> * The --help screen is inaccurate in regards to --auth-gen-token and --genkey > entries. > > * Using --genkey with --secret now sends the key to stdout instead of the > given --secret file. I don't recall if we discussed this and if this was > considered expected.
These two will be fixed in a version of the --genkey patch. > > * When starting a server with --auth-gen-token-secret, there is no (afaict) > indications in the log file such a file is used No. But there is a warning when not using that file and an ephermal key. > > * In the log file when the server sends PUSH_REPLY there's a formatting issue, > where you will find: [...], auth-tokenSESS_ID,[....]. This happens on both > server and client. > > * The configuration below ends up going into username/password auth loop on > each renegotiation after the auth-token has expired: > What happens: > - Server starts > - Client starts and connects, auth with username/password (state: Initial) > - 30 seconds, reneg happens > - Client re-auth with token (state: Authenticated) > - 30 seconds, reneg happens > - Client re-auth with token (state: Expired) > - 30 seconds, reneg happens > - Client re-auth with token (state: Expired) > - Client restarts with username/password auth (state: Initial) Up to here that is more or less expected behaviour. (The renog failing and connnection continuing to work until renog timeout is reached, is wonky but will/should also happen with other auth methods) > - 30 seconds, reneg happens > - Client restarts with username/password auth (state: Initial) So here it looks like the client did not get a new auth-token or ingored it right? > - 30 seconds, reneg happens > - Client restarts with username/password auth (state: Initial) > .... > This might be a problem of auth-nocache on the client side doing strage things. I never had that on. Arne _______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
