Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Client Specific Overrides via Cronjob Enable/Disable

    Scheduled Pinned Locked Moved OpenVPN
    3 Posts 2 Posters 168 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • F
      FlashBurn
      last edited by

      Dear friends of pfsense,

      we got an request to disable a single user VPN every day from 6pm to 6am (they will force the user not to remote work after business hours).
      Since no other users should be bother with this, we can't disable the whole openVPN Server.

      So we had two ideas:
      create a new openVPN Server instance and reconfigure the Client VPN
      or
      use client specific overrides, which had the smallest impact on all users and do not need any remote work on client machine.

      We know how to restart/enable/disable openVPN server instances with cronjobs, but we didn't find any solution for a client specific override rule, to disable and enable it from command line.

      Is there anyone who has a nice way to solve this?

      I am happy to read your ideas.

      Greetings

      V 1 Reply Last reply Reply Quote 0
      • V
        viragomann @FlashBurn
        last edited by

        @FlashBurn
        Create a Client Specific Override for the user, to assign a certain IP to him.

        Create a schedule for the time you want permit access (6am to 6pm).

        Add to rules on the OpenVPN tab:
        A pass rule for the source IP of the client with the schedule selected in the advanced options, followed by a block rule for the clients source IP.

        Ensure System > Advanced > Miscellaneous > Do not kill connections when schedule expires is unchecked, which is by default.

        F 1 Reply Last reply Reply Quote 1
        • F
          FlashBurn @viragomann
          last edited by

          @viragomann
          Thank you very much for your great Idea!

          I will check this out.
          At the moment the Client is not setting the IP from Client Specified Override and we don't know why.
          After this weekend it will work, I am sure.

          Greetings

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.