Linux : How to change the OpenVPN lockout time policy

By | May 22, 2020

By default, OpenVPN has 15 minutes timeout lockout policy for consecutive unsuccessful authentication attempt (whatever you are using Local, PAM or LDAP authentication). If you want to change it to shorter or longer time period, follow these easy steps below :

1. Push the new timeout value to the configuration using this command (this example assume you want to change it to 5 minutes (300 seconds) :

./usr/local/openvpn_as/scripts/sacli --key "vpn.server.lockout_policy.reset_time" --value "300" ConfigPut

2. Then start the sacli service (which will either start or restart depending on the current state) :

./usr/local/openvpn_as/scripts/sacli start

NOTE : This action can be performed without impacting the currently logged in users.