Opened 5 years ago

Last modified 22 months ago

#959 new Bug / Defect

Environment variable time_unix not reset if renegenotiation occurs

Reported by: ruisantos Owned by:
Priority: major Milestone: release 2.4.11
Component: Generic / unclassified Version: OpenVPN 2.4.4 (Community Ed)
Severity: Not set (select this one, unless your'e a OpenVPN developer) Keywords:



I've stumbled upon this issue after migrating from OpenVPN 2.3.14 to OpenVPN 2.4.4.

time_unix environment variable is set prior to execution of the --client-connect script, and stays present throughout the entire client connection time, and gets freed when the client disconnects the tunnel.
When the next client connects, that same variable is then, as it was on the previous client, not present on the first --auth-user-pass-verify script.

The above behavior, the expected one I think, will not occur if a session renegotiation takes place.
After a renegotiation occurs, and the client disconnects the tunnel, subsequent clients get the time_unix environment variable filled on the first --auth-user-pass-verify script.
Also, the value of that environment value is the same as the one present on the previous client.

Steps to reproduce:
1) Connect client: time_unix is not present on --auth-user-pass-verify script
2) Wait for renegotiation
3) Disconnect client
4) Connect client: time_unix is present on --auth-user-pass-verify script

OpenVPN 2.4.4 server. Set --reneg-sec to a value low enough not to wait an hour.

Thank for you time on this issue.

Change History (1)

comment:1 Changed 22 months ago by Gert Döring

Milestone: release 2.4.4release 2.4.11

Mmmh. This bug got overlooked, sorry for that.

Not sure what the intended behaviour is here, or if it got fixed in 2.5

If you're still around - could you re-test with 2.5.1?

Note: See TracTickets for help on using tickets.