Jump to content
Not connected, Your IP:
Sign in to follow this  

OpenVPN daemon back-end server query

Recommended Posts

Hello, I am a AirVPN user and I like it very much. I have a question about the infrastructure of the AirVPN servers though.


I have read in this forum that the VPN servers do not keep a database or any kind of user data, and instead send a message to a back-end server when a new VPN connection request comes in. The back-end server has a centrelized database on it, with a table of active_sessions among others, and the back-end server sends a reply back to the VPN server after checking some information (nr of sessions among others). This reply from the back-end server to the VPN server, basically has a ALLOW or DENY message, it is used to let the VPN server know if the VPN connection request should be allowed or denied.


My question is this: does OpenVPN daemon software has the possibility to make use of external software (programs/scripts) during a connection request? So that when a connection request comes in, OpenVPN service forwards this request to an external script/program so that this external script/program can send a message to a back-end server?


If it does not have this possibility, how are you sending a request to a back-end server? Or are you listening on the 80, 445 etc ports on the VPN servers by using a different daemon (not OpenVPN) software, and only after the query message forwarding the reply from the back-end to OpenVPN daemon?


I hope you will be able to explain, because I am not sure that OpenVPN has this option by defuault. Thank you for your answer!

Share this post

Link to post

I will try to explain this in general, part of it can be used by Air's infrastructure and part is used on another providers.

OpenVPN supports a few authentication backends, some most common ones are RADIUS and OpenLDAP.

For the sake of simplicity, let's call them databases that store all the client info, among other things.

That means that after each connection, the VPN node will initiate a query to those backends and check your session params.

That is the ALLOW/DENY you are talking about. Ofcourse a centralized database of all the users, their allowed sessions must

exist, but not on each VPN node.

Occasional moderator, sometimes BOFH. Opinions are my own, except when my wife disagrees.

Share this post

Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Security Check
    Play CAPTCHA Audio
    Refresh Image
Sign in to follow this  

  • Create New...