search

OpenVPN / openvpn3-linux

OpenVPN 3 Linux client
GNU Affero General Public License v3.0
564 stars 151 forks source link

Block multiple session to the same VPN server #216

Open maurin-at-homiwoo opened 11 months ago

maurin-at-homiwoo commented 11 months ago

Currently it is possible to have multiple session opened to the same server, which break the connection as the system seems to not know which one to use.

To reproduce, simply execute multiple time openvpn3 session-start --config my-config

In this case you end up with something like : 

🕙 10:03:09 via 🐍 v3.11.4  ️🇬️  hw-ci-1
 🗃  ~  ➜ openvpn3 session-start --config ovhw-vpn
Using pre-loaded configuration profile 'ovhw-vpn'
Session path: /net/openvpn/v3/sessions/e9903af0s0d44s49ees912fs657cdd717f19
Private key passphrase: 
Connected

🕙 10:27:10 via 🐍 v3.11.4  ️🇬️  hw-ci-1 took 6s
 🗃  ~  ➜ openvpn3 session-start --config my-config
Using pre-loaded configuration profile 'ovhw-vpn'
Session path: /net/openvpn/v3/sessions/cfb46b2as139as453es9c77se200da236fb9
Private key passphrase: 
Connected

🕙 10:27:15 via 🐍 v3.11.4  ️🇬️  hw-ci-1 took 3s
 🗃  ~  ➜ openvpn3 sessions-list
-----------------------------------------------------------------------------
        Path: /net/openvpn/v3/sessions/3dbeb0e7s46acs4d06sb1b5s942d0b6f0279
     Created: Wed Nov 15 09:32:04 2023                  PID: 12577
       Owner: maurin                                 Device: tun0
 Config name: my-config
Session name: a.b.c.d
      Status: Connection, Client connected

        Path: /net/openvpn/v3/sessions/cfb46b2as139as453es9c77se200da236fb9
     Created: Wed Nov 15 10:27:12 2023                  PID: 21287
       Owner: maurin                                 Device: tun2
 Config name: my-config
Session name: a.b.c.d
      Status: Connection, Client connected

        Path: /net/openvpn/v3/sessions/e9903af0s0d44s49ees912fs657cdd717f19
     Created: Wed Nov 15 10:27:07 2023                  PID: 21061
       Owner: maurin                                 Device: tun1
 Config name: my-config
Session name: a.b.c.d
      Status: Connection, Client connected
-----------------------------------------------------------------------------

(It actually happen in our case because of a small applet we are using to manage the connection, the applet doens't support MFA with challenge yet so it tries to connect with only the password, the connection fails because of the missing token, we connect with the command line, fill in the MFA, get a connection, and a few seconds later the applet succeed to connect). But that could also happen if someone is using any type of script to auto connect and there's a failure or anything like this.

Is there an easy way to prevent openvpn3 to connect again if there's already a connection establish with a given server ?

Thanks !

dsommers commented 11 months ago

This is a fair suggestion. It's not something OpenVPN 3 Linux can do out-of-the-box today. But it should be able compare the configuration path of the just requested new tunnel against already running VPN sessions. Each VPN session has it's own D-Bus object which has this reference.

And that may actually be the quickest fix for your applet as well ... A very quick Python based PoC of gathering the configuration paths currently running:

import dbus
import openvpn3

bus = dbus.SystemBus()
sm = openvpn3.SessionManager(bus)
running_configs = [str(session.GetProperty('config_path')) for session in sm.FetchAvailableSessions()]