On Tue, Feb 13, 2018 at 08:25:18AM +0100, Alexander 'Leo' Bergolth wrote:
> So the script is run synchrounously and the main loop isn't handled at 
> all while waiting for completion of a user defined script?
> Does that mean that also no packets of other clients are forwarded while 
> a script executes?

This is correct.

> If that's correct, it should be documented with a big warning in the man 
> page. Operations that might potentially cause a noticable delay (network 
> access, slow authentication handlers etc.) should really be avoided in 
> user-defined scripts. Even execution times of several milliseconds could 
> cause noticable hickups in other connections.

This is not exactly hidden, but not put in plain writing either - right
(but our man page is full of warnings that get all confusing due to the
sheer mass of text...).

There's ways to get asynchronicity here, but I admit I have lots track
on which parts can be done today and which parts need additional patch
sets that have not been merged yet - there's the "auth" interface, and
the "client-connect" interface, and both come as plugin and script variants,
and there are subtle differences in what can be done and what not.

now what should I write here...

Gert Doering - Munich, Germany                             g...@greenie.muc.de

Attachment: signature.asc
Description: PGP signature

Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
Openvpn-users mailing list

Reply via email to