[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Web openvpn.net

Re: [Openvpn-users] Using the "kill" command within the management interface

  • Subject: Re: [Openvpn-users] Using the "kill" command within the management interface
  • From: Alexis Sukrieh <sukria@xxxxxxxxxx>
  • Date: Mon, 28 Aug 2006 18:31:16 +0200

Charles Duffy wrote:
> Is the system in question in p2p mode? 

> Alternately, is it a client 
> (attached to a multi-client server) or a multi-client server itself?

It's a client attached to a multi-client server, I use the following 
options in the client conffile:

   user nobody
   group nobody
   auth-retry nointeract
   management localhost 7505

I want to implement to following architecture:

Step #0:

The client daemon is laucnhed when the system starts up, by root.
Then it takes the "nobody" identity.
The client is then on "hold" and waits for input from the management 

Step #1:

The GUI is started by an unprivileged user, and then the GUI submits 
prompted information to the management interface.

The OpenVPN session is opened (tun0 is up, eg:

All this works perfectly.

I want know to allow the GUI to "close" the opened session, and then 
come back to the step #0.

I then issue kill in the management interface, and get the 
quoted error message.

I don't want to kill the OpenVPN client daemon, I want to close the 
session and come back to the "hold" state.

> It's only the last case (when the system is a multi-client server) the 
> kill command is intended for. If you're a client, or otherwise anything 
> *other than* a multi-client server, use the signal command (ie. "signal 
> SIGTERM") over the management interface.

SIGTERM would kill the client daemon, wouldn't it?


OpenVPN mailing lists