Session Timeout with RRAS on server 2008 r2


#1

I have duo working with 2008 r2 RRAS for vpn access but I cannot figure out how to create a day/time restrictions and session timeout. Looks like with RADIUS selected the NPS policies are ignored.

My problem is exactly like this article:
https://social.technet.microsoft.com/Forums/en-US/2eeaa31f-eb5b-4508-b060-c4535faf00b8/rras?forum=winservergen

Can anyone point me in the right direction?

I have followed these instructions to get it working thus far:


#2

I have the exact same issue on Server 2016. The session timeout is being ignored. I have the Duo Proxy Authentication software/service running on a separate server. Any way to enforce the session timeout?


#3

I found this article and at the end it says MS is aware of it and there is no fix currently.
https://social.technet.microsoft.com/Forums/en-US/113cdbd0-7368-4d7e-b860-48899eb55827/nps-as-a-radius-server65292the-network-policys-are-not-enforced-sometime?forum=winserverNAP

As a workaround, I wrote the following powershell script and configured it to run as a scheduled task on my VPN server. I have it set to run every 5 minutes. Our policy is to sever connections after 4 hours.

#Using Radius/2FA breaks NPS policy so the session policy does not work in RRAS
#This script will disconnect VPN users connected longer than 4 hours

$vpnusers = Get-RemoteAccessConnectionStatistics | where {$_.connectionduration -ge 14400} 
| select -ExpandProperty UserName
foreach($user in $vpnusers){Disconnect-VpnUser -UserName $user}

#Code for testing
#foreach($user in $vpnusers){write-host $user}

#4

jrp78,

Thanks that might be something I can work with.