Hi Team,
We have OpenVPN-CE setup in azure VM and also we integrated Google LDAP for authentication, But the problem we are facing now is whenever a user is authenticating at that time the already connected users are getting 1-2 sec delay(They are like getting stuck screen in between their work)
Please help us here.
Thanks
whenever user is authenticating at that time the already connected users are getting 1-2 sec delay
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
-
ashwanikp42
- OpenVpn Newbie
- Posts: 7
- Joined: Tue Mar 09, 2021 6:24 am
-
ashwanikp42
- OpenVpn Newbie
- Posts: 7
- Joined: Tue Mar 09, 2021 6:24 am
-
TinCanTech
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
-
ashwanikp42
- OpenVpn Newbie
- Posts: 7
- Joined: Tue Mar 09, 2021 6:24 am
Re: whenever user is authenticating at that time the already connected users are getting 1-2 sec delay
Thanks for the responce.
Any solution for this? Actually, we have around 400+ Users in OpenVPN currently and the login logout will happens very frequently and the existing users are facing a lot of problems because of this.
Any solution for this? Actually, we have around 400+ Users in OpenVPN currently and the login logout will happens very frequently and the existing users are facing a lot of problems because of this.
-
ashwanikp42
- OpenVpn Newbie
- Posts: 7
- Joined: Tue Mar 09, 2021 6:24 am
-
ashwanikp42
- OpenVpn Newbie
- Posts: 7
- Joined: Tue Mar 09, 2021 6:24 am
-
TinCanTech
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Re: whenever user is authenticating at that time the already connected users are getting 1-2 sec delay
Openvpn is a single threaded process. If it has to wait for your back-end to authenticate users then it has to wait ..
-
ashwanikp42
- OpenVpn Newbie
- Posts: 7
- Joined: Tue Mar 09, 2021 6:24 am
Re: whenever user is authenticating at that time the already connected users are getting 1-2 sec delay
Is this issue will persist with OpenVPN access server?
Can we run multiple instances of OpenVPN process in a server? (If yes please provide the reference DOC)
Also wanted to mention that this issue was not there without G-LDAP
Can we run multiple instances of OpenVPN process in a server? (If yes please provide the reference DOC)
Also wanted to mention that this issue was not there without G-LDAP
-
ashwanikp42
- OpenVpn Newbie
- Posts: 7
- Joined: Tue Mar 09, 2021 6:24 am
-
ultramage
- OpenVpn Newbie
- Posts: 4
- Joined: Wed Mar 24, 2021 8:03 am
Re: whenever user is authenticating at that time the already connected users are getting 1-2 sec delay
Okay, so the problem is that OpenVPN runs authentication on its main thread, synchronous / blocking mode, and this makes all traffic hang.
This is a known wontfix problem, OpenVPN instead provides an API for auth plugins to do 'deferred' asynchronous authentication.
- https://community.openvpn.net/openvpn/ticket/222
- https://community.openvpn.net/openvpn/ticket/585
OpenVPN ships with a single plugin, openvpn-auth-pam, which can be used for LDAP auth on linux, but async mode needs to be enabled through an environment variable. If you can make the auth work through the OS's PAM, see https://github.com/OpenVPN/openvpn/blob ... E.auth-pam
There are third-party plugins that act as an async wrapper for auth scripts. One is mentioned here, but you'd need to write a script...
- https://redmine.pfsense.org/issues/7905
Openvpn-auth-ldap is a third-party plugin. If that's what you're using to do ldap auth, then see https://github.com/threerings/openvpn-a ... /issues/66 and https://github.com/threerings/openvpn-auth-ldap/pull/67 however it seems the plugin's development has stopped in 2018.
This is a known wontfix problem, OpenVPN instead provides an API for auth plugins to do 'deferred' asynchronous authentication.
- https://community.openvpn.net/openvpn/ticket/222
- https://community.openvpn.net/openvpn/ticket/585
OpenVPN ships with a single plugin, openvpn-auth-pam, which can be used for LDAP auth on linux, but async mode needs to be enabled through an environment variable. If you can make the auth work through the OS's PAM, see https://github.com/OpenVPN/openvpn/blob ... E.auth-pam
There are third-party plugins that act as an async wrapper for auth scripts. One is mentioned here, but you'd need to write a script...
- https://redmine.pfsense.org/issues/7905
Openvpn-auth-ldap is a third-party plugin. If that's what you're using to do ldap auth, then see https://github.com/threerings/openvpn-a ... /issues/66 and https://github.com/threerings/openvpn-auth-ldap/pull/67 however it seems the plugin's development has stopped in 2018.
-
TinCanTech
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm