Page 1 of 1
whenever user is authenticating at that time the already connected users are getting 1-2 sec delay
Posted: Tue Mar 09, 2021 6:28 am
by ashwanikp42
Hi Team,
We have OpenVPN-CE setup in azure VM and also we integrated Google LDAP for authentication, But the problem we are facing now is whenever a user is authenticating at that time the already connected users are getting 1-2 sec delay(They are like getting stuck screen in between their work)
Please help us here.
Thanks
Re: whenever user is authenticating at that time the already connected users are getting 1-2 sec delay
Posted: Wed Mar 10, 2021 8:01 am
by ashwanikp42
Team,
Any update here?
Re: whenever user is authenticating at that time the already connected users are getting 1-2 sec delay
Posted: Thu Mar 11, 2021 12:36 am
by TinCanTech
Yes, openvpn does that.
Re: whenever user is authenticating at that time the already connected users are getting 1-2 sec delay
Posted: Thu Mar 11, 2021 7:06 am
by ashwanikp42
Thanks for the responce.
Any solution for this? Actually, we have around 400+ Users in OpenVPN currently and the login logout will happens very frequently and the existing users are facing a lot of problems because of this.
Re: whenever user is authenticating at that time the already connected users are getting 1-2 sec delay
Posted: Fri Mar 12, 2021 8:15 am
by ashwanikp42
Team,
Any update here?
Re: whenever user is authenticating at that time the already connected users are getting 1-2 sec delay
Posted: Mon Mar 15, 2021 6:32 am
by ashwanikp42
Team,
Any update here?
Re: whenever user is authenticating at that time the already connected users are getting 1-2 sec delay
Posted: Mon Mar 15, 2021 2:56 pm
by TinCanTech
Openvpn is a single threaded process. If it has to wait for your back-end to authenticate users then it has to wait ..
Re: whenever user is authenticating at that time the already connected users are getting 1-2 sec delay
Posted: Tue Mar 16, 2021 7:04 am
by ashwanikp42
Is this issue will persist with OpenVPN access server?
Can we run multiple instances of OpenVPN process in a server? (If yes please provide the reference DOC)
Also wanted to mention that this issue was not there without G-LDAP
Re: whenever user is authenticating at that time the already connected users are getting 1-2 sec delay
Posted: Wed Mar 24, 2021 6:56 am
by ashwanikp42
Team,
Any update here?
Re: whenever user is authenticating at that time the already connected users are getting 1-2 sec delay
Posted: Wed Mar 24, 2021 4:01 pm
by ultramage
Okay, so the problem is that OpenVPN runs authentication on its main thread, synchronous / blocking mode, and this makes all traffic hang.
This is a known wontfix problem, OpenVPN instead provides an API for auth plugins to do 'deferred' asynchronous authentication.
-
https://community.openvpn.net/openvpn/ticket/222
-
https://community.openvpn.net/openvpn/ticket/585
OpenVPN ships with a single plugin, openvpn-auth-pam, which can be used for LDAP auth on linux, but async mode needs to be enabled through an environment variable. If you can make the auth work through the OS's PAM, see
https://github.com/OpenVPN/openvpn/blob ... E.auth-pam
There are third-party plugins that act as an async wrapper for auth scripts. One is mentioned here, but you'd need to write a script...
-
https://redmine.pfsense.org/issues/7905
Openvpn-auth-ldap is a third-party plugin. If that's what you're using to do ldap auth, then see
https://github.com/threerings/openvpn-a ... /issues/66 and
https://github.com/threerings/openvpn-auth-ldap/pull/67 however it seems the plugin's development has stopped in 2018.
Re: whenever user is authenticating at that time the already connected users are getting 1-2 sec delay
Posted: Thu Mar 25, 2021 1:53 am
by TinCanTech