mirror of
https://github.com/amnezia-vpn/openvpn3.git
synced 2026-05-17 00:16:12 +03:00
e34094e30d
The reauthentication logic differs from openvpn2 and the code is a bit hard to follow. Simplify the code and make it behave like in openvpn2. - password is cached by default - password is purged when auth-nocache is presented in a local config or pushed - when AUTH_FAILED is received and we have no session-id, throw a fatal error - when AUTH_FAILED is received and user interaction is required for authentication (MFA), throw a fatal error - when AUTH_FAILED is received, user interaction is not required for authentication and either we have a cached password OR password is not needed, we reconnect. Password is "needed" when non-empty password is provided. User interaction is required for static/dynamic challenge and SAML. Signed-off-by: Lev Stipakov <lev@openvpn.net>