Opened 3 years ago
Closed 3 years ago
#1424 closed User question (notabug)
--client-disconnect executes after failed --client-connect
Reported by: | tct | Owned by: | |
---|---|---|---|
Priority: | minor | Milestone: | |
Component: | Generic / unclassified | Version: | |
Severity: | Not set (select this one, unless your'e a OpenVPN developer) | Keywords: | |
Cc: |
Description
The --client-disconnect
script is executed even after a failed --client-connect
script execution.
Server log:
<FAIL> * EasyTLS-client-connect => vars loaded => CN:ss-c-arch => Kill client signal => ==192.168.1.2=1225 => conn_trac_disconnect FAIL => temp-files deleted failed to read generic_ext_md_file 2021-08-21 20:33:40 us=867575 arch/192.168.1.2:1225 WARNING: Failed running command (--client-connect): external program exited with error status: 18 <EXOK> * EasyTLS-client-disconnect => vars loaded => CN:ss-c-arch => X509 serial matched => client_ext_md_file loaded => disconnection success => 88cca7a5b9df705560a0764a427478fe327194ce1d28dd0a6feaf5e797ff5531=650953F06CFC5E2B5B5C4B4820E50D936C90A595=192.168.1.2=1225 => conn_trac_disconnect FAIL => temp-files deleted 2021-08-21 20:33:44 us=53200 arch/192.168.1.2:1225 PUSH: Received control message: 'PUSH_REQUEST' 2021-08-21 20:33:44 us=53309 arch/192.168.1.2:1225 Delayed exit in 5 seconds 2021-08-21 20:33:44 us=53392 arch/192.168.1.2:1225 SENT CONTROL [arch]: 'AUTH_FAILED' (status=1) 2021-08-21 20:33:49 us=614513 arch/192.168.1.2:1225 SIGTERM[soft,delayed-exit] received, client-instance exiting
Change History (4)
comment:1 Changed 3 years ago by
comment:2 Changed 3 years ago by
Update: Removing only --auth-user-pass-verify
the result is the same.
The other two scripts above complete successfully, is it the --tls-verify
stage causing the strange behaviour ?
comment:3 Changed 3 years ago by
Further testing:
- If
--tls-crypt-v2-verify
succeeds - and
--tls-verify
is not configured - and
--client-connect
fails - then
--client-disconnect
still executes
Essentially, if any script during connection setup succeeds then --client-disconnect
is executed.
comment:4 Changed 3 years ago by
Priority: | major → minor |
---|---|
Resolution: | → notabug |
Status: | new → closed |
Type: | Bug / Defect → User question |
Note: See
TracTickets for help on using
tickets.
The manual states the following:
--client-disconnect cmd
Define: cascaded
My server uses:
--tls-crypt-v2-verify
(Succeeds). Should not be considered cascaded. Because this verification is for a TLS-Crypt-V2 key only and has no other access to the server environment.--tls-verify
(Succeeds). Questionable cascaded status ?--auth-user-pass-verify
(Succeeds). This is probably the cascading element which is causing the confusion. I will test without for comparison.