Hello, it seems that authpf does not remove the user when a session is ended with Ctrl-\. This behaviour only occurs when I actually press Ctrl-\ on the client side; it does not occur when I send SIGQUIT to the client ssh process.
All other methods of terminating the client session (Ctrl-C, pulling the network cable) work as expected, i.e. the user is removed. Since the client address stays authenticated when the user thinks he ended the session, I'm curious to know what causes this behaviour and if someone can reproduce it. Gateway: WRAP, OpenBSD 3.9 standard install (base.tgz, etc.tgz, bsd) Client: PC, seen with Knoppix and OpenBSD Steps to reproduce: ==================== /etc/pf.conf: ------------- internal_if="sis2" gateway_addr="10.0.0.10" nat-anchor "authpf/*" rdr-anchor "authpf/*" binat-anchor "authpf/*" block in on $internal_if from any to any pass in quick on $internal_if proto tcp from any to $gateway_addr \ port = ssh anchor "authpf/*" /etc/authpf/authpf.rules: -------------------------- ext_if = "sis1" ext_addr = 10.0.0.10 wlan_if = "sis2" # nat and tag connections... nat on $ext_if from $user_ip to any tag $user_ip -> $ext_addr # redirect to real name server rdr pass on $wlan_if inet proto udp from $user_ip to $wlan_if port 53 \ -> 194.151.228.2 port 53 pass in quick on $wlan_if from $user_ip to any pass out log quick on $ext_if tagged $user_ip keep state /etc/authpf/authpf.conf is empty. Here's the dialog on the client and on the WRAP: client:> ssh -l joe 10.0.0.10 [cut] Hello joe. You are authenticated from host "192.168.101.32" WRAP:> tail /var/log/daemon [cut] Aug 6 22:29:18 WRAP authpf[3663]: allowing 192.168.101.32, user joe WRAP:> ps -U joe PID TT STAT TIME COMMAND 5653 ?? I 0:00.05 sshd: [EMAIL PROTECTED] (sshd) 3663 p1 Is+ 0:00.05 -authpf: [EMAIL PROTECTED] (authpf) client:> <Ctrl><\> ^\Connection to 10.0.0.10 closed. WRAP:> ps -U joe PID TT STAT TIME COMMAND WRAP:> tail /var/log/daemon (user is NOT removed, nothing new here:) Aug 6 22:29:18 WRAP authpf[3663]: allowing 192.168.101.32, user joe WRAP:> pfctl -a "authpf/joe(3663)" -s rules pass in quick on sis2 inet from 192.168.101.32 to any pass out log quick on sis1 all keep state tagged 192.168.101.32 Stefan Krah