Feature #12416
closed
Support OpenVPN ``client-kill`` to terminate remote clients instead of clearing their session
Added by Viktor Gurov over 2 years ago.
Updated over 2 years ago.
Plus Target Version:
22.01
Description
Killing a user remote access vpn session from the firewall through the pfsense GUI only works temporarily.
Less then a minute later the VPN will auto connect it self again.
The problem is that openvpn_kill_client() uses the `kill` command, which terminate the client only on the server side.
To terminate the openvpn client on the remote side, the `client-kill {CID} HALT` command must be used:
Test:
# nc -U /var/etc/openvpn/server2/sock
>INFO:OpenVPN Management Interface Version 3 -- type 'help' for more info
client-kill 8 HALT
SUCCESS: client-kill command succeeded
client side result:
2021-10-01 09:16:47 SIGTERM[soft,exit-with-notification] received, process exiting
see also https://openvpn.net/community-resources/management-interface/
and list of messages: https://github.com/OpenVPN/openvpn/blob/master/src/openvpn/forward.c#L212
- Status changed from New to Pull Request Review
- Assignee set to Viktor Gurov
- Target version set to CE-Next
- Plus Target Version set to Plus-Next
Customer in internal ticket 96721 tested this. Their results seem to be that this patch breaks the OpenVPN client kill function entirely.
They were able to test that patch and confirmed it was working as expected.
- Status changed from Pull Request Review to Feedback
- Status changed from Feedback to Resolved
Tested on the:
2.6.0-DEVELOPMENT (amd64)
built on Sat Oct 16 05:24:35 UTC 2021
FreeBSD 12.2-STABLE
Client gets "SIGTERM[soft,exit-with-notification] received, process exiting".
It works! Ticket resolved.
- Tracker changed from Bug to Feature
- Subject changed from Killed remote openvpn client reconnects after a while to Support OpenVPN ``client-kill`` to terminate remote clients instead of clearing their session
- Status changed from Resolved to Pull Request Review
- Target version changed from CE-Next to 2.6.0
- Plus Target Version changed from Plus-Next to 22.01
- Affected Version deleted (
2.5.2)
- Status changed from Pull Request Review to Feedback
- Status changed from Feedback to Resolved
Tested again. This time against:
2.6.0-BETA (amd64)
built on Thu Dec 16 06:22:38 UTC 2021
FreeBSD 12.3-STABLE
Everything works fine. Ticket resolved.
- Related to Regression #12817: PHP error when terminating OpenVPN sessions via the dashboard widget added
Also available in: Atom
PDF
Updated by Viktor Gurov 
Updated by 
Updated by 
Updated by 
Updated by