Openvpn - Business hours
-
Hi guys!
Is possible to create a schedules to connect the VPN using OpenVPN?
For example, I permit that my users connect the VPN between 8:00AM to 6:00OPM, after that, they can't connect more.
Thank you.
-
You should be able to accomplish this using firewall rule schedules. See here for a start:
https://doc.pfsense.org/index.php/Firewall_Rule_Schedules
-
Firewall schedules would work but it would block all inbound connections. But for anyone wondering if there is another way you could also use the Openvpn tls-verify script, have your script check the time and give a go no go etc. The advantage to this approach is for where you yourself still want to be able to connect, but block all others.
-
Conor, do you have an example how I create this script?
Thank you!
-
The tls-verify command in OpenVPN calls a script that you specify. The exit code of the script is what OpenVpn is looking for exit 0 is a success and exit 1 is a failure. Exit 0 Openvpn proceeds with the connection.
pfSense already uses tls-verify script so you need to add your code into that WARNING - upgrades will wipe out your changes. So keep a backup for after future upgrades.
pfSense script is located here:/usr/local/sbin/ovpn_auth_verifyBelow is a sample script for checking the time, if time is between 9am and 5.30pm it exits with success. You would need to merge this into the pfSense script.
#!/bin/sh
prodStartTime="090000"
prodEndTime="173000"currentTime=
date +"%H%M%S"
echo $prodStartTime
echo $prodEndTime
echo $currentTimeif [ $currentTime -ge $prodStartTime ];
then
if [ $currentTime -le $prodEndTime ];
then
exit 0
else
exit 1
fi
else
exit 0
fi -
Excellent Conor!
In my case I have many users that using Openvpn. I need create this "rule" with based hourly only for some users.
Do you know how can I create a script with users or Tunnel Network?
Thank you again.
-
client-connect script would be suited for that.
-
Yep the client-connect script sounds ideal, need to test it on test unit to see what variables you can see will revert back.