-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 14/09/10 13:37, Gert Doering wrote:
> Hi,
> 
> On Tue, Sep 14, 2010 at 11:10:28AM +0200, Jan Just Keijser wrote:
>>>          if (buf_string_match_head_str (&buf, "AUTH_FAILED"))
>>>            receive_auth_failed (c, &buf);
>>>          else if (buf_string_match_head_str (&buf, "PUSH_"))
>>>            incoming_push_message (c, &buf);
>>>          else if (buf_string_match_head_str (&buf, "RESTART"))
>>>            server_pushed_restart (c, &buf);
>>>          else
>>>            msg (D_PUSH_ERRORS, "WARNING: Received unknown control 
>>>            message: %s",
>>> BSTR (&buf));
>>
>> is the control message stage early enough? that means authentication has 
>> been completed, and the client_connect script has been run (or am I 
>> mistaken? 
> 
> I'm not absolutely sure at what time these messages can be sent.  But
> most likely you're right, you want this before running client-connect.
> 
> Someone around who fully understands the session flow...?
> 

Taken completely from memory, the PUSH_REQ phase comes in _after_ the
authentication process.  But, I also believe it comes after
OPENVPN_PLUGIN_CLIENT_CONNECT phase, as that plug-in hook can push
config settings to the client dynamically.  And of the
OPENVPN_PLUGIN_CLIENT_CONNECT hook sends a rejection, the connection is
dropped.

Unless somebody else chimes in before I've been able to double check it,
I'll do some more checks here.


kind regards,

David Sommerseth
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAkyPeboACgkQDC186MBRfrrl2wCgqL7uNdJaj2N9nZykQ+rUoo7v
Zp0An3c5ICN6Tokyvr7hIrkOYrgsv10R
=CX8v
-----END PGP SIGNATURE-----

Reply via email to