[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Radiusplugin-users] OpenVPN crashes when radius server is unreachab
|
From: |
Ralf Lübben |
|
Subject: |
Re: [Radiusplugin-users] OpenVPN crashes when radius server is unreachable (v2.0c) |
|
Date: |
Thu, 2 Apr 2009 08:27:42 +0200 |
Good morning,
did your setup work before or have you changed anything?
Anyway, I'm not sure about the problem, because I can't read the log file. The
mailing list says "Logfile removed for privacy reasons on public mailing list
post." Can you send it to me?
But one idea is:
One problem of the old plugin architecture is that OpenVPN waits for the
response of the plugin and stalls. In your case especially for a lot of
reconnects the OpenVPN process blocks all the time.
Luckily the new beta version of the plugin implements deferred authentication,
so that OpenVPN doesn't wait for the result.
Please try http://www.nongnu.org/radiusplugin/radiusplugin_v2.1_beta.tar.gz
and add in your plugin config useauthcontrolfile=true .
But still OpenVPN blocks for the events and CONNECT and DISCONNECT, but the
most frequent event is normally authentication. The best would be to reduce
the high delay of your radius server.
Maybe the idea helps.
Ralf
On Thursday 02 April 2009 05:03:45 William Cooley wrote:
> The log file wasn't too helpful. You could try to increase the openvpn
> verb level.
> It would probably be better if you setup another openvpn server for
> debugging. To duplicate the problem simply add an iptables drop rule for
> the radius server ip. If openvpn does not freeze there might be a
> problem with your production box.
>
> Also you might just want to wait and see what Ralf has to say about all
> this. I think he might be in the GMT +1 time zone so be patient.
>
> Jan Mulders wrote:
> > They do not show any errors at the time when openvpn freezes, but an
> > 'auth failed' message is shown further up.
> >
> > Here is a selected portion of the logs, showing the initial auth
> > failure, the subsequent flood of tls failures, the flood of clients
> > trying to connect again, another auth failure, and the subsequent
> > lockup point. (look for the ..., they seperate the sections).
> >
> > Logfile removed for privacy reasons on public mailing list post.
> >
> > 2009/4/2 William Cooley <address@hidden <mailto:address@hidden>>
> >
> > Do your openvpn logs report any errors?
> >
> > Jan Mulders wrote:
> >
> > Hello everyone,
> >
> > I'm having some problems with an existing large installation
> > of openvpn+radiusplugin.
> >
> > Whenever the RADIUS server times out in responding to a
> > request (it can sometimes take up to 3-4 seconds to reply),
> > the entire OpenVPN process freezes and requires a kill -9 to
> > terminate.
> >
> > Here is what my config file looks like:
> >
> > NAS-Identifier=server4
> > Service-Type=5
> > Framed-Protocol=1
> > NAS-Port-Type=5
> > NAS-IP-Address=11.11.11.11
> > OpenVPNConfig=/etc/openvpn/server.conf
> > #vsascript=/etc/openvpn/vsascript.pl
> > subnet=255.255.255.0
> > server
> > {
> > acctport=1813
> > authport=1812
> > name=22.22.22.22
> > retry=10
> > wait=4
> > sharedsecret=secret
> > }
> >
> > Can anyone help me work out why this is happening, and how to
> > stop it?
> >
> > Thanks,
> >
> > Jan
> >
> >
> > ------------------------------------------------------------------------
> >
> > _______________________________________________
> > Radiusplugin-users mailing list
> > address@hidden
> > <mailto:address@hidden>
> > http://lists.nongnu.org/mailman/listinfo/radiusplugin-users
> >
> >
> >
> > ------------------------------------------------------------------------
> >
> > _______________________________________________
> > Radiusplugin-users mailing list
> > address@hidden
> > http://lists.nongnu.org/mailman/listinfo/radiusplugin-users
>
> _______________________________________________
> Radiusplugin-users mailing list
> address@hidden
> http://lists.nongnu.org/mailman/listinfo/radiusplugin-users