I'm trying to setup a openvpn server with time controlled connections.
We have several customers using our vpn but we need that some of them stay connected i.e. from 9.00 to 17.00 and some other i.e. from 10.00 to 18.00.
Is there any way to build a script which drops connections and disables and another which re-enables defined clients?
Thanks in advance for any help.
Time Controlled Road Warrior connections
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
-
- OpenVpn Newbie
- Posts: 1
- Joined: Wed Mar 23, 2011 3:38 pm
- maikcat
- Forum Team
- Posts: 4200
- Joined: Wed Jan 12, 2011 9:23 am
- Location: Athens,Greece
- Contact:
Re: Time Controlled Road Warrior connections
hi there,
i dont know a "clean" way to do this but i could do
it the folllowing way:
1) i use ccd-exclusive directive inside server config
and make use of ccd files (for each user i want to have vpn access)
2) write a script to rename the ccd's for the users of f.e group A (group a=9 to 17 access)
3) set up a crontab job to run the previous script at 17:00
4) restart the vpn (to disconnect the clients - not clean way but
maybe someone has better idea about this)
all clients get disconnected and those which dont belong to 9 to 17 group
they will reconnect back..
5) a rename script so that previous renamed ccd's return to original names
6) crontab job to run at 9:00...
except the global disconnection the above will work as expected...
cheers,
michael.
i dont know a "clean" way to do this but i could do
it the folllowing way:
1) i use ccd-exclusive directive inside server config
and make use of ccd files (for each user i want to have vpn access)
2) write a script to rename the ccd's for the users of f.e group A (group a=9 to 17 access)
3) set up a crontab job to run the previous script at 17:00
4) restart the vpn (to disconnect the clients - not clean way but
maybe someone has better idea about this)
all clients get disconnected and those which dont belong to 9 to 17 group
they will reconnect back..
5) a rename script so that previous renamed ccd's return to original names
6) crontab job to run at 9:00...
except the global disconnection the above will work as expected...
cheers,
michael.
Amiga 500 , Zx +2 owner
Long live Dino Dini (Kick off 2 Creator)
Inflammable means flammable? (Dr Nick Riviera,Simsons Season13)
"objects in mirror are losing"
Long live Dino Dini (Kick off 2 Creator)
Inflammable means flammable? (Dr Nick Riviera,Simsons Season13)
"objects in mirror are losing"
- gladiatr72
- Forum Team
- Posts: 194
- Joined: Mon Dec 13, 2010 3:51 pm
- Location: Lawrence, KS
Re: Time Controlled Road Warrior connections
I'd do it with a combination of client-connect scripts, which would manage a client's ability to connect, and some sort of expect-ish interaction on the management port to knock users offline during their off-hour period.
The thing to be aware of, though, is that you're still going to have some traffic coming from the disallowed clients if the client process is not killed. openvpn will sit n' spin trying to connect until its black-out period is over otherwise.
-S
The thing to be aware of, though, is that you're still going to have some traffic coming from the disallowed clients if the client process is not killed. openvpn will sit n' spin trying to connect until its black-out period is over otherwise.
-S
[..]I used to think it was awful that life was so unfair. [...]Wouldn't it be much worse if life were fair, and all the terrible things that happen to us come because we actually deserve them? -Marcus Cole