Hi there We run openvpn under Windows as a service and have had a couple of situations where users for one reason or another have decided to disable openvpn by disabling the TAP interface instead of shutting down the openvpn service. The problem is that openvpn doesn't appear to look too hard at the enable/disable state of the adaptor and goes through the entire connection to server, negotiating ip addresses, etc - before noticing and crashing/exiting. This causes an infinite loop: the client connects, crashes, sleeps, connects, etc - and the load on the server goes through the roof - all from one user. We can blame the service manager for that - but frankly I *want* it to restart openvpn on error - just not this error :-)
Telling users what to do is fine and sensible, but has a 0% chance of working. Wouldn't it be better than openvpn checks the state of the interface right at the beginning and simply refuses to connect if it's in an unusable state? I'd rather the client went into an infinite loop of starting, checking, exiting, starting, etc than involve the server (which affects other users). A 5-10 second delay after such a condition was detected would help reduce any client impact too of course -- Cheers Jason Haar Corporate Information Security Manager, Trimble Navigation Ltd. Phone: +1 408 481 8171 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 ------------------------------------------------------------------------------ Dive into the World of Parallel Programming The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net/ _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
