Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Idle disconnect client

    Scheduled Pinned Locked Moved OpenVPN
    11 Posts 2 Posters 12.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • jimpJ
      jimp Rebel Alliance Developer Netgate
      last edited by

      try this in the advanced options:

      inactive 300

      For 5 minutes (60*5)

      Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

      Need help fast? Netgate Global Support!

      Do not Chat/PM for help!

      1 Reply Last reply Reply Quote 0
      • A
        apant
        last edited by

        This works but client becomes yellow and reconnects after some seconds.

        Pfsense disconnects the client and I can see the log entry:

        openvpn[32711]: apant/xxx.xxx.xxx.xxx:33913 Inactivity timeout (–inactive), exiting

        Now I should find a way to make client stop reconection.

        1 Reply Last reply Reply Quote 0
        • jimpJ
          jimp Rebel Alliance Developer Netgate
          last edited by

          Yeah if the client has "keepalive" in their config it will reconnect when the connection is dropped/lost.

          Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

          Need help fast? Netgate Global Support!

          Do not Chat/PM for help!

          1 Reply Last reply Reply Quote 0
          • A
            apant
            last edited by

            There is no keepalive in my connection  ???

            This is my client configuration:

            dev tun
            persist-tun
            persist-key
            proto tcp-client
            cipher BF-CBC
            tls-client
            client
            resolv-retry infinite
            remote xxx.xxx.xxx.xxx 1194
            auth-user-pass
            pkcs12 pfsense-TCP-1194.p12
            tls-auth pfsense-TCP-1194-tls.key 1
            comp-lzo

            I tried to remove

            resolv-retry infinite
            persist-tun
            persist-key

            but nothing. Reconnects continuously.

            1 Reply Last reply Reply Quote 0
            • jimpJ
              jimp Rebel Alliance Developer Netgate
              last edited by

              Try adding:

              ping-restart 0

              Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

              Need help fast? Netgate Global Support!

              Do not Chat/PM for help!

              1 Reply Last reply Reply Quote 0
              • jimpJ
                jimp Rebel Alliance Developer Netgate
                last edited by

                You could also use "ping-exit" to make the client quit when it gets disconnected.

                Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                Need help fast? Netgate Global Support!

                Do not Chat/PM for help!

                1 Reply Last reply Reply Quote 0
                • A
                  apant
                  last edited by

                  When I use the ping-exit command client does not connect and I can see the following error at server logs:

                  openvpn[29870]: Options error: –keepalive conflicts with --ping, --ping-exit, or --ping-restart. If you use --keepalive, you don't need any of the other --ping directives.

                  I do not use keepalive  ???

                  1 Reply Last reply Reply Quote 0
                  • jimpJ
                    jimp Rebel Alliance Developer Netgate
                    last edited by

                    Is the client a PC or another pfSense box?

                    pfSense adds the keepalive in there automatically.

                    You wouldn't want to use ping-exit for a site-to-site tunnel. You really don't even want to disconnect those. What are you trying to accomplish/avoid here?

                    Disconnecting idle remote access clients makes sense, disconnecting a site-to-site tunnel doesn't. Not the way OpenVPN operates.

                    Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                    Need help fast? Netgate Global Support!

                    Do not Chat/PM for help!

                    1 Reply Last reply Reply Quote 0
                    • A
                      apant
                      last edited by

                      In this situation there is no tunnel. A pfsense server with windows clients who works from their home and they forget the client open when they finish. I use 6 user restriction because of the limited bandwidth. If they forget to close the client other users cannot connect to synchronize their software. That's why I want this solution.

                      1 Reply Last reply Reply Quote 0
                      • jimpJ
                        jimp Rebel Alliance Developer Netgate
                        last edited by

                        Then put ping-exit in the client config and make sure they have no keepalive or ping-restart in the client config.

                        The only thing you can do on the server side is specify the inactive parameter I showed earlier.

                        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                        Need help fast? Netgate Global Support!

                        Do not Chat/PM for help!

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.