How to limit authentication attempts

PfsenseServer350

Hello,

We have a OpenVPN server on pfSense 2.3. The Server mode is Remote Access (SSL/TLS + User Auth) and the Backend for authentication is AD and Local Database.  We are looking for a way to lock accounts who fail a certain number of login attempts. I found something in OpenVPN's documentation, but it appears that is won't work with VPN logins. Which doesn't help us unless there is a way to make it limit VPN login attempts.

https://docs.openvpn.net/docs/access-server/openvpn-access-server-command-line-tools.html#authentication-failure-lockout-policy

If you have any experience with OpenVPN's authentication failure lockout policy or know of another way to limit VPN login attempts any help would be greatly appreciated.

Thanks.

johnpoz

That link is to openvpn access server, not the community edition that is installed to pfsense.

If they are authing to your AD, why don't you just lock out the AD account.  I think that is your typical AD out of the box setup, so many failed and locked.