Hi, A few days ago I've set up an openvpn server on my server with mysql backend based on auth-user-pass-verify, client-connect, client-disconnect. Both client-connect and client-disconnect works has a main purpuse of setting iptables rules for forwarding each connection to a public ip, taken from an ip_pool table. Also, each connection is registered in a table called active. When the client disconnects, it deletes from active, deletes the iptables rule and logs everything...
The authentication and every record is indexed by the common name (which is the username, not the cert name, so username-as-common-name on ).. so if i add a row in the "active" table with client-connect and then look for it with client-disconnect, it is based on the common name. So, now about the problem: some of the time (about 1 every 5 disconnect) the $common_name variable shows the cert name and not the username, thus making it impossible to find in active table, leaving many false iptables rules and funny logs like: username 1245682814 80.99.12.202 79.172.201.189 10.0.0.2 CONNECT certname 1245685700 80.99.12.202 10.0.0.2 DISCONNECT Is this a bug or did i make a mistake? [asrael@vpn1 openvpn]$ openvpn --version OpenVPN 2.1_rc18 x86_64-unknown-linux-gnu [SSL] [LZO2] [EPOLL] built on Jun 21 2009 [asrael@vpn1 openvpn]$ uname -a Linux vpn1.xxx.hu 2.6.29.4-167.fc11.x86_64 #1 SMP Wed May 27 17:27:08 EDT 2009 x86_64 x86_64 x86_64 GNU/Linux Thank you, Andras Kosztyu
