Re: [Openvpn-devel] [OpenVPN/openvpn-gui] better handling of interactive service failure (#168)

Wed, 31 May 2017 10:56:47 -0700 

Hi,

Copying openvpn-devel:
As this is related to openvpn best to have this discussion in the devel
list, I suppose.
(see also:
https://github.com/OpenVPN/openvpn-gui/issues/168#issuecomment-305250704)

On Wed, May 31, 2017 at 12:58 PM, Gert Doering <notificati...@github.com>
wrote:

> On Wed, May 31, 2017 at 09:43:21AM -0700, Selva Nair wrote:
> > As I said, get openvpn to report route errors in the status and then we
> can
> > add a warning to the status popup, turn the icon red etc instead of the
> > current misleading "successfully connected" behaviour.
>
> This is actually a discussion I was trying to have a long time ago
> (a few years) - "why do we ignore route addition errors?".
>
> The IPv6 code doesn't (because I think that errors are errors, not
> warnings...) and that was always some sort of weird asymmetry...
>
> I still don't know the reasoning here, but I suspect it's something along
> "you push a route that is identical to the local subnet" (192.168.1.0/24,
> for example, because the user happens to be in a bad NAT network) and
> "all of a sudden it fails"... so this might need more discussion, and
> also some code cleanups to gracefully handle situations where an error
> is "tolerated".
>

That and some route addition errors like "route already exists" are often
benign. So a fatal error is not appropriate. But, IIRC,
 openvpn_execve_check only allows printing of errors as FATAL or WARN.
Currently we do not parse the log message flags (error vs warning etc.) in
the Windows GUI, but that could be improved if openvpn can log route errors
like access denied as such.

In any case, the status reported to the management when connected with
errors should be something other than "CONNECTED,SUCCESS" -- say
"CONNECTED,ROUTE-FAILED" etc. so that  UI can intimate the user.

Selva

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Reply via email to