Open jekader opened 9 years ago
You can fix and improve by using:
rulecomment=$common_name"_openvpn-"$ifconfig_pool_remote_ip
This will narrow the grep to a specific connection so multiple users can share credentials without loosing connectivity when 1 disconnects.
OpenVPN will not allow two simultaneous connections using the same username by default - only when using the "duplicate-cn" parameter which is not something that I would recommended. Nevertheless, will take this possibility into account to improve rule targeting.
I have such a use case hence this was the way I've handled it. Thx anyway for the effort you put into these scripts was exactly what I needed.
Currently on_disconnect.sh only checks for rules to be removed by grepping for the $common_name"_openvpn"
This may cause issues.
Steps to reproduce:
1) create users "testuser" and "anothertestuser" 2) connect both users 3) disconnect "testuser"
Actual result: rules are removed for both users as the script greps for "testuser_openvpn" which will also match " "anothertestuser_openvpn"
Expected results: just rules for the right user are removed
Proposed solution: add a prefix and grep for a string including it: "rules_"$common_name"_openvpn"