-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 14/09/10 13:37, Gert Doering wrote: > Hi, > > On Tue, Sep 14, 2010 at 11:10:28AM +0200, Jan Just Keijser wrote: >>> if (buf_string_match_head_str (&buf, "AUTH_FAILED")) >>> receive_auth_failed (c, &buf); >>> else if (buf_string_match_head_str (&buf, "PUSH_")) >>> incoming_push_message (c, &buf); >>> else if (buf_string_match_head_str (&buf, "RESTART")) >>> server_pushed_restart (c, &buf); >>> else >>> msg (D_PUSH_ERRORS, "WARNING: Received unknown control >>> message: %s", >>> BSTR (&buf)); >> >> is the control message stage early enough? that means authentication has >> been completed, and the client_connect script has been run (or am I >> mistaken? > > I'm not absolutely sure at what time these messages can be sent. But > most likely you're right, you want this before running client-connect. > > Someone around who fully understands the session flow...? >
Taken completely from memory, the PUSH_REQ phase comes in _after_ the authentication process. But, I also believe it comes after OPENVPN_PLUGIN_CLIENT_CONNECT phase, as that plug-in hook can push config settings to the client dynamically. And of the OPENVPN_PLUGIN_CLIENT_CONNECT hook sends a rejection, the connection is dropped. Unless somebody else chimes in before I've been able to double check it, I'll do some more checks here. kind regards, David Sommerseth -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAkyPeboACgkQDC186MBRfrrl2wCgqL7uNdJaj2N9nZykQ+rUoo7v Zp0An3c5ICN6Tokyvr7hIrkOYrgsv10R =CX8v -----END PGP SIGNATURE-----