@@ -2468,6 +2468,7 @@ open_management (struct context *c)

 			       c->options.management_echo_buffer_size,

 			       c->options.management_state_buffer_size,

 			       c->options.management_hold,

+			       c->options.management_signal,

 			       c->options.management_client,

 			       c->options.management_write_peer_info_file,

 			       c->options.remap_sigusr1))

@@ -1080,6 +1080,15 @@ man_reset_client_socket (struct management *man, const bool exiting)

     }

   if (!exiting)

     {

+      if (man->settings.signal_on_disconnect) {

+      	  int mysig = man_mod_signal (man, SIGUSR1);

+	  if (mysig >= 0)

+	    {

+	      msg (D_MANAGEMENT, "MANAGEMENT: Triggering management signal");

+	      throw_signal_soft (mysig, "management-disconnect");

+	    }

+      }

+

       if (man->settings.connect_as_client)

 	{

 	  msg (D_MANAGEMENT, "MANAGEMENT: Triggering management exit");

@@ -1323,6 +1332,7 @@ man_settings_init (struct man_settings *ms,

 		   const int echo_buffer_size,

 		   const int state_buffer_size,

 		   const bool hold,

+		   const bool signal_on_disconnect,

 		   const bool connect_as_client,

 		   const char *write_peer_info_file,

 		   const int remap_sigusr1)

@@ -1355,6 +1365,12 @@ man_settings_init (struct man_settings *ms,

       ms->hold = hold;

       /*

+       * Should OpenVPN be signaled if management

+       * disconnects?

+       */

+      ms->signal_on_disconnect = signal_on_disconnect;

+

+      /*

        * Should OpenVPN connect to management interface as a client

        * rather than a server?

        */

@@ -1496,6 +1512,7 @@ management_open (struct management *man,

 		 const int echo_buffer_size,

 		 const int state_buffer_size,

 		 const bool hold,

+		 const bool signal_on_disconnect,

 		 const bool connect_as_client,

 		 const char *write_peer_info_file,

 		 const int remap_sigusr1)

@@ -1516,6 +1533,7 @@ management_open (struct management *man,

 		     echo_buffer_size,

 		     state_buffer_size,

 		     hold,

+		     signal_on_disconnect,

 		     connect_as_client,

 		     write_peer_info_file,

 		     remap_sigusr1);

@@ -205,6 +205,7 @@ struct man_settings {

   int state_buffer_size;

   bool server;

   bool hold;

+  bool signal_on_disconnect;

   bool connect_as_client;

   char *write_peer_info_file;

@@ -281,6 +282,7 @@ bool management_open (struct management *man,

 		      const int echo_buffer_size,

 		      const int state_buffer_size,

 		      const bool hold,

+		      const bool signal_on_disconnect,

 		      const bool connect_as_client,

 		      const char *write_peer_info_file,

 		      const int remap_sigusr1);

@@ -178,6 +178,7 @@ openvpn \- secure IP tunnel daemon.

 [\ \fB\-\-lport\fR\ \fIport\fR\ ]

 [\ \fB\-\-management\-hold\fR\ ]

 [\ \fB\-\-management\-log\-cache\fR\ \fIn\fR\ ]

+[\ \fB\-\-management\-signal\fR\ ]

 [\ \fB\-\-management\-query\-passwords\fR\ ]

 [\ \fB\-\-management\fR\ \fIIP\ port\ [pw\-file]\fR\ ]

 [\ \fB\-\-max\-clients\fR\ \fIn\fR\ ]

@@ -2327,6 +2328,12 @@ with the

 command.

 .\"*********************************************************

 .TP

+.B --management-signal

+Send SIGUSR1 signal to OpenVPN if management session disconnects.

+This is useful when you wish to disconnect an OpenVPN session on

+user logoff.

+.\"*********************************************************

+.TP

 .B --management-log-cache n

 Cache the most recent

 .B n

@@ -311,6 +311,7 @@ static const char usage_message[] =

   "                  and auth-user-pass passwords.\n"

   "--management-hold : Start " PACKAGE_NAME " in a hibernating state, until a client\n"

   "                    of the management interface explicitly starts it.\n"

+  "--management-signal : Issue SIGUSR1 when management disconnect event occurs.\n"

   "--management-log-cache n : Cache n lines of log file history for usage\n"

   "                  by the management channel.\n"

 #endif

@@ -1200,6 +1201,7 @@ show_settings (const struct options *o)

   SHOW_BOOL (management_query_passwords);

   SHOW_BOOL (management_hold);

   SHOW_BOOL (management_client);

+  SHOW_BOOL (management_signal);

   SHOW_STR (management_write_peer_info_file);

 #endif

 #ifdef ENABLE_PLUGIN

@@ -1527,7 +1529,7 @@ options_postprocess (struct options *options, bool first_time)

    */

 #ifdef ENABLE_MANAGEMENT

   if (!options->management_addr &&

-      (options->management_query_passwords || options->management_hold

+      (options->management_query_passwords || options->management_hold || options->management_signal

        || options->management_client || options->management_write_peer_info_file

        || options->management_log_history_cache != defaults.management_log_history_cache))

     msg (M_USAGE, "--management is not specified, however one or more options which modify the behavior of --management were specified");

@@ -3164,6 +3166,11 @@ add_option (struct options *options,

       VERIFY_PERMISSION (OPT_P_GENERAL);

       options->management_hold = true;

     }

+  else if (streq (p[0], "management-signal"))

+    {

+      VERIFY_PERMISSION (OPT_P_GENERAL);

+      options->management_signal = true;

+    }

   else if (streq (p[0], "management-client"))

     {

       VERIFY_PERMISSION (OPT_P_GENERAL);

@@ -283,6 +283,7 @@ struct options

   int management_state_buffer_size;

   bool management_query_passwords;

   bool management_hold;

+  bool management_signal;

   bool management_client;

   const char *management_write_peer_info_file;

 #endif