Re: [Openvpn-users] Updating rules while user connected

Thu, 19 Jan 2017 23:33:22 -0800 

Hi,

On Thu, Jan 19, 2017 at 07:25:28PM -0500, Selva Nair wrote:
> I would be interested in this too, but how do you trigger a reconnect from
> the server side? I only know "client-kill CID" or "kill cn"  but the client
> will not notice that until keep-alive timeout which would cause a long
> disruption. Is it possible to send a sigusr1 restart to the client from
> server?

doc/management-notes.txt fails to mention this, but the code says

    msg(M_CLIENT, "client-kill CID [M]    : Kill client instance CID with messag
e M (def=RESTART)");

... so client-kill *should* do the right thing: tell the client "come back
right away" (RESTART).  There also is "RESTART,[N]" which I understand to
be "restart, but use the next server in your list" and "HALT", which is
"kill yourself".

The client-side code for this seems to be in forward.c, 
check_incoming_control_channel_dowork()

            else if (buf_string_match_head_str(&buf, "RESTART"))
            {
                server_pushed_signal(c, &buf, true, 7);
            }
            else if (buf_string_match_head_str(&buf, "HALT"))
            {
                server_pushed_signal(c, &buf, false, 4);
            }

server_pushed_signal() is in push.c

server_pushed_signal(struct context *c, const struct buffer *buffer, const bool
restart, const int adv)
{
...
        if (restart)
        {
            msg(D_STREAM_ERRORS, "Connection reset command was pushed by server
('%s')", m);
            c->sig->signal_received = SIGUSR1; /* SOFT-SIGUSR1 -- server-pushed
connection reset */
            c->sig->signal_text = "server-pushed-connection-reset";
        }
        else
        {
            msg(D_STREAM_ERRORS, "Halt command was pushed by server ('%s')", m);
            c->sig->signal_received = SIGTERM; /* SOFT-SIGTERM -- server-pushed
halt */
            c->sig->signal_text = "server-pushed-halt";
        }


... and that sounds exactly like what you're asking for :-)


(And update to doc/management-notes.txt might be a good thing... David,
I think you understand the management interface on the server side best -
is anything else missing there?)

gert


-- 
USENET is *not* the non-clickable part of WWW!
                                                           //www.muc.de/~gert/
Gert Doering - Munich, Germany                             g...@greenie.muc.de
fax: +49-89-35655025                        g...@net.informatik.tu-muenchen.de

Attachment: signature.asc
Description: PGP signature

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users

Reply via email to