Hi,
On 20/05/2021 17:11, Arne Schwabe wrote:
> When not using username and password (i.e. auth-user-pass) it can still make
> to provide the client with an auth-token, e.g. for allowing a session to
> continue after a reconnect without requiring 2FA again.
>
> However, without --auth-user-pass op
Hi,
On 20/05/2021 17:11, Arne Schwabe wrote:
> The auth-token check is tied to the username/password that is coming
> via a specific SSL session, so keep the state also in the key_state
> structure.
>
> This also ensures the auth_token_state is always set to 0 on a new
> session since we clear th
For the second reply of a OpenVPN we have no completed the three
way handshake yet and the client IP address is still untrusted.
When retransmitting the reset packet multiple times when timing
out for an ACK response to it, we send the packet multiple
times to an untrusted IP which is nowadys consi
