Bug #6718
closed
openvpn server exits if client has explicit-exit-notify 2 specified
Added by Bipin Chandra over 8 years ago.
Updated over 8 years ago.
Affected Architecture:
All
Description
i have 2 pfsense boxes where 1 is a openvpn server and the other a client, if the client config has explicit-exit-notify 2 set in its config and for some1 reason it disconnects, it sends a signal to the server saying remote signaled exit and then the openvpn server stops its service preventing other clients to connect to it any more unless the service is restarted.
- Status changed from New to Not a Bug
- Target version deleted (
2.3.2-p1)
I can't reproduce this at all. I added that directive to a client and the server keeps running afterward, no problems I can see. The client log shows it sent the notification, though the server seems to not log anything about receiving it.
Please post a forum thread with more detail about your configuration and how to reproduce it before opening a bug report.
server config as below:
shared key
udp
tun
1104 port
BF-CBC
SHA1
ipv4 tunnel entwork - 10.10.10.0/24
do not forward ipv6
keepalive 10 120;persist-key;persist-tun;tun-mtu 1460;passtos;route-method exe
client config as below:
most of the things same as above
fast-io;route-delay 2;verb 3;tun-mtu 1460;passtos;persist-key;persist-tun;keepalive 10 120;explicit-exit-notify 2
with this i simply goto client side and restart his tunnel and the server end service just exits
- Affected Version deleted (
2.3.2)
OK I can reproduce that. From reading OpenVPN's docs and forum, explicit-exit-notify is not intended for use with Shared Key. It's working as designed.
It's meant to work with "mode server" (e.g. SSL/TLS with a large tunnel network) and nothing else.
If you must use it with shared key, you can use the Service Watchdog package to restart the server when it exits.
- Related to Bug #12102: Prevent using OpenVPN "Exit Notify" option with point-to-point modes added
Also available in: Atom
PDF
Updated by 
Updated by