Hot to push parameter for all mobile client?
-
I copy/past that post from rkgraves. I'm using a pfsense box and manage by Web. Something interest me in that post but I dont know how adding to the client settings on the pfSense-OpenVPN server: push "inactive 3600 1000000" ... someone can explain me how to do that? Do I have to be in CLI to do that or is there a way to do it by the GUI?
Thanks!===========================
rkgraves Apr 15, 2020, 11:57 AM
Community,Just a note to follow-up on this: Using the OpenVPN Inactive settings to disconnect idle users. We did get this to work!
Adding to the client config: inactive 3600 1000000
or, adding to the client settings on the pfSense-OpenVPN server: push "inactive 3600 1000000"
is dropping idle connections after roughly 1 hour of inactivity. The way I interpret this is - if less than 1000000 of data crosses the wire within a 60 minute window of time, then the connection will be determined inactive and closed.
I.e. 3600 is a time out value given in seconds, 3600 = 60 minutes. 100000 is a value given in bytes and seems like a lot, but not really. We found that a typical idle connection produced +/- 500 KBytes an hour. An odd observation was that some idle connections would produce initially way more data than others, but would eventually settle down to the less than 1000000 bytes in 60 minutes and be terminated.
The learning-curve was that setting an inactive time value alone was not sufficient as even with even an idle sessions there ares still a notable amount of packets going back and forth across the wire.
Thank You to Those who offered input and to Netgate Support for their prompt and helpful information.
Best Regards,
Randy Graves
North Idaho College