From 4a4c1c79de006b273f7b81b89fc9dd54a3b4a448 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Julian=20Grasb=C3=B6ck?= Date: Wed, 26 Nov 2025 13:53:14 +0100 Subject: [PATCH] openvpn: only send AUTH_FAILED reply on auth errors --- src/Cedar/Proto_OpenVPN.c | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/src/Cedar/Proto_OpenVPN.c b/src/Cedar/Proto_OpenVPN.c index 9143d46f..dcdb138a 100644 --- a/src/Cedar/Proto_OpenVPN.c +++ b/src/Cedar/Proto_OpenVPN.c @@ -2562,9 +2562,16 @@ void OvsRecvPacket(OPENVPN_SERVER *s, LIST *recv_packet_list, UINT protocol) Debug("OpenVPN Channel %u Failed.\n", j); OvsLog(s, se, c, "LO_CHANNEL_FAILED"); - // Return the AUTH_FAILED - str = "AUTH_FAILED"; - WriteFifo(c->SslPipe->SslInOut->SendFifo, str, StrSize(str)); + if ((se->IpcAsync->ErrorCode == ERR_AUTHTYPE_NOT_SUPPORTED) || + (se->IpcAsync->ErrorCode == ERR_AUTH_FAILED) || + (se->IpcAsync->ErrorCode == ERR_PROXY_AUTH_FAILED) || + (se->IpcAsync->ErrorCode == ERR_USER_AUTHTYPE_NOT_PASSWORD) || + (se->IpcAsync->ErrorCode == ERR_NOT_SUPPORTED_AUTH_ON_OPENSOURCE)) + { + // Return the AUTH_FAILED + str = "AUTH_FAILED"; + WriteFifo(c->SslPipe->SslInOut->SendFifo, str, StrSize(str)); + } s->SessionEstablishedCount++;