How to HALT clients from server side?
-
I have a pfSense+ firewall rule set up to only allows VPN connections during working hours. The problem I am experiencing is remote users who forget to close their VPN connections get automatically logged back on the next morning, when the firewall rule makes the VPN server available again. From a security standpoint, this is not desirable. As far as I know, there are two ways to MANUALLY disconnect these connections that span one or more days.
The first is to "KILL" the client connection (black "X"). Unfortunately, the client senses the break, tries to reconnect, and reconnects. This happens unattended, whether the remote user is at home on their computer, or away from their computer on vacation in Aruba for a month.
The second is to "HALT" the client connection (white "X" in red circle), which immediately halts the client connection, does NOT automatically renew the connection, and requires the remote user to manually reconnect to the VPN. If the user is away on vacation, the connection is not reestablished until they come home and manually reestablish their connection to the VPN.
The SECOND option (HALT) is what I want to be able to automate, thus forcing all user's connections to be HALTED every evening. This would require them to manually reestablish their VPN connection the next morning.
I have scoured the documentation, and completed numerous searches for an answer online, and still come up empty. My problem is; I cannot find any place in the pfSense UI to automatically force a HALT on stale VPN connections. I'd be happy with a GUI solution and/or I'd be happy to write a BASH script to run as a CRON job, providing there's a way to do it from the command line. I just need a way to HALT all VPN connections at the end of every day.
Does anyone know how to make this happen? Please share if there is one...