It is possible to blacklist user names, certificates and IP addresses based on number of failed attempts. The following parameters defines the limits of how many attempts you are willing to allow before blacklisting them. These settings are also described in Section 4.3.4, “Failed attempts limits”.
A.2.2.1. allow_cert_attempts
Defines the number of attempts of failed login attempts you allow before you will blacklist the OpenVPN clients cerrtificate. This number should normally be higher than allow_username_attempts. Default is 5.
