Acked-by: Gert Doering <[email protected]>
This is a useful addition for situations with external constraints
("this VPN access may only be used between 10:00 and 18:00", so you
can ensure the session ends at 17:59:59 without having extra managmeent
logic around). Whether it's overly useful in "global server context"
or on the client side stands to be debated - but this needs no extra
code, so "it's just there and someone might find use for it".
I have tested client-side (works), server-side/global (will terminate
each instance <n> seconds after connecting, but not itself) and
server-side/ccd (per-instance kill switch with per-instance timer).
Unfortunately, the man page addition about explicit-exit-notify is
wrong - on the server side, it never sends notifies, it just kills
the client TLS instance...
2022-10-07 18:05:13 us=256095 cron2-freebsd-tc-amd64/194.97.140.21:29079
Session timeout, exiting
2022-10-07 18:05:13 us=256170 cron2-freebsd-tc-amd64/194.97.140.21:29079
SIGTERM[soft,session-timeout] received, client-instance exiting
.. without telling the client, so that one needs to run into --ping timeout
2022-10-07 18:05:42 [server] Inactivity timeout (--ping-restart), restarting
.. 30 seconds later, which is not really satisfying...
Can we do better?
I have, for the time being, removed the offending man page section about
--explicit-exit-notify and merged the rest (no code change).
Your patch has been applied to the master branch.
commit f96290ff901f62717fdb4c1adef72142f359e992
Author: Dmitry Zelenkovsky
Date: Thu Oct 6 22:37:31 2022 +0200
implement --session-timeout
Signed-off-by: Dmitry Zelenkovsky <[email protected]>
Acked-by: Gert Doering <[email protected]>
Message-Id: <[email protected]>
URL:
https://www.mail-archive.com/[email protected]/msg25352.html
Signed-off-by: Gert Doering <[email protected]>
--
kind regards,
Gert Doering
_______________________________________________
Openvpn-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
