2

I am using AWS VPN endpoint, and open vpn client. From aws cli I can trigger disconnection of every client, however openvpn reconnects all automatically. How could I disable that? In options manual I found only "connection retry time". These are my options:

client

dev tun

proto udp

remote-random-hostname

resolv-retry infinite

nobind

auth-nocache

remote-cert-tls server

cipher AES-256-GCM

verb 3

Removing resolv-retry infinite does not solve the problem.

MyNicknameX
  • 31
  • 1
  • Did you get a solution to this? I have a big problem in that an entire department simply leaves the VPN connected and then goes to Cabo for the weekend, resulting in unnecessary usage costs. I would preferably like to automatically disconnect, but I'm finding that the client simply reconnects them automatically :'( i tried resetting the client to `resolv-retry 0` and that didn't solve the problem either. – BenKoshy Jun 07 '21 at 08:17
  • 1
    @BKSpurgeon see my answer below, it may help as a mitigation – Mason G. Zhwiti Aug 04 '21 at 01:19

1 Answers1

1

Not exactly what you're looking for, but you can define an inactive setting in the .ovpn file that disconnects the VPN client on the client side if inactivity is detected. Then the user should need to manually reconnect.

Format is inactive n [bytes], e.g. for a timeout after 10 minutes with less than 1000 bytes of activity, you'd use:

inactive 600 [1000]

The [bytes] portion is optional, but gives you some leeway on "how active" someone needs to be to maintain a connection.

Found this documented in the OpenVPN docs in the section on "--inactive" setting.

Mason G. Zhwiti
  • 6,444
  • 11
  • 61
  • 97