Open tmpdat opened 3 months ago
Related openvpn3-linux issue: https://codeberg.org/OpenVPN/openvpn3-linux/issues/6
After pondering a bit on this specific case and discussing it in the team, it's clear that this feature is not available in the OpenVPN 3 Core Library.
Porting remap-usr1
to OpenVPN 3 makes little sense, since this library does not use Unix signals, like OpenVPN 2.x does. In addition, the remap-usr1
is intended for a different use case than yours. It could be said that using remap-usr1
in this context is working due to the side-effect of what this signal remapping does.
Your real issue is that you're connecting two devices containing the same client certificate. Which ends up in a re-connect game where client A which connected first gets kicked off when client B connects and then A reconnects, kicking off client B - in an endless loop. This reconnection behaviour is actually considered a feature in OpenVPN - and is the default behaviour in OpenVPN 2.x as well (without the remap-usr1
).
The best solution for you is actually to not work around this, but to either issue different client certificates for each connecting device. Or to configure the server to use --duplicate-cn
.
We have not concluded at the moment if a "disable reconnect" feature is really wanted in OpenVPN 3.
After pondering a bit on this specific case and discussing it in the team, it's clear that this feature is not available in the OpenVPN 3 Core Library.
Porting
remap-usr1
to OpenVPN 3 makes little sense, since this library does not use Unix signals, like OpenVPN 2.x does. In addition, theremap-usr1
is intended for a different use case than yours. It could be said that usingremap-usr1
in this context is working due to the side-effect of what this signal remapping does.Your real issue is that you're connecting two devices containing the same client certificate. Which ends up in a re-connect game where client A which connected first gets kicked off when client B connects and then A reconnects, kicking off client B - in an endless loop. This reconnection behaviour is actually considered a feature in OpenVPN - and is the default behaviour in OpenVPN 2.x as well (without the
remap-usr1
).The best solution for you is actually to not work around this, but to either issue different client certificates for each connecting device. Or to configure the server to use
--duplicate-cn
.We have not concluded at the moment if a "disable reconnect" feature is really wanted in OpenVPN 3.
Hi guy, thanks so much for a clean answer. This answer covered my case well.
I know the remap_usr1
option is not intended for this case, but I don't want to use two profiles for each user, and also don't want to enable the --duplicate-cn
option (for security).
Anyway, properly, I must choose another solution, such as creating more than one profile for users connecting to multiple devices at the same time.
How openvpn client to disable auto reconnecting when another device connect with the same profile?
p/s: with openvpn version 2.x, I use the remap-usr1 optione to remap signal SIGUSR1 to SIGTERM and stop client reconnects.