@@ -1168,8 +1168,9 @@ process_outgoing_link (struct context *c)

 		 size);

 	}

-      /* indicate activity regarding --inactive parameter */

-      register_activity (c, size);

+      /* if not a ping/control message, indicate activity regarding --inactive parameter */

+      if (c->c2.buf.len > 0 )

+        register_activity (c, size);

     }

   else

     {

@@ -41,6 +41,7 @@

  * New Client Connection:

  *

  * FUNC: openvpn_plugin_client_constructor_v1

+ * FUNC: openvpn_plugin_func_v1 OPENVPN_PLUGIN_ENABLE_PF

  * FUNC: openvpn_plugin_func_v1 OPENVPN_PLUGIN_TLS_VERIFY (called once for every cert

  *                                                     in the server chain)

  * FUNC: openvpn_plugin_func_v1 OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY

@@ -72,7 +73,7 @@

  * [Client session continues]

  *

  * FUNC: openvpn_plugin_func_v1 OPENVPN_PLUGIN_CLIENT_DISCONNECT

- * FUNC: openvpn_plugin_client_constructor_v1

+ * FUNC: openvpn_plugin_client_destructor_v1

  *

  * [ some time may pass ]

  *

@@ -1366,15 +1366,25 @@ to be between 100 bytes/sec and 100 Mbytes/sec.

 .B \-\-inactive n [bytes]

 Causes OpenVPN to exit after

 .B n

-seconds of inactivity on the TUN/TAP device.  The time length

-of inactivity is measured since the last incoming tunnel packet.

+seconds of inactivity on the TUN/TAP device. The time length of

+inactivity is measured since the last incoming or outgoing tunnel

+packet.

 If the optional

 .B bytes

 parameter is included,

-exit after n seconds of activity on tun/tap device

-produces a combined in/out byte count that is less than

-.B bytes.

+exit if less than

+.B bytes

+of combined in/out traffic are produced on the tun/tap device

+in

+.B n

+seconds.

+

+In any case, OpenVPN's internal ping packets (which are just

+keepalives) and TLS control packets are not considered

+"activity", nor are they counted as traffic, as they are used

+internally by OpenVPN and are not an indication of actual user

+activity.

 .\"*********************************************************

 .TP

 .B \-\-ping n

@@ -3507,6 +3507,15 @@ msglevel_forward_compatible (struct options *options, const int msglevel)

 }

 static void

+warn_multiple_script (const char *script, const char *type) {

+      if (script) {

+	msg (M_WARN, "Multiple --%s scripts defined.  "

+	     "The previously configured script is overridden.", type);

+      }

+}

+

+

+static void

 add_option (struct options *options,

 	    char *p[],

 	    const char *file,

@@ -3906,6 +3915,7 @@ add_option (struct options *options,

       VERIFY_PERMISSION (OPT_P_SCRIPT);

       if (!no_more_than_n_args (msglevel, p, 2, NM_QUOTE_HINT))

 	goto err;

+      warn_multiple_script (options->ipchange, "ipchange");

       options->ipchange = string_substitute (p[1], ',', ' ', &options->gc);

     }

   else if (streq (p[0], "float"))

@@ -3952,6 +3962,7 @@ add_option (struct options *options,

       VERIFY_PERMISSION (OPT_P_SCRIPT);

       if (!no_more_than_n_args (msglevel, p, 2, NM_QUOTE_HINT))

 	goto err;

+      warn_multiple_script (options->up_script, "up");

       options->up_script = p[1];

     }

   else if (streq (p[0], "down") && p[1])

@@ -3959,6 +3970,7 @@ add_option (struct options *options,

       VERIFY_PERMISSION (OPT_P_SCRIPT);

       if (!no_more_than_n_args (msglevel, p, 2, NM_QUOTE_HINT))

 	goto err;

+      warn_multiple_script (options->down_script, "down");

       options->down_script = p[1];

     }

   else if (streq (p[0], "down-pre"))

@@ -4627,6 +4639,7 @@ add_option (struct options *options,

       VERIFY_PERMISSION (OPT_P_SCRIPT);

       if (!no_more_than_n_args (msglevel, p, 2, NM_QUOTE_HINT))

 	goto err;

+      warn_multiple_script (options->route_script, "route-up");

       options->route_script = p[1];

     }

   else if (streq (p[0], "route-noexec"))

@@ -4956,6 +4969,7 @@ add_option (struct options *options,

 	  msg (msglevel, "--auth-user-pass-verify requires a second parameter ('via-env' or 'via-file')");

 	  goto err;

 	}

+      warn_multiple_script (options->auth_user_pass_verify_script, "auth-user-pass-verify");

       options->auth_user_pass_verify_script = p[1];

     }

   else if (streq (p[0], "client-connect") && p[1])

@@ -4963,6 +4977,7 @@ add_option (struct options *options,

       VERIFY_PERMISSION (OPT_P_SCRIPT);

       if (!no_more_than_n_args (msglevel, p, 2, NM_QUOTE_HINT))

 	goto err;

+      warn_multiple_script (options->client_connect_script, "client-connect");

       options->client_connect_script = p[1];

     }

   else if (streq (p[0], "client-disconnect") && p[1])

@@ -4970,6 +4985,7 @@ add_option (struct options *options,

       VERIFY_PERMISSION (OPT_P_SCRIPT);

       if (!no_more_than_n_args (msglevel, p, 2, NM_QUOTE_HINT))

 	goto err;

+      warn_multiple_script (options->client_disconnect_script, "client-disconnect");

       options->client_disconnect_script = p[1];

     }

   else if (streq (p[0], "learn-address") && p[1])

@@ -4977,6 +4993,7 @@ add_option (struct options *options,

       VERIFY_PERMISSION (OPT_P_SCRIPT);

       if (!no_more_than_n_args (msglevel, p, 2, NM_QUOTE_HINT))

 	goto err;

+      warn_multiple_script (options->learn_address_script, "learn-address");

       options->learn_address_script = p[1];

     }

   else if (streq (p[0], "tmp-dir") && p[1])

@@ -5750,6 +5767,7 @@ add_option (struct options *options,

       VERIFY_PERMISSION (OPT_P_SCRIPT);

       if (!no_more_than_n_args (msglevel, p, 2, NM_QUOTE_HINT))

 	goto err;

+      warn_multiple_script (options->tls_verify, "tls-verify");

       options->tls_verify = string_substitute (p[1], ',', ' ', &options->gc);

     }

   else if (streq (p[0], "tls-export-cert") && p[1])

@@ -86,5 +86,7 @@ check_ping_send_dowork (struct context *c)

    * encrypt, sign, etc.

    */

   encrypt_sign (c, true);

+  /* Set length to 0, so it won't be counted as activity */

+  c->c2.buf.len = 0;

   dmsg (D_PING, "SENT PING");

 }