At my university, authentication via a second factor is required to connect to the OpenVPN. Therefore, users need to complete external authentication in a web browser. Usually, the authentication URL will be automatically opened in a web browser when starting a new session. However, users cannot easily restart the external authentication when opening the web browser fails or the authentication process fails on first try. The authentication URL needs to be fetched via openvpn3 session-auth in order to open it manually in a web browser (a second time), and (inexperienced) users often don't know that they can fetch the URL and restart the authentication.
If the authentication URL would be directly displayed when executing the session-start URL, users would directly see it and could simply click it to retry the external authentication if it fails for whatever reason. I think, the URL would fit well in the output after awaiting external authentication, like this:
lukas@framework-rose:~$ openvpn3 session-start --config HHU-VPN-Intern
Using pre-loaded configuration profile 'HHU-VPN-Intern'
Session path: /net/openvpn/v3/sessions/fd341e1cseceas4bces8a77s2d9df2ca4fb8
Auth User name: luros101.intern
Auth Password:
Web based authentication required.
Session running, awaiting external authentication at https://mfa.university.edu/webauth.php?code=<...>
Further manage this session using 'openvpn3 session-manage' and 'openvpn3 session-auth'
What do you think? Could this be a possible improvement to openvpn3?