prevent same usr account to connect from 2 different device?

[mhamdy55]

hi
I wanna know

Now is there any way to prevent same user account to connect from two different device at same time in L2TP/IPSec connection
thanks a lot

[moatazelmasry]

In the user policy, set the "MAX IP" or "MaxMac" to 1

But if that user is connecting from via WiFi through some router and using many devices, this will probably not work, as all the devices will have the same IP and the same MAC (router mac)

[keshar.devops]

mhamdy55 wrote:
> hi
> I wanna know
>
> Now is there any way to prevent same user account to connect from two
> different device at same time in L2TP/IPSec connection
> thanks a lot

I Think you can use this option

Users with this policy setting are unable to have more than this number of concurrent logins.
Bridge Mode sessions are not subjects to this policy.
This security policy is only available on VPN Server 3.0 or greater, or
VPN Server 2.0 with the multi-login restriction function.
for That
Manager VPN server
select hub
Manage Virtual Hub
Click Manage users
select user
click Edit
check Set Security Policy >> Security Policy
select Maximum Number of Multiple Logins
and Give Value

[mhamdy55]

Oh thanks Kesha


but when I login using GUI always hang and server down , so I'm using command line ,

could you please give me a hand how to achieve it using CLI

thanks a lot

[mhamdy55]

moatazelmasry wrote:
> In the user policy, set the "MAX IP" or "MaxMac" to 1
>
> But if that user is connecting from via WiFi through some router and using
> many devices, this will probably not work, as all the devices will have the
> same IP and the same MAC (router mac)

thanks Moataz , could u please tell me how I gonna use it by Cli ,

GUI , doesn't work well , hang and then server down , lost Ping to server ,

thanks a lot

[moatazelmasry]

/opt/vpnserver/vpncmd {HOST}:{PORT} /SERVER /HUB:{HUB_NAME} /PASSWORD:{YOURPASSWORD} /CMD UserPolicySet {USERNAME} /NAME:MAXIP /VALUE:1

I agree with keshar.devops that the better option is "Maximum Number of Multiple Logins" but I don't see this option available through the CLI when I type "PolicyList"

Cheers

[mhamdy55]

keshar.devops wrote:
> mhamdy55 wrote:
> > hi
> > I wanna know
> >
> > Now is there any way to prevent same user account to connect from two
> > different device at same time in L2TP/IPSec connection
> > thanks a lot
>
> I Think you can use this option
>
> Users with this policy setting are unable to have more than this number of concurrent
> logins.
> Bridge Mode sessions are not subjects to this policy.
> This security policy is only available on VPN Server 3.0 or greater, or
> VPN Server 2.0 with the multi-login restriction function.
> for That
> Manager VPN server
> select hub
> Manage Virtual Hub
> Click Manage users
> select user
> click Edit
> check Set Security Policy >> Security Policy
> select Maximum Number of Multiple Logins
> and Give Value



I did it I se the value to 1 , but still can use 2 devices to login with same account :(

[mhamdy55]

moatazelmasry wrote:
> /opt/vpnserver/vpncmd {HOST}:{PORT} /SERVER /HUB:{HUB_NAME}
> /PASSWORD:{YOURPASSWORD} /CMD UserPolicySet {USERNAME} /NAME:MAXIP /VALUE:1
>
> I agree with keshar.devops that the better option is "Maximum Number
> of Multiple Logins" but I don't see this option available through the
> CLI when I type "PolicyList"
>
> Cheers

I follow this way in the cli ,
set the value to 1 , but the user still can login in 2 different devices as before

[mhamdy55]

its work ,
example

if u login now at u home using user and password

u friend want to login it will show him server doesn't response

2 diffrent ip will not login

but if u login from iPhone and u windows pc from same location will login

only different location will not work

what I did is


1- create Group
2-add user to the group
3-set the group policy set
multilogins =1

done

so from same ip multilogin work

from different ip multi login will fail

thanks guys,

and if there is any other work to stop multi login from same ip , please explain it

thanks guys