OpenVPN MAC filtering - adding multiple MACs with post_auth script

[stevev]

I was following this https://docs.openvpn.net/wp-content/upl ... ecking.pdf document, and I've managed to enable the MAC filtering feature. How do I add multiple MACs for a single user to the database?

Example command I would use to replace the registered MAC:

# ./sacli -u "exampleuser" -k "pvt_hw_addr" -v "00:01:02cd:12" UserPropPut

[novaflash]

A customer of ours requested this on our support ticket system too. By default we do not do custom post_auth development as this would lead us into a situation where everyone would ask us to code the strangest things for them (we have had some pretty weird requests). But we reviewed this particular request and implemented a means to allow 1 additional MAC address per account, although that second address has to be added manually by the server administrator. That is to avoid a security issue with automatic registration of MAC/UUID addresses on new accounts.

See https://openvpn.net/vpn-server-resource ... -checking/ for updated instructions and updated post_auth script with support for 1 additional parameter. The page contains an example on how to add a secondary MAC/UUID address.