bcf8c44f","subject":"dco: remove iroute at client exit time instead of delayed exit","status":"NEW","created":"2026-05-20 08:23:36.000000000","updated":"2026-05-21 13:53:30.000000000","submit_type":"CHERRY_PICK","submittable":false,"total_comment_count":7,"unresolved_comment_count":0,"has_review_started":true,"meta_rev_id":"b184619179cb0400f7508b19a4b84ac4f5c11100","_number":1683,"virtual_id_number":1683,"owner":{"_account_id":1000007,"name":"ordex","display_name":"Antonio Quartulli","email":"antonio@mandelbit.com","username":"ordex"},"actions":{},"labels":{"Code-Review":{"all":[{"value":0,"permitted_voting_range":{"min":-2,"max":2},"_account_id":1000003,"name":"plaisthos","display_name":"Arne Schwabe","email":"arne-openvpn@rfc2549.org","username":"plaisthos"},{"value":0,"permitted_voting_range":{"min":-2,"max":2},"_account_id":1000001,"name":"flichtenheld","display_name":"Frank Lichtenheld","email":"frank@lichtenheld.com","username":"flichtenheld","status":"OpenVPN Inc."}],"values":{"-2":"This shall not be submitted","-1":"I would prefer this is not submitted as is"," 0":"No score","+1":"Looks good to me, but someone else must approve","+2":"Looks good to me, approved"},"description":"","default_value":0}},"removable_reviewers":[],"reviewers":{"REVIEWER":[{"_account_id":1000001,"name":"flichtenheld","display_name":"Frank Lichtenheld","email":"frank@lichtenheld.com","username":"flichtenheld","status":"OpenVPN Inc."},{"_account_id":1000003,"name":"plaisthos","display_name":"Arne Schwabe","email":"arne-openvpn@rfc2549.org","username":"plaisthos"}],"CC":[{"_account_id":1000026,"name":"openvpn-devel","email":"openvpn-devel@lists.sourceforge.net","username":"openvpn-devel"}]},"pending_reviewers":{},"reviewer_updates":[{"updated":"2026-05-20 08:23:37.000000000","updated_by":{"_account_id":1000007,"name":"ordex","display_name":"Antonio Quartulli","email":"antonio@mandelbit.com","username":"ordex"},"reviewer":{"_account_id":1000026,"name":"openvpn-devel","email":"openvpn-devel@lists.sourceforge.net","username":"openvpn-devel"},"state":"CC"},{"updated":"2026-05-20 08:23:37.000000000","updated_by":{"_account_id":1000007,"name":"ordex","display_name":"Antonio Quartulli","email":"antonio@mandelbit.com","username":"ordex"},"reviewer":{"_account_id":1000003,"name":"plaisthos","display_name":"Arne Schwabe","email":"arne-openvpn@rfc2549.org","username":"plaisthos"},"state":"REVIEWER"},{"updated":"2026-05-21 11:23:49.000000000","updated_by":{"_account_id":1000001,"name":"flichtenheld","display_name":"Frank Lichtenheld","email":"frank@lichtenheld.com","username":"flichtenheld","status":"OpenVPN Inc."},"reviewer":{"_account_id":1000001,"name":"flichtenheld","display_name":"Frank Lichtenheld","email":"frank@lichtenheld.com","username":"flichtenheld","status":"OpenVPN Inc."},"state":"REVIEWER"}],"messages":[{"id":"4fcbf646169df32da4c670ddd44a206499df01e5","tag":"autogenerated:gerrit:newPatchSet","author":{"_account_id":1000007,"name":"ordex","display_name":"Antonio Quartulli","email":"antonio@mandelbit.com","username":"ordex"},"date":"2026-05-20 08:23:36.000000000","message":"Uploaded patch set 1.","accounts_in_message":[],"_revision_number":1},{"id":"0de1e4cfee17a48239272895b0db8c8f5b256205","tag":"autogenerated:gerrit:newPatchSet","author":{"_account_id":1000007,"name":"ordex","display_name":"Antonio Quartulli","email":"antonio@mandelbit.com","username":"ordex"},"date":"2026-05-20 08:54:27.000000000","message":"Uploaded patch set 2: Patch Set 1 was rebased.","accounts_in_message":[],"_revision_number":2},{"id":"6b20487e1b3fd8113b9e6bd56bef8f9c58a9480e","tag":"autogenerated:gerrit:newPatchSet","author":{"_account_id":1000007,"name":"ordex","display_name":"Antonio Quartulli","email":"antonio@mandelbit.com","username":"ordex"},"date":"2026-05-20 20:21:53.000000000","message":"Uploaded patch set 3: Patch Set 2 was rebased.","accounts_in_message":[],"_revision_number":3},{"id":"c5b335ce0ea483f424cd4661b428f3dd07c00fda","tag":"autogenerated:gerrit:newPatchSet","author":{"_account_id":1000007,"name":"ordex","display_name":"Antonio Quartulli","email":"antonio@mandelbit.com","username":"ordex"},"date":"2026-05-21 10:06:43.000000000","message":"Uploaded patch set 4: Commit message was updated.","accounts_in_message":[],"_revision_number":4},{"id":"9c1cdf5de9ed4f7562c53afd1f28cb2dabba67cf","author":{"_account_id":1000001,"name":"flichtenheld","display_name":"Frank Lichtenheld","email":"frank@lichtenheld.com","username":"flichtenheld","status":"OpenVPN Inc."},"date":"2026-05-21 11:23:49.000000000","message":"Patch Set 4: Code-Review-1\n\n(2 comments)","accounts_in_message":[],"_revision_number":4},{"id":"e473e9d6331733e07772e9459fad9b772b7dff46","author":{"_account_id":1000007,"name":"ordex","display_name":"Antonio Quartulli","email":"antonio@mandelbit.com","username":"ordex"},"date":"2026-05-21 12:15:32.000000000","message":"Patch Set 4:\n\n(2 comments)","accounts_in_message":[],"_revision_number":4},{"id":"bfa0bb629e05904dabe8c4542d92e3f75382e653","tag":"autogenerated:gerrit:newPatchSet","author":{"_account_id":1000007,"name":"ordex","display_name":"Antonio Quartulli","email":"antonio@mandelbit.com","username":"ordex"},"date":"2026-05-21 13:52:50.000000000","message":"Uploaded patch set 5.\n\nOutdated Votes:\n* Code-Review-1 (copy condition: \"changekind:NO_CHANGE OR changekind:TRIVIAL_REBASE OR is:MIN\")\n","accounts_in_message":[],"_revision_number":5},{"id":"b184619179cb0400f7508b19a4b84ac4f5c11100","author":{"_account_id":1000007,"name":"ordex","display_name":"Antonio Quartulli","email":"antonio@mandelbit.com","username":"ordex"},"date":"2026-05-21 13:53:30.000000000","message":"Patch Set 4:\n\n(3 comments)","accounts_in_message":[],"_revision_number":4}],"current_revision_number":5,"current_revision":"a6f3f92a7bd0ef1c026f5ebe7684f9494cf2deb1","revisions":{"63dad7001bf173d7068cbb215f9a596ab2a75ea8":{"kind":"REWORK","_number":1,"created":"2026-05-20 08:23:36.000000000","uploader":{"_account_id":1000007,"name":"ordex","display_name":"Antonio Quartulli","email":"antonio@mandelbit.com","username":"ordex"},"ref":"refs/changes/83/1683/1","fetch":{"anonymous http":{"url":"http://gerrit.openvpn.net/openvpn","ref":"refs/changes/83/1683/1","commands":{"Branch":"git fetch http://gerrit.openvpn.net/openvpn refs/changes/83/1683/1 \u0026\u0026 git checkout -b change-1683 FETCH_HEAD","Checkout":"git fetch http://gerrit.openvpn.net/openvpn refs/changes/83/1683/1 \u0026\u0026 git checkout FETCH_HEAD","Cherry Pick":"git fetch http://gerrit.openvpn.net/openvpn refs/changes/83/1683/1 \u0026\u0026 git cherry-pick FETCH_HEAD","Format Patch":"git fetch http://gerrit.openvpn.net/openvpn refs/changes/83/1683/1 \u0026\u0026 git format-patch -1 --stdout FETCH_HEAD","Pull":"git pull http://gerrit.openvpn.net/openvpn refs/changes/83/1683/1","Reset To":"git fetch http://gerrit.openvpn.net/openvpn refs/changes/83/1683/1 \u0026\u0026 git reset --hard FETCH_HEAD"}}},"commit":{"parents":[{"commit":"f5af8cfaeaee954ba4a81d3dd3e571e030bf2d00","subject":"multi/dco: simplify dco_delete_iroutes call chain"}],"author":{"name":"Antonio Quartulli","email":"antonio@mandelbit.com","date":"2026-05-20 08:10:56.000000000","tz":120},"committer":{"name":"Antonio Quartulli","email":"antonio@mandelbit.com","date":"2026-05-20 08:23:17.000000000","tz":120},"subject":"dco: remove iroute at client exit time instead of delayed exit","message":"dco: remove iroute at client exit time instead of delayed exit\n\nWhen a exits (because it sent an EEN or because it\u0027s connection\ntimed out) OpenVPN will perform some minimal cleanup and will\nthen postpone the actual instance purge by 5 seconds.\n\nIf iroutes are configured for the exiting client, the actual DCO\niroutes removal is also postponed.\n\nIf during this time window the same client reconnects and a new\ninstance is created (for example because --duplicate-cn is set or\nbecause the same username is provided upon authentication) OpenVPN\nwill:\n\n* create the new client instance;\n* attempt adding the related DCO iroutes (which will fail because\n  EEXIST);\n* 5 seconds timeout fires -\u003e execute the delayed exit routine and\n  delete the DCO iroutes;\n* no iroutes exists anymore on the server despite the client being\n  fully connected.\n\nWith this patch we move the DCO iroutes deletion to the actual\nclient exit time in order to avoid racing with a possible addition\nbeing executed when the client reconnects. The new flow will be:\n\n* client exits (due to EEN or timeout)\n* DCO iroutes are immediately deleted\n* client re-connects -\u003e new instance created\n* DCO iroutes are added -\u003e SUCCESS\n* 5 seconds timeout fires -\u003e old instance client is fully purged\n* client is connected and iroutes are in place as expected\n\nThis issue was reported by OpenVPN Access Server developers after\nobserving erratic iroutes disappearance with DCO in place.\n\nChange-Id: I0ba723d12d433e6e020588b7b0c3ba10bcf8c44f\nSigned-off-by: Antonio Quartulli \u003cantonio@mandelbit.com\u003e\n"},"branch":"refs/heads/master"},"690581f8d5e83e8cc92f2bd06b43f8785d30ce50":{"kind":"TRIVIAL_REBASE","_number":2,"created":"2026-05-20 08:54:27.000000000","uploader":{"_account_id":1000007,"name":"ordex","display_name":"Antonio Quartulli","email":"antonio@mandelbit.com","username":"ordex"},"ref":"refs/changes/83/1683/2","fetch":{"anonymous http":{"url":"http://gerrit.openvpn.net/openvpn","ref":"refs/changes/83/1683/2","commands":{"Branch":"git fetch http://gerrit.openvpn.net/openvpn refs/changes/83/1683/2 \u0026\u0026 git checkout -b change-1683 FETCH_HEAD","Checkout":"git fetch http://gerrit.openvpn.net/openvpn refs/changes/83/1683/2 \u0026\u0026 git checkout FETCH_HEAD","Cherry Pick":"git fetch http://gerrit.openvpn.net/openvpn refs/changes/83/1683/2 \u0026\u0026 git cherry-pick FETCH_HEAD","Format Patch":"git fetch http://gerrit.openvpn.net/openvpn refs/changes/83/1683/2 \u0026\u0026 git format-patch -1 --stdout FETCH_HEAD","Pull":"git pull http://gerrit.openvpn.net/openvpn refs/changes/83/1683/2","Reset To":"git fetch http://gerrit.openvpn.net/openvpn refs/changes/83/1683/2 \u0026\u0026 git reset --hard FETCH_HEAD"}}},"commit":{"parents":[{"commit":"c5f02a68b6036a8c30e5e81704b1ffa417b26d83","subject":"multi/dco: simplify dco_delete_iroutes call chain"}],"author":{"name":"Antonio Quartulli","email":"antonio@mandelbit.com","date":"2026-05-20 08:10:56.000000000","tz":120},"committer":{"name":"Antonio Quartulli","email":"antonio@mandelbit.com","date":"2026-05-20 08:54:20.000000000","tz":120},"subject":"dco: remove iroute at client exit time instead of delayed exit","message":"dco: remove iroute at client exit time instead of delayed exit\n\nWhen a exits (because it sent an EEN or because it\u0027s connection\ntimed out) OpenVPN will perform some minimal cleanup and will\nthen postpone the actual instance purge by 5 seconds.\n\nIf iroutes are configured for the exiting client, the actual DCO\niroutes removal is also postponed.\n\nIf during this time window the same client reconnects and a new\ninstance is created (for example because --duplicate-cn is set or\nbecause the same username is provided upon authentication) OpenVPN\nwill:\n\n* create the new client instance;\n* attempt adding the related DCO iroutes (which will fail because\n  EEXIST);\n* 5 seconds timeout fires -\u003e execute the delayed exit routine and\n  delete the DCO iroutes;\n* no iroutes exists anymore on the server despite the client being\n  fully connected.\n\nWith this patch we move the DCO iroutes deletion to the actual\nclient exit time in order to avoid racing with a possible addition\nbeing executed when the client reconnects. The new flow will be:\n\n* client exits (due to EEN or timeout)\n* DCO iroutes are immediately deleted\n* client re-connects -\u003e new instance created\n* DCO iroutes are added -\u003e SUCCESS\n* 5 seconds timeout fires -\u003e old instance client is fully purged\n* client is connected and iroutes are in place as expected\n\nThis issue was reported by OpenVPN Access Server developers after\nobserving erratic iroutes disappearance with DCO in place.\n\nChange-Id: I0ba723d12d433e6e020588b7b0c3ba10bcf8c44f\nSigned-off-by: Antonio Quartulli \u003cantonio@mandelbit.com\u003e\n"},"branch":"refs/heads/master"},"d7ce722dd34d46f2408819ead24e0e5c6490fde5":{"kind":"TRIVIAL_REBASE","_number":3,"created":"2026-05-20 20:21:53.000000000","uploader":{"_account_id":1000007,"name":"ordex","display_name":"Antonio Quartulli","email":"antonio@mandelbit.com","username":"ordex"},"ref":"refs/changes/83/1683/3","fetch":{"anonymous http":{"url":"http://gerrit.openvpn.net/openvpn","ref":"refs/changes/83/1683/3","commands":{"Branch":"git fetch http://gerrit.openvpn.net/openvpn refs/changes/83/1683/3 \u0026\u0026 git checkout -b change-1683 FETCH_HEAD","Checkout":"git fetch http://gerrit.openvpn.net/openvpn refs/changes/83/1683/3 \u0026\u0026 git checkout FETCH_HEAD","Cherry Pick":"git fetch http://gerrit.openvpn.net/openvpn refs/changes/83/1683/3 \u0026\u0026 git cherry-pick FETCH_HEAD","Format Patch":"git fetch http://gerrit.openvpn.net/openvpn refs/changes/83/1683/3 \u0026\u0026 git format-patch -1 --stdout FETCH_HEAD","Pull":"git pull http://gerrit.openvpn.net/openvpn refs/changes/83/1683/3","Reset To":"git fetch http://gerrit.openvpn.net/openvpn refs/changes/83/1683/3 \u0026\u0026 git reset --hard FETCH_HEAD"}}},"commit":{"parents":[{"commit":"913767cf436841f1e605089e1b7c2ba5021a335c","subject":"multi/dco: simplify dco_delete_iroutes call chain"}],"author":{"name":"Antonio Quartulli","email":"antonio@mandelbit.com","date":"2026-05-20 08:10:56.000000000","tz":120},"committer":{"name":"Antonio Quartulli","email":"antonio@mandelbit.com","date":"2026-05-20 20:21:35.000000000","tz":120},"subject":"dco: remove iroute at client exit time instead of delayed exit","message":"dco: remove iroute at client exit time instead of delayed exit\n\nWhen a exits (because it sent an EEN or because it\u0027s connection\ntimed out) OpenVPN will perform some minimal cleanup and will\nthen postpone the actual instance purge by 5 seconds.\n\nIf iroutes are configured for the exiting client, the actual DCO\niroutes removal is also postponed.\n\nIf during this time window the same client reconnects and a new\ninstance is created (for example because --duplicate-cn is set or\nbecause the same username is provided upon authentication) OpenVPN\nwill:\n\n* create the new client instance;\n* attempt adding the related DCO iroutes (which will fail because\n  EEXIST);\n* 5 seconds timeout fires -\u003e execute the delayed exit routine and\n  delete the DCO iroutes;\n* no iroutes exists anymore on the server despite the client being\n  fully connected.\n\nWith this patch we move the DCO iroutes deletion to the actual\nclient exit time in order to avoid racing with a possible addition\nbeing executed when the client reconnects. The new flow will be:\n\n* client exits (due to EEN or timeout)\n* DCO iroutes are immediately deleted\n* client re-connects -\u003e new instance created\n* DCO iroutes are added -\u003e SUCCESS\n* 5 seconds timeout fires -\u003e old instance client is fully purged\n* client is connected and iroutes are in place as expected\n\nThis issue was reported by OpenVPN Access Server developers after\nobserving erratic iroutes disappearance with DCO in place.\n\nChange-Id: I0ba723d12d433e6e020588b7b0c3ba10bcf8c44f\nSigned-off-by: Antonio Quartulli \u003cantonio@mandelbit.com\u003e\n"},"branch":"refs/heads/master"},"6ba94fe192fc58331f740bae631c15ab08827439":{"kind":"NO_CODE_CHANGE","_number":4,"created":"2026-05-21 10:06:43.000000000","uploader":{"_account_id":1000007,"name":"ordex","display_name":"Antonio Quartulli","email":"antonio@mandelbit.com","username":"ordex"},"ref":"refs/changes/83/1683/4","fetch":{"anonymous http":{"url":"http://gerrit.openvpn.net/openvpn","ref":"refs/changes/83/1683/4","commands":{"Branch":"git fetch http://gerrit.openvpn.net/openvpn refs/changes/83/1683/4 \u0026\u0026 git checkout -b change-1683 FETCH_HEAD","Checkout":"git fetch http://gerrit.openvpn.net/openvpn refs/changes/83/1683/4 \u0026\u0026 git checkout FETCH_HEAD","Cherry Pick":"git fetch http://gerrit.openvpn.net/openvpn refs/changes/83/1683/4 \u0026\u0026 git cherry-pick FETCH_HEAD","Format Patch":"git fetch http://gerrit.openvpn.net/openvpn refs/changes/83/1683/4 \u0026\u0026 git format-patch -1 --stdout FETCH_HEAD","Pull":"git pull http://gerrit.openvpn.net/openvpn refs/changes/83/1683/4","Reset To":"git fetch http://gerrit.openvpn.net/openvpn refs/changes/83/1683/4 \u0026\u0026 git reset --hard FETCH_HEAD"}}},"commit":{"parents":[{"commit":"913767cf436841f1e605089e1b7c2ba5021a335c","subject":"multi/dco: simplify dco_delete_iroutes call chain"}],"author":{"name":"Antonio Quartulli","email":"antonio@mandelbit.com","date":"2026-05-20 08:10:56.000000000","tz":120},"committer":{"name":"Antonio Quartulli","email":"antonio@mandelbit.com","date":"2026-05-21 09:57:06.000000000","tz":120},"subject":"dco: remove iroute at client exit time instead of delayed exit","message":"dco: remove iroute at client exit time instead of delayed exit\n\nWhen a exits (because it sent an EEN or because it\u0027s connection\ntimed out) OpenVPN will perform some minimal cleanup and will\nthen postpone the actual instance purge by 5 seconds.\n\nIf iroutes are configured for the exiting client, the actual DCO\niroutes removal is also postponed.\n\nIf during this time window the same client reconnects and a new\ninstance is created (for example because --duplicate-cn is set or\nbecause the same username is provided upon authentication) OpenVPN\nwill:\n\n* create the new client instance;\n* attempt adding the related DCO iroutes (which will fail because\n  EEXIST);\n* 5 seconds timeout fires -\u003e execute the delayed exit routine and\n  delete the DCO iroutes;\n* no iroutes exists anymore on the server despite the client being\n  fully connected.\n\nWith this patch we move the DCO iroutes deletion to the actual\nclient exit time in order to avoid racing with a possible addition\nbeing executed when the client reconnects. The new flow will be:\n\n* client exits (due to EEN or timeout)\n* DCO iroutes are immediately deleted\n* client re-connects -\u003e new instance created\n* DCO iroutes are added -\u003e SUCCESS\n* 5 seconds timeout fires -\u003e old instance client is fully purged\n* client is connected and iroutes are in place as expected\n\nThis issue was reported by OpenVPN Access Server developers after\nobserving erratic iroutes disappearance with DCO in place.\n\nChange-Id: I0ba723d12d433e6e020588b7b0c3ba10bcf8c44f\nGitHub: closes openvpn/OpenVPN#1040\nSigned-off-by: Antonio Quartulli \u003cantonio@mandelbit.com\u003e\n"},"branch":"refs/heads/master"},"a6f3f92a7bd0ef1c026f5ebe7684f9494cf2deb1":{"kind":"REWORK","_number":5,"created":"2026-05-21 13:52:50.000000000","uploader":{"_account_id":1000007,"name":"ordex","display_name":"Antonio Quartulli","email":"antonio@mandelbit.com","username":"ordex"},"ref":"refs/changes/83/1683/5","fetch":{"anonymous http":{"url":"http://gerrit.openvpn.net/openvpn","ref":"refs/changes/83/1683/5","commands":{"Branch":"git fetch http://gerrit.openvpn.net/openvpn refs/changes/83/1683/5 \u0026\u0026 git checkout -b change-1683 FETCH_HEAD","Checkout":"git fetch http://gerrit.openvpn.net/openvpn refs/changes/83/1683/5 \u0026\u0026 git checkout FETCH_HEAD","Cherry Pick":"git fetch http://gerrit.openvpn.net/openvpn refs/changes/83/1683/5 \u0026\u0026 git cherry-pick FETCH_HEAD","Format Patch":"git fetch http://gerrit.openvpn.net/openvpn refs/changes/83/1683/5 \u0026\u0026 git format-patch -1 --stdout FETCH_HEAD","Pull":"git pull http://gerrit.openvpn.net/openvpn refs/changes/83/1683/5","Reset To":"git fetch http://gerrit.openvpn.net/openvpn refs/changes/83/1683/5 \u0026\u0026 git reset --hard FETCH_HEAD"}}},"commit":{"parents":[{"commit":"913767cf436841f1e605089e1b7c2ba5021a335c","subject":"multi/dco: simplify dco_delete_iroutes call chain"}],"author":{"name":"Antonio Quartulli","email":"antonio@mandelbit.com","date":"2026-05-20 08:10:56.000000000","tz":120},"committer":{"name":"Antonio Quartulli","email":"antonio@mandelbit.com","date":"2026-05-21 13:48:51.000000000","tz":120},"subject":"dco: remove iroute at client exit time instead of delayed exit","message":"dco: remove iroute at client exit time instead of delayed exit\n\nWhen a client exits due to one of the following reasons:\n* EEN received\n* AUTH_FAILED sent\n* RESTART sent\nOpenVPN will perform some minimal cleanup and will\nthen postpone the actual instance purge by 5 seconds.\n\nIf iroutes are configured for the exiting client, the actual DCO\niroutes removal is also postponed.\n\nIf during this time window the same client reconnects, a new\ninstance is created (for example because --duplicate-cn is set or\nbecause the same username is provided upon authentication) and the\nsame IP is assigned, then OpenVPN will:\n\n* create the new client instance;\n* attempt adding the related DCO iroutes (which will fail because\n  EEXIST);\n* 5 seconds timeout fires -\u003e execute the delayed exit routine and\n  delete the DCO iroutes;\n* no iroutes exists anymore on the server despite the client being\n  fully connected.\n\nNote that this issue is DCO specific, because without DCO OpenVPN\ncreates virtual routes (no system routing table involved) and makes\nthe last connecting client own them.\nThis means that the delayed exit routine won\u0027t have any iroute to\ndelete.\n\nWith this patch we move the DCO iroutes deletion to the actual\nclient exit time in order to avoid racing with a possible addition\nbeing executed when the client reconnects. The new flow will be:\n\n* client exits (due to EEN or timeout)\n* DCO iroutes are immediately deleted\n* client re-connects -\u003e new instance created\n* DCO iroutes are added -\u003e SUCCESS\n* 5 seconds timeout fires -\u003e old instance client is fully purged\n* client is connected and iroutes are in place as expected\n\nThis issue was reported by OpenVPN Access Server developers after\nobserving erratic iroutes disappearance with DCO in place.\n\nChange-Id: I0ba723d12d433e6e020588b7b0c3ba10bcf8c44f\nGitHub: closes openvpn/OpenVPN#1040\nSigned-off-by: Antonio Quartulli \u003cantonio@mandelbit.com\u003e\n"},"branch":"refs/heads/master"}},"requirements":[],"submit_records":[{"rule_name":"gerrit~DefaultSubmitRule","status":"NOT_READY","labels":[{"label":"Code-Review","status":"NEED"}]},{"rule_name":"checks~ChecksSubmitRule","status":"OK"}],"submit_requirements":[{"name":"Code-Review","status":"UNSATISFIED","is_legacy":true,"submittability_expression_result":{"expression":"label:Code-Review\u003dMAX -label:Code-Review\u003dMIN","fulfilled":false,"status":"FAIL","passing_atoms":[],"failing_atoms":["label:Code-Review\u003dMAX","-label:Code-Review\u003dMIN"]}},{"name":"checks~ChecksSubmitRule","status":"SATISFIED","is_legacy":true,"submittability_expression_result":{"expression":"rule:checks~ChecksSubmitRule","fulfilled":true,"status":"PASS","passing_atoms":["checks~ChecksSubmitRule"],"failing_atoms":[]}}]}