From 8018f729982f363bacbf53840ff0fd05e39938f8 Mon Sep 17 00:00:00 2001
From: Michael Tremer <michael.tremer@ipfire.org>
Date: Wed, 24 Sep 2025 18:30:59 +0200
Subject: [PATCH] openvpn: Return something if the authentication is in an
 unknown state

Sometimes, the clients seem to be sending a PUSH_REQUEST which is not
receiving a reply from the server. That is because the authenticator
might not respond at all on the socket.

In that case, we should just aim to restart the authentication and hope
that the client will come back with something that we expected.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---
 config/ovpn/openvpn-authenticator | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/config/ovpn/openvpn-authenticator b/config/ovpn/openvpn-authenticator
index 4341993e6d..d61c0f35ee 100644
--- a/config/ovpn/openvpn-authenticator
+++ b/config/ovpn/openvpn-authenticator
@@ -218,9 +218,9 @@ class OpenVPNAuthenticator(object):
 				if self._check_totp_token(token, conn.get("totp_secret")):
 					return self._client_auth_successful(cid, kid)
 
-			# Restart authentication
-			self._client_auth_challenge(cid, kid,
-				username=common_name, password="TOTP")
+		# Restart authentication
+		self._client_auth_challenge(cid, kid,
+			username=common_name, password="TOTP")
 
 	def _client_disconnect(self, cid, environ={}):
 		"""
-- 
2.47.3