getnuserz 0 Posted ... Hello, I am a AirVPN user and I like it very much. I have a question about the infrastructure of the AirVPN servers though. I have read in this forum that the VPN servers do not keep a database or any kind of user data, and instead send a message to a back-end server when a new VPN connection request comes in. The back-end server has a centrelized database on it, with a table of active_sessions among others, and the back-end server sends a reply back to the VPN server after checking some information (nr of sessions among others). This reply from the back-end server to the VPN server, basically has a ALLOW or DENY message, it is used to let the VPN server know if the VPN connection request should be allowed or denied. My question is this: does OpenVPN daemon software has the possibility to make use of external software (programs/scripts) during a connection request? So that when a connection request comes in, OpenVPN service forwards this request to an external script/program so that this external script/program can send a message to a back-end server? If it does not have this possibility, how are you sending a request to a back-end server? Or are you listening on the 80, 445 etc ports on the VPN servers by using a different daemon (not OpenVPN) software, and only after the query message forwarding the reply from the back-end to OpenVPN daemon? I hope you will be able to explain, because I am not sure that OpenVPN has this option by defuault. Thank you for your answer! Quote Share this post Link to post
zhang888 1066 Posted ... I will try to explain this in general, part of it can be used by Air's infrastructure and part is used on another providers.OpenVPN supports a few authentication backends, some most common ones are RADIUS and OpenLDAP.For the sake of simplicity, let's call them databases that store all the client info, among other things.That means that after each connection, the VPN node will initiate a query to those backends and check your session params.That is the ALLOW/DENY you are talking about. Ofcourse a centralized database of all the users, their allowed sessions mustexist, but not on each VPN node. Quote Hide zhang888's signature Hide all signatures Occasional moderator, sometimes BOFH. Opinions are my own, except when my wife disagrees. Share this post Link to post