I was following this https://docs.openvpn.net/wp-content/upl ... ecking.pdf document, and I've managed to enable the MAC filtering feature. How do I add multiple MACs for a single user to the database?
Example command I would use to replace the registered MAC:
# ./sacli -u "exampleuser" -k "pvt_hw_addr" -v "00:01:02cd:12" UserPropPut
OpenVPN MAC filtering - adding multiple MACs with post_auth script
-
- OpenVpn Newbie
- Posts: 2
- Joined: Thu Aug 22, 2019 9:09 am
- novaflash
- OpenVPN Inc.
- Posts: 1073
- Joined: Fri Apr 13, 2012 8:43 pm
Re: OpenVPN MAC filtering - adding multiple MACs with post_auth script
A customer of ours requested this on our support ticket system too. By default we do not do custom post_auth development as this would lead us into a situation where everyone would ask us to code the strangest things for them (we have had some pretty weird requests). But we reviewed this particular request and implemented a means to allow 1 additional MAC address per account, although that second address has to be added manually by the server administrator. That is to avoid a security issue with automatic registration of MAC/UUID addresses on new accounts.
See https://openvpn.net/vpn-server-resource ... -checking/ for updated instructions and updated post_auth script with support for 1 additional parameter. The page contains an example on how to add a secondary MAC/UUID address.
See https://openvpn.net/vpn-server-resource ... -checking/ for updated instructions and updated post_auth script with support for 1 additional parameter. The page contains an example on how to add a secondary MAC/UUID address.
I'm still alive, just posting under the openvpn_inc alias now as part of a larger group.