Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    How to limit authentication attempts

    Scheduled Pinned Locked Moved OpenVPN
    2 Posts 2 Posters 2.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      PfsenseServer350
      last edited by

      Hello,

      We have a OpenVPN server on pfSense 2.3. The Server mode is Remote Access (SSL/TLS + User Auth) and the Backend for authentication is AD and Local Database.  We are looking for a way to lock accounts who fail a certain number of login attempts. I found something in OpenVPN's documentation, but it appears that is won't work with VPN logins. Which doesn't help us unless there is a way to make it limit VPN login attempts.

      https://docs.openvpn.net/docs/access-server/openvpn-access-server-command-line-tools.html#authentication-failure-lockout-policy

      If you have any experience with OpenVPN's authentication failure lockout policy or know of another way to limit VPN login attempts any help would be greatly appreciated.

      Thanks.

      1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator
        last edited by

        That link is to openvpn access server, not the community edition that is installed to pfsense.

        If they are authing to your AD, why don't you just lock out the AD account.  I think that is your typical AD out of the box setup, so many failed and locked.

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.8, 24.11

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.