From: Michael Tremer <michael.tremer@ipfire.org>
Date: Wed, 24 Sep 2025 16:30:59 +0000 (+0200)
Subject: openvpn: Return something if the authentication is in an unknown state
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=8018f729982f363bacbf53840ff0fd05e39938f8;p=ipfire-2.x.git

openvpn: Return something if the authentication is in an unknown state

Sometimes, the clients seem to be sending a PUSH_REQUEST which is not
receiving a reply from the server. That is because the authenticator
might not respond at all on the socket.

In that case, we should just aim to restart the authentication and hope
that the client will come back with something that we expected.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---

diff --git a/config/ovpn/openvpn-authenticator b/config/ovpn/openvpn-authenticator
index 4341993e6d..d61c0f35ee 100644
--- a/config/ovpn/openvpn-authenticator
+++ b/config/ovpn/openvpn-authenticator
@@ -218,9 +218,9 @@ class OpenVPNAuthenticator(object):
 				if self._check_totp_token(token, conn.get("totp_secret")):
 					return self._client_auth_successful(cid, kid)
 
-			# Restart authentication
-			self._client_auth_challenge(cid, kid,
-				username=common_name, password="TOTP")
+		# Restart authentication
+		self._client_auth_challenge(cid, kid,
+			username=common_name, password="TOTP")
 
 	def _client_disconnect(self, cid, environ={}):
 		"""