Page 1 of 1
Time Controlled Road Warrior connections
Posted: Wed Mar 23, 2011 3:50 pm
by habasit
I'm trying to setup a openvpn server with time controlled connections.
We have several customers using our vpn but we need that some of them stay connected i.e. from 9.00 to 17.00 and some other i.e. from 10.00 to 18.00.
Is there any way to build a script which drops connections and disables and another which re-enables defined clients?
Thanks in advance for any help.
Re: Time Controlled Road Warrior connections
Posted: Wed Mar 23, 2011 6:09 pm
by maikcat
hi there,
i dont know a "clean" way to do this but i could do
it the folllowing way:
1) i use ccd-exclusive directive inside server config
and make use of ccd files (for each user i want to have vpn access)
2) write a script to rename the ccd's for the users of f.e group A (group a=9 to 17 access)
3) set up a crontab job to run the previous script at 17:00
4) restart the vpn (to disconnect the clients - not clean way but
maybe someone has better idea about this)
all clients get disconnected and those which dont belong to 9 to 17 group
they will reconnect back..
5) a rename script so that previous renamed ccd's return to original names
6) crontab job to run at 9:00...
except the global disconnection the above will work as expected...
cheers,
michael.
Re: Time Controlled Road Warrior connections
Posted: Wed Mar 23, 2011 6:21 pm
by gladiatr72
I'd do it with a combination of client-connect scripts, which would manage a client's ability to connect, and some sort of expect-ish interaction on the management port to knock users offline during their off-hour period.
The thing to be aware of, though, is that you're still going to have some traffic coming from the disallowed clients if the client process is not killed. openvpn will sit n' spin trying to connect until its black-out period is over otherwise.
-S