Hi,
we are currently running three OpenVPN-Gateways for all the remote-workers in our company. As the numbers grew in the beginning of March (from around 200 to now 1700 parallel users) we had to build up new gateways very quickly. In this process we made some (sort of) design-mistakes. To correct these mistakes or to do other maintenance we have to clear the appropriate gateway from usage. We cannot simply reboot the device, as this would be too interrupting for the users. As we are “controlling” the usage of the gateways via a single DNS-RR-Record (which isn’t a real control as it just statistically distributes the clients – but it works well for us), the first thing to do is to remove the IP from the DNS-Record. But even after 18 hours waiting we have still active users on the gateway. We have developed own scripts for “auth-user-pass-verify”, “client-connect” and “learn-address”. Now for the question: Would it be possible to “soft-reject” the connecting clients during the connection-phase? That we can redirect the client to use another gateway and free the corresponding gateway gently. >From what I’ve read it is only possible to reject the user >(auth-user-pass-verify) or disconnect the user (client-connect). The first >isn’t very nice and would confuse users as the password might be correct. Kind regards, Christian Frömmel Charité – Universitätsmedizin Berlin Geschäftsbereich IT | Abteilung Netzwerk Hindenburgdamm 30 | D-12200 Berlin
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
