Project

General

Profile

Actions

Bug #6718

closed

openvpn server exits if client has explicit-exit-notify 2 specified

Added by Bipin Chandra over 8 years ago. Updated over 8 years ago.

Status:
Not a Bug
Priority:
Normal
Assignee:
-
Category:
OpenVPN
Target version:
-
Start date:
08/16/2016
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
Affected Architecture:
All

Description

i have 2 pfsense boxes where 1 is a openvpn server and the other a client, if the client config has explicit-exit-notify 2 set in its config and for some1 reason it disconnects, it sends a signal to the server saying remote signaled exit and then the openvpn server stops its service preventing other clients to connect to it any more unless the service is restarted.


Related issues

Related to Bug #12102: Prevent using OpenVPN "Exit Notify" option with point-to-point modesResolvedJim Pingle07/03/2021

Actions
Actions #1

Updated by Jim Pingle over 8 years ago

  • Status changed from New to Not a Bug
  • Target version deleted (2.3.2-p1)

I can't reproduce this at all. I added that directive to a client and the server keeps running afterward, no problems I can see. The client log shows it sent the notification, though the server seems to not log anything about receiving it.

Please post a forum thread with more detail about your configuration and how to reproduce it before opening a bug report.

Actions #2

Updated by Bipin Chandra over 8 years ago

server config as below:
shared key
udp
tun
1104 port
BF-CBC
SHA1
ipv4 tunnel entwork - 10.10.10.0/24
do not forward ipv6
keepalive 10 120;persist-key;persist-tun;tun-mtu 1460;passtos;route-method exe

client config as below:
most of the things same as above
fast-io;route-delay 2;verb 3;tun-mtu 1460;passtos;persist-key;persist-tun;keepalive 10 120;explicit-exit-notify 2

with this i simply goto client side and restart his tunnel and the server end service just exits

Actions #3

Updated by Jim Pingle over 8 years ago

  • Affected Version deleted (2.3.2)

OK I can reproduce that. From reading OpenVPN's docs and forum, explicit-exit-notify is not intended for use with Shared Key. It's working as designed.

It's meant to work with "mode server" (e.g. SSL/TLS with a large tunnel network) and nothing else.

If you must use it with shared key, you can use the Service Watchdog package to restart the server when it exits.

Actions #4

Updated by Jim Pingle over 3 years ago

  • Related to Bug #12102: Prevent using OpenVPN "Exit Notify" option with point-to-point modes added
Actions

Also available in: Atom PDF