How do I unlock users that are locked out now?
There is no reset command for this, so you will have to wait until the expiration timeout passes. What you can do is set the expiration timeout to 1 second, then wait 2 seconds, and then set it back to whatever the setting originally was. This effectively expires the lockout on all users on your server all at once within a second or two, and lets you log on again immediately. To do this run this set of commands shown below. Afterwards you should reconfigure your lockout policy expiration setting if it was different from the default 15 minutes lockout time. Note: all the command line tools assume you are in the /usr/local/openvpn_as/scripts/ directory and have root privileges.
Reset all lockout policy lockouts now:
./sacli --key "vpn.server.lockout_policy.reset_time" --value "1" ConfigPut ./sacli start sleep 2 ./sacli --key "vpn.server.lockout_policy.reset_time" ConfigDel ./sacli start
The lockout policy can be adjusted to match your needs. See also what is the lockout policy on Access Server for more details.