On 10/23/24 18:25, Selva Nair wrote:
Wouldn't pushing "HALT" instead of "AUTH_FAILED" work in this case?
As in the management command "client-kill {cid} HALT" which calls
send_restart() with kill_msg = "HALT".
Possibly, however the intent has always been to use this feature to
reject (authoriz
On Wed, Oct 23, 2024 at 11:47 AM Razvan Cojocaru wrote:
> On 10/23/24 18:25, Selva Nair wrote:
> > Wouldn't pushing "HALT" instead of "AUTH_FAILED" work in this case?
> > As in the management command "client-kill {cid} HALT" which calls
> > send_restart() with kill_msg = "HALT".
>
> Possibly, how
On Wed, Oct 23, 2024 at 11:03 AM Razvan Cojocaru wrote:
> On 10/23/24 17:50, Gert Doering wrote:
> > OK, so I see what is happening - you're sending an AUTH_FAILED "out of
> > the blue", not in response to a client handshake, right?
>
> Exactly. In response to a client handshake there's no proble
On 10/23/24 17:50, Gert Doering wrote:
OK, so I see what is happening - you're sending an AUTH_FAILED "out of
the blue", not in response to a client handshake, right?
Exactly. In response to a client handshake there's no problem.
OpenVPN 2 *should* invalidate the token upon the reconnect (and
Hi,
On Wed, Oct 23, 2024 at 05:47:51PM +0300, Razvan Cojocaru wrote:
> > AUTH_FAILED should do this automatically - invalidate the token, that is.
> > Can you show a log where this is (not) happening?
>
> Of course:
>
> 2024-10-23 14:52:06 us=368754 PUSH: Received control message:
> 'PUSH_REPLY,
On 10/23/24 17:43, Gert Doering wrote:
Hi,
On Wed, Oct 23, 2024 at 05:40:43PM +0300, Razvan Cojocaru wrote:
In this case, we want to disconnect the client and it should stay
disconnected. A simple AUTH_FAILED for this scenario will have the client
attempt another connection. But if we invalidat
Hi,
On Wed, Oct 23, 2024 at 05:40:43PM +0300, Razvan Cojocaru wrote:
> In this case, we want to disconnect the client and it should stay
> disconnected. A simple AUTH_FAILED for this scenario will have the client
> attempt another connection. But if we invalidate the token, then the client
> will
On 10/23/24 17:23, Gert Doering wrote:
Hi,
On Wed, Oct 23, 2024 at 04:49:03PM +0300, Razvan Cojocaru wrote:
This in turn allows the server to signal to the client that it
should no longer attempt to reconnect, if it wants to keep the
client out after an AUTH_FAILED.
This should not be necessa
Hi,
On Wed, Oct 23, 2024 at 04:49:03PM +0300, Razvan Cojocaru wrote:
> This in turn allows the server to signal to the client that it
> should no longer attempt to reconnect, if it wants to keep the
> client out after an AUTH_FAILED.
This should not be necessary. After an AUTH_FAILED the token i
