On 2/12/2018 9:49 PM, Selva Nair wrote:
On Mon, Feb 12, 2018 at 3:05 PM, Alexander 'Leo' Bergolth
<l...@strike.wu.ac.at> wrote:
But the --management socket doesn't seem to work when called from a
client-connect script. Connecting to the management socket blocks, the first
line (">INFO:") is never sent. (Retrieving the status outside the
client-connect phase works fine of course.)

Is this a known limitation?

The script blocks so management will not be serviced until it returns.
That means one can't get communicate through the management socket
while inside the cc script.

So the script is run synchrounously and the main loop isn't handled at all while waiting for completion of a user defined script?

Does that mean that also no packets of other clients are forwarded while a script executes?

If that's correct, it should be documented with a big warning in the man page. Operations that might potentially cause a noticable delay (network access, slow authentication handlers etc.) should really be avoided in user-defined scripts. Even execution times of several milliseconds could cause noticable hickups in other connections.

One option would be to run a separate process/script that's always
connected to the management and use client notifications
(connect/disconnect/address etc) to keep a database of currently
running clients and allocated IPs. That would require
--management-client-auth which would mean user/password verify (if
used) will have to be done through management. Then the client-connect
script could consult that database.

Thanks! I'll have a look at that.

e-mail   ::: Leo.Bergolth (at) wu.ac.at
fax      ::: +43-1-31336-906050
location ::: IT-Services | Vienna University of Economics | Austria

Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
Openvpn-users mailing list

Reply via email to