manually disconect a openvpn user

Hello,

Disconnecting a vpn user via command line does not work for me.

I tried the following:

Get connection details of user schweiger:

   /usr/local/bin/openvpn_connections.sh|grep schweiger

I used the external and internal ip address. Both with no effect.

chroot /var/sec/chroot-openvpn /usr/bin/ras_update.plx ssl disconnect username schweiger 10.242.2.6

I don't receive any error message but the user's connection is still established (verfied with the openvpn_connection.sh command).

Thanks.

Best regards,

Duff11

  • Hallo Duff,

    The second command should be just:

         /usr/bin/ras_update.plx ssl disconnect username schweiger 10.242.2.6

    Does that not work anymore?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Thanks for your answer.

    But I already tried this as described above.

    I don't receive any error message but the connection is still alive :(

  • Did you trie that as root user?

  • try that one:

    login to FW

    sudo -i
     /usr/local/bin/openvpn_connections.sh   # List all connections
     chroot /var/sec/chroot-openvpn
     /usr/bin/ras_update.plx ssl disconnect username schweiger SSL-VPN-IP

  • my output of all connections:

    sg115:/root # openvpn_connections.sh
    OpenVPN CLIENT LIST
    Updated,Sun Apr 11 13:43:50 2021
    Common Name,Real Address,Bytes Received,Bytes Sent,Connected Since
    ddr,2a03:567:1::11,44472,61351,Sun Apr 11 13:34:01 2021
    ROUTING TABLE
    Virtual Address,Common Name,Real Address,Last Ref
    fd22:5c88:8e98:2::1000,schweiger,2a03:567:1::11,Sun Apr 11 13:37:10 2021
    10.242.2.2,schweiger,2a03:567:1::11,Sun Apr 11 13:42:32 2021

    I tried this one without success:

    sg115:/root # id
    uid=0(root) gid=0(root) groups=0(root),890(xorp)
    sg115:/root # /var/chroot-openvpn/usr/bin/ras_update.plx ssl disconnect username schweiger 10.242.2.2

  • Not sure why you persist in starting the last command with /var/chroot-openvpn.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • This was without chroot. I had to use the full path to the script:

    sg115:/root # /var/chroot-openvpn/usr/bin/ras_update.plx ssl disconnect username schweiger 10.242.2.2

    But it doesn't work :(

  • Does this need to be done from the command line?  Would temporarily disabling the account through the webadmin be an option?

  • You're right, Duff - this doesn't work anymore.  I just logged in from my iPhone via LTE and hen got the following result at the command line:

         secure:/root # chroot /var/sec/chroot-openvpn
         secure:/ # /usr/bin/ras_update.plx ssl disconnect username BAlfson 10.242.2.2
         perl: warning: Setting locale failed.
         perl: warning: Please check that your locale settings:
                     LANGUAGE = (unset),
                     LC_ALL = (unset),
                     LANG = "en_US.UTF-8"
               are supported and installed on your system.
         perl: warning: Falling back to the standard locale ("C").

    iPhone still connected.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA