Openvpn - Business hours
Is possible to create a schedules to connect the VPN using OpenVPN?
For example, I permit that my users connect the VPN between 8:00AM to 6:00OPM, after that, they can't connect more.
You should be able to accomplish this using firewall rule schedules. See here for a start:
Firewall schedules would work but it would block all inbound connections. But for anyone wondering if there is another way you could also use the Openvpn tls-verify script, have your script check the time and give a go no go etc. The advantage to this approach is for where you yourself still want to be able to connect, but block all others.
Conor, do you have an example how I create this script?
The tls-verify command in OpenVPN calls a script that you specify. The exit code of the script is what OpenVpn is looking for exit 0 is a success and exit 1 is a failure. Exit 0 Openvpn proceeds with the connection.
pfSense already uses tls-verify script so you need to add your code into that WARNING - upgrades will wipe out your changes. So keep a backup for after future upgrades.
pfSense script is located here:/usr/local/sbin/ovpn_auth_verify
Below is a sample script for checking the time, if time is between 9am and 5.30pm it exits with success. You would need to merge this into the pfSense script.
if [ $currentTime -ge $prodStartTime ];
if [ $currentTime -le $prodEndTime ];
In my case I have many users that using Openvpn. I need create this "rule" with based hourly only for some users.
Do you know how can I create a script with users or Tunnel Network?
Thank you again.
Pippin last edited by
client-connect script would be suited for that.
Yep the client-connect script sounds ideal, need to test it on test unit to see what variables you can see will revert back.