[Openswan Users] lockout policy and dropping current connections

Paul Wouters paul at xelerance.com
Tue Apr 12 15:01:24 EDT 2011


On Tue, 12 Apr 2011, Lance Garcia wrote:

> Trying to secure my VPN as hard as possible and couldn't find any info on the questions below.
> 
> Is it possible to create a lockout policy/block users for usernames created in the chaps-secrets file when they fail to log in 3 times?

That's a pppd issue, or possible a pppd plugin (radius/ldap) issue.

> also is it possible to view and drop active connections? in case a PSK or cert has been compromised?

ipsec auto --status views connections. You can delete an instance by its instance number using ipsec auto --down

Paul


More information about the Users mailing list