RoadWarriors managment

Support
, ,
1

NethServer Version: 7.7.1908
I am “playing” with OpenVPN & c.
Is there a way to:

  1. limit all or specific road warrior user by time (ie 8-20)?
  2. have a use report of RW connections? (also a simple output like the standard “last” for logon)

Thanks, P.

2

I believe in the user list you have the time of the last connection IIRC

3

This is right

Bildschirmfoto 2020-03-28 um 17.27.45
Bildschirmfoto 2020-03-28 um 17.27.451002×79 15.7 KB

details you get from

/var/log/openvpn/openvpn.log

4

Screenshot (18)
Screenshot (18)813×533 59.1 KB

5

So, if I use server’s users I have the connection history.
Never tried. I test it ASAP.
Thanks
There is also the option to define a time table when a user can connect?

Thanks.

6

I think no

7

Is there a file that I can manipulate with some script in crontab?
Or a command that can be used from a script to enable/disable a user?

And … where can I find the "connection history screen you posted above?

Thanks, P.

8

in the list of users, click on the last connection date (blue link)

Probably yes you could disable by a cron command

9 
db vpn show

toto@domain.com=vpn-user
    OpenVpnIp=
    VPNRemoteNetmask=
    VPNRemoteNetwork=
    status=enabled

create a script to set the status to disabled an trigger the event nethserver-openvpn-save

10

in the list of users, click on the last connection date (blue link)

May be I am blind or stupid, but I can’t find it neither in classic panel nor cockpit panel …

For me

db vpn show

toto@domain.com=vpn-user
    OpenVpnIp=
    VPNRemoteNetmask=
    VPNRemoteNetwork=

No status=enabled row.
Command to enable/disable is something like

db vpn set ???

Thanks for your patience :wink:

11

maybe you simply have not created your first user, create it in the panel

to disable

db vpn setprop toto@domain.com status disabled
signal-event nethserver-openvpn-save

you could imagine a loop to parse all users in the databse and enable/disable it following the time

12

Screenshot (19)
Screenshot (19)1640×532 41.6 KB

click in the last connected

13

Write a firewall rule for that OpenVPN user or it’s ip address.

14

ok, definitly I was blind :wink:
Found.
Thanks

15

Thanks.
Tried to disable a user (of 3 created for test but never used until now). I still have no status::

db vpn setprop tess00@tess.com disabled

/sbin/e-smith/db dbfile setprop key prop1 val1 [prop2 val2] [prop3 val3] …

signal-event nethserver-openvpn-save

db vpn show

tess-vpn=vpn
OpenVpnIp=
VPNRemoteNetmask=
VPNRemoteNetwork=
tess00@tess.com=vpn-user
OpenVpnIp=10.20.1.233
VPNRemoteNetmask=
VPNRemoteNetwork=
tess01@tess.com=vpn-user
OpenVpnIp=
VPNRemoteNetmask=
VPNRemoteNetwork=

16

Is it safe to play with iptables on NethServer?

17

You have the firewall interface for play with. Anyway… at any update of the rules into the interface, Shorewall and iptable are waved and reconfigure according to the interface.

18

Simply create the status prop for the user like I wrote

Sometime do not search to understand, just play :slight_smile:

19

I wanto disable specific rw user outside working hours.
Following your hint I can assign to it a fixed IP (10.20.1.101)
In a cron job insert a line like:
iptables -A INPUT -s 10.20.1.101 -j DROP

and in another cron job I insert:
iptables -D INPUT -s 10.20.1.101 -j DROP
(or shorewall restart)

Is INPUT the right Chain or have I to use another Chain (net2ovpn)?

20

That was not my suggestion…
Bind a OpenVPN user to an ip address.
Use the firewall rule to define WHEN the user is allowed (use objects) then the following rule that do not allow the user to access to the internal lan.