|
@@ -1,10 +1,5 @@
|
|
|
# A connection handler to check if somebody is already connected to the VPN, and if so, to disconnect them.
|
|
|
#
|
|
|
-# WARNING: As of Dec 2021, the 'disconnect' option causes more trouble than it's worth. If two systems are connected,
|
|
|
-# this software will jsut cause them to alternate back and forth, causing problems for both connections.
|
|
|
-# A future revision might do something like track attempts, to prevent such a thing, so I'm keeping the
|
|
|
-# more complicated version around for reference.
|
|
|
-#
|
|
|
# References:
|
|
|
# https://docs.aws.amazon.com/vpn/latest/clientvpn-admin/connection-authorization.html
|
|
|
# https://aws.amazon.com/blogs/networking-and-content-delivery/enforcing-vpn-access-policies-with-aws-client-vpn-connection-handler/
|
|
@@ -37,6 +32,7 @@
|
|
|
#
|
|
|
# Changelog:
|
|
|
# 2021-Dec - Initial Version by Fred Damstra
|
|
|
+# 2022-Mar - Reenabling the 'disconnect existing session' option
|
|
|
|
|
|
import boto3
|
|
|
import boto3.session
|
|
@@ -45,10 +41,7 @@ import json
|
|
|
import logging
|
|
|
|
|
|
# Configuration
|
|
|
-DISCONNECT_EXISTING=False # The client automatically reconnects. Best we can do is not allow new connections.
|
|
|
-# In practice, having this set to 'True' doesn't work well. If there are two devices that are trying to connect
|
|
|
-# to the VPN, both will try to connect, alternating disconnects back and forth. Running in 'False' mode leaves
|
|
|
-# the first one connected and refuses the second connection.
|
|
|
+DISCONNECT_EXISTING=True # The client automatically reconnects, so if two devices _are_ connected, it will swap back and forth between the two.
|
|
|
|
|
|
# Globals
|
|
|
client = None
|