Hi, ...some good stuff snipped...
> > I'll admit I might see this with a bit too narrow perspective. But how I have > understood this issue is that OpenVPN 2.x does not behave correctly as it > doesn't understand *why* the authentication failed. If the client side would > understand why auth failed, then it can query the user for credentials again - > which I believe should resolve the current issues ... Or have I missed > something? I hope we are slowly spiralling towards a solution; not going around in circles... Anyway, to reiterate: we currently have two issues. (i) client is not told when authentication fails during reneg and (ii) client doesn't know that auth-gen-token's token is not reusable across reconnects (SIGHUP and SIGUSR1). Fixing (i) does not fix (ii). But (ii) easier to fix although we could keep arguing whether a forget-token-reconnect should be used or not etc.. (i) is the trickier, though I'm not convinced it requires so much refactoring. Anyway, if there is an immediate solution to (i) it may be better to fix (ii) along with it. Else just fixing (ii) along the lines Arne has proposed looks like the way to go. Selva ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel