Community Support Forum
 
  OpenVPN.net  •  Forum Index  •  FAQ  

It is currently Wed Feb 10, 2016 3:07 pm




Post new topic Reply to topic  [ 5 posts ] 
 [Solved]Manually override a lockout 
Author Message
 Post subject: [Solved]Manually override a lockout
PostPosted: Tue Nov 06, 2012 4:30 am 
OpenVPN User

Joined: Tue Nov 15, 2011 11:31 pm
Posts: 29
Hi all,

I have a lockout policy on my personal VPN server. It is paid openvpn access server with 10 licenses.

The lockout policy is 15 minutes after 3 failed attempts. I want that due to security, however, sometimes I want to be able to override a lockout, IE my sister messes up and doesn't want to wait 15 minutes.

I couldn't find anything in the admin guide. Is there an easy way to do this via SSH or web UI ?


Offline
 Profile  
 
 Post subject: Re: Manually override a lockout
PostPosted: Thu Jan 16, 2014 6:24 pm 
OpenVpn Newbie

Joined: Thu Jan 16, 2014 6:16 pm
Posts: 1
The easiest method I've found is to toggle the User Authentication method in the admin web portal.

1. Log into the webportal at "https://[your-url-or-ip]:943/admin"

2. Click on "General" under the "Authentication" section.

3. Change the authentication method.

Note: It doesn't matter what you change the authentication method to, just that you change the method. For example, I use an LDAP server. So I'll change the method to "Local".

4. Click "Save Settings", then click "Update Running Server".

5. Now immediately change the authentication method back to it's original setting.

6. Click "Save Settings", then click "Update Running Server".

At this point, all lockouts are now reset and previously locked out users can attempt to log in. In my experience, this trick does NOT affect currently logged in users. It will, however, affect anyone who tries to log in while you're performing this toggle. But seeing as how this toggle takes all of 10 seconds, I've never experienced someone trying to log in while I was performing this reset.


Offline
 Profile  
 
 Post subject: Re: Manually override a lockout
PostPosted: Tue Mar 24, 2015 11:02 am 
OpenVpn Newbie

Joined: Wed Jun 11, 2014 9:50 am
Posts: 4
bowser8302's method worked for me.

Thanks.


Offline
 Profile  
 
 Post subject: Re: [Solved]Manually override a lockout
PostPosted: Sun Jan 24, 2016 3:46 am 
OpenVPN User

Joined: Fri Jun 10, 2011 12:03 am
Posts: 22
How do you set/adjust or disable the lockout policy? I have set up some servers where users are *constantly* fat-fingering their passwords and getting locked out. This is causing a big administrative headache for me especially since there's no easy way to unlock them from the admin GUI. I'd like to increase the lockout to like 20 failed attempts or something just to prevent bruteforce attacks but not the occasional clueless user who sits there and types the same incorrect password with their CAPS LOCK down 10 times in a row.

Help?

edit: nevermind, I found it (but these settings should be exposed in the GUI somewhere IMO...) See link below
https://docs.openvpn.net/docs/access-se ... out-policy


Offline
 Profile  
 
 Post subject: Re: [Solved]Manually override a lockout
PostPosted: Fri Jan 29, 2016 2:42 pm 
OpenVPN User

Joined: Fri Jun 10, 2011 12:03 am
Posts: 22
Just double checking, can someone confirm if this is the right way to adjust these parameters? It was vague from the documentation

example, increase allowed # of attempts to 10 and make lockout period 5 minutes (300 seconds)

Code:
cd /usr/local/openvpn_as/scripts
./sacli -k vpn.server.lockout_policy.n_fails -v 10 ConfigPut
./sacli -k vpn.server.lockout_policy.reset_time -v 300 ConfigPut
./sacli start


Is this right? Do I have to reboot the ovpn server afterwards?


Offline
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 5 posts ] 


 Who is online 

Users browsing this forum: No registered users and 0 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Jump to:  


phpBB SEO
[ Time : 0.098s | 14 Queries | GZIP : On ]

 
Index  |  FAQ


Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group