Configuration of embedded OpenVPN Server

Options
weite
weite Posts: 28  Freshman Member
First Comment Seventh Anniversary

We had the problem that we had to change the entire "OpenVPN Connect" connection configuration on all clients.

However, support told us that we could change the server configuration to propagate the settings. But we had no way.

I think it would be a good solution if we could change some custom directives, such as propagating "auth-nocache."

2 votes

Active · Last Updated

Comments

  • Zyxel_Melen
    Zyxel_Melen Posts: 3,514  Zyxel Employee
    Zyxel Certified Network Engineer Level 1 - Switch Zyxel Certified Network Administrator - Switch Zyxel Certified Network Administrator - Nebula Zyxel Certified Sales Associate

    Hi @weite,

    Could you share the whole story of this case? Currently, I can't connect to any part of SSL VPN on H series. Thanks!

    Zyxel Melen


  • weite
    weite Posts: 28  Freshman Member
    First Comment Seventh Anniversary

    Okay, to explain. Since the USH H Series only supports OTP, we connected a RAIDUS with MFA. However, there was a problem. After a connection is lost, e.g., due to poor Wi-Fi or something similar, the client repeatedly attempts to reconnect in the background. In this case, the user has to grant access (MFA) in a mobile app, but it doesn't notice this. In this case, the firewall blocks the IP after x fail connections. Which is correct, but it makes it impossible for the user to dial in again.

    So we had to prevent automatic reconnection. This can be done with the "auth-nocache" parameter in the config file. It's not pretty, but it works. In this case, however, we had to manually adjust the configuration on xx workstations. According to OpenVPN, this information can also be rolled out during a connection attempt. Therefore, it would be nice if something like this could be controlled via the firewall.