From a563976239cc643004986688c8f65aa9cd346a00 Mon Sep 17 00:00:00 2001
From: fufesou <linlong1266@gmail.com>
Date: Tue, 3 Mar 2026 20:47:56 +0800
Subject: [PATCH] refact(port-forward): comments and logs

Signed-off-by: fufesou <linlong1266@gmail.com>
---
 src/server/connection.rs | 18 +++++++++++++++++-
 1 file changed, 17 insertions(+), 1 deletion(-)

diff --git a/src/server/connection.rs b/src/server/connection.rs
index 2bcf84b92..033aac0ce 100644
--- a/src/server/connection.rs
+++ b/src/server/connection.rs
@@ -1368,7 +1368,20 @@ impl Connection {
                 self.port_forward_socket = Some(Framed::new(sock, BytesCodec::new()));
                 true
             }
-            _ => {
+            Ok(Err(e)) => {
+                log::warn!("Port forward connect failed for {}: {}", addr, e);
+                if is_rdp {
+                    addr = "RDP".to_owned();
+                }
+                self.send_login_error(format!(
+                    "Failed to access remote {}. Please make sure it is reachable/open.",
+                    addr
+                ))
+                .await;
+                false
+            }
+            Err(e) => {
+                log::warn!("Port forward connect timed out for {}: {}", addr, e);
                 if is_rdp {
                     addr = "RDP".to_owned();
                 }
@@ -1382,6 +1395,8 @@ impl Connection {
         }
     }
 
+    // Returns whether this connection should be kept alive.
+    // `true` does not necessarily mean authorization succeeded (e.g. REQUIRE_2FA case).
     async fn send_logon_response_and_keep_alive(&mut self) -> bool {
         if self.authorized {
             return true;
@@ -1415,6 +1430,7 @@ impl Connection {
                 }
             });
             self.send_login_error(crate::client::REQUIRE_2FA).await;
+            // Keep the connection alive so the client can continue with 2FA.
             return true;
         }
         if !self.connect_port_forward_if_needed().await {