openvpn: Return something if the authentication is in an unknown state

Sometimes, the clients seem to be sending a PUSH_REQUEST which is not
receiving a reply from the server. That is because the authenticator
might not respond at all on the socket.

In that case, we should just aim to restart the authentication and hope
that the client will come back with something that we expected.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

diff --git a/config/ovpn/openvpn-authenticator b/config/ovpn/openvpn-authenticator
index 4341993e6da8ed5ffa3b0df7d30a1bb132ff2773..d61c0f35eec8099a8ec89834c6477d2af4db10d6 100644 (file)
--- a/config/ovpn/openvpn-authenticator
+++ b/config/ovpn/openvpn-authenticator
@@ -218,9 +218,9 @@ class OpenVPNAuthenticator(object):
                                if self._check_totp_token(token, conn.get("totp_secret")):
                                        return self._client_auth_successful(cid, kid)
 
-                       # Restart authentication
-                       self._client_auth_challenge(cid, kid,
-                               username=common_name, password="TOTP")
+               # Restart authentication
+               self._client_auth_challenge(cid, kid,
+                       username=common_name, password="TOTP")
 
        def _client_disconnect(self, cid, environ={}):
                """