|
|
On Wed, 5 Jan 2005, Mathias Sundman wrote: > When --duplicate-cn is not beeing used the first client is disconnected if > a second client connects with the same certificate. > > This is exactly how it should be, however, the symptoms on a client that > is disconnected this way is just like you have lost connectivity, and > ping-restart causes a reconnect which makes the tunnel work for a few > seconds again. > > I've done this by mistake twice now, and was just as frustrated both times > what the heck was wrong! The log gives me no clue why it's > ping-restarting. > > I know I shouldn't be copying my certificate to other machines, but > sometimes I do for testing, and this would also happend if your key/cert > got stolen. > > Therefor I'd like to ask how much work it would take, and if it would be a > good thing to add a feature that notifies the client that it will be > disconnected due to a second connection with the same cert, so this can be > printed in the clients log. > > Normally this happends if you have really lost connectivity and > reconnects, but in this case the old client is already gone, so no false > log message will be printed. But if you do the same misstake as me, or if > your cert has really been stolen and someone tries to connect while > you're connected, then you could see this in the log. I agree that some kind of notification would make sense. I'd like to throw away the current explicit-exit-notify implementation and redo in a way that touches all the bases, i.e. bidirectional exit notify with ACK and reason codes. Then the client would get a message that says "you were disconnected because another client with the same common name connected." It's probably going to be a 2.1 thing, because it involves global changes to the code as well as protocol changes and will probably take a few beta releases of testing to stabilize. James ------------------------------------------------------- The SF.Net email is sponsored by: Beat the post-holiday blues Get a FREE limited edition SourceForge.net t-shirt from ThinkGeek. It's fun and FREE -- well, almost....http://www.thinkgeek.com/sfshirt _______________________________________________ Openvpn-users mailing list Openvpn-users@xxxxxxxxxxxxxxxxxxxxx https://lists.sourceforge.net/lists/listinfo/openvpn-users Warning: require_once(../../../archive_common.php) [function.require-once]: failed to open stream: No such file or directory in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2005-01/msg00070.html on line 221 Fatal error: require_once() [function.require]: Failed opening required '../../../archive_common.php' (include_path='/usr/local/lib/php') in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2005-01/msg00070.html on line 221 |