Ability to limit the number of devices using an access key at the same time

[thelonious89]

Is there a built-in fix yet for limiting concurrent sessions? Similar to this request here: https://github.com/Jigsaw-Code/outline-server/issues/32#issuecomment-379418574

It’s important as one part of an access protocol in a security regime.

[fortuna]

Do you mean the number of different devices using an access key? Could you clarify why you need that?

[thelonious89]

Yes, the number of different devices using an access key at the same time. It's important because:

1. if the confidentiality of the keys are broken, then at least we can limit access. So if I give employee Bob the key to put on his company device, he cannot share it with Alice's device.
2. Track the bandwidth and usage better, so I know it's all coming from 1 device rather than maybe an entire office of machines.

Thank you~

[fortuna]

Thanks for the feedback. We are looking into implementing features to allow admins to control access to their servers.

We are currently focused on implementing quotas, but we'll consider this after that.

[thelonious89]

Excellent thank you. Yes quotas are actually the best ultimate way to stop bandwidth abuse because even one user can fry the lines. So working on quotas should be the first priority.

[remagio]

Any updates about this features request...?

[HosseyNJF]

This feature is really needed...

[fortuna]

FYI, data limits has launched already. We may tweak it a bit. W are focused on server resilience, making sharing easier and adding more cloud providers. Limiting concurrent connections is something we've thought about, but it's not in the immediate roadmap.

[HosseyNJF]

@fortuna I like to contribute to this feature because I need it personally. could you give me a little guidance so that I can start developing the feature?

[halpro]

Hello team, this is really annoying that the entire world is asking you to implement this single essential feature for YEARS BUT you continue to polish the UI.

[crash481]

@halpro we can only ask developers to do it. Show respect and gratitude to the developers for making it OpenSource or contribute and make it yourself

@fortuna Also I vote that this will be a good feature, for example to control how much bandwidth this key can take. For example:

1. I have 2 profile keys. First for me, and second I shared
2. I logically believe, that I will share half of bandwidth in moment if we use it in parallel.
3. Second user install this key on 10 different devices and ever shared it to another man. So bandwidth in moment now shared not for 2 devices, but for 11 or more. And I ever cannot track it or restrict
4. If this feature will be implemented - I will select that this key can be used only by one device same time and problem is solved

Also will be nice to configure it via API

[crash481]

@HosseyNJF did you contributed and have some success on implement it?

[HosseyNJF]

@crash481 I did try, but it is impractical at best. The best method is to limit by IP count (prevent more than 2 IPs from using the service simultaneously), but I don't have the resources and time to develop it. :(

[BolshakovEvgeniy]

@crash481 I did try, but it is impractical at best. The best method is to limit by IP count (prevent more than 2 IPs from using the service simultaneously), but I don't have the resources and time to develop it. :(

IP count isn't best method, cause different devices with same key can be hidden under NAT, for example.

The best method, in my opinion, is to simply add an incremental counter (or even a boolean flag) and break the connection if it's set to some value. Thus, the first connected user sets the flag to the "busy" state, the second and subsequent ones receive a connection break.