Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Ave_Joe
Contributor
Jump to solution

Log out designated RA VPN users

Good day everyone.

I am looking for advise on the best way to force designated RA User VPN users off of VPN.

The requirement is to force the user offline in such a way that they would have to authenticate again to (or not to) gain VPN access again.

In this use case the backend authentication is completed via AD.  In testing disabling the user AD account does not automatically disconnect their VPN session.

Thoughts?

 

0 Kudos
1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin
You can use RAsession_util (a CLI-based tool) for this.
However, it is OFF by default and requires a cprestart in order to activate it.

View solution in original post

0 Kudos
2 Replies
PhoneBoy
Admin
Admin
You can use RAsession_util (a CLI-based tool) for this.
However, it is OFF by default and requires a cprestart in order to activate it.
0 Kudos
JozkoMrkvicka
Mentor
Mentor

1. Find user's source IP of his/her workstation

2. Go to the gateway where the user is connected and needs to be disconnected

3. Issue command "vpn tu"

4. Delete all IPsec+IKE SAs for a given User (Client)

5. Repeat steps 2-4 for all relevant gateways

6. User is disconnected from all desired gateways

Kind regards,
Jozko Mrkvicka
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events