Skip to content

feat: auto-expire OpenVPN sessions after configurable max age#8

Merged
edospadoni merged 3 commits intomasterfrom
feat/session-auto-expiry
Mar 4, 2026
Merged

feat: auto-expire OpenVPN sessions after configurable max age#8
edospadoni merged 3 commits intomasterfrom
feat/session-auto-expiry

Conversation

@edospadoni
Copy link
Member

@edospadoni edospadoni commented Mar 2, 2026
edited
Loading

Summary

  • Add a background goroutine that checks for expired VPN sessions every hour (and on startup)
  • For active sessions: sends kill command to the OpenVPN management socket, letting the existing disconnect hook handle cleanup
  • For orphan sessions (client not found on any socket): creates history entry and removes the session directly, skipping duplicates
  • New configuration fields openvpn_sockets and session_max_age (default: 24h) with backward-compatible defaults

Changes

  • NEW ronzinante/tasks/sessions.go — session cleaner goroutine with pure Go unix socket communication
  • MOD ronzinante/configuration/configuration.go — new config fields with defaults
  • MOD ronzinante/main.go — start cleaner after DB init
  • MOD deploy/roles/windmill/templates/ronzinante.j2 — add new fields to deploy template

References:

@edospadoni
feat: auto-expire OpenVPN sessions after configurable max age
ce20130 
Add a background goroutine in ronzinante that periodically checks for
expired VPN sessions and terminates them automatically.

The cleaner runs every hour and on startup. For each expired session it
connects to the OpenVPN management socket and sends a kill command. If
the client is still connected, the existing disconnect hook handles
cleanup. If the session is orphan (client not found on any socket), the
cleaner creates a history entry and removes the session directly.

New configuration fields (with defaults for backward compatibility):
- openvpn_sockets: list of management socket paths
- session_max_age: max session age in hours (default 24)
gsanchietti
gsanchietti reviewed Mar 2, 2026
View reviewed changes
edospadoni and others added 2 commits March 2, 2026 16:46
@edospadoni @gsanchietti
Update ronzinante/tasks/sessions.go
073fe4c 
Co-authored-by: Giacomo Sanchietti <giacomo.sanchietti@nethesis.it>
@edospadoni
fix: avoid duplicate history entry in DeleteSession handler
e964cb6 
Same fix applied to the disconnect hook endpoint: check if a history
record already exists for the session before inserting a new one.
@edospadoni edospadoni merged commit e29156c into master Mar 4, 2026
@edospadoni edospadoni deleted the feat/session-auto-expiry branch March 4, 2026 10:24
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@gsanchietti gsanchietti gsanchietti approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@edospadoni @gsanchietti