pfSense Gold Subscription

Author Topic: Kill OVPN client connection  (Read 346 times)

0 Members and 1 Guest are viewing this topic.

Offline Gil

  • Jr. Member
  • **
  • Posts: 67
  • Karma: +1/-0
    • View Profile
Kill OVPN client connection
« on: October 30, 2017, 06:43:35 am »
I get an error:

An error occurred. (-1)

when I attempt to kill an OpenVPN client connection on my APU server box status screen.
This never used to happen prior to 2.4.0 upgrade.

11 cheers for binary

Offline jimp

  • Administrator
  • Hero Member
  • *****
  • Posts: 21404
  • Karma: +1437/-26
    • View Profile
Re: Kill OVPN client connection
« Reply #1 on: November 07, 2017, 03:56:27 pm »
It seems to work for me here, is it still broken for you on 2.4.1?

What is the exact mode of the server?

Where exactly do you see that error message? On the page, in a javascript alert box, in a log, or somewhere else?

Any errors in the logs?
Need help fast? Commercial Support!

Co-Author of pfSense: The Definitive Guide. - Check the Doc Wiki for FAQs.

Do not PM for help!

Offline Gil

  • Jr. Member
  • **
  • Posts: 67
  • Karma: +1/-0
    • View Profile
Re: Kill OVPN client connection
« Reply #2 on: November 28, 2017, 07:48:41 pm »
I should qualify this. It fails when Remote Access into web page.

Possibly to stop you from inadvertently disconnecting your own Remote Access VPN Tunnel.
However, I cannot kill another OpenVPN connection.

V2.4.2

I don't see any errors in the logs. Is there somewhere in particular I should look?
11 cheers for binary

Offline Gil

  • Jr. Member
  • **
  • Posts: 67
  • Karma: +1/-0
    • View Profile
Re: Kill OVPN client connection
« Reply #3 on: November 28, 2017, 07:59:40 pm »
There is a message in the OpenVPN Log:

Nov 29 12:47:21   openvpn   93516   MANAGEMENT: CMD 'kill 123.209.110.10'

Not really an error messgae though

11 cheers for binary

Offline Gil

  • Jr. Member
  • **
  • Posts: 67
  • Karma: +1/-0
    • View Profile
Re: Kill OVPN client connection
« Reply #4 on: December 10, 2017, 03:38:21 pm »
Error message occurs on webpage.
Snap shot of error message attached.
11 cheers for binary

Offline jimp

  • Administrator
  • Hero Member
  • *****
  • Posts: 21404
  • Karma: +1437/-26
    • View Profile
Re: Kill OVPN client connection
« Reply #5 on: December 11, 2017, 07:08:02 am »
Nov 29 12:47:21   openvpn   93516   MANAGEMENT: CMD 'kill 123.209.110.10'

That's just OpenVPN logging the kill action sent from the GUI, if your log verb level is high enough to show those messages, they are purely informative.

Error message occurs on webpage.
Snap shot of error message attached.

Looks like that happened on the dashboard. Does the same thing happen on the dashboard and on Status > OpenVPN?

What browser is that? It's working for me on the dashboard and Status > OpenVPN and it works in both Firefox and Chrome (latest version of either one).
Need help fast? Commercial Support!

Co-Author of pfSense: The Definitive Guide. - Check the Doc Wiki for FAQs.

Do not PM for help!

Offline Gil

  • Jr. Member
  • **
  • Posts: 67
  • Karma: +1/-0
    • View Profile
Re: Kill OVPN client connection
« Reply #6 on: December 12, 2017, 12:05:41 am »
Browser was Chrome : BUT only when remotely connected via another OpenVPN tunnel.
11 cheers for binary

Offline Gil

  • Jr. Member
  • **
  • Posts: 67
  • Karma: +1/-0
    • View Profile
Re: Kill OVPN client connection
« Reply #7 on: December 12, 2017, 12:08:39 am »
Also on Android  Dolphin  via OpenVPN
11 cheers for binary

Offline Gil

  • Jr. Member
  • **
  • Posts: 67
  • Karma: +1/-0
    • View Profile
Re: Kill OVPN client connection
« Reply #8 on: December 12, 2017, 02:32:31 am »
Sorry for the multiple replies; I realised I didn't answer your other question:
Yes the same error message appears under Status / OpenVPN.

I find I have to restart the service if I want to manually disconnect a connection.

Browser Latest version of Chrome: Version 63.0.3239.84 (Official Build) (64-bit).

11 cheers for binary

Offline jimp

  • Administrator
  • Hero Member
  • *****
  • Posts: 21404
  • Karma: +1437/-26
    • View Profile
Re: Kill OVPN client connection
« Reply #9 on: December 12, 2017, 10:11:58 am »
I can't seem to reproduce that here at all. And it definitely doesn't make sense that it only happens when you connect over some other VPN.

Unless you are killing your own VPN connection, which would mean the web server couldn't respond back to you which could result in an AJAX error. But that doesn't make sense if restarting the service fixes it.

From the logs it appears to be taking the correct action, however. It's possible it's an error in OpenVPN itself and not a bug in pfSense.
Need help fast? Commercial Support!

Co-Author of pfSense: The Definitive Guide. - Check the Doc Wiki for FAQs.

Do not PM for help!

Offline Pippin

  • Full Member
  • ***
  • Posts: 245
  • Karma: +22/-3
    • View Profile
Re: Kill OVPN client connection
« Reply #10 on: December 12, 2017, 03:55:10 pm »
Just an idea,
What if login into OpenVPN`s management interface using telnet/netcat and kill client there...
2.3.2-RELEASE (amd64) - GB N3150N-D3V
"There must be someone with intelligence in the party"
"Well, that rules you out Pippin"

Offline Gil

  • Jr. Member
  • **
  • Posts: 67
  • Karma: +1/-0
    • View Profile
Re: Kill OVPN client connection
« Reply #11 on: December 12, 2017, 05:56:43 pm »
I can execute a shell command via SSH but;
How do I kill an individual client on a particular openvpn service?
11 cheers for binary

Offline Pippin

  • Full Member
  • ***
  • Posts: 245
  • Karma: +22/-3
    • View Profile
Re: Kill OVPN client connection
« Reply #12 on: December 13, 2017, 07:00:46 am »
Currently no access to PFSense box but first find the line in the server config file
Code: [Select]
management IPaddress PortThen in SSH do
Code: [Select]
nc IPaddress PortCan use telnet too, then nc=telnet
You will see like:
Code: [Select]
>INFO:OpenVPN Management Interface Version 1 -- type 'help' for more infoType help and also look here:
https://openvpn.net/index.php/open-source/documentation/miscellaneous/79-management-interface.html
2.3.2-RELEASE (amd64) - GB N3150N-D3V
"There must be someone with intelligence in the party"
"Well, that rules you out Pippin"

Offline Gil

  • Jr. Member
  • **
  • Posts: 67
  • Karma: +1/-0
    • View Profile
Re: Kill OVPN client connection
« Reply #13 on: December 13, 2017, 11:44:42 pm »
I'm guessing I will need to edit the server config file to include this.
Current file has : "management /var/etc/openvpn/server2.sock unix"

Can I edit it in pfSense ; or just directly?

11 cheers for binary

Offline Pippin

  • Full Member
  • ***
  • Posts: 245
  • Karma: +22/-3
    • View Profile
Re: Kill OVPN client connection
« Reply #14 on: December 14, 2017, 02:41:17 am »
Could try with connecting to socket:
Code: [Select]
nc -uU /var/etc/openvpn/server2.sockor
Code: [Select]
socat - UNIX-CONNECT:/var/etc/openvpn/server2.sock


Also see --management in manual:
https://community.openvpn.net/openvpn/wiki/Openvpn24ManPage
« Last Edit: December 14, 2017, 03:08:50 am by Pippin »
2.3.2-RELEASE (amd64) - GB N3150N-D3V
"There must be someone with intelligence in the party"
"Well, that rules you out Pippin"