Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    How to kill clients from the server side.

    Scheduled Pinned Locked Moved OpenVPN
    25 Posts 7 Posters 7.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D Offline
      doktornotor Banned
      last edited by

      No… Please read how to produce comments in PHP!

      http://php.net/manual/en/language.basic-syntax.comments.php

      1 Reply Last reply Reply Quote 0
      • stephenw10S Offline
        stephenw10 Netgate Administrator
        last edited by

        Hmm, I could be mistaken, I'm no coder, but that looks right if he wants to produce a conf file with that line commented out.

        Steve

        1 Reply Last reply Reply Quote 0
        • D Offline
          doktornotor Banned
          last edited by

          So, you want

          
...
#user nobody
#group nobody
script-security 3
daemon
#keepalive 10 60
ping-timer-rem
...

          in serverX.conf ? Yeah that'd work, just don't see the point.

          1 Reply Last reply Reply Quote 0
          • N Offline
            Naicc
            last edited by

            Maybe just for the future reference for somebody who will take over from me,  would be easier to for him to spot hash in temp config file. That is basically same thing we can do in 2 different ways. I can't really say which one is better  ;)

            Thanks to everybody in a thread , that is what I was looking for!

            I edited one thing I changed 'ping-exit' from 10 (seconds) to 25 as it will actually disconnect the client if he is slow with typing username/password. But 25 seconds should be plenty to do that.

            1 Reply Last reply Reply Quote 0
            • B Offline
              Brian.C.Campbell
              last edited by

              Came across this looking after finding that the VPN client (OPENVPN ios) stayed connected after I disconnected the user connection from status>OpenVPN by hitting the X next to their connection. I expected the behavior the original post was describing and was puzzled why it not only showed on the client that it was still connected, but also why after attempting to access a resource located behind the VPN connection that it connected back up and worked. Rather than disabling account or trying to change the timeout/reconnect options, I found the best way to have this control to disconnect a session is to set up authentication to another directory (Ldap) and filter approval based upon group membership (memberOf). This way one can remove the account from the LDAP group, then click the X to close the client vpn session from the server side. The client then tries to (automatically) reconnect and fails based on authentication. I found that this is the only clean way to have administrative control over the client vpn session apart from disabling the entire user account or disabling the VPN server itself.

              Thanks,

              Brian

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.