Prevent using OpenVPN "Inactive" option with point-to-point modes
By default on current versions we set the OpenVPN server option Inactive to 300 (See #11699) but this should only be done for SSL/TLS in server mode (tunnel network larger than /30)
For point-to-point mode, this option causes the server itself to terminate. This means that once the OpenVPN client tries to re-establish, it fails to do so until the service is manually started back up.
See also #12102 where there is a similar scenario for exit notify.
On clients, we already set Inactive to 0 by default. The recent change to Inactive 300 was only for server instances.
Given the unexpected behavior, we should probably prevent the option from being used on both clients and servers when they are in point-to-point mode.
The GUI option should be hidden when choosing shared key, and if set in the instance it should not be added to the generated OpenVPN configuration.
For SSL/TLS with a /30 or smaller tunnel network it's not so clear. We could add a warning to the option saying it will be ignored, or we could generate an input validation error.
Updated by Jim Pingle about 2 months ago
- Status changed from In Progress to Pull Request Review