Stop client re-connect after radius authentication failed

Need help configuring your VPN? Just post here and you'll get that help.
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
shenglong
OpenVpn Newbie
Posts: 1
Joined: Thu Mar 26, 2020 2:50 am

Stop client re-connect after radius authentication failed

Post by shenglong » Thu Mar 26, 2020 3:23 am

Hi everyone,
I have a problem with my OpenVPN server. My server setting up for end-user connect and verify with radius server
I expected that if radius authentication return fail or timeout, the OpenVPN Connect Client must show failed alert instead of retry to connect, if client keep retry to connect over and over it cause my OpenVPN stresses, and an other user can not request to connect.
I tried with:

Code: Select all

connect-retry
connect-retry-max
but not work as expected

this is my server.conf

Code: Select all

port 1194
proto udp
dev tun
plugin /etc/openvpn/radiusplugin.so /etc/openvpn/radiusplugin.cnf
ca /etc/openvpn/ca.crt
cert /etc/openvpn/server.crt
key /etc/openvpn/server.key 
dh /etc/openvpn/dh.pem
tls-auth /etc/openvpn/auth.tls 0
topology subnet
ifconfig-pool-persist /etc/openvpn/ipp.txt
server 10.210.0.0 255.255.255.0
local 192.168.9.32
push "dhcp-option DNS 192.168.9.15"
push "dhcp-option DNS 192.168.19.254"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DOMAIN x.x.com" #local domain
push "route-nopull"
push "route 192.168.9.15 255.255.255.255" #local dns
push "route 192.168.19.254 255.255.255.255" # local dns
push "route 192.168.9.0 255.255.255.0"
push "route 192.168.0.0 255.255.0.0"
duplicate-cn
cipher AES-256-CBC
tls-version-min 1.2
tls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA256:TLS-DHE-RSA-WITH-AES-128-GCM-SHA256:TLS-DHE-RSA-WITH-AES-128-CBC-SHA256
auth SHA512
auth-nocache
keepalive 10 60
persist-key
persist-tun
compress lz4-v2
push "compress lz4-v2"
daemon
log-append /var/log/openvpn.log
status /var/log/openvpn-status.log 10
verb 7
management 192.168.9.32 9999
connect-retry-max 2
connect-retry 15
push "connect-retry-max 2"
push "connect-retry 15"
sndbuf 393216
rcvbuf 393216
push "sndbuf 393216"
push "rcvbuf 393216"
tun-mtu 1400
mssfix 1360
So, the OpenVPN have any server side config option to do that ?
Thank you.

Post Reply