[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Web openvpn.net

[Openvpn-users] Re: client-connect script return value

  • Subject: [Openvpn-users] Re: client-connect script return value
  • From: Charles Duffy <cduffy@xxxxxxxxxxx>
  • Date: Tue, 14 Dec 2004 17:04:32 -0600

On Tue, 14 Dec 2004 15:14:00 -0700, James Yonan wrote:

> The client-connect script is a post-authentication step.
> If you want to do authentication, use tls-verify or auth-user-pass-verify.
> The learn-address script is the best place to deal with rules which are 
> tied to particular client's usage of particular IP addresses or MAC 
> addresses.

Granted. However, in a situation where a client is correctly authenticated
but an error is encountered in setting firewall rules appropriate to that
client, it'd be nice to have the VPN fail closed rather than leaving the
VPN/firewall combo in an uncertain state.

Openvpn-users mailing list