Kill OVPN client connection

Gil

I get an error:

An error occurred. (-1)

when I attempt to kill an OpenVPN client connection on my APU server box status screen.
This never used to happen prior to 2.4.0 upgrade.

jimp

It seems to work for me here, is it still broken for you on 2.4.1?

What is the exact mode of the server?

Where exactly do you see that error message? On the page, in a javascript alert box, in a log, or somewhere else?

Any errors in the logs?

Gil

I should qualify this. It fails when Remote Access into web page.

Possibly to stop you from inadvertently disconnecting your own Remote Access VPN Tunnel.
However, I cannot kill another OpenVPN connection.

V2.4.2

I don't see any errors in the logs. Is there somewhere in particular I should look?

Gil

There is a message in the OpenVPN Log:

Nov 29 12:47:21 openvpn 93516 MANAGEMENT: CMD 'kill 123.209.110.10'

Not really an error messgae though

Gil

Error message occurs on webpage.
Snap shot of error message attached.

error.jpg_thumb

jimp

@Gil:

Nov 29 12:47:21 openvpn 93516 MANAGEMENT: CMD 'kill 123.209.110.10'

That's just OpenVPN logging the kill action sent from the GUI, if your log verb level is high enough to show those messages, they are purely informative.

@Gil:

Error message occurs on webpage.
Snap shot of error message attached.

Looks like that happened on the dashboard. Does the same thing happen on the dashboard and on Status > OpenVPN?

What browser is that? It's working for me on the dashboard and Status > OpenVPN and it works in both Firefox and Chrome (latest version of either one).

Gil

Browser was Chrome : BUT only when remotely connected via another OpenVPN tunnel.

Gil

Also on Android Dolphin via OpenVPN

Gil

Sorry for the multiple replies; I realised I didn't answer your other question:
Yes the same error message appears under Status / OpenVPN.

I find I have to restart the service if I want to manually disconnect a connection.

Browser Latest version of Chrome: Version 63.0.3239.84 (Official Build) (64-bit).

jimp

I can't seem to reproduce that here at all. And it definitely doesn't make sense that it only happens when you connect over some other VPN.

Unless you are killing your own VPN connection, which would mean the web server couldn't respond back to you which could result in an AJAX error. But that doesn't make sense if restarting the service fixes it.

From the logs it appears to be taking the correct action, however. It's possible it's an error in OpenVPN itself and not a bug in pfSense.

Pippin

Just an idea,
What if login into OpenVPN`s management interface using telnet/netcat and kill client there…

Gil

I can execute a shell command via SSH but;
How do I kill an individual client on a particular openvpn service?

Pippin

Currently no access to PFSense box but first find the line in the server config file

management IPaddress Port

Then in SSH do

nc IPaddress Port

Can use telnet too, then nc=telnet
You will see like:

>INFO:OpenVPN Management Interface Version 1 -- type 'help' for more info

Type help and also look here:
https://openvpn.net/index.php/open-source/documentation/miscellaneous/79-management-interface.html

Gil

I'm guessing I will need to edit the server config file to include this.
Current file has : "management /var/etc/openvpn/server2.sock unix"

Can I edit it in pfSense ; or just directly?

Pippin

Could try with connecting to socket:

nc -uU /var/etc/openvpn/server2.sock

or

socat - UNIX-CONNECT:/var/etc/openvpn/server2.sock

Also see –management in manual:
https://community.openvpn.net/openvpn/wiki/Openvpn24ManPage

Gil

OK, so I have done as suggested:

Via ssh:

nc -w 20 -U /var/etc/openvpn/server2.sock
kill xxx (cn)

Result:
SUCCESS: common name 'xxx' found, 1 client (s) killed

That functions, but (of course) - still not via the web interface.

I have tested the web interface (kill openvpn) on my central server and also on client machines (SG-1000 & APU)
and all exhibit the same error message.

Gil

I am still at a loss as to why I get an error message from the gui.
Are there any tests I should run, or config changes to further investigate?

peter808

@Gil:

I get an error:

An error occurred. (-1)

when I attempt to kill an OpenVPN client connection on my APU server box status screen.
This never used to happen prior to 2.4.0 upgrade.

Same here on 2.4.2. Also no errors in logs.

Tried with Chrome, Safari and Edge via Web-gui.

Pippin

@Gil:

OK, so I have done as suggested:

Via ssh:

nc -w 20 -U /var/etc/openvpn/server2.sock
kill xxx (cn)

Result:
SUCCESS: common name 'xxx' found, 1 client (s) killed

That functions, but (of course) - still not via the web interface.

I have tested the web interface (kill openvpn) on my central server and also on client machines (SG-1000 & APU)
and all exhibit the same error message.

From the result I would think it`s not an OpenVPN issue…

Gil

Thanks Pippin.
Generic googling tells me (-1) errors often relate to hardware.
My errors occur on all my devices APU and SG-1000.