I have a vpn which i manage with mysql for authentication. In the server config file, i have client-connect and client-disconnect script path to run when user connect and disconnect to the vpn.

to make authentication works, i use libpam-mysql. For the script in /etc/pam.d/vpn, i make authentication WHERE=disable=0 AND WHERE=online=0. This means that if the client is not disable and not online, he/she can connect to the vpn. so, the authentication was success and client can connect to the vpn, client-connect script also run as i needed. When the user disconnect, the client-disconnect will run. Still happen as i wanted.

The problem happen when client`s internet is accidently dead. client-connect script contain database access that will set user to online ("UPDATE client SET online=1 WHERE username='$common_name'"). And client disconnect will set user to offline ("UPDATE client SET online=0 WHERE username='$common_name'"). If the client`s internet is accidently dead, client-disconnect will not run and mysql will not update the user. So, the user will cannot connect back after their internet restored, pam authentication will deny because /etc/pam.d/vpn rules state that the user can connect if user that connect have online=0.

So, how can i overcome this?
I have put explicit-exit-notify 2 in client config, but the result is still the same. thanks in advance and sorry for my english.

look like same problem to me

bump