Hi
I have a virtual appliance version 2.5 using radius for authentication. Radius is via NPS on a Windows server with the Azure NPS plugin for MFA installed. Users are processing a push notification on their device to accept the MFA challenge via the radius server.
For the most part this works, but occasionally for some users the MFA challenge takes longer than usual and in this circumstance the radius authentication times out. Usually if the user repeats the process, it then goes through.
I have done much research on how to modify the radius timeout via the CLI (there is no GUI option) or a config file, but everything I find seems to refer to config structures that are not present on this access server (e.g server.conf and radiusplugin.cnf which do not exist - this version appears to store radius configuration in a database config.db)
Is there a way to configure the radius retries and timeout in this version of access server?
Aaron
Radius timeout Access Server 2.5
-
- OpenVpn Newbie
- Posts: 2
- Joined: Wed Dec 05, 2018 4:35 am
- novaflash
- OpenVPN Inc.
- Posts: 1073
- Joined: Fri Apr 13, 2012 8:43 pm
Re: Radius timeout Access Server 2.5
I'm reasonably certain there are no configurable options for that at this time, sorry. If I find any different I'll post here.
I'm still alive, just posting under the openvpn_inc alias now as part of a larger group.
-
- OpenVpn Newbie
- Posts: 2
- Joined: Wed Oct 21, 2020 10:40 am
Re: Radius timeout Access Server 2.5
I am seeing the exact same issue on the exact same setup. Any news or resolution to this?
-
- OpenVpn Newbie
- Posts: 1
- Joined: Tue Oct 27, 2020 9:04 pm
Re: Radius timeout Access Server 2.5
I've also just spent hours trying to figure out a solution for this. There doesn't seem to be a way to add a key to change the equivalent of "–connect-retry-max n" or "–connect-retry n [max]" with a normal server configuration file. My understanding is that the Access Server uses a database on the fly versus the traditional server config file. The closest thing i've found in the documentation is for the "Authentication failure lockout policy" but this is not what is needed. It's when a user reconnects and doesn't reach the MFA in time before getting locked out.
-
- OpenVpn Newbie
- Posts: 1
- Joined: Fri Feb 19, 2021 8:02 am
Re: Radius timeout Access Server 2.5
Support helped me
I also configured the server to allow multiple sessions per user.
#go to scripts folder
cd /usr/local/openvpn_as/scripts/
#check server timeout
./sacli configquery | grep "auth.radius.0.per_server_timeout"
#change server time out and update running server
.scripts/confdba -mk auth.radius.0.per_server_timeout -v 60
./sacli start
I also configured the server to allow multiple sessions per user.
#go to scripts folder
cd /usr/local/openvpn_as/scripts/
#check server timeout
./sacli configquery | grep "auth.radius.0.per_server_timeout"
#change server time out and update running server
.scripts/confdba -mk auth.radius.0.per_server_timeout -v 60
./sacli start
- openvpn_inc
- OpenVPN Inc.
- Posts: 1333
- Joined: Tue Feb 16, 2021 10:41 am
Re: Radius timeout Access Server 2.5
Hi wander,
Thanks for updating - yes that function is now present!
Kind regards,
Johan
Thanks for updating - yes that function is now present!
Kind regards,
Johan
OpenVPN Inc.
Answers provided by OpenVPN Inc. staff members here are provided on a voluntary best-effort basis, and no rights can be claimed on the basis of answers posted in this public forum. If you wish to get official support from OpenVPN Inc. please use the official support ticket system: https://openvpn.net/support
Answers provided by OpenVPN Inc. staff members here are provided on a voluntary best-effort basis, and no rights can be claimed on the basis of answers posted in this public forum. If you wish to get official support from OpenVPN Inc. please use the official support ticket system: https://openvpn.net/support
-
- OpenVpn Newbie
- Posts: 1
- Joined: Fri Mar 10, 2023 2:41 pm
Re: Radius timeout Access Server 2.5
I am having this exact issue but when I run those commands I get an error
chrish@VPN01:/usr/local/openvpn_as/scripts$ ./sacli ConfigQuery | grep "auth.radius.0.per_server_timeout"
ERROR: [Errno 2] No such file or directory: 'out/tmp-2Es7nl3p6vMm.tmp': util/options:79,sagent/sacli:510,util/file:142,util/file:137,util/file:130,util/simplefile:11 (exceptions.IOError)
I am not a linux expert but I just don't understand why I can't execute these calls when everything seems to be in the scripts folder.
UPDATE: Problem was that that sudo needed to be used and then this worked! Thanks!
chrish@VPN01:/usr/local/openvpn_as/scripts$ ./sacli ConfigQuery | grep "auth.radius.0.per_server_timeout"
ERROR: [Errno 2] No such file or directory: 'out/tmp-2Es7nl3p6vMm.tmp': util/options:79,sagent/sacli:510,util/file:142,util/file:137,util/file:130,util/simplefile:11 (exceptions.IOError)
I am not a linux expert but I just don't understand why I can't execute these calls when everything seems to be in the scripts folder.
UPDATE: Problem was that that sudo needed to be used and then this worked! Thanks!