VPN in Mac OS X Server (all versions, I think) allows users to have as many sessions from as many different computers as they want to the VPN server. I didn't like this, so I tried to find a way to restrict them to only one session. I tried looking at plists, thinking maybe Apple had some hidden option for this, but I couldn't find it. I then dug around in man files for vpn and pppd and such, and found something of interest in pppd's man page:
After some more man reading, I found this command with grep to do just that:
/etc/ppp/auth-upGreat! All I need now is some code and a way to find out which users are currently online.
A program or script which is executed after the remote system successfully authenticates itself. It is executed with the parameters:
interface-name peer-name user-name tty-device speed
Note that this script is not executed if the peer doesn't authenticate itself, for example when the noauth option is used.
After some more man reading, I found this command with grep to do just that:
serveradmin command vpn:command = getConnectedUsers | grep -G "vpn:ConnectedUsers:_array_index:[[:xdigit:]]*:name"
Then I made the script. Copy and paste this into the file /private/etc/ppp/auth-down:
What the script does is to check if the user who just logged in is already logged in. If he is, we kill his connection. Yes, it's a little dirty, but it works great. Please comment on this if you have a better way to do it, or improvements to the above script.
•
[10,338 views]

