Fadim wrote: ↑Thu May 25, 2023 12:16 pm
As far as I know, to limit a user to a single connection, you can add the line "duplicate-cn" to your OpenVPN server configuration file, which is typically /etc/openvpn/server.conf. However, be aware that this will limit every user to a single connection, not just a specific one.
As for automatically disconnecting clients every 5 minutes, you can add the "reneg-sec 300" line to your server.conf file. This forces re-authentication every 300 seconds (5 minutes), effectively disconnecting and then reconnecting the client.
Here's how to do this via SSH:
1. Connect to your router via SSH.
2. Type "vi /etc/openvpn/server.conf" to open the file in a text editor.
3. Use the arrow keys to navigate to the end of the file, then press "a" to start adding text.
4. Add the lines "duplicate-cn" and "reneg-sec 300".
5. Press "Esc", then type ":wq" and press "Enter" to save and quit.
6. Finally, restart your OpenVPN service by typing "service openvpn restart".
Remember, each change to your VPN settings impacts security and functionality, so make sure it's the right move for your situation.
Thank you for your reply.
I tried to ssh to my router but in Merlin the dir structure does not look like what you suggested. I didn't find the server.conf file under /etc folder.
after login the root folder look like this
bin cifs2 etc jffs media mnt proc root sys tmp var
cifs1 dev home lib mmc opt rom sbin sysroot usr www
after cd /etc and ls command it look like this
TZ e2fsck.conf gshadow l7-protocols passwd.custom samba usb_modeswitch.conf
adsl1 email hosts ld.so.conf passwd.openvpn services web
cert.pem ethertypes hotplug2.rules modprobe.conf ppp shadow wgetrc
cfg_mnt fstab inadyn.conf motd profile shadow.openvpn
dnsmasq.conf group iproute2 pam.d protocols smb.conf
dropbear group.custom key.pem passwd resolv.conf ssl
I took a screenshot if you need better view.
https://ibb.co/5vBL9Sx
So I can not quite follow your steps here. Maybe Merlin put the file in a different location? If you could tell me some possible location I will try to find it and follow the instruction you gave me.
The reason I want to set the connection limit, it's because some of my friends and family members want to use VPN for some verification purpose. They just need to login, get the IP, and pass the IP check. The whole thing will only take about 1 min. But I don't want them to abuse it or any other security problem, so I want to set some restrictions.
The best situation will be:
I keep the VPN on 24/7 in my router so they don't have to call me or message me when they need the VPN.
Allow only one or two user login at the same time.
The VPN server will force disconnect the user after a period of time to free the slot.
So I think set a 5 mins limit should be quite long enough for the IP check and If the user still need the IP he could just login again after he got kick out.
I hope this will explain my needs. If you have any better suggestion or method, I am open to any ideas.
Thank you again for take time to answer my question.
