QueuePool limit of size 5 overflow 10 reached

Business solution to host your own OpenVPN server with web management interface and bundled clients.
Post Reply
chort1
OpenVPN User
Posts: 27
Joined: Tue Mar 01, 2022 12:24 pm

QueuePool limit of size 5 overflow 10 reached

Post by chort1 » Mon Apr 17, 2023 8:02 am

Sometimes users are unable to log in, and I get a lot of these messages in openvpnas.log

Code: Select all

2023-04-17T09:32:05+0200 [stdout#info] VPN Auth Failed: 'QueuePool limit of size 5 overflow 10 reached, connection timed out, timeout 30 (Background on this error at: http://sqlalche.me/e/13/3o7r): omi/auth:551,omi/auth:596,util/delegate:27,db/db:1643,db/dbretry:52,db/dbretry:50,db/db:1643,db/db:1593,db/db:1041,orm/query:3429,orm/query:3203,orm/query:3535,orm/query:3557,orm/query:3572,orm/query:3550,orm/session:1145,orm/session:1151,orm/session:433,engine/base:2302,engine/base:2336,pool/base:364,pool/base:778,pool/base:495,pool/impl:132 (sqlalchemy.exc.TimeoutError)' [None]
I'm guessing this is caused by a sudden burst of login attempts, though a limit of 5 connections to the db seems a bit restrictive. Is it possible to increase this number, for example in as.conf?

chort1
OpenVPN User
Posts: 27
Joined: Tue Mar 01, 2022 12:24 pm

Re: QueuePool limit of size 5 overflow 10 reached

Post by chort1 » Mon Apr 17, 2023 12:44 pm

I submitted a ticket and learned about a config parameter to increase the db connection limit:

Code: Select all

mysql.max_overflow
which should be set higher than the

Code: Select all

auth.module.max_parallel
parameter to avoid congestions towards the db

User avatar
openvpn_inc
OpenVPN Inc.
Posts: 1333
Joined: Tue Feb 16, 2021 10:41 am

Re: QueuePool limit of size 5 overflow 10 reached

Post by openvpn_inc » Tue May 16, 2023 11:31 am

Hello chort1 and future readers of this thread,

'limit of size 5 overflow 10' means a total of 15 connections. But it can still not be enough in certain cases.

It is a fairly new setting and is now in our documentation as well;
https://openvpn.net/vpn-server-resource ... epool-size

The issue is basically caused by too many authentication sessions going on at the same time, which can be exacerbated by a slow authentication process or server (for example, out-of-band MFA making the authentication session hang until the user performs an action to confirm the login). These settings allow to increase the amount of authentication threads and consequent required database connections (for looking up user specific information). This will most likely be noticed with slow authentication processes and a flood of reconnects after a restart of an actively used Access Server.

Kind regards,
Johan
Image OpenVPN Inc.
Answers provided by OpenVPN Inc. staff members here are provided on a voluntary best-effort basis, and no rights can be claimed on the basis of answers posted in this public forum. If you wish to get official support from OpenVPN Inc. please use the official support ticket system: https://openvpn.net/support

Post Reply