Menu
▾
▴
Re: [Openvpn-users] [Openvpn-devel] "Reconnect" button in openvpn-gui
|
From: Илья Ш. <chi...@gm...> - 2018-02-07 21:45:09
|
2018-02-08 1:43 GMT+05:00 Selva Nair <sel...@gm...>: > Hi, > > On Wed, Feb 7, 2018 at 3:30 PM, Илья Шипицин <chi...@gm...> wrote: > > > > > > 2018-02-08 1:21 GMT+05:00 Selva Nair <sel...@gm...>: > >> > >> Hi, > >> > >> On Wed, Feb 7, 2018 at 2:58 PM, David Sommerseth > >> <op...@sf...> wrote: > >> > On 07/02/18 20:32, Илья Шипицин wrote: > >> >> After auth-token were introduced, when user press "Reconnect", it > leads > >> >> to > >> >> auth fail (saved password is forgotten), we run about 1000 users, > >> >> nobody > >> >> complains. > >> > > >> > This is actually expected, I'd say - but smells like a bug on the > server > >> > side > >> > authentication. > >> > > >> > Selva may correct me if I'm wrong, but my understanding of it when > >> > clicking > >> > "Reconnect", the local OpenVPN process which caches the auth-token is > >> > stopped > >> > and a new OpenVPN process is started. The client should in this case > >> > ask for > >> > username/password again. So in this case, the server side should > treat > >> > this > >> > connection as a fresh connection with no initial state. > >> > >> GUI's reconnect button is wired to send a SIGHUP to the client openvpn > >> process. The problem is that if auth-token is in use, the client > >> openvpn.exe does not forget it it when restarting the connection by > >> SIGHUP or SIGUSR1 -- I think it should but it doesn't. That leads to > >> an AUTH_FAILED from server. The GUI has hard time distinguishing > >> between reasons for AUTH_FAILED, so it just assumes that password > >> verification failed and clears the saved password and prompts for a > >> new one. Obviously users are not happy. > > > > > > users don't care :) > > > > if they we ever unhappy, we should fix it. > > > > currently, I'm open to ideas how to perform a (proper) investigation in > > order to actually remove "Reconnect" button > > I do not understand why you keep harping about removing the reconnect > button. > > If you are angry with auth-token do not take it out on the wrong > victim. Its not reconnect button's fault. In fact if your users do not > use it, why bother? > those victims are not mutually exclusive. I noticed that nobody cares of broken behaviour of "REconnect" button. So, I suggest to remove it (as a user, I cannot imagine when I would press it ... probably something like "change IP address on reconnect", like I do with Tor) Also, I think that auth-token should be handled in better way. > > Selva > |
