How to disconnect from OpenVPN?

Question

I'm connecting using VPNBook servers and it works fine with this command:

 sudo openvpn --config /etc/openvpn/vpnbook-udp-53.ovpn --auth-user-pass /etc/openvpn/password.txt

but I just can't seem to figure out how to stop it without a reboot.

I've tried service openvpn stop and /etc/init.d/vpnbook stop, but that doesn't seem to affect it.

Answer 1

This command definitely works for me, and it should work for you too.

sudo killall openvpn

Answer 2

I had same problem with disconnecting from openvpn3

I end up creating this small repo that helps manage the openvpn3 sessions

To disconnect the session, you have to know the session's Path

openvpn3 session-manage --session-path $OPENVPN3_SESSION_PATH --disconnect

the session path could be found via

openvpn3 sessions-list
> -----------------------------------------------------------------------------
>         Path: /net/openvpn/v3/sessions/7a42f37asc8d9s424c8b534sd331d6dd56e8
>      Created: Tue Dec  8 10:44:57 2020                  PID: 9495
>        Owner: shmalex                                Device: tun0
>  Config name: client.ovpn  (Config not available)
> Session name: *...*
>       Status: Connection, Client connected
> -----------------------------------------------------------------------------

OPENVPN3_SESSION_PATH=/net/openvpn/v3/sessions/7a42f37asc8d9s424c8b534sd331d6dd56e8
openvpn3 session-manage --session-path $OPENVPN3_SESSION_PATH --disconnect

You can use my repo to perform same actions with help of bash files.

Answer 3

The successful steps in my case were:

# stop the service    
$ sudo /etc/init.d/openvpn stop
find the process if it is still running for some reason
$ lsof -i | grep openvpn
kill the proccess(s) by its PID
$ kill -9 <PID>
if necessary restart the service again
$ sudo /etc/init.d/openvpn start

For some reason killall -SIGINT openvpn did not work for me, but the steps above did.

Answer 4

I stumbled upon having 2 open sessions with the same config path. So I could not use

openvpn3 session-manage --disconect --config <config_path>

session-manage: ** ERROR ** More than one session with the given configuration profile name was found.

So I made a script to loop through sessions (session ids are not always the same as the config paths)

ACTIVE_SESSIONS=$(openvpn3 sessions-list | grep -i 'path' | awk '{p=index($0, ":");print $2}')
echo $ACTIVE_SESSIONS
for instance in $ACTIVE_SESSIONS; do
    openvpn3 session-manage --disconnect --session-path ${instance}
done 

Answer 5

In case sudo killall openvpn does not finish the job (I experienced it a few times) then a sharp and fatal solution would be:

pgrep openvpn | xargs sudo kill -9

Answer 6

Try this

killall -SIGINT openvpn

You can get more info on the different signals you can send here.

Answer 7

sudo openvpn3 session-manage --disconnect --config $'client'.ovpn

Replace client with the corresponding name.
This will shutdown the session.

Answer 8

Just hit CTRL+C in the terminal you just started OpenVPN.

Answer 9

after running sudo killall openvpn or service openvpn stop the virtual interface "tun0" would remain opened and referenced in route table, so actually related connections would be lost since openvpn service is killed.

the solution is to delete this virtual connection after killing openvpn service, as it is created everytime when openvpn service gets connected.

so you need to run below commands for disconnecting openvpn:

$ sudo killall openvpn
$ sudo ip link delete tun0

Answer 10

Here's my one-liner that easily gets the session-path using grep and cut:

openvpn3 session-manage --disconnect --session-path $(openvpn3 sessions-list | grep Path | cut -b 15-)

Answer 11

Use the following command, where 0 is the tunnel number:

sudo ifconfig tun0 down

Answer 12

Use the following command:

   $openvpn3 session-manage --session-path /net/openvpn/v3/sessions/..... --disconnect

you may get the path using command below:

openvpn3 sessions-list

Answer 13

This worked for me.

When you login to ovpn. It will give a session file with full path. Put that full path after --session-path in below command

openvpn3 session-manage --session-path /net/openvpn/v3/sessions/<session file> --disconnect

Answer 14

You can use the following script to disconnect all vpn sessions or a specific vpn session

vpnd.sh [session path]

#!/bin/bash
set -e
session=$1
if [ "$1" = "--help" ]; then
    echo "Usage : ./vpnd.sh [session path]"
    echo "E.g. disconnect specific session"
    echo "vpnd.sh /net/openvpn/v3/sessions/b7a35c15s95ffs4cd9sa867sc473a37d77a0"
    echo "E.g. disconnect all sessions"
    echo "vpnd.sh"
    exit 1
fi
if [ ! -z "$session" ]; then
    openvpn3 session-manage --disconnect --session-path "${session}"
    exit 0
fi
readarray -t vpn_sessions < <(openvpn3 sessions-list | sed -nE 's/^\sPath:\s+(\S)$/\1/p')
for session in ${vpn_sessions[@]} ; do

    if [ ! -z "${session}" ]; then
        echo "Closing session ${session}..."
        openvpn3 session-manage --disconnect --session-path "${session}"
    fi
done
openvpn3 session-manage --cleanup
openvpn3 sessions-list

Note that you can get a list of active session paths via

openvpn3 sessions-list

Answer 15

Quick one-liner:

sudo openvpn3 sessions-list | grep -ioP '/net/openvpn/v3/sessions/\w+' | xargs -I{} sudo openvpn3 session-manage --path {} --disconnect

Answer 16

openvpn3 sessions-list

It will print a PID number

sudo kill -9 {PID} without the curly braces of course.

Answer 17

For me works this:

your@prompt: openvpn3 session-manage --disconnect --path </PATH/PROVIDED/IN/SESSION/START>

Answer 18

You can just send SIGINT signal to openvpn and it will stop gracefully.

https://openvpn.net/community-resources/controlling-a-running-openvpn-process/

Running on Linux/BSD/Unix

OpenVPN accepts several signals:

SIGUSR1 -- Conditional restart, designed to restart without root privileges
SIGHUP -- Hard restart
SIGUSR2 -- Output connection statistics to log file or syslog
SIGTERM, SIGINT -- Exit

Here another info from openvpn manual:

SIGNALS SIGHUP Cause OpenVPN to close all TUN/TAP and network connections, restart, re-read the configuration file (if any), and reopen TUN/TAP and network connections.

   SIGUSR1
          Like SIGHUP`, except don't re-read configuration file, and possibly don't close and reopen TUN/TAP device, re-read key files,

preserve local IP address/port, or preserve most recently authenticated remote IP address/port based on --persist-tun, --persist-key, --persist-local-ip and --persist-remote-ip options respectively (see above).

          This signal may also be internally generated by a timeout condition, governed by the --ping-restart option.
      This signal, when combined with --persist-remote-ip, may be sent when the underlying parameters of the host's network interface

change such as when the host is a DHCP client and is assigned a new IP address. See --ipchange for more information.

   SIGUSR2
          Causes OpenVPN to display its current statistics (to the syslog file if --daemon is used, or stdout otherwise).
SIGINT, SIGTERM
          Causes OpenVPN to exit gracefully.

Answer 19

an a comment to the answer from @allgamer :

for openvpn3,

the command is:

$ sudo killall openvpn3-servic

tested on Ubuntu 20.04

Answer 20

For me this works:

in the terminal,

openvpn3 sessions-list

Here you can see your active sessions, you can see its Config Name (usually its xxxxx.ovpn)

then you can type :

openvpn3 session-manage --disconnect --config ${session_config_name}

change ${session_config_name} with your config name that you listed previously. Then you'll get disconnected.

Answer 21

openvpn3 session-manage --disconnect --interface tun0

(where tun0 is the name of the VPN tunnel you see in ip route show)

---

Explanation:

Just killing it (even politely with sigterm: sudo pkill openvpn3) does not fully clean up the routing table (ip route show):

 default via 192.168.0.1 dev wlp58s0 proto dhcp src 192.168.0.100 metric 600 
+<your employer's IP address> via 192.168.0.1 dev wlp58s0 
 192.168.0.0/24 dev wlp58s0 proto kernel scope link src 192.168.0.100 metric 600

What does is --disconnect.

As for what argument to identify the connection:

• --config does not work for me:

  openvpn3 session-manage --disconnect --config ~/Downloads/Openvpn3\ Profile.ovpn 
  session-manage: ** ERROR ** No sessions started with the configuration profile name was found
  

• --path changes each time (you could script around that).
• --interface is stable in my case.

Answer 22

I am slightly late here but to improve previous answers, I have added following as an allias

alias ovpn-up='sudo openvpn3 session-start --config /etc/openvpn/openvpn.ovpn'
alias ovpn-ls='sudo openvpn3 sessions-list'
alias ovpn-down='sudo openvpn3 session-manage --session-path $(sudo openvpn3 sessions-list | grep Path | cut -d':' -f2) --disconnect'

so I can quickly connect/disconnect and list the sessions.

Answer 23

sudo update-rc.d openvpn disable

Or edit the config file in /etc/default/openvpn with

sudo nano /etc/default/openvpn

And uncomment the line:

#AUTOSTART="none"

So it looks like:

AUTOSTART="none"

Then you'll have to run:

• sudo service openvpn start <vpn-name> to manually start the VPN.

• sudo service openvpn stop <vpn-name> to manually stop the VPN.

Where <vpn-name> is the config file name located in /etc/openvpn without the .conf extension and without the < >

Answer 24

For beginner don't go for a complicated process, just use Task Manager, search for openvpn and terminate it directly from there

Answer 25

Improving on @nat-naydenova's answer, it happened that just a grep on openvpn was not enough as the shell script itself had openvpn in the name.

Also, for some reason, using kill -9 also killed my virtual internet connection in Debian. Yet, kill -15 worked just fine.

So here is the proposal:

echo "Looking for PID of openvpn..."
#1. looking for /usr/sbin/openvpn to avoid confusion with other files
#2. extracting PID with sed, since we get all the info (as opposed to lsof -i)
#3. removing extra spaces with tr
pid=$(lsof -w | grep /usr/sbin/openvpn | sed -n 's/openvpn(.)root./\1/p' | tr -d " ")
echo "Found $pid"
echo "Attempting to kill PID: $pid"
#Uncomment if you think this is really required. I don't think so
##Stopping openvpn service
#service openvpn stop
#Killing softly
kill -15 $pid
#Uncomment if you think this is really required. I don't think so
##Restarting openvpn service
#service openvpn start
echo "Done killing openvpn."

Acknowledgements:

• Thanks ChatGPT for the help with the command chaining with grep + sed + tr.
• Thanks to people writing those f***ng manuals ;)

Answer 26

This is ruby script for clear openvpn3 disconnected sessions and parse session-list output. You can easily modify it to suit your needs

#!/usr/bin/env ruby
require 'active_support/all'
class Session
    FIELDS = [:path, :created, :pid, :owner, :device, :config_name, :session_name, :status]
    @@sessions = []
attr_accessor(*FIELDS)
attr_accessor :id

@fields = {}

def initialize(section)
    @@sessions << self
    @fields = {}
    lines = section.split("\n").delete_if {|line| line.start_with?('---')}
    lines.each do |line|
        process_string(nil, line)
    end
    @id = @fields[:path].match(/\w*$/)[0]
    # p @fields
end

def field_regex(field)
    /\s*#{field.to_s.gsub('_', ' ')}:\s*/i
end

def process_string(parent, str, right = true)
    return unless str&.strip
    found = false
    Session::FIELDS.each do |field|
        regex = field_regex(field)
        if str =~ regex
            parts = str.split(regex)
            found = true
            process_string(field, parts[0], false)
            process_string(field, parts[1], true)
            break
        end
    end
    if !found && parent && right
        @fields[parent] = str
        # p "this is #{parent} = #{str}"
    end
end

def connected?
    @fields[:status].include?('connected')
end

def disconnect
    `openvpn3 session-manage --session-path #{@fields[:path]} --disconnect`
    p "#{@id} disconnected"
end

def self.sessions
    @@sessions
end

def self.clear
    @@sessions.each do |session|
        session.disconnect unless session.connected?
    end
end

def self.get_list
    `openvpn3 sessions-list`.split("\n\n").map{ |section| Session.new(section) }
end

end
Session.get_list
Session.clear

https://gist.github.com/jenya239/01a1c6e78b55b558b4fce24c7c1c9e32