OpenVPN Support Forum

Community Support Forum
https://forums.openvpn.net/

How to disconnect a specific client, instead of the user?

https://forums.openvpn.net/viewtopic.php?t=32420

Page 2 of 2

Re: How to disconnect a specific client, instead of the user?

Posted: Tue Jun 15, 2021 2:23 pm
by chilinux
OS version is already included when "push-peer-info" is enabled on the client under the variable of IV_PLAT_VER.

As to the MB serial number, I agree it is a legitimate feature request when you look into the client side policy features of the other VPN products that the OpenVPN AS FAQ reference as competitors. OpenVPN AS support may even acknowledge it as a legitimate feature request. But my own personal experience with OpenVPN AS support has been so poor that I am not sure you would like the timeline they put on looking into the request.

My suggestion of creating a wrapper was just to give you options to get what you wanted with a timeline under your own control.

Re: How to disconnect a specific client, instead of the user?

Posted: Thu Jun 17, 2021 6:50 am
by stephan.budach
Yeah… I might be doing that over the summer, when I will be having some time. However, I'll definitively try the feature request.

Re: How to disconnect a specific client, instead of the user?

Posted: Mon Jun 21, 2021 3:38 pm
by openvpn_inc
Hello chilinux and stephan.budach,

We prefer to find a graceful method of migrating to UUID. This is already in use on Android and iOS. MAC addresses can change depending on which interface is used to access the Internet. UUID is fixed for a specific device/installation. However, if we change this behavior right now from one day to the next, we would end up breaking all systems that are currently relying on MAC address for the other platforms (Windows, macOS, Linux).

The goal is to have a unique identifier for this device/installation. UUID is perfect for this task. Mainboard ID could probably also work but I am not sure you can get that information on all platforms. It is already not normally possible to access MAC address on a mobile platform for example. But a UUID or similar unique ID for the various platforms is possible.

The idea of using a wrapper and using mainboard ID is of course up to you. But not one that we would actively seek to support, given the better alternative.

Kind regards,
Johan

Re: How to disconnect a specific client, instead of the user?

Posted: Tue Jun 22, 2021 6:56 am
by stephan.budach
Hello Johan,

I appreciate your effort on finding a generalized solution for this issue. Going with DUID would be also okay for me. However, when I checked the attributes provided to our AS when connecting with my iOS device, the value shown in peer info: IV_HWADD, actually was not the iOS device's DUID, but some other value.

Regards,
Stephan
All times are UTC
Page 2 of 2
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/