On 08/02/18 04:41, David Sommerseth wrote: > On 07/02/18 21:21, Selva Nair wrote: > >> In my view auth-token handling in openvpn.exe is broken at multiple levels: >> >> Client process: >> (i) it should not remember the token after a reconnect is issued > > Agreed. This should trigger retrieving new user input in regards to SIGHUP at > least. Not sure yet about SIGUSR1 though. SIGHUP has a cleared semantic > though (hang-up).
I discussed this Arne as well as he also had users complaining about this. The conclusion we came was that it may be meaningful, upon reconnection, to try sending the token once (the token might be handled by external server side scripts and might still be alive, so one attempt is worth) and if it fails then we should dump the token, ask the user for the password and reconnect. This way we still save all those setups where the token survives fast reconenctions on the server side Cheers, -- Antonio Quartulli
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
