On 08/02/18 04:36, Antonio Quartulli wrote: > > > On 08/02/18 04:41, David Sommerseth wrote: >> On 07/02/18 21:21, Selva Nair wrote: >> >>> In my view auth-token handling in openvpn.exe is broken at multiple levels: >>> >>> Client process: >>> (i) it should not remember the token after a reconnect is issued >> >> Agreed. This should trigger retrieving new user input in regards to SIGHUP >> at >> least. Not sure yet about SIGUSR1 though. SIGHUP has a cleared semantic >> though (hang-up). > > I discussed this Arne as well as he also had users complaining about this. > > The conclusion we came was that it may be meaningful, upon reconnection, > to try sending the token once (the token might be handled by external > server side scripts and might still be alive, so one attempt is worth) > and if it fails then we should dump the token, ask the user for the > password and reconnect. > > > This way we still save all those setups where the token survives fast > reconenctions on the server side
This sounds reasonable to me. But it is crucial that it is a proper re-connect - meaning, if UDP the "--explicit-exit-notify" message must be sent to the server to close the session on the server side. Otherwise you'll get into some odd back-and-forth until the session is fully closed on the server. -- kind regards, David Sommerseth OpenVPN Inc
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel