海外区使用AWS Client VPN设置超时时间主动断开服务

AWS Client VPN是用于海外员工访问海外AWS云上资源的主要方式。之前做过配置手册效果演示视频两个素材,请点击这以上链接跳转。

AWS Client VPN按照连接的用户数和时长收费。AWS Client VPN默认24小时断开,并且此参数不支持在AWS控制台上调整。Anyway,此参数可以使用配置文件调整。方法如下。

当使用Client VPN过程中为新的用户生成配置文件时候,先不要直接发配置文件给最终用户,而是编辑它并在其中中加入如下一条:

inactive 3600

现在将这个配置文件保存。这表示闲置3600秒后断线。然后将这个配置文件导入AWS Client VPN客户端使用。由此即可实现超时主动由客户端断开。

参考文档:

--inactive n [bytes]
    Causes OpenVPN to exit after n seconds of inactivity on the TUN/TAP device. The time length of inactivity is measured since the last incoming or outgoing tunnel packet. The default value is 0 seconds, which disables this feature.If the optional bytes parameter is included, exit if less than bytes of combined in/out traffic are produced on the tun/tap device in n seconds.

    In any case, OpenVPN's internal ping packets (which are just keepalives) and TLS control packets are not considered "activity", nor are they counted as traffic, as they are used internally by OpenVPN and are not an indication of actual user activity.

参考文档:

https://openvpn.net/community-resources/reference-manual-for-openvpn-2-4/