is it possible to disconnect a user from the server?

houmie75 · Post by **houmie75** » Tue May 11, 2021 11:43 am

Hello,

I have been struggling to find a way to disconnect a specific user from the OpenVPN server.

Is there a way to achieve that? Any hints please?

Or alternatively do you know if there is plugin for OpenVPN to handle CoA (Change-Of-Authorisation) requests?

Many Thanks,

TinCanTech · Post by **TinCanTech** » Tue May 11, 2021 12:26 pm

See --management

houmie75 · Post by **houmie75** » Tue May 11, 2021 12:55 pm

Sorry buddy,

Do you mean this here? https://openvpn.net/community-resources ... interface/

TinCanTech · Post by **TinCanTech** » Tue May 11, 2021 1:11 pm

Yes, it is also documented in the manual.

houmie75 · Post by **houmie75** » Tue May 11, 2021 1:46 pm

Alrighty,

So I got connected to the management interface via telnet.
And I can see that I'm logged in.

Code: Select all

admin@de-vpn-1:~$ telnet localhost 1222
Trying 127.0.0.1...
Connected to localhost.local.
Escape character is '^]'.
>INFO:OpenVPN Management Interface Version 3 -- type 'help' for more info
status 3
TITLE	OpenVPN 2.5.2 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Apr 21 2021
TIME	2021-05-11 13:38:42	1620740322
HEADER	CLIENT_LIST	Common Name	Real Address	Virtual Address	Virtual IPv6 Address	Bytes Received	Bytes Sent	Connected Since	Connected Since (time_t)	Username	Client ID	Peer ID	Data Channel Cipher
CLIENT_LIST	clientDeVpn1	89.32.xxx.xxx:46302	10.8.0.2		280940	633030	2021-05-11 13:37:30	1620740250	houmie	0	0	AES-128-GCM
HEADER	ROUTING_TABLE	Virtual Address	Common Name	Real Address	Last Ref	Last Ref (time_t)
ROUTING_TABLE	10.8.0.2	clientDeVpn1	89.32.xxx.xxx:46302	2021-05-11 13:38:41	1620740321
GLOBAL_STATS	Max bcast/mcast queue length	0
END

How can I disconnect the user `houmie`?

Looking at --help, all I see is kill, which doesn't seem to be able to kill/disconnect by username. Am I missing something?

houmie75 · Post by **houmie75** » Tue May 11, 2021 1:51 pm

And I just tried

Code: Select all

 kill 89.32.xxx.xxx:46302

, it can successfully kill the connection, but the client remains connected. That's bad, because the client has no idea. It should ideally disconnect instead of kill.

TinCanTech · Post by **TinCanTech** » Tue May 11, 2021 1:58 pm

If you are looking for a way to inform the user that they have been disconnected by the server
then you are going to be disappointed ..

I believe there has been some discussion of such functionality by the developers but, so far,
nothing has been coded ..

You might try the openvpn-users mailing list for more details.

houmie75 · Post by **houmie75** » Tue May 11, 2021 2:36 pm

Thank you. What a shame. I just dropped the list an email.

TinCanTech · Post by **TinCanTech** » Tue May 11, 2021 3:38 pm

If a client cannot connect due to an auth. failure then that works (or is meant to)
but not for disconnecting a client session.

There needs to be a comms. channel between the server and the client-GUI.
Well, something like that .. but there is nothing at present.

OpenVPN Support Forum

is it possible to disconnect a user from the server?

is it possible to disconnect a user from the server?

Re: is it possible to disconnect a user from the server?

Re: is it possible to disconnect a user from the server?

Re: is it possible to disconnect a user from the server?

Re: is it possible to disconnect a user from the server?

Re: is it possible to disconnect a user from the server?

Re: is it possible to disconnect a user from the server?

Re: is it possible to disconnect a user from the server?

Re: is it possible to disconnect a user from the server?