Solved: Log out designated RA VPN users

Ave_Joe · ‎2020-04-02

Good day everyone.

I am looking for advise on the best way to force designated RA User VPN users off of VPN.

The requirement is to force the user offline in such a way that they would have to authenticate again to (or not to) gain VPN access again.

In this use case the backend authentication is completed via AD. In testing disabling the user AD account does not automatically disconnect their VPN session.

Thoughts?

PhoneBoy · ‎2020-04-04

You can use RAsession_util (a CLI-based tool) for this.
However, it is OFF by default and requires a cprestart in order to activate it.

View solution in original post

PhoneBoy · ‎2020-04-04

You can use RAsession_util (a CLI-based tool) for this.
However, it is OFF by default and requires a cprestart in order to activate it.

JozkoMrkvicka · ‎2020-04-04

1. Find user's source IP of his/her workstation

2. Go to the gateway where the user is connected and needs to be disconnected

3. Issue command "vpn tu"

4. Delete all IPsec+IKE SAs for a given User (Client)

5. Repeat steps 2-4 for all relevant gateways

6. User is disconnected from all desired gateways

Kind regards,
Jozko Mrkvicka

Are you a member of CheckMates?

Log out designated RA VPN users