OpenVPN does not clear old Cisco-AVPair anchor rules in some cases
After some time, there exists anchor rules for old users no longer connected which is causing unintended rule matching / blocked access.
pfSsh.php playback pfanchordrill shows old anchor rulesets for users that are no longer connected and for IPs that have already been re-used by new connections.
Updated by Viktor Gurov about 2 months ago
Updated by Marcos Mendoza about 2 months ago
Copying comments here:
- It doesn't look like this takes into account the
- The lines with /tmp/$common_name seem to remain from old code and should probably be removed
- It would be really nice to have this patch made compatible with an implementation of #12267. I suspect given
duplicate-cnhandling, there's going to be some overlap.
I've included a possible solution in the merge request.