System states
The system is stateless across reboots. It re-registers after reboot, which re-initializes the state of the system. After bootup, the system is stateful across changes and polling interval queries/updates. The state file contains the hostname, current WAN ifname, current WAN IP, assigned slot, current state, previous state, current OCVPN table revision, last OCVPN response code (register/update), last polling response code, number of members, current member bitmask, previous member bitmask. The system uses this state information to track state changes locally and in the cloud.
Possible device states are:
enum cvpn_state {
cvpn_st_none,
cvpn_st_unregistered,
cvpn_st_registering,
cvpn_st_updating,
cvpn_st_unregistering,
cvpn_st_acknowledging,
cvpn_st_registered
};
A normal sequence would be registering (updating) -> acknowledging -> registered.
Even though SSL/TCP is stateful and ensures delivery, the OCVPN microservice doesn't run on a FortiWeb SSL termination server. See Key exchange for information about how FortiWeb configuration differs. The explicit acknowledgment message (RegAck) ensures the OCVPN service knows when all nodes have received and applied the latest revision of the network information and key.