Feature #12416
closedSupport OpenVPN ``client-kill`` to terminate remote clients instead of clearing their session
0%
Description
Killing a user remote access vpn session from the firewall through the pfsense GUI only works temporarily.
Less then a minute later the VPN will auto connect it self again.
The problem is that openvpn_kill_client()
uses the `kill` command, which terminate the client only on the server side.
To terminate the openvpn client on the remote side, the `client-kill {CID} HALT` command must be used:
Test:
# nc -U /var/etc/openvpn/server2/sock >INFO:OpenVPN Management Interface Version 3 -- type 'help' for more info client-kill 8 HALT SUCCESS: client-kill command succeeded
client side result:
2021-10-01 09:16:47 SIGTERM[soft,exit-with-notification] received, process exiting
see also https://openvpn.net/community-resources/management-interface/
and list of messages: https://github.com/OpenVPN/openvpn/blob/master/src/openvpn/forward.c#L212
Related issues
Updated by Viktor Gurov about 3 years ago
Updated by Jim Pingle about 3 years ago
- Status changed from New to Pull Request Review
- Assignee set to Viktor Gurov
- Target version set to CE-Next
- Plus Target Version set to Plus-Next
Updated by Kris Phillips about 3 years ago
Customer in internal ticket 96721 tested this. Their results seem to be that this patch breaks the OpenVPN client kill function entirely.
Updated by Viktor Gurov about 3 years ago
Kris Phillips wrote in #note-3:
Customer in internal ticket 96721 tested this. Their results seem to be that this patch breaks the OpenVPN client kill function entirely.
They were using an old patch.
Current fix works as expected.
Just one small fix for cases where client_id=0:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/413
Updated by Max Leighton about 3 years ago
They were able to test that patch and confirmed it was working as expected.
Updated by Viktor Gurov about 3 years ago
- Status changed from Pull Request Review to Feedback
Merged
Updated by Danilo Zrenjanin about 3 years ago
- Status changed from Feedback to Resolved
Tested on the:
2.6.0-DEVELOPMENT (amd64) built on Sat Oct 16 05:24:35 UTC 2021 FreeBSD 12.2-STABLE
Client gets "SIGTERM[soft,exit-with-notification] received, process exiting".
It works! Ticket resolved.
Updated by Jim Pingle about 3 years ago
- Tracker changed from Bug to Feature
- Subject changed from Killed remote openvpn client reconnects after a while to Support OpenVPN ``client-kill`` to terminate remote clients instead of clearing their session
- Status changed from Resolved to Pull Request Review
- Target version changed from CE-Next to 2.6.0
- Plus Target Version changed from Plus-Next to 22.01
- Affected Version deleted (
2.5.2)
The last fix PR hasn't been merged yet.
Updated by Viktor Gurov about 3 years ago
- Status changed from Pull Request Review to Feedback
Merged
Updated by Danilo Zrenjanin about 3 years ago
- Status changed from Feedback to Resolved
Tested again. This time against:
2.6.0-BETA (amd64) built on Thu Dec 16 06:22:38 UTC 2021 FreeBSD 12.3-STABLE
Everything works fine. Ticket resolved.
Updated by Viktor Gurov almost 3 years ago
- Related to Regression #12817: PHP error when terminating OpenVPN sessions via the dashboard widget added