[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] Using the "kill" command within the management interface


  • Subject: Re: [Openvpn-users] Using the "kill" command within the management interface
  • From: Alexis Sukrieh <sukria@xxxxxxxxxx>
  • Date: Mon, 28 Aug 2006 18:31:16 +0200

Charles Duffy wrote:
> Is the system in question in p2p mode? 

No
> Alternately, is it a client 
> (attached to a multi-client server) or a multi-client server itself?

It's a client attached to a multi-client server, I use the following 
options in the client conffile:

   daemon
   user nobody
   group nobody
   auth-user-pass
   auth-retry nointeract
   management localhost 7505
   management-query-passwords
   management-hold

I want to implement to following architecture:


Step #0:

The client daemon is laucnhed when the system starts up, by root.
Then it takes the "nobody" identity.
The client is then on "hold" and waits for input from the management 
interface.

Step #1:

The GUI is started by an unprivileged user, and then the GUI submits 
prompted information to the management interface.

The OpenVPN session is opened (tun0 is up, eg: 10.8.0.10).

All this works perfectly.

I want know to allow the GUI to "close" the opened session, and then 
come back to the step #0.

I then issue kill 10.8.0.10 in the management interface, and get the 
quoted error message.

I don't want to kill the OpenVPN client daemon, I want to close the 
session and come back to the "hold" state.

> It's only the last case (when the system is a multi-client server) the 
> kill command is intended for. If you're a client, or otherwise anything 
> *other than* a multi-client server, use the signal command (ie. "signal 
> SIGTERM") over the management interface.

SIGTERM would kill the client daemon, wouldn't it?

Thanks

	Alexis
______________________
OpenVPN mailing lists
https://lists.sourceforge.net/lists/listinfo/openvpn-users