Client reconnect conditions for SSO and Device auth

Hi,

I am trying to digest under which conditions the client reconnect (for Pritunl client) is enabled.

According to the code pritunl/pritunl/clients/clients.py at master · pritunl/pritunl · GitHub the ping-exit instead of ping-reconnect is used in particular when server.sso_auth is enabled.

However I have the app.sso_client_cache for Pritunl client enabled as well, so having SSO auth enabled should not block reconnect technically.

Seams changing condition to ( self.server.sso_auth and not settings.app.sso_client_cache ) will be more reasonable.

Also self.server.device_auth is blocking reconnect as well. Any reasons why it is designed like this?

Appreciate your thoughts on it.
I think if logic will be altered to make it work for device and sso auth with pritunl client - this makes UX better.

Best regards,
Andrii

That code determines how the OpenVPN configuration exits, it doesn’t control if a re-connection is attempted in the Pritunl Client. It’s only for older versions of the client and third party OpenVPN clients. The Pritunl Client will always use ping-exit. Reconection on the Pritunl Client is determined by disable_reconnect in pritunl/user/user.py. It is only disabled when done with the global option in the top right settings and if the server uses a session timeout.

Thanks a lot for a prompt reply! Indeed, I was looking into wrong direction, the user session timeout makes it! Just re-tested with both SSO and Device Auth.

Would you consider adding a few words like “Disables client reconnect” to option description here: pritunl/www/templates/modalServerSettings.html at master · pritunl/pritunl · GitHub ?

At least for me it was not obvious and I think it will be beneficial to have a notice like this to minimize confusion

That tooltip will be updated in the next release.