occtl - Man Page

Display server-wide statistics: uptime, number of active sessions, number of banned IPs, and other aggregate counters.

List all currently connected users together with their session ID, assigned VPN IP address, and connection duration.

Display detailed information about a specific connected user, including their assigned addresses, group, and traffic statistics.

Display detailed information about the connection identified by its numeric session ID.

List the internal routes that connected clients have advertised to the server via the iroute per-user/group configuration option. These routes are optionally redistributed to other clients when expose-iroutes is enabled.

Display a live log of connection and disconnection events.

Terminate the active VPN connection of the named user. The user's session cookie remains valid; the user can reconnect immediately using the same cookie (subject to cookie-timeout).

Terminate the VPN connection identified by its numeric session ID. The session ID is shown by show users and show id. The cookie associated with that session remains valid.

Disconnect the named user and permanently invalidate all of their session cookies. The user must re-authenticate from scratch on the next connection attempt.

Disconnect the connection identified by its numeric session ID and invalidate the associated cookie.

Invalidate a session by its session ID (SID) without requiring an active connection. Use this to revoke a cookie held by a client that has already disconnected but whose session is still listed by show sessions valid.

List every known session, including sessions that are still in the authenticating state or have been disconnected but whose cookie has not yet expired.

List only the sessions whose cookie is still valid for reconnection. A session appears here after authentication completes and disappears when the cookie expires or is invalidated by a terminate command.

Display detailed information about the session identified by its session ID (SID) string, as shown in show sessions all or show sessions valid.

Remove the specified IP address from the ban list immediately, regardless of the remaining ban-time. The address's accumulated ban points are also cleared. See the max-ban-score, ban-time, and ban-reset-time directives in ocserv.conf(8).

List all IP addresses that are currently banned. An IP is banned when its accumulated score exceeds max-ban-score in ocserv.conf(8).

List all IP addresses that have accumulated ban points, including those below the ban threshold. Useful for monitoring addresses that are approaching the ban limit.

Signal the server to re-read its configuration file. Equivalent to sending SIGHUP to the main ocserv process. Options marked as non-reloadable in ocserv.conf(8) are not affected.

Gracefully shut down the server. Active VPN sessions are terminated before the process exits.