Configuration of embedded OpenVPN Server




We had the problem that we had to change the entire "OpenVPN Connect" connection configuration on all clients.
However, support told us that we could change the server configuration to propagate the settings. But we had no way.
I think it would be a good solution if we could change some custom directives, such as propagating "auth-nocache."
Comments
-
Hi @weite,
Could you share the whole story of this case? Currently, I can't connect to any part of SSL VPN on H series. Thanks!
Zyxel Melen0 -
Okay, to explain. Since the USH H Series only supports OTP, we connected a RAIDUS with MFA. However, there was a problem. After a connection is lost, e.g., due to poor Wi-Fi or something similar, the client repeatedly attempts to reconnect in the background. In this case, the user has to grant access (MFA) in a mobile app, but it doesn't notice this. In this case, the firewall blocks the IP after x fail connections. Which is correct, but it makes it impossible for the user to dial in again.
So we had to prevent automatic reconnection. This can be done with the "auth-nocache" parameter in the config file. It's not pretty, but it works. In this case, however, we had to manually adjust the configuration on xx workstations. According to OpenVPN, this information can also be rolled out during a connection attempt. Therefore, it would be nice if something like this could be controlled via the firewall.
0
Categories
- All Categories
- 435 Beta Program
- 2.7K Nebula
- 176 Nebula Ideas
- 117 Nebula Status and Incidents
- 6.1K Security
- 424 USG FLEX H Series
- 298 Security Ideas
- 1.6K Switch
- 78 Switch Ideas
- 1.2K Wireless
- 44 Wireless Ideas
- 6.7K Consumer Product
- 274 Service & License
- 419 News and Release
- 88 Security Advisories
- 31 Education Center
- 10 [Campaign] Zyxel Network Detective
- 4.2K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 83 About Community
- 89 Security Highlight