-
Notifications
You must be signed in to change notification settings - Fork 0
Patch set "deferred client connect"
A few years ago I wrote a patch-set concerning OpenVPN's client-connect code. The first part of the patch-set (patches 1 to 6) refactors and unifies the client-connect code.
The second part of the patch-set allows client-connect handling to proceed
asynchronously, similar to how OpenVPN supports asynchronous (or deferred)
authentication. Basically, the scripts or v1-plugins handling the
client-connect event can now write back an additional status code that
indicates deferred handling of the client-connect. This causes the OpenVPN
server to continue with other things and to regularly re-read the status file.
As soon as the status changes from deferred to "failed" or "succeeded", the
client-connect processing for the connection is continued. (As mentioned
before, the auth code does something very similar.)
The motivation for the deferred handling approach were relatively long running client-connect scripts (> 2s) intended for high-traffic servers. As the OpenVPN server completely blocks while synchronously waiting for client-connect scripts to complete, the asynchronous / deferred approach was needed.
The deferred script code path has been in production use for a few years now, although this freshly rebased patch-set has only seen light testing so far.
The patches are availabe on a branch: https://github.com/fknittel/openvpn/tree/feat_deferred_client-connect
Note that the branch will be regularly rebased onto OpenVPN master.
Feed-back would be very welcome.
The patches are available as a modified, experimental OpenVPN-Debian package (based on the official Debian package) via a private Debian package repository. They are built in clean sbuild environments for i386 and amd64.
Note that the packages are basically untested, I do not provide any warranty, etc.
Choose your distribution:
deb http://dl.lettink.de/debian openvpn-wheezy main
deb http://dl.lettink.de/debian openvpn-jessie main
deb http://dl.lettink.de/debian openvpn-sid main
Optionally trust my repository key:
$ apt-key adv --keyserver hkp://pool.sks-keyservers.net --recv AFDD10649F51B5E2744F0A9B384675779E9D8943