On Tue, 14 Dec 2004 15:14:00 -0700, James Yonan wrote:
The client-connect script is a post-authentication step.
If you want to do authentication, use tls-verify or auth-user-pass-verify.
The learn-address script is the best place to deal with rules which are
tied to particular client's usage of particular IP addresses or MAC
Granted. However, in a situation where a client is correctly authenticated
but an error is encountered in setting firewall rules appropriate to that
client, it'd be nice to have the VPN fail closed rather than leaving the
VPN/firewall combo in an uncertain state.