Hi, On Wed, Dec 13, 2017 at 5:04 PM, David Sommerseth <open...@sf.lists.topphemmelig.net> wrote: > On 13/12/17 09:55, Мастренко Иван wrote: >> I have custon client connect script that werifying user against some >> database, pushes some option to client if connection is allowed, or deny >> connection with logic based on data in database. >> If connection is DENIED, I want to send message to client. This message >> should specify deny reason. > > The OpenVPN wire protocol actually supports it. But AFAIR, it's not been made > available via plug-ins or script hooks. The clue is that the server pushes > AUTH_FAILED back to the client on authentication failures. The AUTH_FAILED > push can contain more details. This technique is more commonly used when > enabling the so-called dynamic challenge authentication (challenge/response > approach). Currently I believe this might only be available by using the > management interface. > > However, by adding your own type of AUTH_FAILED reasons, the client needs to > be capable of catching them and present them to the user. So your client > would need to tackle that in addition. > > I see one response here talks about using the "echo" approach too. But IIRC, > that won't work as the AUTH_FAILED happens before anything else is being > pushed. >
The way I understand it AUTH_FAILED is useful only to communicate authentication "failure" not for sending general messages to the client. The protocol uses it for triggering dynamic challenge for two-factor auth and is currently supported only using management-client-auth, not through plugins or scripts -- as David mentioned. Echo is a far better and more generic way of sending messages to an authenticated client --- patches to support echo messages in the Windows GUI is in the works. Selva ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
