explicit-exit-notify not working properly?
Posted: Sun Jul 21, 2013 2:08 pm
Hello.
I am trying to let user login multiple times simultaneously (for example from pc and mobile at the same time). I am using duplicate-cn and all works ok here.
I face problems when I try to restrict maximum number of simultaneous connects.
I use client-connect and client-disconnect scripts to count how many connections persists from specific user at any time.
I use proto udp and explicit-exit-notify option to notify server when user disconnects explicitly.
But when user hits reconnect (or when connection is lost) I have to rely on ping-restart timeout after which client-disconnect will be called.
Documentation on explicit-exit-notify states:
Is this a bug in ovpn/documentation or am I misunderstanding something?
Also when I use proto tcp (and no explicit-exit-notify) everything works as I need - on user reconnect client-disconnect triggers immediately.
So, I think explicit-exit-notify is there right for this purpose - to reveal exiting/reconnections to server when working over udp, isn't it?
I need someone to explain me my guesses and hopefully to provide solution.
Shortening ping-restart timeout is not a solution I am looking for.
I also saw a discussion in this thread: topic8991.html which is somewhat similar but patching code is, well a last-resort solution for me.
I am trying to let user login multiple times simultaneously (for example from pc and mobile at the same time). I am using duplicate-cn and all works ok here.
I face problems when I try to restrict maximum number of simultaneous connects.
I use client-connect and client-disconnect scripts to count how many connections persists from specific user at any time.
I use proto udp and explicit-exit-notify option to notify server when user disconnects explicitly.
But when user hits reconnect (or when connection is lost) I have to rely on ping-restart timeout after which client-disconnect will be called.
Documentation on explicit-exit-notify states:
Which, I think, means that on connection restart client-disconnect script should also be triggered.--explicit-exit-notify [n]
In UDP client mode or point-to-point mode, send server/peer an exit notification if tunnel is restarted or OpenVPN process is exited. In client mode, on exit/restart, this option will tell the server to immediately close its client instance object rather than waiting for a timeout. The n parameter (default=1) controls the maximum number of retries that the client will attempt to resend the exit notification message.
Is this a bug in ovpn/documentation or am I misunderstanding something?
Also when I use proto tcp (and no explicit-exit-notify) everything works as I need - on user reconnect client-disconnect triggers immediately.
So, I think explicit-exit-notify is there right for this purpose - to reveal exiting/reconnections to server when working over udp, isn't it?
I need someone to explain me my guesses and hopefully to provide solution.
Shortening ping-restart timeout is not a solution I am looking for.
I also saw a discussion in this thread: topic8991.html which is somewhat similar but patching code is, well a last-resort solution for me.