Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 2 replies
  • Subscribers 4 subscribers
  • Views 7734 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Limit SSL VPN

YivgenyShipilevsky

Hello, 

We use for now SSL VPN.

How we can configure time limit for every ssl vpn user to 90 minutes ?

Thanks.



This thread was automatically locked due to age.
Parents
  • 0

    You'll need to hand-edit the /var/chroot-openvpn/etc/openvpn.conf - this is the server configuration.  Once you do this, if you make changes in the Sophos webadmin, they'll probably get lost/overwritten.  Also, this probably voids your warranty.  So make sure you really need this.

    You need to enable scripting in the openvpn server config, and have it call a bash script you write that 1) takes the username of the user (which is available as a variable) and 2) submits a cron job, or "at", in 90 minutes time, to call the openvpn mgmt interface-port and disconnect that specific user.  Sounds complicated, but it's not really.


    script-security 3

client-connect ./kill_in_90.sh

    ##########
    kill_in_90.sh

    (actions to create kill script)

    chmod +x /tmp/remove_user

    at -f /tmp/removeuser now + 90 minutes
    sleep 1
    rm -f /tmp/remove_user

Reply
  • 0

    You'll need to hand-edit the /var/chroot-openvpn/etc/openvpn.conf - this is the server configuration.  Once you do this, if you make changes in the Sophos webadmin, they'll probably get lost/overwritten.  Also, this probably voids your warranty.  So make sure you really need this.

    You need to enable scripting in the openvpn server config, and have it call a bash script you write that 1) takes the username of the user (which is available as a variable) and 2) submits a cron job, or "at", in 90 minutes time, to call the openvpn mgmt interface-port and disconnect that specific user.  Sounds complicated, but it's not really.


    script-security 3

client-connect ./kill_in_90.sh

    ##########
    kill_in_90.sh

    (actions to create kill script)

    chmod +x /tmp/remove_user

    at -f /tmp/removeuser now + 90 minutes
    sleep 1
    rm -f /tmp/remove_user

Children
No Data