On 12/07/13 12:18, Michael Ludvig wrote: > Hi > > I'm having troubles with client-connect and client-disconnect scripts in > OpenVPN 2.3.2. > > 1) client-connect script is called on the server only once (maybe once > for each user?) and on subsequent connects its previous output is > re-used but the script isn't called again. It looks like the config > produced by the script is cached - can I somehow disable that caching > and force calling the script for every client connect? > > 2) client-disconnect never seems to be called. If I successfully connect > (and and then kill the client the disconnect is never called. I tried to > wait for a timeout for openvpn to realise the other end has died but it > never happened. > > Any idea how what's causing these problems and how to make openvpn do > what I want? That is call the scripts on all client connects and > disconnects?
I believe 1) and 2) are connected in your case. I've not poked much at the source code yet, but I have some similar experiences when working with my eurephia plug-in. It's hard to say exactly what's happening without seeing client and server logs and configs. But it sounds like you're experiencing a re-connection scenario. This isn't necessarily so obvious if you're using UDP, as this is a stateless connection. In TCP mode, OpenVPN will close the connection with the server explicitly, which should trigger the disconnect script. However in UDP mode, there's no explicit disconnection. So if you reconnect with UDP, it might actually try it's best to re-establish the previous connection. If you wait until a connection time-out happens (I believe the default is 2 minutes, defined by --ping-restart), see if your disconnect script is called then. If this is the issue you're hitting, you can try to add --explict-exit-notify to your client configs if you're using UDP. You can also try TCP and see if that changes the behaviour - but of course, we don't recommend TCP mode if UDP works for you. -- kind regards, David Sommerseth
signature.asc
Description: OpenPGP digital signature
