On 13/12/17 09:55, Мастренко Иван wrote: > I have custon client connect script that werifying user against some > database, pushes some option to client if connection is allowed, or deny > connection with logic based on data in database. > If connection is DENIED, I want to send message to client. This message > should specify deny reason.
The OpenVPN wire protocol actually supports it. But AFAIR, it's not been made available via plug-ins or script hooks. The clue is that the server pushes AUTH_FAILED back to the client on authentication failures. The AUTH_FAILED push can contain more details. This technique is more commonly used when enabling the so-called dynamic challenge authentication (challenge/response approach). Currently I believe this might only be available by using the management interface. However, by adding your own type of AUTH_FAILED reasons, the client needs to be capable of catching them and present them to the user. So your client would need to tackle that in addition. I see one response here talks about using the "echo" approach too. But IIRC, that won't work as the AUTH_FAILED happens before anything else is being pushed. -- kind regards, David Sommerseth > -----Original Message----- > From: j.witvl...@mindef.nl [mailto:j.witvl...@mindef.nl] > Sent: Wednesday, December 13, 2017 11:45 AM > To: Мастренко Иван <ivan.mastre...@cctcom.ru>; > openvpn-users@lists.sourceforge.net > Subject: RE: [Openvpn-users] Send message to client > > Sort of. > What we do on the client, is trying to fetch any messages pending on the > server for any/specific user, after the VPN comes up. > Displaying mechanism could vary for each client > > -----Original Message----- > From: Мастренко Иван [mailto:ivan.mastre...@cctcom.ru] > Sent: woensdag 13 december 2017 8:36 > To: openvpn-users@lists.sourceforge.net > Subject: [Openvpn-users] Send message to client > > Hello! > Is it some way to send message to client with client-connect script? > > ------------------------------------------------------------------------------ > Check out the vibrant tech community on one of the world's most engaging tech > sites, Slashdot.org! http://sdm.link/slashdot > _______________________________________________ > Openvpn-users mailing list > Openvpn-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/openvpn-users > > Dit bericht kan informatie bevatten die niet voor u is bestemd. Indien u niet > de geadresseerde bent of dit bericht abusievelijk aan u is toegezonden, wordt > u verzocht dat aan de afzender te melden en het bericht te verwijderen. De > Staat aanvaardt geen aansprakelijkheid voor schade, van welke aard ook, die > verband houdt met risico's verbonden aan het elektronisch verzenden van > berichten. > > This message may contain information that is not intended for you. If you are > not the addressee or if this message was sent to you by mistake, you are > requested to inform the sender and delete the message. The State accepts no > liability for damage of any kind resulting from the risks inherent in the > electronic transmission of messages. > > ------------------------------------------------------------------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > _______________________________________________ > Openvpn-users mailing list > Openvpn-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/openvpn-users > --
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
