git.ipfire.org Git - thirdparty/openvpn.git/commit

author	Arne Schwabe <arne@rfc2549.org>
	Mon, 17 Oct 2022 09:51:45 +0000 (11:51 +0200)
committer	Gert Doering <gert@greenie.muc.de>
	Mon, 17 Oct 2022 11:30:12 +0000 (13:30 +0200)
commit	9a5161704173e31f2510d3f5c29361f76e275d0f
tree	4a0dd06c52bb176a0fe188aa395893e8dc11276a	tree
parent	d468dff7bdfd79059818c190ddf41b125bb658de	commit \| diff

Allow Authtoken lifetime to be short than renegotiation time

Currently the life time of the auth-token is tied to the renegotiation
time. While this is fine for many setups, some setups prefer a user
to be no longer authenticated when the user disconnects from the VPN
for a certain amount of time.

This commit allows to shorten the renewal time of the auth-token and
ensures that the server resends the auth-token often enough over the
existing control channel. This way of updating the auth token is a lot
more lightweight than the alternative (frequent renegotiations).

Patch v2: fix grammar mistakes (thanks Gert), fix unit tests

Signed-off-by: Arne Schwabe <arne@rfc2549.org>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <20221017095145.2580186-1-arne@rfc2549.org>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg25407.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>

doc/man-sections/server-options.rst		diff \| blob \| blame \| history
src/openvpn/auth_token.c		diff \| blob \| blame \| history
src/openvpn/auth_token.h		diff \| blob \| blame \| history
src/openvpn/forward.c		diff \| blob \| blame \| history
src/openvpn/init.c		diff \| blob \| blame \| history
src/openvpn/openvpn.h		diff \| blob \| blame \| history
src/openvpn/options.c		diff \| blob \| blame \| history
src/openvpn/options.h		diff \| blob \| blame \| history
src/openvpn/ssl.c		diff \| blob \| blame \| history
src/openvpn/ssl_common.h		diff \| blob \| blame \| history
tests/unit_tests/openvpn/test_auth_token.c		diff \| blob \| blame \| history