Skip to content

feat(remote support) Enhance documentation with session management#234

Open
stephdl wants to merge 3 commits intomainfrom
sdl-NethSec1542
Open

feat(remote support) Enhance documentation with session management#234
stephdl wants to merge 3 commits intomainfrom
sdl-NethSec1542

Conversation

@stephdl
Copy link
Copy Markdown
Contributor

@stephdl stephdl commented Mar 26, 2026

Added detailed instructions for session management, including starting, terminating, and extending sessions, as well as command line usage.

NethServer/nethsecurity#1542

@stephdl
feat(remote support) Enhance documentation with session management
5ff26a9 
Added detailed instructions for session management, including starting, terminating, and extending sessions, as well as command line usage.
@stephdl stephdl requested review from Tbaile and gsanchietti March 26, 2026 08:42
gsanchietti
gsanchietti reviewed Mar 26, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@gsanchietti gsanchietti left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you also a couple of examples from log?

@stephdl @gsanchietti
Apply suggestions from gsanchietti review
aaa92eb 
Co-authored-by: Giacomo Sanchietti <giacomo.sanchietti@nethesis.it>
gsanchietti
gsanchietti approved these changes Mar 26, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@gsanchietti gsanchietti left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's good for me.
As a plus, a couple of log examples would be great, but it's ok even without them!

@stephdl
Copy link
Copy Markdown
Contributor Author

stephdl commented Mar 27, 2026
edited
Loading

hello @gsanchietti

are you talking about terminal output ???

root@NethSec:~# don start
Server ID:	7BD33F72-F9D7-4A78-80A0-XXXXXXXXXX
Session ID:	e8aabd0a-20f1-4843-9dc0-xxxxxxxxxxxx
Session expires in: 24h 0m
root@NethSec:~# don extend
Session extended by 7 days
root@NethSec:~# don stop
root@NethSec:~#

or real log output, I fear it is not really interesting

Mar 27 09:24:35 NethSec donvpn[11003]: WARNING: Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless "allow-compression yes" is also set.
Mar 27 09:24:35 NethSec donvpn[11003]: Note: --cipher is not set. OpenVPN versions before 2.5 defaulted to BF-CBC as fallback when cipher negotiation failed in this case. If you need this fallback please add '--data-ciphers-fallback BF-CBC' to your configuration and/or add BF-CBC to --data-ciphers.
Mar 27 09:24:35 NethSec donvpn[11003]: Note: '--allow-compression' is not set to 'no', disabling data channel offload.
Mar 27 09:24:35 NethSec donvpn[11003]: OpenVPN 2.6.14 x86_64-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] [DCO]
Mar 27 09:24:35 NethSec donvpn[11003]: library versions: OpenSSL 3.0.18 30 Sep 2025, LZO 2.10
Mar 27 09:24:35 NethSec donvpn[11003]: DCO version: N/A
Mar 27 09:24:35 NethSec donvpn[11005]: MANAGEMENT: unix domain socket listening on /var/run/don/management
Mar 27 09:24:35 NethSec donvpn[11005]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Mar 27 09:24:35 NethSec donvpn[11005]: TCP/UDP: Preserving recently used remote address: [AF_INET]159.65.203.113:1194
Mar 27 09:24:35 NethSec donvpn[11005]: Socket Buffers: R=[212992->212992] S=[212992->212992]
Mar 27 09:24:35 NethSec donvpn[11005]: UDPv4 link local: (not bound)
Mar 27 09:24:35 NethSec donvpn[11005]: UDPv4 link remote: [AF_INET]159.65.203.113:1194
Mar 27 09:24:35 NethSec donvpn[11005]: TLS: Initial packet from [AF_INET]159.65.203.113:1194, sid=540fd18e 3b072fb0
Mar 27 09:24:35 NethSec donvpn[11005]: VERIFY X509NAME OK: C=IT, ST=PU, L=Pesaro, O=Nethesis, OU=Support, CN=Nethesis CA, name=sos, emailAddress=support@nethesis.it
Mar 27 09:24:35 NethSec donvpn[11005]: VERIFY OK: depth=0, C=IT, ST=PU, L=Pesaro, O=Nethesis, OU=Support, CN=Nethesis CA, name=sos, emailAddress=support@nethesis.it
Mar 27 09:24:35 NethSec donvpn[11005]: Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, peer certificate: 2048 bits RSA, signature: RSA-SHA256, peer temporary key: 256 bits ECprime256v1
Mar 27 09:24:35 NethSec donvpn[11005]: [Nethesis CA] Peer Connection Initiated with [AF_INET]159.65.203.113:1194
Mar 27 09:24:35 NethSec donvpn[11005]: TLS: move_session: dest=TM_ACTIVE src=TM_INITIAL reinit_src=1
Mar 27 09:24:35 NethSec donvpn[11005]: TLS: tls_multi_process: initial untrusted session promoted to trusted
Mar 27 09:24:36 NethSec donvpn[11005]: MANAGEMENT: Client connected from /var/run/don/management
Mar 27 09:24:36 NethSec donvpn[11005]: SENT CONTROL [Nethesis CA]: 'PUSH_REQUEST' (status=1)
Mar 27 09:24:36 NethSec donvpn[11005]: MANAGEMENT: CMD 'state'
Mar 27 09:24:36 NethSec donvpn[11005]: MANAGEMENT: Client disconnected
Mar 27 09:24:36 NethSec donvpn[11005]: PUSH: Received control message: 'PUSH_REPLY,route 172.29.0.0 255.255.0.0,route 172.29.0.1,topology net30,ping 20,ping-restart 120,ifconfig 172.29.24.10 172.29.24.9,peer-id 156,cipher AES-256-GCM'
Mar 27 09:24:36 NethSec donvpn[11005]: OPTIONS IMPORT: --ifconfig/up options modified
Mar 27 09:24:36 NethSec donvpn[11005]: OPTIONS IMPORT: route options modified
Mar 27 09:24:36 NethSec donvpn[11005]: net_route_v4_best_gw query: dst 0.0.0.0
Mar 27 09:24:36 NethSec donvpn[11005]: net_route_v4_best_gw result: via 192.168.102.1 dev br-lan
Mar 27 09:24:36 NethSec donvpn[11005]: TUN/TAP device tunDON opened
Mar 27 09:24:36 NethSec donvpn[11005]: net_iface_mtu_set: mtu 1500 for tunDON
Mar 27 09:24:36 NethSec donvpn[11005]: net_iface_up: set tunDON up
Mar 27 09:24:36 NethSec donvpn[11005]: net_addr_ptp_v4_add: 172.29.24.10 peer 172.29.24.9 dev tunDON
Mar 27 09:24:36 NethSec ipsec: 12[KNL] interface tunDON activated
Mar 27 09:24:36 NethSec donvpn[11005]: net_route_v4_add: 172.29.0.0/16 via 172.29.24.9 dev [NULL] table 0 metric -1
Mar 27 09:24:36 NethSec donvpn[11005]: net_route_v4_add: 172.29.0.1/32 via 172.29.24.9 dev [NULL] table 0 metric -1
Mar 27 09:24:36 NethSec donvpn[11005]: Initialization Sequence Completed
Mar 27 09:24:36 NethSec ipsec: 13[KNL] 172.29.24.10 appeared on tunDON
Mar 27 09:24:36 NethSec donvpn[11005]: Data Channel: cipher 'AES-256-GCM', peer-id: 156, compression: 'lz4'
Mar 27 09:24:36 NethSec donvpn[11005]: Timers: ping 20, ping-restart 120, inactive 604800
Mar 27 09:24:36 NethSec donvpn[11005]: Protocol options: explicit-exit-notify 1
Mar 27 09:24:36 NethSec ipsec: 15[KNL] fe80::2109:2453:574a:32c9 appeared on tunDON
Mar 27 09:24:36 NethSec netdata[10243]: RRDSET: chart name 'net.tunDON' on host 'NethSec' already exists.
Mar 27 09:24:36 NethSec netdata[10243]: RRDSET: chart name 'net_operstate.tunDON' on host 'NethSec' already exists.
Mar 27 09:24:36 NethSec netdata[10243]: RRDSET: chart name 'net_carrier.tunDON' on host 'NethSec' already exists.
Mar 27 09:24:36 NethSec netdata[10243]: RRDSET: chart name 'net_mtu.tunDON' on host 'NethSec' already exists.
Mar 27 09:24:36 NethSec netdata[10243]: RRDSET: chart name 'net_packets.tunDON' on host 'NethSec' already exists.
Mar 27 09:24:37 NethSec donvpn[11005]: MANAGEMENT: Client connected from /var/run/don/management
Mar 27 09:24:37 NethSec donvpn[11005]: MANAGEMENT: CMD 'state'
Mar 27 09:24:37 NethSec donvpn[11005]: MANAGEMENT: Client disconnected
Mar 27 09:24:37 NethSec sshd[11084]: Server listening on 172.29.24.10 port 981.
Mar 27 09:24:37 NethSec don: Expiration cron job added
Mar 27 09:24:37 NethSec don: Remote support session started
Mar 27 09:24:54 NethSec don: Remote support session extended by 7 days
Mar 27 09:25:00 NethSec sshd[11084]: Received signal 15; terminating.
Mar 27 09:25:00 NethSec donvpn[11005]: event_wait : Interrupted system call (fd=-1,code=4)
Mar 27 09:25:00 NethSec donvpn[11005]: SIGTERM received, sending exit notification to peer
Mar 27 09:25:01 NethSec donvpn[11005]: net_route_v4_del: 172.29.0.0/16 via 172.29.24.9 dev [NULL] table 0 metric -1
Mar 27 09:25:01 NethSec donvpn[11005]: net_route_v4_del: 172.29.0.1/32 via 172.29.24.9 dev [NULL] table 0 metric -1
Mar 27 09:25:01 NethSec donvpn[11005]: Closing TUN/TAP interface
Mar 27 09:25:01 NethSec donvpn[11005]: net_addr_ptp_v4_del: 172.29.24.10 dev tunDON
Mar 27 09:25:01 NethSec ipsec: 05[KNL] 172.29.24.10 disappeared from tunDON
Mar 27 09:25:01 NethSec ipsec: 15[KNL] interface tunDON deactivated
Mar 27 09:25:01 NethSec ipsec: 13[KNL] fe80::2109:2453:574a:32c9 disappeared from tunDON
Mar 27 09:25:01 NethSec ipsec: 13[KNL] interface tunDON deleted
Mar 27 09:25:01 NethSec donvpn[11005]: /usr/sbin/don stop tunDON 1500 0 172.29.24.10 172.29.24.9 init
Mar 27 09:25:03 NethSec don: Remote support session stopped
Mar 27 09:25:04 NethSec don: Remote support session stopped

Please @gsanchietti state on what you want

@gsanchietti
Copy link
Copy Markdown
Member

gsanchietti commented Mar 27, 2026

Please @gsanchietti state on what you want

I'd say just a couple of log example, these should be enough:

Mar 27 09:24:37 NethSec don: Remote support session started
Mar 27 09:24:54 NethSec don: Remote support session extended by 7 days
Mar 27 09:25:04 NethSec don: Remote support session stopped

@gsanchietti
Copy link
Copy Markdown
Member

gsanchietti commented Mar 27, 2026

that's good, thank you

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@gsanchietti gsanchietti gsanchietti approved these changes

@Tbaile Tbaile Awaiting requested review from Tbaile

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@stephdl @gsanchietti