Overview
By default, Access Server sets the VPN session timeout to 24 hours (86,100 seconds). After this time, users are disconnected and must re-authenticate.
You can adjust this timeout to determine how long a VPN session remains active before re-authentication is required.
⚠️ Important Notes:
- This only applies to server-locked and user-locked profiles.
- Auto-login profiles aren't affected, as they only use certificate-based authentication.
Prerequisites
- Use OpenVPN Connect v3.5.0 and higher
- If your Access Server uses PAM, local, RADIUS, LDAP, or PAS-only authentication, you must configure the
auth-nocachedirective.
Step 1: Check the current VPN session timeout
- Connect to your Access Server via SSH.
- Run the following commands:
sudo su
cd /usr/local/openvpn_as/scripts/
./sacli configquery | grep "vpn.server.session_expire" - If there isn't an output or result, the server is using the default value (24 hours).
Step 2: Add "auth-noache" directive (if required)
- Sign in to the Admin Web UI.
- Click Configuration > Advanced VPN.
- Under Additional OpenVPN Config Directives (Advanced) > Server Config Directives, add this line:
push "auth-nocache" - Click Save Settings and Update Running Server.
👉 If you’re using SAML authentication, you can skip this step.
Step 3: Configure the VPN session timeout
To set or change the session timeout:
- Click this link to open the VPN session timeout tutorial.
- Follow the steps in the tutorial to adjust the session token timeout.
If you have additional questions, please submit a ticket.
Comments
0 comments
Please sign in to leave a comment.