Hi, On Wed, Oct 23, 2024 at 05:47:51PM +0300, Razvan Cojocaru wrote: > > AUTH_FAILED should do this automatically - invalidate the token, that is. > > Can you show a log where this is (not) happening? > > Of course: > > 2024-10-23 14:52:06 us=368754 PUSH: Received control message: > 'PUSH_REPLY,auth-token' > 2024-10-23 14:52:06 us=368851 UDPv4 WRITE [90] to > [AF_INET]69.162.107.71:1194: P_ACK_V1 kid=0 pid=[ #13 ] [ 8 7 6 5 4 3 2 1 ] > DATA len=0 > 2024-10-23 14:52:06 us=368936 UDPv4 READ [163] from > [AF_INET]69.162.107.71:1194: P_CONTROL_V1 kid=0 pid=[ #12 ] [ 2 3 4 5 ] > pid=9 DATA len=85 > 2024-10-23 14:52:06 us=368972 AUTH: Received control message: AUTH_FAILED,No > Stairway to Heaven allowed in this guitar store > 2024-10-23 14:52:06 us=369228 TCP/UDP: Closing socket > 2024-10-23 14:52:06 us=369287 SIGUSR1[soft,auth-failure (auth-token)] > received, process restarting > 2024-10-23 14:52:06 us=369346 Restart pause, 1 second(s)
OK, so I see what is happening - you're sending an AUTH_FAILED "out of
the blue", not in response to a client handshake, right?
OpenVPN 2 *should* invalidate the token upon the reconnect (and then
getting an AUTH_FAILED)... so what happens in this case if you let it
reconnect?
gert
--
"If was one thing all people took for granted, was conviction that if you
feed honest figures into a computer, honest figures come out. Never doubted
it myself till I met a computer with a sense of humor."
Robert A. Heinlein, The Moon is a Harsh Mistress
Gert Doering - Munich, Germany g...@greenie.muc.de
signature.asc
Description: PGP signature
_______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
