maybe you simply have not created your first user, create it in the panel
to disable
db vpn setprop toto@domain.com status disabled
signal-event nethserver-openvpn-save
you could imagine a loop to parse all users in the databse and enable/disable it following the time
Write a firewall rule for that OpenVPN user or it’s ip address.
ok, definitly I was blind 
Found.
Thanks
Thanks.
Tried to disable a user (of 3 created for test but never used until now). I still have no status::
/sbin/e-smith/db dbfile setprop key prop1 val1 [prop2 val2] [prop3 val3] …
tess-vpn=vpn
OpenVpnIp=
VPNRemoteNetmask=
VPNRemoteNetwork=
tess00@tess.com=vpn-user
OpenVpnIp=10.20.1.233
VPNRemoteNetmask=
VPNRemoteNetwork=
tess01@tess.com=vpn-user
OpenVpnIp=
VPNRemoteNetmask=
VPNRemoteNetwork=
Is it safe to play with iptables on NethServer?
You have the firewall interface for play with. Anyway… at any update of the rules into the interface, Shorewall and iptable are waved and reconfigure according to the interface.
Simply create the status prop for the user like I wrote
Sometime do not search to understand, just play 
I wanto disable specific rw user outside working hours.
Following your hint I can assign to it a fixed IP (10.20.1.101)
In a cron job insert a line like:
iptables -A INPUT -s 10.20.1.101 -j DROP
and in another cron job I insert:
iptables -D INPUT -s 10.20.1.101 -j DROP
(or shorewall restart)
Is INPUT the right Chain or have I to use another Chain (net2ovpn)?
That was not my suggestion…
Bind a OpenVPN user to an ip address.
Use the firewall rule to define WHEN the user is allowed (use objects) then the following rule that do not allow the user to access to the internal lan.
You are right …
I missed the “status” word in my command …
Thanks.
Tonight I not very smart … May be usually on saturday I used to do different activities before Corona Time …
This?:
That’s what I’ll do.
Take time to test it
I’ll do it tomorrow or monday
Thanks
Is there a corresponding command line that can be used in a script to export the list and send something human readable via mail?
Thanks.
the api can be queried by the command line in a terminal
echo '{"action":"connectionHistory","account":"stephane@domain.org","timeInterval":"today"}' | /usr/bin/sudo /usr/libexec/nethserver/api/nethserver-vpn-ui/openvpn-rw/read | jq
echo '{"action":"connectionHistory","account":"stephane@domain.org","timeInterval":"last_week"}' | /usr/bin/sudo /usr/libexec/nethserver/api/nethserver-vpn-ui/openvpn-rw/read | jq
echo '{"action":"connectionHistory","account":"stephane@domain.org","timeInterval":"last_month"}' | /usr/bin/sudo /usr/libexec/nethserver/api/nethserver-vpn-ui/openvpn-rw/read | jq
you retrieve a json object that you can parse and email it to who you want
Ok, now I have to convert it in human readable format (like in the windows panel):
Started Ended Duration RemoteIP Received Sent
Today I discovered jq exist and probably if I study it I can achieve this, but if there is already an example that I can use …
Thanks
It is linux time in second since 1970, happy coding
Did you manage to configure VPN user access by time?
Did you read this post?
Different request (per user route) same solution (firewall rule on the ip assigned to the user)
