How to disconnect a specific client, instead of the user?

Business solution to host your own OpenVPN server with web management interface and bundled clients.
chilinux
OpenVPN Power User
Posts: 156
Joined: Thu Mar 28, 2013 8:31 am

Re: How to disconnect a specific client, instead of the user?

Post by chilinux » Tue Jun 15, 2021 2:23 pm

OS version is already included when "push-peer-info" is enabled on the client under the variable of IV_PLAT_VER.

As to the MB serial number, I agree it is a legitimate feature request when you look into the client side policy features of the other VPN products that the OpenVPN AS FAQ reference as competitors. OpenVPN AS support may even acknowledge it as a legitimate feature request. But my own personal experience with OpenVPN AS support has been so poor that I am not sure you would like the timeline they put on looking into the request.

My suggestion of creating a wrapper was just to give you options to get what you wanted with a timeline under your own control.

stephan.budach
OpenVpn Newbie
Posts: 15
Joined: Tue May 25, 2021 8:05 am

Re: How to disconnect a specific client, instead of the user?

Post by stephan.budach » Thu Jun 17, 2021 6:50 am

Yeah… I might be doing that over the summer, when I will be having some time. However, I'll definitively try the feature request.

User avatar
openvpn_inc
OpenVPN Inc.
Posts: 1333
Joined: Tue Feb 16, 2021 10:41 am

Re: How to disconnect a specific client, instead of the user?

Post by openvpn_inc » Mon Jun 21, 2021 3:38 pm

Hello chilinux and stephan.budach,

We prefer to find a graceful method of migrating to UUID. This is already in use on Android and iOS. MAC addresses can change depending on which interface is used to access the Internet. UUID is fixed for a specific device/installation. However, if we change this behavior right now from one day to the next, we would end up breaking all systems that are currently relying on MAC address for the other platforms (Windows, macOS, Linux).

The goal is to have a unique identifier for this device/installation. UUID is perfect for this task. Mainboard ID could probably also work but I am not sure you can get that information on all platforms. It is already not normally possible to access MAC address on a mobile platform for example. But a UUID or similar unique ID for the various platforms is possible.

The idea of using a wrapper and using mainboard ID is of course up to you. But not one that we would actively seek to support, given the better alternative.

Kind regards,
Johan
Image OpenVPN Inc.
Answers provided by OpenVPN Inc. staff members here are provided on a voluntary best-effort basis, and no rights can be claimed on the basis of answers posted in this public forum. If you wish to get official support from OpenVPN Inc. please use the official support ticket system: https://openvpn.net/support

stephan.budach
OpenVpn Newbie
Posts: 15
Joined: Tue May 25, 2021 8:05 am

Re: How to disconnect a specific client, instead of the user?

Post by stephan.budach » Tue Jun 22, 2021 6:56 am

Hello Johan,

I appreciate your effort on finding a generalized solution for this issue. Going with DUID would be also okay for me. However, when I checked the attributes provided to our AS when connecting with my iOS device, the value shown in peer info: IV_HWADD, actually was not the iOS device's DUID, but some other value.

Regards,
Stephan

Post Reply