Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 2 replies
  • Subscribers 4 subscribers
  • Views 7732 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Limit SSL VPN

YivgenyShipilevsky

Hello, 

We use for now SSL VPN.

How we can configure time limit for every ssl vpn user to 90 minutes ?

Thanks.



This thread was automatically locked due to age.
  • 0
    UTM does not officially support such a time limit. Feature requests can be made/found at http://feature.astaro.com/. UTM uses OpenVPN for the SSL VPN, so you may want to search Google for ways to implement this with OpenVPN. Client side changes would be done in the .ovpn config file on the client system. If it would require changes to the OpenVPN server (UTM) config, you would not want to do it if you are a paid licensee, as it would void your support and warranty.
    __________________
    ACE v8/SCA v9.3

    ...still have a v5 install disk in a box somewhere.

    http://xkcd.com
    http://www.tedgoff.com/mb
    http://www.projectcartoon.com/cartoon/1
  • 0

    You'll need to hand-edit the /var/chroot-openvpn/etc/openvpn.conf - this is the server configuration.  Once you do this, if you make changes in the Sophos webadmin, they'll probably get lost/overwritten.  Also, this probably voids your warranty.  So make sure you really need this.

    You need to enable scripting in the openvpn server config, and have it call a bash script you write that 1) takes the username of the user (which is available as a variable) and 2) submits a cron job, or "at", in 90 minutes time, to call the openvpn mgmt interface-port and disconnect that specific user.  Sounds complicated, but it's not really.


    script-security 3

client-connect ./kill_in_90.sh

    ##########
    kill_in_90.sh

    (actions to create kill script)

    chmod +x /tmp/remove_user

    at -f /tmp/removeuser now + 90 minutes
    sleep 1
    rm -f /tmp/remove_user

Unfiltered HTML