On Wed, Oct 23, 2024 at 11:47 AM Razvan Cojocaru <rzv...@gmail.com> wrote:
> On 10/23/24 18:25, Selva Nair wrote:
> > Wouldn't pushing "HALT" instead of "AUTH_FAILED" work in this case?
> > As in the management command "client-kill {cid} HALT" which calls
> > send_restart() with kill_msg = "HALT".
>
> Possibly, however the intent has always been to use this feature to
> reject (authorize) clients (so this is a corner case of that, just that
> we can retract authorization at a later time), and in addition
> considerable work has already been done that relies on the AUTH_FAILED
> code paths.
>
>
Looks like a misuse of AUTH_FAILED to me. To kill a client while not in the
authentication phase, use code paths meant for that purpose.
Selva
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
