Limit Reconnect Attempts for SSL-VPN

Is there a way to suppress reconnect attempts (or limit them, to say, 3) for the SSL-VPN client on XG? We're getting DUO MFA lockouts from users who don't disconnect at the end of the day.  

SSL-MFA attempts to reconnect after a timeout, and then attempts about once per minute for at least 10 times....and at that point DUO locks them out (of DUO), and sends a lockout report to the administrator.   Admin must then unlock the user in DUO before the user can log back in again. 

Thanks.   - asked on Twitter too...don't know if you have a preference.  


Edited TAGs
[edited by: emmosophos at 8:14 PM (GMT -7) on 13 Apr 2021]
Parents Reply
  • Hi... I don't think it is on the idle-timeout issue....I expect that the connection will be timed out...and that is a good thing.  What I am attempting to do is to limit is the number of retries that the client sends when the connection is broken.  It appears that these are being sent once a minute or so,  and after DUO receives 10 that are unacknowledged Duo will lock out the the user.  (also, not a bad thing). 

    I have been looking into the  resolv-retry infinit setting in the openvpn documentation at Reference manual for OpenVPN 2.1 | OpenVPN

No Data