Re: [Openvpn-users] auth-token behaviour change in v2.5.0

It's also worth mentioning that we are going to use the external-auth option for auth-gen-token as a workaround until the patch hits a release available in Ubuntu 22.04. With this in our config, we can force the server to notify of reauths and we'll implement some code to check the session state t

Re: [Openvpn-users] auth-token behaviour change in v2.5.0

Hello Selva, >This would lead to TLS keys going out of sync and eventual client-disconnect as the auth will stay deferred forever. >The auth-token expiry message you see may be an indirect effect of this --- the server first disconnects the client, while the client continues and eventually does a

Re: [Openvpn-users] auth-token behaviour change in v2.5.0

Hi, On Sat, Jul 2, 2022 at 6:20 PM Connor Edwards via Openvpn-users < openvpn-users@lists.sourceforge.net> wrote: > Right, I think I'm getting somewhere with this now. It's not the OpenVPN > server version, it seems to be something to do with the management socket > options. > > I mentioned that

Re: [Openvpn-users] auth-token behaviour change in v2.5.0

Right, I think I'm getting somewhere with this now. It's not the OpenVPN server version, it seems to be something to do with the management socket options. I mentioned that we have this in the config: >management /run/openvpn/server/management.sock unix >management-client-auth If I comment those

Re: [Openvpn-users] auth-token behaviour change in v2.5.0

Hello David, Yep, I have had a look at the source and the auth token feature was overhauled in v2.5.0. This issue is reproducible with the Viscosity client for macOS which uses v2.5.5 under the hood. But so far in my testing the client version doesn't seem to matter, only the server version does.

Re: [Openvpn-users] auth-token behaviour change in v2.5.0

On 30/06/2022 12:37, Connor Edwards via Openvpn-users wrote: Hello, We are looking into using auth-gen-token on our new VPN server which will be using version 2.5.5. However, we've noticed that the behaviour of auth-gen-token has changed and our clients are being kicked off every hour which c

[Openvpn-users] auth-token behaviour change in v2.5.0

Hello, We are looking into using auth-gen-token on our new VPN server which will be using version 2.5.5. However, we've noticed that the behaviour of auth-gen-token has changed and our clients are being kicked off every hour which corresponds with the renegotiation interval (3600 secs). >127.0.0.