Time Controlled Road Warrior connections

Scripts with setup, destroy, and modify routing tables and firewall rulesets for client connections.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Post Reply
habasit
OpenVpn Newbie
Posts: 1
Joined: Wed Mar 23, 2011 3:38 pm

Time Controlled Road Warrior connections

Post by habasit » Wed Mar 23, 2011 3:50 pm

I'm trying to setup a openvpn server with time controlled connections.
We have several customers using our vpn but we need that some of them stay connected i.e. from 9.00 to 17.00 and some other i.e. from 10.00 to 18.00.
Is there any way to build a script which drops connections and disables and another which re-enables defined clients?
Thanks in advance for any help.

User avatar
maikcat
Forum Team
Posts: 4200
Joined: Wed Jan 12, 2011 9:23 am
Location: Athens,Greece
Contact:

Re: Time Controlled Road Warrior connections

Post by maikcat » Wed Mar 23, 2011 6:09 pm

hi there,

i dont know a "clean" way to do this but i could do
it the folllowing way:

1) i use ccd-exclusive directive inside server config
and make use of ccd files (for each user i want to have vpn access)

2) write a script to rename the ccd's for the users of f.e group A (group a=9 to 17 access)

3) set up a crontab job to run the previous script at 17:00
4) restart the vpn (to disconnect the clients - not clean way but
maybe someone has better idea about this)

all clients get disconnected and those which dont belong to 9 to 17 group
they will reconnect back..

5) a rename script so that previous renamed ccd's return to original names
6) crontab job to run at 9:00...


except the global disconnection the above will work as expected...

cheers,

michael.
Amiga 500 , Zx +2 owner
Long live Dino Dini (Kick off 2 Creator)

Inflammable means flammable? (Dr Nick Riviera,Simsons Season13)

"objects in mirror are losing"

User avatar
gladiatr72
Forum Team
Posts: 194
Joined: Mon Dec 13, 2010 3:51 pm
Location: Lawrence, KS

Re: Time Controlled Road Warrior connections

Post by gladiatr72 » Wed Mar 23, 2011 6:21 pm

I'd do it with a combination of client-connect scripts, which would manage a client's ability to connect, and some sort of expect-ish interaction on the management port to knock users offline during their off-hour period.

The thing to be aware of, though, is that you're still going to have some traffic coming from the disallowed clients if the client process is not killed. openvpn will sit n' spin trying to connect until its black-out period is over otherwise.

-S
[..]I used to think it was awful that life was so unfair. [...]Wouldn't it be much worse if life were fair, and all the terrible things that happen to us come because we actually deserve them? -Marcus Cole

Post Reply