Project

General

Profile

Actions

Bug #12219

closed

Prevent using OpenVPN "Inactive" option with point-to-point modes

Added by Jim Pingle over 2 years ago. Updated over 2 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
Category:
OpenVPN
Target version:
Start date:
07/03/2021
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
22.01
Release Notes:
Default
Affected Version:
2.5.x
Affected Architecture:

Description

By default on current versions we set the OpenVPN server option Inactive to 300 (See #11699) but this should only be done for SSL/TLS in server mode (tunnel network larger than /30)

For point-to-point mode, this option causes the server itself to terminate. This means that once the OpenVPN client tries to re-establish, it fails to do so until the service is manually started back up.

See also #12102 where there is a similar scenario for exit notify.

On clients, we already set Inactive to 0 by default. The recent change to Inactive 300 was only for server instances.

Given the unexpected behavior, we should probably prevent the option from being used on both clients and servers when they are in point-to-point mode.

The GUI option should be hidden when choosing shared key, and if set in the instance it should not be added to the generated OpenVPN configuration.

For SSL/TLS with a /30 or smaller tunnel network it's not so clear. We could add a warning to the option saying it will be ignored, or we could generate an input validation error.

Actions #1

Updated by Jim Pingle over 2 years ago

  • Status changed from New to In Progress
  • Assignee set to Jim Pingle
Actions #2

Updated by Jim Pingle over 2 years ago

  • Status changed from In Progress to Pull Request Review
Actions #3

Updated by Jim Pingle over 2 years ago

  • Status changed from Pull Request Review to Feedback
  • % Done changed from 0 to 100
Actions #4

Updated by Jim Pingle over 2 years ago

  • Status changed from Feedback to Resolved

Works as expected on current snapshot.

Actions #5

Updated by Jim Pingle over 2 years ago

  • Plus Target Version changed from 21.09 to 22.01
Actions

Also available in: Atom PDF