Hello Selva, Thank you for your answer. I really appreciate your help. I'm happy to follow your recommendation.
I just created an example to demonstrate it to you. I connected to the OpenVPN server once via iphone and also with Mac. CLIENT_LIST,clientDeVpn1,89.32.xxx.xxx:47295,10.8.0.2,,9364,9966,2021-05-13 06:47:26,1620888446,00000000-5bd8-09b6-0000-00005bd809b6,4,0,AES-128-GCM CLIENT_LIST,clientDeVpn1,89.32.xxx.xxx:47200,10.8.0.2,,2752739,7705146,2021-05-13 06:03:54,1620885834,houmie,3,1,AES-128-GCM client-kill 4 HALT SUCCESS: client-kill command succeeded At first it looks like a success. The iphone is disconnected and the Mac remains connected. However after a few seconds the Mac's traffic stops responding. I can't surf anywhere. I tried to google and open youtube. Everything is stale. The kill command has killed the entire traffic for the whole client. But the same client is used by multiple devices (duplicate-cn). I wish to disconnect just a single device connected to the client and not kill the entire client. How can I achieve this, please? Many Thanks, Houman On Wed, 12 May 2021 at 16:06, Selva Nair <selva.n...@gmail.com> wrote: > Hi, > > > > > @selva I can't kill the whole client, as I'm doing a duplicate-cn. Hence > I had to kill via IP address and port to pinpoint exactly that user. > > > > However I have found a secret feature, which it seems you guys weren't > aware of. ;-) > > > > client-deny 4 0 "Disconnect Now" > > client-deny is for failing client authentication, and is supposed to > be used when the client is connecting or doing re-auth with > --management-client-auth. It may work mid-session, but that's > undocumented and could change. The third argument is KID, not PID. > > Also, the client will receive an AUTH_FAILED leading to restart-- so > it will connect right back especially when passwords are cached. > > Selva >
_______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
