OpenVPN with LDAP authentication | Disabling AD user keeps connectin alive

salim · Apr 19, 2017, 6:58 AM

-pfsense - 2.3.3-RELEASE(amd64)
-Windows Server 2012 R2 Active Directory
-Server Mode is Remote Access with SSL/TLS + User Authentication

OpenVPN clients authenticate through AD credentials. Once connected, connection remains alive even after disabling that AD User. This (on average) remained 1+ hour up after multiple times testing. Is this a bug or misconfiguration somewhere? Please guide.

jimp · Apr 19, 2017, 2:05 PM

Once the client is initially authenticated, that is not checked again until the client disconnects and reconnects. There is no way for OpenVPN to know that the account was disabled. You would have to login to the pfSense firewall and manually disconnect the client.

salim · Apr 20, 2017, 2:07 PM

Thanks for clarification. That's what I am currently doing killing OpenVPN connection manually from pfsense firewall. But was seeking some auto mechanism that you clarified there is no way for OpenVPN.