Как перезапустить openvpn linux
The OpenVPN 3 Linux project is a new client built on top of the OpenVPN 3 Core Library, which is also used in the various OpenVPN Connect clients and OpenVPN for Android (need to be enabled via the settings page in the app).
This client is built around a completely different architecture in regards to usage. It builds heavily on D-Bus and allows unprivileged users to start and manage their own VPN tunnels out-of-the-box. System administrators wanting more control can also control and restrict this access both by hardening the default OpenVPN 3 D-Bus policy or facilitating features in OpenVPN 3 Linux.
Even though the project name carries “Linux”, it doesn’t mean it is restricted to Linux only. Any platform which has D-Bus available should be capable of running this client in theory. But since D-Bus is most commonly used in Linux environments, this will naturally be the primary focus for the project.
Installation as Connector for OpenVPN Cloud
Installation of OpenVPN 3 client as a Connector for OpenVPN Cloud Host or Network has been simplified and documented here.
Installation for Debian and Ubuntu
Follow these steps in order to install OpenVPN 3 Client on Linux for Debian and Ubuntu:
Open the Terminal by pressing ctrl + alt + T
Type the following command into the Terminal: sudo apt-key add openvpn-repo-pkg-key.pub
Type the following command into the Terminal: sudo apt update
Type the following command into the Terminal: sudo apt install openvpn3 . This will finally install the OpenVPN 3 package
Installation for Fedora, Red Hat Enterprise Linux, CentOS, or Scientific Linux
Packages for these distributions are provided via a Fedora Copr repository. Supported versions:
Distribution | Release versions |
---|---|
Fedora | 30, 31, 32 |
Red Hat Enterprise Linux / CentOS | 7, 8 |
In order to install the OpenVPN 3 Client for Fedora, Red Hat Enterprise Linux, CentOS, or Scientific Linux, follow the steps below:
Using .ovpn Profile
Please note that by this point you should have downloaded a .ovpn profile to your machine.
Mandatory Commands
In order to start a one-shot configuration profile, type the following command into the Terminal: openvpn3 session-start --config $. Important: a "one-shot configuration profile" means that the configuration file is parsed, loaded, and deleted from the configuration manager as soon as the VPN session has been attempted started. No configuration file is available for re-use after this approach. This is achieved by giving the configuration file to the openvpn3 session-start command directly.
In order to import a configuration file for re-use and start a VPN session, type the following command into the Terminal: openvpn3 config-import --config $ . Note: using this approach, an imported configuration file can be used several times, and access to the configuration file itself is not needed to start VPN tunnels. By default, configuration profiles imported are only available to the user who imported the configuration file. But OpenVPN 3 Linux also provides an Access Control List feature via openvpn3 config-acl to grant access to specific or all users on the system. Important: this loads the configuration profile and stores it in memory-only. That means, if the system is rebooted, the configuration profile is not preserved. If the –persistent argument is added to the command line above, the configuration profile will be saved to disk in a directory only accessible by the OpenVPN user. Whenever the Configuration Manager is started, configuration files imported with –persistent will be automatically loaded as well.
In order to start a new VPN session from an imported configuration profile, run the following command: openvpn3 session-start --config $ . Note: When a configuration profile is available via openvpn3 configs-list, it can easily be started via openvpn3 session-start using the configuration profile name (typically the filename used during the import)
Optional Commands
- To list all available configuration profiles, run this command: openvpn3 configs-list . Important: a configuration file typically contains generic options to be able to connect to a specific server, regardless of the device itself. OpenVPN 3 Linux also supports setting more host-specific settings on a configuration profile as well. This is handled via the `openvpn3 config-manage` interface. Any settings here will also be preserved across boots if the configuration profile was imported with the --persistent argument.
- Note that it is possible to use the D-Bus path to the configuration profile: openvpn3 session-start --config-path /net/openvpn/v3/configuration/. . Note: in either of these cases is it necessary to have access to the configuration profile on disk. As long as configuration profiles are available via openvpn3 configs-list , all needed to start a VPN session should be present.
Managing a Running Session
- Once a VPN session has started, it should be seen in the session list: openvpn3 sessions-list
- Using the openvpn3 session-manage there are a few things which can be done, but most typically it is the –disconnect or –restart alternatives which are most commonly used. openvpn3 session-manage --config $ --restart . This disconnects and re-connects to the server again, re-establishing the connection. The $ is the configuration name as displayed in openvpn3 sessions-list
- It is also possible to use the D-Bus path to the session as well: openvpn3 session-manage --session-path /net/openvpn/v3/sessions/. --disconnect . This command above will disconnect a running session. Once this operation has completed, it will be removed from the openvpn3 sessions-list overview. Important: you will be able to start a new session with this or another OpenVPN profile only after you have disconnected from the current session using the command in this step
- It is also possible to retrieve real-time tunnel statistics from running sessions: openvpn3 session-stats --config $ or openvpn3 session-stats --session-path /net/openvpn/v3/sessions/.
- And to retrieve real-time log events as they occur, run the following command: openvpn3 log --config $. This might be quite silent, as it does not provide any log events from the past. Issue an openvpn3 session-manage –restart from a different terminal, and log events will occur. You may want to boost the log-level with –log-level 6. Valid log levels are from 0 to 6, where 6 is the most verbose. Note: VPN sessions are also owned by the user which started it. But the Session Manager also provides its own Access Control List feature via openvpn3 session-acl
Changing the OpenVPN Profile of an Autoloading VPN Session
Please note that every time you start a session, it will load automatically on the system start-up. In order to change the profile of an OpenVPN Session that is autoloaded, follow the steps below:
когда то пытался филиалы перевести на подобные железки, плюнул я потом на эту идею, они глючили все по разному. Пробовал несколько моделей.
Меня устраивает нужен будет новый туннель подниму новый процесс! Мне так удобней! Но с час не об этом
Значить то что связь обрывается на тех 120 секунд !
капец полный! И я про тоже стоит 3 роутера! 1 который держит связь, два проста контрольных! Один отвалился два нет! Если бы были проблемы со связью отвалились бы все 3!
ну попробуй отключить пересогласование TLS
я так понимаю решения нет моей проблемы это отказаться тока от этих роутеров!
Ты про смену ключей? Сделать статические ключи?
я про tls-timeout
посмотри в мане про него
и главное, про reneg-sec
Ты думаешь это связанно с ключами?
Смена ключей проходит хорошо! без сучка и задоринки
выкинь тупую железку и поставь (раз денег нет) писюк. Проку больше будет. А филиал на soho держать выше моего понимания.
Смотри в мане опции --ping-restart, --ping и другие связанные.
Долго объяснять! Можно до упора кричать что PC лучше поставить! Тут я и не спорю! Но есть свои задачи и есть свои ограничения!
Ну и? что оно ? я вижу что перезапуск соединения! Дальше что? Я тоже логи умею читать!
keepalive 10 120 в опция говорит о том что каждых 10 секунд делать пинг 120 секунд ждать
ты попробовал с таймаутами? настоятельно рекомендую
tls-timeout поставил 120 reneg-sec пока не трогал
Ты про эти таймауты?
да. Потом обязательно попробуй reneg-sec. Отпишись желательно.
я так понимаю решения нет моей проблемы это отказаться тока от этих роутеров!
решение твоей проблемы - начать читать розенталя
Ну и? что оно ? я вижу что перезапуск соединения! Дальше что? Я тоже логи умею читать!
keepalive 10 120 в опция говорит о том что каждых 10 секунд делать пинг 120 секунд ждать
А теперь читаем man:
I'm connecting using VPNBook servers and it works fine with this command:
but I just can't seem to figure out how to stop it without a reboot.
I've tried service openvpn stop and /etc/init.d/vpnbook stop , but that doesn't seem to affect it.
1,015 2 2 gold badges 13 13 silver badges 21 21 bronze badges14 Answers 14
This command definitely works for me, and it should work for you too.
For some reason `killall -SIGINT openvpn` did not work for me, but the steps above did.
I had same problem with disconnecting from openvpn3
To disconnect the session, you have know the session's Path
the session path could be found via
You can use my repo to perform same actions with help of bash files.
This is indeed the correct answer, and thanks for writing those bash files - makes life much easier!killall -SIGINT openvpn
killall -SIGINT openvpn openvpn(15360): Operation not permitted openvpn: no process found sudo killall -SICINT openvpn SICINT: unknown signal; killall -l lists signals. sudo killall openvpn in a new terminal worked for me. The kill and killall commands send SIGTERM by default, which the documentation says has the same effect as SIGINT. So, either would work equivalently - if spelled properly. ;)Just hit CTRL + C in the terminal you just started OpenVPN.
14.7k 2 2 gold badges 60 60 silver badges 80 80 bronze badgesIn case sudo killall openvpn does not finish the job (I experienced it a few times) then a sharp and fatal solution would be:
after running sudo killall openvpn or service openvpn stop the virtual interface "tun0" would remain opened and referenced in route table, so actually related connections would be lost since openvpn service is killed.
the solution is to delete this virtual connection after killing openvpn service, as it is created everytime when openvpn service gets connected.
so you need to run below commands for disconnecting openvpn:
I stumbled upon having 2 open sessions with the same config path. So I could not use
openvpn3 session-manage --disconect --config <config_path>
session-manage: ** ERROR ** More than one session with the given configuration profile name was found.
So I made a script to loop through sessions (session ids are not always the same as the config paths)
followed by username and password. Is there a good way to make this automatic at boot?
6 Answers 6
Edit /etc/default/openvpn . Just press Ctrl + Alt + T on your keyboard to open Terminal. When it opens, run the command(s) below:
Uncomment the AUTOSTART="all" line. Save and close. Reboot your system.
If you're on systemd (16.04) , configured AUTOSTART="all" and it's still not starting pay attention to this:
and then restart the service
You can put auth-user-pass filename in your anonine.ovpn where filename is the file with username/password on 2 lines.
Make sure that filename is properly secured, because it will contain plain username/password.
This is from openvpn --help :
You also can add your certificate to your anonine.ovpn adding it this way:
3,196 10 10 gold badges 23 23 silver badges 36 36 bronze badgesIf a username / password is not required in order to connect, then rename the .ovpn files to have an extension of .conf.
OpenVPN should connect on boot, even without autostart=all.
If a username/password is required,
edit the .conf file
edit auth-user-pass user-password-filename
Create a file containing:
If you want to connect with Network Manager, make sure you first do:
Make sure your Ubuntu is at least 14.04. This doesn't work on 12.04.
If you don't have your ca.crt, client.crt, etc, extract them from .conf.
With Network Manager, create a new VPN connection or import your conf.
Add the certificates and ta.key.
Routes, use connection only for resources on its network.
Edit your Internet connection with network manager. Choose connect with VPN, then choose your VPN connection.
Читайте также: