2018-02-08 1:43 GMT+05:00 Selva Nair <selva.n...@gmail.com>:
> Hi,
>
> On Wed, Feb 7, 2018 at 3:30 PM, Илья Шипицин <chipits...@gmail.com> wrote:
> >
> >
> > 2018-02-08 1:21 GMT+05:00 Selva Nair <selva.n...@gmail.com>:
> >>
> >> Hi,
> >>
> >> On Wed, Feb 7, 2018 at 2:58 PM, David Sommerseth
> >> <open...@sf.lists.topphemmelig.net> wrote:
> >> > On 07/02/18 20:32, Илья Шипицин wrote:
> >> >> After auth-token were introduced, when user press "Reconnect", it
> leads
> >> >> to
> >> >> auth fail (saved password is forgotten), we run about 1000 users,
> >> >> nobody
> >> >> complains.
> >> >
> >> > This is actually expected, I'd say - but smells like a bug on the
> server
> >> > side
> >> > authentication.
> >> >
> >> > Selva may correct me if I'm wrong, but my understanding of it when
> >> > clicking
> >> > "Reconnect", the local OpenVPN process which caches the auth-token is
> >> > stopped
> >> > and a new OpenVPN process is started. The client should in this case
> >> > ask for
> >> > username/password again. So in this case, the server side should
> treat
> >> > this
> >> > connection as a fresh connection with no initial state.
> >>
> >> GUI's reconnect button is wired to send a SIGHUP to the client openvpn
> >> process. The problem is that if auth-token is in use, the client
> >> openvpn.exe does not forget it it when restarting the connection by
> >> SIGHUP or SIGUSR1 -- I think it should but it doesn't. That leads to
> >> an AUTH_FAILED from server. The GUI has hard time distinguishing
> >> between reasons for AUTH_FAILED, so it just assumes that password
> >> verification failed and clears the saved password and prompts for a
> >> new one. Obviously users are not happy.
> >
> >
> > users don't care :)
> >
> > if they we ever unhappy, we should fix it.
> >
> > currently, I'm open to ideas how to perform a (proper) investigation in
> > order to actually remove "Reconnect" button
>
> I do not understand why you keep harping about removing the reconnect
> button.
>
> If you are angry with auth-token do not take it out on the wrong
> victim. Its not reconnect button's fault. In fact if your users do not
> use it, why bother?
>
those victims are not mutually exclusive.
I noticed that nobody cares of broken behaviour of "REconnect" button. So,
I suggest to remove it (as a user, I cannot imagine when
I would press it ... probably something like "change IP address on
reconnect", like I do with Tor)
Also, I think that auth-token should be handled in better way.
>
> Selva
>
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
