OpenVPN want to force client disconnect after x hours

[BreadPJ]

On my OpenVPN instance running on OPNsense I want to have a server-side setting that kicks clients off the VPN after x hours, and then requires the client user to re-authenticate to get back on the VPN. I want it to kick off the client regardless of activity.

In my OpenVPN logs I see that keys are being re-negotiated for each client connected every 60 minutes, but the connection from the client side is continuous, there is no broken connection and no prompt to re-auth, basically forever :(

Is there a standard or best way to achieve what I want here?