openVPN disconnect via command line in linux

Question

Is there a way to disconnect an openvpn connection that was established by free-radius with a shell command line?

I have all information about the openvpn connection:

• Username
• Client IP
• AccountSeassionID
• ...

Answer 1

pkill -SIGTERM -f 'openvpn --daemon --conf $OPENVPNCONFFILE'

the pkill command allows you to signal a process based on name or other attributes

This will send SIGTERM to the openvpn causing it to gracefully quit and close the tun interface. You may/will need to modify the section after -f to match the way you started the openvpn connection.

I found this in the Signals section of the openvpn man page.

   SIGINT, SIGTERM
      Causes OpenVPN to exit gracefully.

Answer 2

Determine the virtual interface with ifconfig:

tap0      Link encap:Ethernet  HWaddr 32:28:a4:04:34:cc  
          inet addr:172.22.18.14  Bcast:172.22.18.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100 
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

and shutdown it with:

sudo ifconfig tap0 down

---

Here're the init script that I've wrote for RedHat based:

#! /bin/bash
#
# openvpn-client    Start/Stop the openvpn client
#
# chkconfig: 2345 90 60
# description: start openvpn client at boot
# processname: openvpn

# Source function library.
. /etc/init.d/functions

daemon="openvpn"
prog="openvpn-client"
conf_file="/vagrant/vpn/client-dept18-payment.ovpn"

start() {
    echo -n $"Starting $prog: " 
        if [ -e /var/lock/subsys/openvpn-client ] && [ $(pgrep -fl "openvpn --config /vagrant/vpn/client-dept18-payment.ovpn" | wc -l) -gt 0 ]; then
        echo_failure
        echo
        exit 1
    fi
    runuser -l root -c "$daemon --config $conf_file >/dev/null 2>&1 &" && echo_success || echo_failure
    RETVAL=$?
    echo
    [ $RETVAL -eq 0 ] && touch /var/lock/subsys/openvpn-client;
    return $RETVAL
}

stop() {
    echo -n $"Stopping $prog: "
    pid=$(ps -ef | grep "[o]penvpn --config $conf_file" | awk '{ print $2 }')
    kill $pid > /dev/null 2>&1 && echo_success || echo_failure
    RETVAL=$?
    echo
    [ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/openvpn-client;
    return $RETVAL
}   

status() {
    pgrep -fl "openvpn --config /vagrant/vpn/client-dept18-payment.ovpn" >/dev/null 2>&1
    RETVAL=$?
    if [ $RETVAL -eq 0 ]; then
        pid=$(ps -ef | grep "[o]penvpn --config $conf_file" | awk '{ print $2 }')
        echo $"$prog (pid $pid) is running..."
    else
        echo $"$prog is stopped"
    fi
}   

restart() {
    stop
    start
}   

case "$1" in
    start)
        start
        ;;
    stop)
        stop
        ;;
    restart)
        restart
        ;;
    status)
        status
        ;;
    condrestart)
        [ -f /var/lock/subsys/openvpn-client ] && restart || :
        ;;
    *)
        echo $"Usage: $0 {start|stop|status|restart|condrestart}"
        exit 1
esac

then you can use it as usual:

# /etc/init.d/openvpn-client start
Starting openvpn-client:                                   [  OK  ]
# /etc/init.d/openvpn-client start
Starting openvpn-client:                                   [FAILED]
# /etc/init.d/openvpn-client status
openvpn-client (pid 5369) is running...

# /etc/init.d/openvpn-client stop
Stopping openvpn-client:                                   [  OK  ]
# /etc/init.d/openvpn-client stop
Stopping openvpn-client:                                   [FAILED]
# /etc/init.d/openvpn-client status
openvpn-client is stopped

# /etc/init.d/openvpn-client restart
Stopping openvpn-client:                                   [  OK  ]
Starting openvpn-client:                                   [  OK  ]
# /etc/init.d/openvpn-client status
openvpn-client (pid 5549) is running...

Answer 3

Simply running sudo pkill openvpn worked just fine for me. (Linux Mint 19.1)

Answer 4

sudo openvpn3 session-manage --disconnect --config $'client'.ovpn

Replace client with the corresponding name. This will shutdown the session.

Answer 5

I have never used free-radius, but I am familiar with a similar problem in OpenVPN. If the connection is started from the command line, then the VPN client either stays alive on the prompt or it retreats into the background, but there is no command to explicitly stop the connection.
Under Linux the only way to stop the connection is with a "kill" or "killall" command. Could be similar for free-radius connections.

Answer 6

Just thought I'd update my comment with a fuller answer (which may not be relevant, considering I dont know about free-radius)..

I've been using a Debian Linux distro and installed the openvpn package. The client config in Debian can be launched via command line, which leads one to this problem of there being seemingly no neat way to terminate / manage the connection...

I learned today though that there's a /etc/init.d/openvpn script that runs at boot time and if I place the openvpn config file in /etc/openvpn/ (the file extension must be .conf), I can control the connection by using /etc/init.d/openvpn stop, and etc/init.d/openvpn start (or "service openvpn stop").

Putting the config file in /etc/openvpn/ also causes the VPN tunnel to come up automatically at boot time. It also reconnects after disconnect automatically as well.