Radius timeout Access Server 2.5

Business solution to host your own OpenVPN server with web management interface and bundled clients.
Post Reply
clegga
OpenVpn Newbie
Posts: 2
Joined: Wed Dec 05, 2018 4:35 am

Radius timeout Access Server 2.5

Post by clegga » Wed Dec 05, 2018 4:44 am

Hi

I have a virtual appliance version 2.5 using radius for authentication. Radius is via NPS on a Windows server with the Azure NPS plugin for MFA installed. Users are processing a push notification on their device to accept the MFA challenge via the radius server.

For the most part this works, but occasionally for some users the MFA challenge takes longer than usual and in this circumstance the radius authentication times out. Usually if the user repeats the process, it then goes through.

I have done much research on how to modify the radius timeout via the CLI (there is no GUI option) or a config file, but everything I find seems to refer to config structures that are not present on this access server (e.g server.conf and radiusplugin.cnf which do not exist - this version appears to store radius configuration in a database config.db)

Is there a way to configure the radius retries and timeout in this version of access server?

Aaron

User avatar
novaflash
OpenVPN Inc.
Posts: 1071
Joined: Fri Apr 13, 2012 8:43 pm

Re: Radius timeout Access Server 2.5

Post by novaflash » Wed Dec 05, 2018 9:05 am

I'm reasonably certain there are no configurable options for that at this time, sorry. If I find any different I'll post here.

jjensen
OpenVpn Newbie
Posts: 1
Joined: Wed Oct 21, 2020 10:40 am

Re: Radius timeout Access Server 2.5

Post by jjensen » Wed Oct 21, 2020 10:41 am

I am seeing the exact same issue on the exact same setup. Any news or resolution to this?

mouseymoo
OpenVpn Newbie
Posts: 1
Joined: Tue Oct 27, 2020 9:04 pm

Re: Radius timeout Access Server 2.5

Post by mouseymoo » Tue Oct 27, 2020 10:11 pm

I've also just spent hours trying to figure out a solution for this. There doesn't seem to be a way to add a key to change the equivalent of "–connect-retry-max n" or "–connect-retry n [max]" with a normal server configuration file. My understanding is that the Access Server uses a database on the fly versus the traditional server config file. The closest thing i've found in the documentation is for the "Authentication failure lockout policy" but this is not what is needed. It's when a user reconnects and doesn't reach the MFA in time before getting locked out.

wander
OpenVpn Newbie
Posts: 1
Joined: Fri Feb 19, 2021 8:02 am

Re: Radius timeout Access Server 2.5

Post by wander » Fri Feb 19, 2021 8:05 am

Support helped me :D
I also configured the server to allow multiple sessions per user.

#go to scripts folder
cd /usr/local/openvpn_as/scripts/

#check server timeout
./sacli configquery | grep "auth.radius.0.per_server_timeout"

#change server time out and update running server
.scripts/confdba -mk auth.radius.0.per_server_timeout -v 60
./sacli start

User avatar
openvpn_inc
OpenVPN Inc.
Posts: 35
Joined: Tue Feb 16, 2021 10:41 am

Re: Radius timeout Access Server 2.5

Post by openvpn_inc » Fri Feb 19, 2021 6:36 pm

Hi wander,

Thanks for updating - yes that function is now present! :)

Kind regards,
Johan
Image OpenVPN Inc.
Answers provided by OpenVPN Inc. staff members here are provided on a voluntary best-effort basis, and no rights can be claimed on the basis of answers posted in this public forum. If you wish to get official support from OpenVPN Inc. please use the official support ticket system: https://openvpn.nets/support

Post Reply