OpenVPN Support Forum

Right now, I use the auth-user-pass-verify setting to run a bash script to check my usernames in a global MySQL database. These accounts expire but my question is how often does this auth method get called? If a user passes auth when they connect, will they always be connected until they disconnect or does it get run after a set time?

I did some reading on the up, up-restart, and down settings but just wondering how I would access the current user credentials on that and set the time out if I ran my shell script to recheck auth.

once a VPN session is up it will remain up until the user disconnects or until the VPN server drops the connection. There is no built-in reauth mechanism, and what's more, with an auth-user-pass script the user would most likely be queried again for it !

I'm not saying this is perfect - others have asked similar questions - but it's just the way it is.

Hmmm.... any way to combat this other then setting hard connection times like 24 hours?

Also, I just wrote a bash script that kills all openvpn processes (Run then all with the command: openvpn tcp53.cfg) so there is a bunch running. I also modified my config to remove persitent keys and tunnels.

In theory this should cause all clients to reauth on the script execution correct?

Hmmm.... any way to combat this other then setting hard connection times like 24 hours?

no, not that I know of , unless you'd modify the openvpn sources.

if the server process is killed the client will be forced to reconnect; an alternative is to use the management interface on the server , and use that to disconnect all clients after a certain amount of time.

Thanks.

I haven't done much with the management interface but I just have a bash script running every 24 hours that kills all server processes and restarts them to flush the accounts.