OpenVPN Connect Client with MFA - reconnect options?

dlogan · Dec 6, 2023, 1:36 PM

We're having some issues where a user on a hotspot or other unreliable connection is connected to the VPN. I also suspect these users are connecting and walking away from their computer, but that's more of a management issue. When the client detects it has lost connection, it automatically tries to reconnect. It doesn't ask the user, it doesn't ask for the user's password again, it just sends MFA (Duo push) - multiple times.
We're getting users locked out of their Duo accounts because it happens more than 10 times.
Is there a setting somewhere to prevent this behavior?

itinfo · Jan 4, 2024, 11:06 AM

@dlogan

What is your Authentication with DUO configuration?

I use AD with DUO and so far am not having any issues.

Here is my configuration document: https://d-b-s.com/documents

dlogan · Oct 22, 2024, 12:51 PM

@itinfo
AD LDAP auth using the Duo Auth Proxy on a couple of servers

itinfo · Oct 22, 2024, 1:04 PM

@dlogan
I had a similar problem. I set the force logoff after x amount of time of no activity.

Here is a pretty good post on the matter.

https://serverfault.com/questions/748890/openvpn-force-maximum-session-length

Another option is to set a variable in the Config files on each workstation - sorry there is no Server setting for this one.

I set my users as follows.

reneg-sec 21600

This equates to every 6 hours