Linux openvpn close connection

Controlling a running OpenVPN process

Running on Linux/BSD/Unix

OpenVPN accepts several signals:

• SIGUSR1 — Conditional restart, designed to restart without root privileges
• SIGHUP — Hard restart
• SIGUSR2 — Output connection statistics to log file or syslog
• SIGTERM, SIGINT — Exit

Use the writepid directive to write the OpenVPN daemon’s PID to a file, so that you know where to send the signal (if you are starting openvpn with an initscript, the script may already be passing a —writepid directive on the openvpn command line).

Running on Windows as a GUI

Running in a Windows command prompt window

On Windows, you can start OpenVPN by right clicking on an OpenVPN configuration file (.ovpn file) and selecting «Start OpenVPN on this config file».

Once running in this fashion, several keyboard commands are available:

• F1 — Conditional restart (doesn’t close/reopen TAP adapter)
• F2 — Show connection statistics
• F3 — Hard restart
• F4 — Exit

Running as a Windows Service

When OpenVPN is started as a service on Windows, the only way to control it is:

• Via the service control manager (Control Panel / Administrative Tools / Services) which gives start/stop control.
• Via the management interface (see below).

Modifying a live server configuration

While most configuration changes require you to restart the server, there are two directives in particular which refer to files which can be dynamically updated on-the-fly, and which will take immediate effect on the server without needing to restart the server process.

client-config-dir — This directive sets a client configuration directory, which the OpenVPN server will scan on every incoming connection, searching for a client-specific configuration file (see the the manual page for more information). Files in this directory can be updated on-the-fly, without restarting the server. Note that changes in this directory will only take effect for new connections, not existing connections. If you would like a client-specific configuration file change to take immediate effect on a currently connected client (or one which has disconnected, but where the server has not timed-out its instance object), kill the client instance object by using the management interface (described below). This will cause the client to reconnect and use the new client-config-dir file.

crl-verify — This directive names a Certificate Revocation List file, described below in the Revoking Certificates section. The CRL file can be modified on the fly, and changes will take effect immediately for new connections, or existing connections which are renegotiating their SSL/TLS channel (occurs once per hour by default). If you would like to kill a currently connected client whose certificate has just been added to the CRL, use the management interface (described below).

Status File

The default server.conf file has a line

which will output a list of current client connections to the file openvpn-status.log once per minute.

Using the management interface

The OpenVPN management interface allows a great deal of control over a running OpenVPN process. You can use the management interface directly, by telneting to the management interface port, or indirectly by using an OpenVPN GUI which itself connects to the management interface.

To enable the management interface on either an OpenVPN server or client, add this to the configuration file:

This tells OpenVPN to listen on TCP port 7505 for management interface clients (port 7505 is an arbitrary choice — you can use any free port).

Once OpenVPN is running, you can connect to the management interface using a telnet client. For example:

Источник

openVPN disconnect via command line in linux

Is there a way to disconnect an openvpn connection that was established by free-radius with a shell command line?

I have all information about the openvpn connection:

6 Answers 6

pkill -SIGTERM -f ‘openvpn —daemon —conf $OPENVPNCONFFILE’

the pkill command allows you to signal a process based on name or other attributes

This will send SIGTERM to the openvpn causing it to gracefully quit and close the tun interface. You may/will need to modify the section after -f to match the way you started the openvpn connection.

I found this in the Signals section of the openvpn man page.

Determine the virtual interface with ifconfig :

and shutdown it with:

Here’re the init script that I’ve wrote for RedHat based:

then you can use it as usual:

Simply running sudo pkill openvpn worked just fine for me. (Linux Mint 19.1)

Replace client with the corresponding name. This will shutdown the session.

I have never used free-radius, but I am familiar with a similar problem in OpenVPN. If the connection is started from the command line, then the VPN client either stays alive on the prompt or it retreats into the background, but there is no command to explicitly stop the connection.
Under Linux the only way to stop the connection is with a «kill» or «killall» command. Could be similar for free-radius connections.

Just thought I’d update my comment with a fuller answer (which may not be relevant, considering I dont know about free-radius)..

I’ve been using a Debian Linux distro and installed the openvpn package. The client config in Debian can be launched via command line, which leads one to this problem of there being seemingly no neat way to terminate / manage the connection.

I learned today though that there’s a /etc/init.d/openvpn script that runs at boot time and if I place the openvpn config file in /etc/openvpn/ (the file extension must be .conf), I can control the connection by using /etc/init.d/openvpn stop, and etc/init.d/openvpn start (or «service openvpn stop»).

Putting the config file in /etc/openvpn/ also causes the VPN tunnel to come up automatically at boot time. It also reconnects after disconnect automatically as well.

Источник

How to disconnect from OpenVPN?

I’m connecting using VPNBook servers and it works fine with this command:

but I just can’t seem to figure out how to stop it without a reboot.

I’ve tried service openvpn stop and /etc/init.d/vpnbook stop , but that doesn’t seem to affect it.

14 Answers 14

This command definitely works for me, and it should work for you too.

The successful steps in my case were:

For some reason `killall -SIGINT openvpn` did not work for me, but the steps above did.

I had same problem with disconnecting from openvpn3

I end up creating this small repo https://github.com/shmalex/openvpn3_manager that helps manage the openvpn3 sessions

To disconnect the session, you have know the session’s Path

the session path could be found via

You can use my repo to perform same actions with help of bash files.

killall -SIGINT openvpn

Just hit CTRL + C in the terminal you just started OpenVPN.

In case sudo killall openvpn does not finish the job (I experienced it a few times) then a sharp and fatal solution would be:

after running sudo killall openvpn or service openvpn stop the virtual interface «tun0» would remain opened and referenced in route table, so actually related connections would be lost since openvpn service is killed.

the solution is to delete this virtual connection after killing openvpn service, as it is created everytime when openvpn service gets connected.

so you need to run below commands for disconnecting openvpn:

I stumbled upon having 2 open sessions with the same config path. So I could not use

openvpn3 session-manage —disconect —config

session-manage: ** ERROR ** More than one session with the given configuration profile name was found.

So I made a script to loop through sessions (session ids are not always the same as the config paths)

Источник

OpenVPN 3 Client for Linux

Background

The OpenVPN 3 Linux project is a new client built on top of the OpenVPN 3 Core Library, which is also used in the various OpenVPN Connect clients and OpenVPN for Android (need to be enabled via the settings page in the app).

This client is built around a completely different architecture in regards to usage. It builds heavily on D-Bus and allows unprivileged users to start and manage their own VPN tunnels out-of-the-box. System administrators wanting more control can also control and restrict this access both by hardening the default OpenVPN 3 D-Bus policy or facilitating features in OpenVPN 3 Linux.

Even though the project name carries “Linux”, it doesn’t mean it is restricted to Linux only. Any platform which has D-Bus available should be capable of running this client in theory. But since D-Bus is most commonly used in Linux environments, this will naturally be the primary focus for the project.

The release notes are stored in git tags in the project git repository. They can also be viewed here: https://github.com/OpenVPN/openvpn3-linux/releases (expand the tag to see the full text)

Installation as Connector for OpenVPN Cloud

Installation of OpenVPN 3 client as a Connector for OpenVPN Cloud Host or Network has been simplified and documented here.

Installation for Debian and Ubuntu

Follow these steps in order to install OpenVPN 3 Client on Linux for Debian and Ubuntu:

Open the Terminal by pressing ctrl + alt + T

Type the following command into the Terminal: sudo apt install apt-transport-https . This is done to ensure that your apt supports the https transport. Enter the root password as prompted

Type the following command into the Terminal: sudo wget https://swupdate.openvpn.net/repos/openvpn-repo-pkg-key.pub . This will install the OpenVPN repository key used by the OpenVPN 3 Linux packages

Type the following command into the Terminal: sudo apt-key add openvpn-repo-pkg-key.pub

Type the following command into the Terminal: sudo wget -O /etc/apt/sources.list.d/openvpn3.list https://swupdate.openvpn.net/community/openvpn3/repos/openvpn3-$DISTRO.list . This will install the proper repository. Replace $DISTRO with the release name depending on your Debian/Ubuntu distribution (the table of release names for each distribution can be found below). In this case, focal is chosen since Ubuntu 20.04 is used

Type the following command into the Terminal: sudo apt update

Type the following command into the Terminal: sudo apt install openvpn3 . This will finally install the OpenVPN 3 package

Distribution	Release	Release name ($DISTRO)
Debian	9	stretch
Debian	10	buster
Ubuntu	16.04	xenial
Ubuntu	18.04	bionic
Ubuntu	19.10	eoan
Ubuntu	20.04	focal

Installation for Fedora, Red Hat Enterprise Linux, CentOS, or Scientific Linux

Packages for these distributions are provided via a Fedora Copr repository. Supported versions:

Distribution	Release versions
Fedora	30, 31, 32
Red Hat Enterprise Linux / CentOS	7, 8

In order to install the OpenVPN 3 Client for Fedora, Red Hat Enterprise Linux, CentOS, or Scientific Linux, follow the steps below:

1. Open Terminal by typing terminal into the search bar
2. If you are running Red Hat Enterprise Linux or its clones, you need to install the Fedora EPEL repository first. Here is the list of commands for each version:
   (The original article on Fedora EPEL can be found here)
   RHEL/CentOS 6: sudo yum install https://dl.fedoraproject.org/pub/epel/epel-release-latest-6.noarch.rpm
   RHEL/CentOS 7: sudo yum install https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
   On RHEL 7 it is recommended to also enable the optional, extras, and HA repositories since EPEL packages may depend on packages from these repositories: sudo subscription-manager repos —enable «rhel-*-optional-rpms» —enable «rhel-*-extras-rpms» —enable «rhel-ha-for-rhel-*-server-rpms»
   RHEL/CentOS 8: sudo yum install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm
   On RHEL 8 it is required to also enable the codeready-builder-for-rhel-8-$-rpms repository since EPEL packages may depend on packages from it: sudo ARCH=$( /bin/arch ) followed by sudo subscription-manager repos —enable «codeready-builder-for-rhel-8-$-rpms»
   On CentOS 8 it is recommended to also enable the PowerTools repository since EPEL packages may depend on packages from it: sudo dnf config-manager —set-enabled PowerTools
3. You need to install the yum copr module first by running the following command: sudo yum install yum-plugin-copr . Note: Fedora releases usually have the yum/dnf copr module preinstalled.
4. With the Copr module available, it is time to enable the OpenVPN 3 Copr repository by running the following command: sudo yum copr enable dsommers/openvpn3
5. Finally, the OpenVPN 3 Linux client can be installed by running the following command: sudo yum install openvpn3-client

Using .ovpn Profile

Please note that by this point you should have downloaded a .ovpn profile to your machine.

Mandatory Commands

In order to start a one-shot configuration profile, type the following command into the Terminal: openvpn3 session-start —config $. Important: a «one-shot configuration profile» means that the configuration file is parsed, loaded, and deleted from the configuration manager as soon as the VPN session has been attempted started. No configuration file is available for re-use after this approach. This is achieved by giving the configuration file to the openvpn3 session-start command directly.

In order to import a configuration file for re-use and start a VPN session, type the following command into the Terminal: openvpn3 config-import —config $ . Note: using this approach, an imported configuration file can be used several times, and access to the configuration file itself is not needed to start VPN tunnels. By default, configuration profiles imported are only available to the user who imported the configuration file. But OpenVPN 3 Linux also provides an Access Control List feature via openvpn3 config-acl to grant access to specific or all users on the system. Important: this loads the configuration profile and stores it in memory-only. That means, if the system is rebooted, the configuration profile is not preserved. If the –persistent argument is added to the command line above, the configuration profile will be saved to disk in a directory only accessible by the OpenVPN user. Whenever the Configuration Manager is started, configuration files imported with –persistent will be automatically loaded as well.

In order to start a new VPN session from an imported configuration profile, run the following command: openvpn3 session-start —config $ . Note: When a configuration profile is available via openvpn3 configs-list, it can easily be started via openvpn3 session-start using the configuration profile name (typically the filename used during the import)

Optional Commands

1. To list all available configuration profiles, run this command: openvpn3 configs-list . Important: a configuration file typically contains generic options to be able to connect to a specific server, regardless of the device itself. OpenVPN 3 Linux also supports setting more host-specific settings on a configuration profile as well. This is handled via the `openvpn3 config-manage` interface. Any settings here will also be preserved across boots if the configuration profile was imported with the —persistent argument.
2. Note that it is possible to use the D-Bus path to the configuration profile: openvpn3 session-start —config-path /net/openvpn/v3/configuration/. . Note: in either of these cases is it necessary to have access to the configuration profile on disk. As long as configuration profiles are available via openvpn3 configs-list , all needed to start a VPN session should be present.

Managing a Running Session

1. Once a VPN session has started, it should be seen in the session list: openvpn3 sessions-list
2. Using the openvpn3 session-manage there are a few things which can be done, but most typically it is the –disconnect or –restart alternatives which are most commonly used. openvpn3 session-manage —config $ —restart . This disconnects and re-connects to the server again, re-establishing the connection. The $ is the configuration name as displayed in openvpn3 sessions-list
3. It is also possible to use the D-Bus path to the session as well: openvpn3 session-manage —session-path /net/openvpn/v3/sessions/. —disconnect . This command above will disconnect a running session. Once this operation has completed, it will be removed from the openvpn3 sessions-list overview. Important: you will be able to start a new session with this or another OpenVPN profile only after you have disconnected from the current session using the command in this step
4. It is also possible to retrieve real-time tunnel statistics from running sessions: openvpn3 session-stats —config $ or openvpn3 session-stats —session-path /net/openvpn/v3/sessions/.
5. And to retrieve real-time log events as they occur, run the following command: openvpn3 log —config $. This might be quite silent, as it does not provide any log events from the past. Issue an openvpn3 session-manage –restart from a different terminal, and log events will occur. You may want to boost the log-level with –log-level 6. Valid log levels are from 0 to 6, where 6 is the most verbose. Note: VPN sessions are also owned by the user which started it. But the Session Manager also provides its own Access Control List feature via openvpn3 session-acl

Changing the OpenVPN Profile of an Autoloading VPN Session

Please note that every time you start a session, it will load automatically on the system start-up. In order to change the profile of an OpenVPN Session that is autoloaded, follow the steps below:

Источник