Feature #12407: Use deferred client connections in OpenVPN - pfSense - pfSense bugtracker

Custom queries

2.4.5-p1 - Resolved/Closed
2.5.0 - Resolved/Closed
2.5.1 - Resolved/Closed
2.5.2 - Resolved/Closed
2.6.0 - Resolved/Closed
2.7.0 - Resolved/Closed
2.7.1 - All Open Issues
2.7.1 - Resolved/Closed
2.7.2 - Resolved/Closed
2.8.0 - All Open Bugs
2.8.0 - All Open Features
2.8.0 - All Open Issues
2.8.0 - All Open Regressions
2.8.0 - Feedback
2.8.0 - Needs Attention
2.8.0 - New/Confirmed
2.8.0 - Pull Requests
2.8.0 - Regressions affecting 2.7.0
2.8.0 - Resolved/Closed
21.02.2/2.5.1 - Resolved/Closed
21.05 Plus - All Closed Issues
21.05.1 Plus Target - All Closed Issues
21.05.1 Target - All Closed Issues
22.01 Plus - All Closed Issues
22.01 Target - All Closed Issues
22.05 Plus - All Closed Issues
22.05 Target - All Closed Issues
23.01 Plus - All Closed Issues
23.01 Target - All Closed Issues
23.05 Plus - All Closed Issues
23.05 Target - All Closed Issues
23.05.1 Plus - All Closed Issues
23.05.1 Target - All Closed Issues
23.09 Plus - All Closed Issues
23.09 Target - All Closed Issues
23.09.1 Plus - All Closed Issues
23.09.1 Plus - All Open Issues
23.09.1 Target - All Closed Issues
23.09.1 Target - All Open Issues
24.03 Plus - All Closed Issues
24.03 Plus - All Open Issues
24.03 Plus - Feedback Issues
24.03 Plus - Needs Attention/Work
24.03 Plus - New/Confirmed/In Progress Issues
24.03 Plus - Pull Request Review
24.03 Plus - Waiting on Merge
24.03 Target - All Closed Issues
24.03 Target - All Open Issues
All Open Issues assigned to Me
All Open Pull Requests
Any Target - All Open Regressions
Any Target - Feedback Issues
CE-Next - All Closed Issues (Move to specific target)
CE-Next - All Open Issues
CE-Next - Feedback (Likely needs target changed)
New Issues by Category - Future Target
New Issues by Category - No Target
New Issues by Category - No Target+Future
No Target - All Open Issues (Base Only)
No Target - New Issues (Base Only)
No Target - New Issues (Base and Packages)
Release Notes - Plus Target Version (DO NOT EDIT)
Release Notes - Target Version (DO NOT EDIT)

Actions

Copy link

Feature #12407

closed

Use deferred client connections in OpenVPN

Added by Marcos M over 2 years ago. Updated almost 2 years ago.

Status:

Resolved

Priority:

Normal

Assignee:

Marcos M

Category:

OpenVPN

Target version:

2.7.0

Start date:

Due date:

% Done:

100%

Estimated time:

Plus Target Version:

22.05

Release Notes:

Default

Description

New in OpenVPN 2.5 is the ability to use deferred client-connect. See Deferred client-connect:
https://github.com/OpenVPN/openvpn/blob/release/2.5/Changes.rst#overview-of-changes-in-250
"The --client-connect option and the connect plugin API allow asynchronous/deferred return of the configuration file in the same way as the auth-plugin."

This eliminates micro-outages on new client connections by deferring the connect script to another process. See:
https://community.openvpn.net/openvpn/ticket/1244

Details to implement this new functionality are outlined here; see --client-connect:
https://github.com/OpenVPN/openvpn/blob/master/doc/man-sections/script-options.rst

History
Notes
Property changes
Associated revisions

Actions

Copy link

Updated by Marcos M over 2 years ago

https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/402

Actions

Copy link

Updated by Jim Pingle over 2 years ago

Status changed from New to Pull Request Review

Actions

Copy link

Updated by Viktor Gurov over 2 years ago

Marcos Mendoza wrote in #note-1:

https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/402

#12321 and #12316 must be re-tested after this MR is merged

Actions

Copy link

Updated by Marcos M over 2 years ago

Status changed from Pull Request Review to Feedback
% Done changed from 0 to 100

Applied in changeset 7aaa20d95a345c4688e8786c755c7d0433451688.

Actions

Copy link

Updated by Jim Pingle over 2 years ago

Target version changed from CE-Next to 2.6.0
Plus Target Version changed from Plus-Next to 22.01

Actions

Copy link

Updated by Jim Pingle over 2 years ago

Status changed from Feedback to New

The commit for this, 7aaa20d95a345c4688e8786c755c7d0433451688 , broke static IP address assignments from RADIUS.

Actions

Copy link

Updated by Jim Pingle over 2 years ago

Target version changed from 2.6.0 to CE-Next
Plus Target Version changed from 22.01 to 22.05

Commit reverted. We can revisit this in the next release.

Actions

Copy link

Updated by Jim Pingle over 2 years ago

Status changed from New to Feedback

Applied in changeset 1f3baf61c1647ffcfbc6b6e26132d3ce56abeb96.

Actions

Copy link

Updated by Jim Pingle over 2 years ago

Status changed from Feedback to New

Actions

Copy link

#10

Updated by Marcos M over 2 years ago

New MR, see: https://redmine.pfsense.org/issues/12267#note-16

Actions

Copy link

#11

Updated by Marcos M over 2 years ago

Status changed from New to Pull Request Review

Actions

Copy link

#12

Updated by Ryan Coleman about 2 years ago

Marcos Mendoza wrote in #note-10:

New MR, see: https://redmine.pfsense.org/issues/12267#note-16

Tested this with 22.01 and verified it resolved traffic passing between client 1 and the firewall.

Mar 29 22:38:42 firewall openvpn[56228]: 123.45.67.89:45804 [username] Peer Connection Initiated with [AF_INET]123.45.67.89:45804
Mar 29 22:38:42 firewall openvpn[45546]: user 'username' authenticated
Mar 29 22:38:42 firewall openvpn[56228]: username/123.45.67.89:45804 MULTI_sva: pool returned IPv4=10.199.1.3, IPv6=(Not enabled)
Mar 29 22:38:42 firewall openvpn[46638]: openvpn server 'ovpns2' user 'username' address '123.45.67.89:45804' - connecting
Mar 29 22:38:42 firewall openvpn[50146]: openvpn server 'ovpns2' user 'username' address '123.45.67.89:45804' - connected

Actions

Copy link

#13