Feature #12416: Support OpenVPN ``client-kill`` to terminate remote clients instead of clearing their session - pfSense - pfSense bugtracker

Custom queries

2.4.5-p1 - Resolved/Closed
2.5.0 - Resolved/Closed
2.5.1 - Resolved/Closed
2.5.2 - Resolved/Closed
2.6.0 - Resolved/Closed
2.7.0 - Resolved/Closed
2.7.1 - All Open Issues
2.7.1 - Resolved/Closed
2.7.2 - Resolved/Closed
2.8.0 - All Open Bugs
2.8.0 - All Open Features
2.8.0 - All Open Issues
2.8.0 - All Open Regressions
2.8.0 - Feedback
2.8.0 - Needs Attention
2.8.0 - New/Confirmed
2.8.0 - Pull Requests
2.8.0 - Regressions affecting 2.7.0
2.8.0 - Resolved/Closed
21.02.2/2.5.1 - Resolved/Closed
21.05 Plus - All Closed Issues
21.05.1 Plus Target - All Closed Issues
21.05.1 Target - All Closed Issues
22.01 Plus - All Closed Issues
22.01 Target - All Closed Issues
22.05 Plus - All Closed Issues
22.05 Target - All Closed Issues
23.01 Plus - All Closed Issues
23.01 Target - All Closed Issues
23.05 Plus - All Closed Issues
23.05 Target - All Closed Issues
23.05.1 Plus - All Closed Issues
23.05.1 Target - All Closed Issues
23.09 Plus - All Closed Issues
23.09 Target - All Closed Issues
23.09.1 Plus - All Closed Issues
23.09.1 Target - All Closed Issues
24.03 Plus - All Closed Issues
24.03 Target - All Closed Issues
24.11 Plus - All Closed Issues
24.11 Plus - All Open Issues
24.11 Plus - Feedback Issues
24.11 Plus - Needs Attention/Work
24.11 Plus - New/Confirmed/In Progress Issues
24.11 Target - All Closed Issues
24.11 Target - All Open Issues
25.01 Plus - All Closed Issues
25.01 Plus - All Open Issues
25.01 Plus - Feedback Issues
25.01 Plus - Needs Attention/Work
25.01 Plus - New/Confirmed/In Progress Issues
25.01 Plus - Pull Request Review
25.01 Plus - Waiting on Merge
25.01 Target - All Closed Issues
25.01 Target - All Open Issues
All Open Issues assigned to Me
All Open Pull Requests
Any Target - All Open Regressions
Any Target - Feedback Issues
CE-Next - All Closed Issues (Move to specific target)
CE-Next - All Open Issues
CE-Next - Feedback (Likely needs target changed)
New Issues by Category - Future Target
New Issues by Category - No Target
New Issues by Category - No Target+Future
No Target - All Open Issues (Base Only)
No Target - New Issues (Base Only)
No Target - New Issues (Base and Packages)
Release Notes - Plus Target Version (DO NOT EDIT)
Release Notes - Target Version (DO NOT EDIT)

Actions

Copy link

Feature #12416

closed

Support OpenVPN ``client-kill`` to terminate remote clients instead of clearing their session

Added by Viktor Gurov about 3 years ago. Updated almost 3 years ago.

Status:

Resolved

Priority:

Normal

Assignee:

Viktor Gurov

Category:

OpenVPN

Target version:

2.6.0

Start date:

Due date:

% Done:

Estimated time:

Plus Target Version:

22.01

Release Notes:

Default

Description

Killing a user remote access vpn session from the firewall through the pfsense GUI only works temporarily.
Less then a minute later the VPN will auto connect it self again.

The problem is that openvpn_kill_client() uses the `kill` command, which terminate the client only on the server side.
To terminate the openvpn client on the remote side, the `client-kill {CID} HALT` command must be used:

Test:

# nc -U /var/etc/openvpn/server2/sock
>INFO:OpenVPN Management Interface Version 3 -- type 'help' for more info
client-kill 8 HALT
SUCCESS: client-kill command succeeded

client side result:

2021-10-01 09:16:47 SIGTERM[soft,exit-with-notification] received, process exiting

see also https://openvpn.net/community-resources/management-interface/
and list of messages: https://github.com/OpenVPN/openvpn/blob/master/src/openvpn/forward.c#L212

Related issues

Related to Regression #12817: PHP error when terminating OpenVPN sessions via the dashboard widget

Resolved

Viktor Gurov

Actions

Issue # Delay: days Cancel

History
Notes
Property changes
Associated revisions

Actions

Copy link

Updated by Viktor Gurov about 3 years ago

fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/406

Actions

Copy link

Updated by Jim Pingle about 3 years ago

Status changed from New to Pull Request Review
Assignee set to Viktor Gurov
Target version set to CE-Next
Plus Target Version set to Plus-Next

Actions

Copy link

Updated by Kris Phillips about 3 years ago

Customer in internal ticket 96721 tested this. Their results seem to be that this patch breaks the OpenVPN client kill function entirely.

Actions

Copy link

Updated by Viktor Gurov about 3 years ago

Kris Phillips wrote in #note-3:

Customer in internal ticket 96721 tested this. Their results seem to be that this patch breaks the OpenVPN client kill function entirely.

They were using an old patch.
Current fix works as expected.

Just one small fix for cases where client_id=0:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/413

Actions

Copy link

Updated by Max Leighton about 3 years ago

They were able to test that patch and confirmed it was working as expected.

Actions

Copy link

Updated by Viktor Gurov about 3 years ago

Status changed from Pull Request Review to Feedback

Merged

Actions

Copy link

Updated by Danilo Zrenjanin about 3 years ago

Status changed from Feedback to Resolved

Tested on the:

2.6.0-DEVELOPMENT (amd64)
built on Sat Oct 16 05:24:35 UTC 2021
FreeBSD 12.2-STABLE

Client gets "SIGTERM[soft,exit-with-notification] received, process exiting".

It works! Ticket resolved.

Actions

Copy link

Updated by Jim Pingle about 3 years ago

Tracker changed from Bug to Feature
Subject changed from Killed remote openvpn client reconnects after a while to Support OpenVPN ``client-kill`` to terminate remote clients instead of clearing their session
Status changed from Resolved to Pull Request Review
Target version changed from CE-Next to 2.6.0
Plus Target Version changed from Plus-Next to 22.01
Affected Version deleted (~~2.5.2~~)

The last fix PR hasn't been merged yet.

Actions

Copy link

Updated by Viktor Gurov about 3 years ago

Status changed from Pull Request Review to Feedback

Merged

Actions

Copy link

#10

Updated by Danilo Zrenjanin almost 3 years ago

Status changed from Feedback to Resolved

Tested again. This time against:

2.6.0-BETA (amd64)
built on Thu Dec 16 06:22:38 UTC 2021
FreeBSD 12.3-STABLE

Everything works fine. Ticket resolved.

Actions

Copy link

#11

Updated by Viktor Gurov almost 3 years ago

Related to Regression #12817: PHP error when terminating OpenVPN sessions via the dashboard widget added

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

pfSense

Custom queries

Feature #12416

Support OpenVPN ``client-kill`` to terminate remote clients instead of clearing their session

Updated by Viktor Gurov about 3 years ago

Updated by Jim Pingle about 3 years ago

Updated by Kris Phillips about 3 years ago

Updated by Viktor Gurov about 3 years ago

Updated by Max Leighton about 3 years ago

Updated by Viktor Gurov about 3 years ago

Updated by Danilo Zrenjanin about 3 years ago

Updated by Jim Pingle about 3 years ago

Updated by Viktor Gurov about 3 years ago

Updated by Danilo Zrenjanin almost 3 years ago

Updated by Viktor Gurov almost 3 years ago