Opened 6 years ago
Last modified 3 years ago
#959 new Bug / Defect
Environment variable time_unix not reset if renegenotiation occurs
| Reported by: | ruisantos | Owned by: | |
|---|---|---|---|
| Priority: | major | Milestone: | release 2.4.11 |
| Component: | Generic / unclassified | Version: | OpenVPN 2.4.4 (Community Ed) |
| Severity: | Not set (select this one, unless your'e a OpenVPN developer) | Keywords: | |
| Cc: |
Description
Hello,
I've stumbled upon this issue after migrating from OpenVPN 2.3.14 to OpenVPN 2.4.4.
Description:
time_unix environment variable is set prior to execution of the --client-connect script, and stays present throughout the entire client connection time, and gets freed when the client disconnects the tunnel.
When the next client connects, that same variable is then, as it was on the previous client, not present on the first --auth-user-pass-verify script.
Problem:
The above behavior, the expected one I think, will not occur if a session renegotiation takes place.
After a renegotiation occurs, and the client disconnects the tunnel, subsequent clients get the time_unix environment variable filled on the first --auth-user-pass-verify script.
Also, the value of that environment value is the same as the one present on the previous client.
Steps to reproduce:
1) Connect client: time_unix is not present on --auth-user-pass-verify script
2) Wait for renegotiation
3) Disconnect client
4) Connect client: time_unix is present on --auth-user-pass-verify script
OpenVPN 2.4.4 server. Set --reneg-sec to a value low enough not to wait an hour.
Thank for you time on this issue.
Mmmh. This bug got overlooked, sorry for that.
Not sure what the intended behaviour is here, or if it got fixed in 2.5
If you're still around - could you re-test with 2.5.1?