[Openswan Users] lockout policy and dropping current connections
paul at xelerance.com
Tue Apr 12 15:01:24 EDT 2011
On Tue, 12 Apr 2011, Lance Garcia wrote:
> Trying to secure my VPN as hard as possible and couldn't find any info on the questions below.
> Is it possible to create a lockout policy/block users for usernames created in the chaps-secrets file when they fail to log in 3 times?
That's a pppd issue, or possible a pppd plugin (radius/ldap) issue.
> also is it possible to view and drop active connections? in case a PSK or cert has been compromised?
ipsec auto --status views connections. You can delete an instance by its instance number using ipsec auto --down
More information about the Users