diff options
Diffstat (limited to 'src/openvpn/push.c')
| -rw-r--r-- | src/openvpn/push.c | 17 |
1 files changed, 15 insertions, 2 deletions
diff --git a/src/openvpn/push.c b/src/openvpn/push.c index 6a30e47..dd5bd41 100644 --- a/src/openvpn/push.c +++ b/src/openvpn/push.c @@ -55,8 +55,20 @@ receive_auth_failed(struct context *c, const struct buffer *buffer) if (c->options.pull) { - switch (auth_retry_get()) + /* Before checking how to react on AUTH_FAILED, first check if the + * failed auth might be the result of an expired auth-token. + * Note that a server restart will trigger a generic AUTH_FAILED + * instead an AUTH_FAILED,SESSION so handle all AUTH_FAILED message + * identical for this scenario */ + if (ssl_clean_auth_token()) { + c->sig->signal_received = SIGUSR1; /* SOFT-SIGUSR1 -- Auth failure error */ + c->sig->signal_text = "auth-failure (auth-token)"; + } + else + { + switch (auth_retry_get()) + { case AR_NONE: c->sig->signal_received = SIGTERM; /* SOFT-SIGTERM -- Auth failure error */ break; @@ -70,8 +82,9 @@ receive_auth_failed(struct context *c, const struct buffer *buffer) default: ASSERT(0); + } + c->sig->signal_text = "auth-failure"; } - c->sig->signal_text = "auth-failure"; #ifdef ENABLE_MANAGEMENT if (management) { |