Kill OVPN client connection
-
I'm guessing I will need to edit the server config file to include this.
Current file has : "management /var/etc/openvpn/server2.sock unix"Can I edit it in pfSense ; or just directly?
-
Could try with connecting to socket:
nc -uU /var/etc/openvpn/server2.sockor
socat - UNIX-CONNECT:/var/etc/openvpn/server2.sockAlso see –management in manual:
https://community.openvpn.net/openvpn/wiki/Openvpn24ManPage -
OK, so I have done as suggested:
Via ssh:
nc -w 20 -U /var/etc/openvpn/server2.sock
kill xxx (cn)Result:
SUCCESS: common name 'xxx' found, 1 client (s) killedThat functions, but (of course) - still not via the web interface.
I have tested the web interface (kill openvpn) on my central server and also on client machines (SG-1000 & APU)
and all exhibit the same error message. -
I am still at a loss as to why I get an error message from the gui.
Are there any tests I should run, or config changes to further investigate? -
@Gil:
I get an error:
An error occurred. (-1)
when I attempt to kill an OpenVPN client connection on my APU server box status screen.
This never used to happen prior to 2.4.0 upgrade.Same here on 2.4.2. Also no errors in logs.
Tried with Chrome, Safari and Edge via Web-gui.
-
@Gil:
OK, so I have done as suggested:
Via ssh:
nc -w 20 -U /var/etc/openvpn/server2.sock
kill xxx (cn)Result:
SUCCESS: common name 'xxx' found, 1 client (s) killedThat functions, but (of course) - still not via the web interface.
I have tested the web interface (kill openvpn) on my central server and also on client machines (SG-1000 & APU)
and all exhibit the same error message.From the result I would think it`s not an OpenVPN issue…
-
Thanks Pippin.
Generic googling tells me (-1) errors often relate to hardware.
My errors occur on all my devices APU and SG-1000. -
I should also mention; all my devices run a bridge for a tap openvpn.
peter808 : Are you similar? -
I have an OpenWRT OpenVPN connection that also gives the same error on my pfSense Server
-
Same here on 2.4.2. Also no errors in logs.
Tried with Chrome, Safari and Edge via Web-gui.
Same here
-
The "Error occurred" pop-up on the dashboard is caused by a race condition where the widget is requesting status from a resource that no longer exists. Annoying no doubt but it should not affect functionality.
Fixed in the next snapshot
-
Thanks Steve_B .
I take it that the fix will not only stop the error popup, but also execute the kill OpenVPN command? -
Small clip of the GUI behaviour
-
Hello,
I am receiving this same error message as well. I am running OpenVPN Remote-Access on pfSense 2.4.2. I am connected through my LAN, not through VPN. When also receive "An error occurred (-1)" when attempting to kill a connection. Tried on both the widget at Status -> OpenVPN. Also tried on IE and Chrome.
-
I did some tinkering on the "openvpn.inc" page, and found I was receiving "ERROR: Common Name (client IP) not found". When I changed the client IP to the username field, then I was able to kill the client. I am guessing this is the case because I use user certificates in which the username is the CN. Not sure if this is the case for the original poster.
-
I use user certificates in which the username is the CN. Not sure if this is the case for the original poster.
I also have matching CN & User Name
When I changed the client IP to the username field, then I was able to kill the client
Are you saying this is an IP address? Or simply some other text to identify a user?
-
@Gil:
Are you saying this is an IP address? Or simply some other text to identify a user?
There is a function on the file "openvpn.inc" called openvpn_kill_client(). It creates a TCP socket to the management port on the server, and then issues the command "kill {client IP}". When you click the "X" to kill a client on the OpenVPN widget or Status page, it is passing the user's public IP that they are using to connect to the VPN. I did some debugging and was receiving that Common Name does not exist. I knew that Common Name was the "username", as I enforce user certificates, which use the username as the Common Name field. So, for my case (and most likely yours), if we pass the username field instead of their public IP, it could kill the VPN connections.
-
Nice piece of debugging.
Is there something that the developers should note regarding this?
-
Will this bug be fixed in the next updates of pfSense?
-
Update to 2.4.3; the error message no longer occurs - but the OVPN Connection does not get killed.
Still a bug
