search

SoftEtherVPN / SoftEtherVPN

Cross-platform multi-protocol VPN software. Pull requests are welcome. The stable version is available at https://github.com/SoftEtherVPN/SoftEtherVPN_Stable.
Apache License 2.0
11.63k stars 2.6k forks source link

Support OpenVPN `explicit-exit-notify` client option to close UDP connections #1717

Open Alchiadus opened 1 year ago

Alchiadus commented 1 year ago

OpenVPN has a UDP specific option to send an EXIT message over the control channel to cleanly close a UDP connection, see https://github.com/OpenVPN/openvpn/blob/179b3728b71013413885e453e477997f5a396f78/src/openvpn/sig.c#L340-L364.

From the OpenVPN man page:

--explicit-exit-notify [n]
    In UDP client mode or point-to-point mode, send server/peer an exit notification if tunnel is restarted or OpenVPN process is exited. In client mode, on exit/restart, this option will tell the server to immediately close its client instance object rather than waiting for a timeout. The n parameter (default=1) controls the maximum number of attempts that the client will try to resend the exit notification message.

    In UDP server mode, send RESTART control channel command to connected clients. The n parameter (default=1) controls client behavior. With n = 1 client will attempt to reconnect to the same server, with n = 2 client will advance to the next server.

    OpenVPN will not send any exit notifications unless this option is enabled.

SoftEther does not appear to listen to the EXIT message, which causes the session to remain open until a timeout occurs even if the OpenVPN client cleanly disconnects (using proto udp).

davidebeatrici commented 1 year ago

Deleted @nazh888888's comment, as he opened a dedicated issue: #1719