view account lockout policy

Business solution to host your own OpenVPN server with web management interface and bundled clients.
Post Reply
gowthamreddy
OpenVpn Newbie
Posts: 1
Joined: Tue Sep 21, 2021 8:58 pm

view account lockout policy

Post by gowthamreddy » Tue Sep 21, 2021 8:59 pm

How can i view the account lockout policy on AccessServer?

User avatar
openvpn_inc
OpenVPN Inc.
Posts: 330
Joined: Tue Feb 16, 2021 10:41 am

Re: view account lockout policy

Post by openvpn_inc » Wed Sep 22, 2021 5:51 am

Hello gowthamreddy,

The default policy is that after 3 failed login attempts on a user account, that user account will be blocked from being able to log in for 15 minutes. After that it is released again. All commands mentioned below are assumed to be run as root user in the /usr/local/openvpn_as/scripts/ directory.

Set the number of authentication failures after which the user will be locked out (default is 3):
./sacli --key "vpn.server.lockout_policy.n_fails" --value <NUMBER> ConfigPut
./sacli start

Release the lockout on a user after the specified amount of seconds passes (default is 900 seconds, or 15 minutes):
./sacli --key "vpn.server.lockout_policy.reset_time" --value <SECONDS> ConfigPut
./sacli start

To see what the current lockout policy is;
./sacli configquery | grep "lockout_policy"

If there are no results from that last command it means the default applies.

Kind regards,
Johan
Image OpenVPN Inc.
Answers provided by OpenVPN Inc. staff members here are provided on a voluntary best-effort basis, and no rights can be claimed on the basis of answers posted in this public forum. If you wish to get official support from OpenVPN Inc. please use the official support ticket system: https://openvpn.net/support

Post Reply