Page 1 of 1
is it possible to disconnect a user from the server?
Posted: Tue May 11, 2021 11:43 am
by houmie75
Hello,
I have been struggling to find a way to disconnect a specific user from the OpenVPN server.
Is there a way to achieve that? Any hints please?
Or alternatively do you know if there is plugin for OpenVPN to handle CoA (Change-Of-Authorisation) requests?
Many Thanks,
Re: is it possible to disconnect a user from the server?
Posted: Tue May 11, 2021 12:26 pm
by TinCanTech
See --management
Re: is it possible to disconnect a user from the server?
Posted: Tue May 11, 2021 12:55 pm
by houmie75
Re: is it possible to disconnect a user from the server?
Posted: Tue May 11, 2021 1:11 pm
by TinCanTech
Yes, it is also documented in the manual.
Re: is it possible to disconnect a user from the server?
Posted: Tue May 11, 2021 1:46 pm
by houmie75
Alrighty,
So I got connected to the management interface via telnet.
And I can see that I'm logged in.
Code: Select all
admin@de-vpn-1:~$ telnet localhost 1222
Trying 127.0.0.1...
Connected to localhost.local.
Escape character is '^]'.
>INFO:OpenVPN Management Interface Version 3 -- type 'help' for more info
status 3
TITLE OpenVPN 2.5.2 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Apr 21 2021
TIME 2021-05-11 13:38:42 1620740322
HEADER CLIENT_LIST Common Name Real Address Virtual Address Virtual IPv6 Address Bytes Received Bytes Sent Connected Since Connected Since (time_t) Username Client ID Peer ID Data Channel Cipher
CLIENT_LIST clientDeVpn1 89.32.xxx.xxx:46302 10.8.0.2 280940 633030 2021-05-11 13:37:30 1620740250 houmie 0 0 AES-128-GCM
HEADER ROUTING_TABLE Virtual Address Common Name Real Address Last Ref Last Ref (time_t)
ROUTING_TABLE 10.8.0.2 clientDeVpn1 89.32.xxx.xxx:46302 2021-05-11 13:38:41 1620740321
GLOBAL_STATS Max bcast/mcast queue length 0
END
How can I disconnect the user `houmie`?
Looking at --help, all I see is kill, which doesn't seem to be able to kill/disconnect by username. Am I missing something?
Re: is it possible to disconnect a user from the server?
Posted: Tue May 11, 2021 1:51 pm
by houmie75
And I just tried
, it can successfully kill the connection, but the client remains connected. That's bad, because the client has no idea. It should ideally disconnect instead of kill.
Re: is it possible to disconnect a user from the server?
Posted: Tue May 11, 2021 1:58 pm
by TinCanTech
If you are looking for a way to inform the user that they have been disconnected by the server
then you are going to be disappointed ..
I believe there has been some discussion of such functionality by the developers but, so far,
nothing has been coded ..
You might try the openvpn-users mailing list for more details.
Re: is it possible to disconnect a user from the server?
Posted: Tue May 11, 2021 2:36 pm
by houmie75
Thank you. What a shame. I just dropped the list an email.
Re: is it possible to disconnect a user from the server?
Posted: Tue May 11, 2021 3:38 pm
by TinCanTech
If a client cannot connect due to an auth. failure then that works (or is meant to)
but not for disconnecting a client session.
There needs to be a comms. channel between the server and the client-GUI.
Well, something like that .. but there is nothing at present.