On 08/02/18 04:36, Antonio Quartulli wrote:
> 
> 
> On 08/02/18 04:41, David Sommerseth wrote:
>> On 07/02/18 21:21, Selva Nair wrote:
>>
>>> In my view auth-token handling in openvpn.exe is broken at multiple levels:
>>>
>>> Client process:
>>> (i) it should not remember the token after a reconnect is issued
>>
>> Agreed.  This should trigger retrieving new user input in regards to SIGHUP 
>> at
>> least.  Not sure yet about SIGUSR1 though.  SIGHUP has a cleared semantic
>> though (hang-up).
> 
> I discussed this Arne as well as he also had users complaining about this.
> 
> The conclusion we came was that it may be meaningful, upon reconnection,
> to try sending the token once (the token might be handled by external
> server side scripts and might still be alive, so one attempt is worth)
> and if it fails then we should dump the token, ask the user for the
> password and reconnect.
> 
> 
> This way we still save all those setups where the token survives fast
> reconenctions on the server side

This sounds reasonable to me.  But it is crucial that it is a proper
re-connect - meaning, if UDP the "--explicit-exit-notify" message must be sent
to the server to close the session on the server side.  Otherwise you'll get
into some odd back-and-forth until the session is fully closed on the server.


-- 
kind regards,

David Sommerseth
OpenVPN Inc


Attachment: signature.asc
Description: OpenPGP digital signature

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users

Reply via email to