[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

[Openvpn-users] Notify client on disconnect


  • Subject: [Openvpn-users] Notify client on disconnect
  • From: Mathias Sundman <mathias@xxxxxxxxxx>
  • Date: Wed, 5 Jan 2005 18:55:45 +0100 (CET)

When --duplicate-cn is not beeing used the first client is disconnected if a second client connects with the same certificate.

This is exactly how it should be, however, the symptoms on a client that is disconnected this way is just like you have lost connectivity, and ping-restart causes a reconnect which makes the tunnel work for a few seconds again.

I've done this by mistake twice now, and was just as frustrated both times what the heck was wrong! The log gives me no clue why it's ping-restarting.

I know I shouldn't be copying my certificate to other machines, but sometimes I do for testing, and this would also happend if your key/cert got stolen.

Therefor I'd like to ask how much work it would take, and if it would be a good thing to add a feature that notifies the client that it will be disconnected due to a second connection with the same cert, so this can be printed in the clients log.

Normally this happends if you have really lost connectivity and reconnects, but in this case the old client is already gone, so no false log message will be printed. But if you do the same misstake as me, or if your cert has really been stolen and someone tries to connect while you're connected, then you could see this in the log.

/Mathias


------------------------------------------------------- The SF.Net email is sponsored by: Beat the post-holiday blues Get a FREE limited edition SourceForge.net t-shirt from ThinkGeek. It's fun and FREE -- well, almost....http://www.thinkgeek.com/sfshirt _______________________________________________ Openvpn-users mailing list Openvpn-users@xxxxxxxxxxxxxxxxxxxxx https://lists.sourceforge.net/lists/listinfo/openvpn-users