Lockout Policy does nothing with non-windows clients

kugreg · Post by **kugreg** » Thu Jul 01, 2021 7:44 pm

We are preforming an internal audit and started testing our lockout policies with respect to the VPN tool.
What we found was that only the Windows OpenVPN Connect Client seems to ever trigger a lockout. Solutions like Veritas, Tunnelblick, or the OpenVPN Connect Clients for MacOS do not trigger a user lockout with repeated testing.

I would not think that the lockout mechanism should be tied to the client (as it would be easy to comment out a routine in an open source client) which makes me think its more likely a protocol related issue. I have noticed when the Windows Clients log in, they do not show a Protocol/Port when connecting like the other clients do (usually UDP 1194). So I wonder if there is something broken in the way the protocol handshakes are working in OpenVPN AS. We are testing this on a 2.9.1 build, for Ubuntu Linux 18.04.3.

I would be curious if others could reproduce this issue, and if someone with deeper understanding could explain it, or get someone to patch it.

Post by **openvpn_inc** » Fri Jul 02, 2021 7:11 am

Hello kugreg,

I suggest you read the full description on how the lockout policy works:
https://openvpn.net/vpn-server-resource ... out-policy

If you find anything that doesn't behave as described there, then we'd be happy to take a look at it.

Kind regards,
Johan

OpenVPN Support Forum

Lockout Policy does nothing with non-windows clients

Lockout Policy does nothing with non-windows clients

Re: Lockout Policy does nothing with non-windows clients