I have setup openvpn TCP and UDP on Centos7. I am using a separate Radius server for authenticating users.
My issue is after some thing openvpn UDP protocol start giving this error:
[olog]RADIUS-PLUGIN: Got no response from radius server.
Wed Sep 1 13:38:34 2021 Error: RADIUS-PLUGIN: BACKGROUND AUTH: Auth failed!.
Error ar rekeying! terminate called after throwing an instance of 'Exception'[/olog]
or sometime it give this error
[olog] Error: The User is already authenticated. He could not insert in user map. The client connect will fail. In case of rekeying this note is ok.[/olog]
and then it looks like it hangs, because i do not see any further logs coming it. defiantly if stops after a while but it does stop. then i need to restart the UDP protocol and it also takes some time like 1-2 minutes to restart.
whereas TCP protocol working fine and using same Radius server.
My configuration is:
server config
local xx.xx.xx.xx
port 4443
proto udp
dev tun16
tun-mtu 1500
mssfix
sndbuf 393216
rcvbuf 393216
push "sndbuf 393216"
push "rcvbuf 393216"
ca /opt/certificates/cacerts/ca.cert.pem
cert /opt/certificates/certs/server.cert.pem
key /opt/certificates/private/server.key.pem
dh /opt/certificates/private/dh4096.pem
tls-auth /opt/certificates/certs/tls-auth.key 0
plugin /etc/openvpn/radiusplugin.so /etc/openvpn/radius-udp.cnf
verify-client-cert none
client-cert-not-required
tls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA256:TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA:TLS-DHE-RSA-WITH-AES-256-CBC-SHA:TLS-RSA-WITH-C
cipher AES-256-CBC
duplicate-cn
topology subnet
username-as-common-name
user nobody
group nobody
server 10.16.0.0 255.255.0.0
push "redirect-gateway def1"
push "dhcp-option DNS 10.8.8.8"
push "block-outside-dns"
tls-server
keepalive 10 60
ping-timer-rem
auth sha256
reneg-sec 0
comp-lzo
persist-key
persist-tun
status /etc/openvpn/openvpn-udp-status.log 1
log-append /etc/openvpn/openvpn-udp-log.log
writepid /var/run/openvpn_udp.pid
verb 4
script-security 2
explicit-exit-notify
port 4443
proto udp
dev tun16
tun-mtu 1500
mssfix
sndbuf 393216
rcvbuf 393216
push "sndbuf 393216"
push "rcvbuf 393216"
ca /opt/certificates/cacerts/ca.cert.pem
cert /opt/certificates/certs/server.cert.pem
key /opt/certificates/private/server.key.pem
dh /opt/certificates/private/dh4096.pem
tls-auth /opt/certificates/certs/tls-auth.key 0
plugin /etc/openvpn/radiusplugin.so /etc/openvpn/radius-udp.cnf
verify-client-cert none
client-cert-not-required
tls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA256:TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA:TLS-DHE-RSA-WITH-AES-256-CBC-SHA:TLS-RSA-WITH-C
cipher AES-256-CBC
duplicate-cn
topology subnet
username-as-common-name
user nobody
group nobody
server 10.16.0.0 255.255.0.0
push "redirect-gateway def1"
push "dhcp-option DNS 10.8.8.8"
push "block-outside-dns"
tls-server
keepalive 10 60
ping-timer-rem
auth sha256
reneg-sec 0
comp-lzo
persist-key
persist-tun
status /etc/openvpn/openvpn-udp-status.log 1
log-append /etc/openvpn/openvpn-udp-log.log
writepid /var/run/openvpn_udp.pid
verb 4
script-security 2
explicit-exit-notify
Please suggest me any solution or let me know if there is any issue in my config.
Thanks in advance.