We recently introduced a Multi-Factor Authentication solution for our VPN users and this introduced an annoying 'feature', as we call it in the trade, when using the Sophos VPN client.
Apparently randomly, users are disconnected from VPN by the Sophos UTM 9, requiring the users to log back in.
So far I noticed that when that happens, the openvpn log shows that a:
- MANAGEMENT: Client connected from /var/run/openvpn_mgmt was issued.
- Followed by a single or, worse, a buch of CMD 'kill <username>'.
Those connected to the VPN are kicked off with a 'SIGTERM[soft,] received, client-instance exiting'
I have the impression it does a kill of all users that already have used the MFA solution, every time a new user connects using MFA.
What triggers these kill commands?
This thread was automatically locked due to age.