Page 1 of 1
OpenVPN MAC filtering - adding multiple MACs with post_auth script
Posted: Thu Aug 22, 2019 9:15 am
by stevev
I was following this
https://docs.openvpn.net/wp-content/upl ... ecking.pdf document, and I've managed to enable the MAC filtering feature. How do I add multiple MACs for a single user to the database?
Example command I would use to replace the registered MAC:
# ./sacli -u "exampleuser" -k "pvt_hw_addr" -v "00:01:02

cd:12" UserPropPut
Re: OpenVPN MAC filtering - adding multiple MACs with post_auth script
Posted: Thu Aug 22, 2019 2:36 pm
by novaflash
A customer of ours requested this on our support ticket system too. By default we do not do custom post_auth development as this would lead us into a situation where everyone would ask us to code the strangest things for them (we have had some pretty weird requests). But we reviewed this particular request and implemented a means to allow 1 additional MAC address per account, although that second address has to be added manually by the server administrator. That is to avoid a security issue with automatic registration of MAC/UUID addresses on new accounts.
See
https://openvpn.net/vpn-server-resource ... -checking/ for updated instructions and updated post_auth script with support for 1 additional parameter. The page contains an example on how to add a secondary MAC/UUID address.