is it possible to disconnect a user from the server?

This forum is for admins who are looking to build or expand their OpenVPN setup.
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
houmie75
OpenVPN Power User
Posts: 53
Joined: Wed Jul 22, 2020 7:46 pm

is it possible to disconnect a user from the server?

Post by houmie75 » Tue May 11, 2021 11:43 am

Hello,

I have been struggling to find a way to disconnect a specific user from the OpenVPN server.

Is there a way to achieve that? Any hints please?

Or alternatively do you know if there is plugin for OpenVPN to handle CoA (Change-Of-Authorisation) requests?


Many Thanks,

User avatar
TinCanTech
Forum Team
Posts: 9203
Joined: Fri Jun 03, 2016 1:17 pm

Re: is it possible to disconnect a user from the server?

Post by TinCanTech » Tue May 11, 2021 12:26 pm

See --management

houmie75
OpenVPN Power User
Posts: 53
Joined: Wed Jul 22, 2020 7:46 pm

Re: is it possible to disconnect a user from the server?

Post by houmie75 » Tue May 11, 2021 12:55 pm

Sorry buddy,

Do you mean this here? https://openvpn.net/community-resources ... interface/

User avatar
TinCanTech
Forum Team
Posts: 9203
Joined: Fri Jun 03, 2016 1:17 pm

Re: is it possible to disconnect a user from the server?

Post by TinCanTech » Tue May 11, 2021 1:11 pm

Yes, it is also documented in the manual.

houmie75
OpenVPN Power User
Posts: 53
Joined: Wed Jul 22, 2020 7:46 pm

Re: is it possible to disconnect a user from the server?

Post by houmie75 » Tue May 11, 2021 1:46 pm

Alrighty,

So I got connected to the management interface via telnet.
And I can see that I'm logged in.

Code: Select all

admin@de-vpn-1:~$ telnet localhost 1222
Trying 127.0.0.1...
Connected to localhost.local.
Escape character is '^]'.
>INFO:OpenVPN Management Interface Version 3 -- type 'help' for more info
status 3
TITLE	OpenVPN 2.5.2 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Apr 21 2021
TIME	2021-05-11 13:38:42	1620740322
HEADER	CLIENT_LIST	Common Name	Real Address	Virtual Address	Virtual IPv6 Address	Bytes Received	Bytes Sent	Connected Since	Connected Since (time_t)	Username	Client ID	Peer ID	Data Channel Cipher
CLIENT_LIST	clientDeVpn1	89.32.xxx.xxx:46302	10.8.0.2		280940	633030	2021-05-11 13:37:30	1620740250	houmie	0	0	AES-128-GCM
HEADER	ROUTING_TABLE	Virtual Address	Common Name	Real Address	Last Ref	Last Ref (time_t)
ROUTING_TABLE	10.8.0.2	clientDeVpn1	89.32.xxx.xxx:46302	2021-05-11 13:38:41	1620740321
GLOBAL_STATS	Max bcast/mcast queue length	0
END
How can I disconnect the user `houmie`?

Looking at --help, all I see is kill, which doesn't seem to be able to kill/disconnect by username. Am I missing something?

houmie75
OpenVPN Power User
Posts: 53
Joined: Wed Jul 22, 2020 7:46 pm

Re: is it possible to disconnect a user from the server?

Post by houmie75 » Tue May 11, 2021 1:51 pm

And I just tried

Code: Select all

 kill 89.32.xxx.xxx:46302
, it can successfully kill the connection, but the client remains connected. That's bad, because the client has no idea. It should ideally disconnect instead of kill.

User avatar
TinCanTech
Forum Team
Posts: 9203
Joined: Fri Jun 03, 2016 1:17 pm

Re: is it possible to disconnect a user from the server?

Post by TinCanTech » Tue May 11, 2021 1:58 pm

If you are looking for a way to inform the user that they have been disconnected by the server
then you are going to be disappointed ..

I believe there has been some discussion of such functionality by the developers but, so far,
nothing has been coded ..

You might try the openvpn-users mailing list for more details.

houmie75
OpenVPN Power User
Posts: 53
Joined: Wed Jul 22, 2020 7:46 pm

Re: is it possible to disconnect a user from the server?

Post by houmie75 » Tue May 11, 2021 2:36 pm

Thank you. What a shame. I just dropped the list an email.

User avatar
TinCanTech
Forum Team
Posts: 9203
Joined: Fri Jun 03, 2016 1:17 pm

Re: is it possible to disconnect a user from the server?

Post by TinCanTech » Tue May 11, 2021 3:38 pm

If a client cannot connect due to an auth. failure then that works (or is meant to)
but not for disconnecting a client session.

There needs to be a comms. channel between the server and the client-GUI.
Well, something like that .. but there is nothing at present.

Post Reply