[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Web openvpn.net

Re: [Openvpn-users] client-connect script return value

  • Subject: Re: [Openvpn-users] client-connect script return value
  • From: James Yonan <jim@xxxxxxxxx>
  • Date: Tue, 14 Dec 2004 15:14:00 -0700 (MST)

On Tue, 14 Dec 2004, Didier Conchaudron wrote:

> Hi all,
> Openvpn seems to continue client connexion even if the client-connect 
> script return an error. My opinion is that openvpn should wait for a 
> valid return value before continuing.
> A client-connect script will typically contains firewall rules or route 
> add that should be really ran before opening the tunnel to the client.
> Is there a way to ask openvpn to wait for a right client-connect return 
> value?

The client-connect script is a post-authentication step.

If you want to do authentication, use tls-verify or auth-user-pass-verify.

The learn-address script is the best place to deal with rules which are 
tied to particular client's usage of particular IP addresses or MAC 


Openvpn-users mailing list