Obtain information about the logged-in users in the Openconnect VPN server.
- An IT administrator manages a Fedora server system with openconnect VPN server running as entry point for the company network. He needs to be able to see the logged-in users at any point in time, and when needed to read their VPN settings to assist with any networking issue they have.
- Need to be able to list server status (done)
- Need to be able to list users (done)
- Need to be able to obtain detailed per user information
- Need to be able to disconnect a user
- Need to be able to BAN a specific IP address
- Real-time update for user login/logout (e.g., via d-bus signal)
- Currently ocserv doesn't provide a subsystem for that; making an IPC dbus front-end may help.
- How will an admin initially setup ocserv?
- A configuration file needs to be edited (/etc/ocserv/ocserv.conf) and after that with systemctl enable.
- What are the various actions that the admin should be able to perform on the list of users?
- Kill connection, BAN IP address (blocking a specific user does depend on the backend used - e.g., PAM, so it cannot be part of the web interface unless we integrate with a single backend only)
- Should we provide a link to documentation on how to configure various clients to connect to this VPN server? Perhaps a simple summary connection settings could be inline in Cockpit?
- For the majority of the use cases ocserv would work if the authentication method and a network for the VPN is specified. There is rolekit attempt but will be limited to sssd integration. The official documentation is here