Do you recognize a good idea when you see one? We want to hear from you!
Header Image

I suggest you ...

VPN: Manually Disconnect a logged-in User

I would like to have a option on the Remote Access Status Page to throw out a logged-in-User. In some cases it would be necessary to log out a user manually with the webadmin-interface.

180 votes
Vote
Sign in
Check!
(thinking…)
Reset
or sign in with
  • facebook
  • google
    Password icon
    I agree to the terms of service
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    Edmund FürstEdmund Fürst shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →
    Leland VandervortLeland Vandervort shared a merged idea: Remote-Access VPN Connections: Session Management/Terminate active connection  ·   · 
    BARD-ITBARD-IT shared a merged idea: Function to log out VPN-User  ·   · 
    PatrickPatrick shared a merged idea: SSL VPN: Manually disconnect a User  ·   · 

    18 comments

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      I agree to the terms of service
      Signed in as (Sign out)
      Submitting...
      • bobcatbobcat commented  ·   ·  Flag as inappropriate

        to identify the source IP, this worked for me:
        1. Check Remote Access Online Users for VPN-pool IP assigned to user session you want to kill.
        2. Search “IPsec VPN” log for that VPN-pool IP address, making sure you have found the currently-active one, and confirm its log entry has the correct username. This log entry will also list user’s source IP/srcip. Proceed with the kill as per my previous comment.

      • bobcatbobcat commented  ·   ·  Flag as inappropriate

        I'd appreciate any advice on this technique... from the command line, you can find currently active L2TP/IPsec sessions:
        ps -ef | grep l2tp
        If you can identify the source IP of the session you want to terminate, you can kill that session's associated PID.

        I need this capability in case a user account needs to be terminated. If someone has just been fired, I do not want their VPN tunnel to stay up!

      • TobiasTobias commented  ·   ·  Flag as inappropriate

        Just a guess. In V9.1 it is possbile to configure more than one ssl remote access profile. Maybe you could just configure one profile per user and if you have to disconnect a specific user just deactivate his profile. This is just a guess I haven't tried this.

      • mraineymrainey commented  ·   ·  Flag as inappropriate

        I run in to this frequently where I want to force just one logged on user to disconnect. Sometimes I see one user with 2 ip addresses and one of them is the same as another user.

      • ThomasThomas commented  ·   ·  Flag as inappropriate

        We have ran into an issue where our remote users will connect remotely, but will leave the connection active when they leave their house.

        This can pose as a security risk and we are unable to disconnect the user from within WebAdmin.

        We need a way of disconnecting a user that is connected remotely without taking down the entire system.

      • Vivek RajputVivek Rajput commented  ·   ·  Flag as inappropriate

        But i think Angelo should say somthing..!! Because in case of VPN we dont have so much options. Please reply...

      • Vivek RajputVivek Rajput commented  ·   ·  Flag as inappropriate

        Hi...

        Now we are using v8.103 and v8.165 under testing but there is no option for manually Disconnect.

      • Corey WheelerCorey Wheeler commented  ·   ·  Flag as inappropriate

        I've come across the limitation many times over. There are users that never seem to log out, thereby taking up value system resources and bandwidth, not to mention the security risk of having a user logged in for days on end while they're on vacation. Other firewalls seem to offer this ability, but Astaro is my firewall of choice as opposed to a Cisco PIX or ASA. I want to be able to drop the connection or at the very least set limitations on how session length or idle time.

      • FirebearFirebear commented  ·   ·  Flag as inappropriate

        Please not only for SSL-VPN its a good thing to have on all RemoteAccess Methods

      Feedback and Knowledge Base