avoid openvp soft-restart. Closes: #5669

3 files changed, 8 insertions, 4 deletions

diff --git a/changes/bug-avoid-soft-restart b/changes/bug-avoid-soft-restart
new file mode 100644
index 00000000..36795ad7
--- /dev/null
+++ b/changes/bug-avoid-soft-restart
@@ -0,0 +1 @@
+- Use openvpn hard restart. Closes: #5669
diff --git a/pkg/linux/bitmask-root b/pkg/linux/bitmask-root
index d9c8a61f..136fd6a4 100755
--- a/pkg/linux/bitmask-root
+++ b/pkg/linux/bitmask-root
@@ -87,6 +87,7 @@ FIXED_FLAGS = [
     "--script-security", "1",
     "--user", "nobody",
     "--group", "nogroup",
+    "--remap-usr1", "SIGTERM",
 ]
 
 ALLOWED_FLAGS = {
diff --git a/src/leap/bitmask/services/eip/vpnprocess.py b/src/leap/bitmask/services/eip/vpnprocess.py
index d57eafe2..1559ea8b 100644
--- a/src/leap/bitmask/services/eip/vpnprocess.py
+++ b/src/leap/bitmask/services/eip/vpnprocess.py
@@ -68,9 +68,8 @@ class VPNObserver(object):
             'Network is unreachable (code=101)',),
         'PROCESS_RESTART_TLS': (
             "SIGUSR1[soft,tls-error]",),
-        # Let ping-restart work as it should
-        # 'PROCESS_RESTART_PING': (
-        #     "SIGUSR1[soft,ping-restart]",),
+        'PROCESS_RESTART_PING': (
+            "SIGTERM[soft,ping-restart]",),
         'INITIALIZATION_COMPLETED': (
             "Initialization Sequence Completed",),
     }
@@ -296,7 +295,10 @@ class VPN(object):
         """
         from twisted.internet import reactor
         self._stop_pollers()
-        self._user_stopped = True
+
+        # We assume that the only valid shutodowns are initiated
+        # by an user action.
+        self._user_stopped = shutdown
 
         # First we try to be polite and send a SIGTERM...
         if self._vpnproc: