OpenVPN Support Forum

Community Support Forum
https://forums.openvpn.net/

QueuePool limit of size 5 overflow 10 reached

https://forums.openvpn.net/viewtopic.php?t=35622

Page 1 of 1

QueuePool limit of size 5 overflow 10 reached

Posted: Mon Apr 17, 2023 8:02 am
by chort1
Sometimes users are unable to log in, and I get a lot of these messages in openvpnas.log

Code: Select all

2023-04-17T09:32:05+0200 [stdout#info] VPN Auth Failed: 'QueuePool limit of size 5 overflow 10 reached, connection timed out, timeout 30 (Background on this error at: http://sqlalche.me/e/13/3o7r): omi/auth:551,omi/auth:596,util/delegate:27,db/db:1643,db/dbretry:52,db/dbretry:50,db/db:1643,db/db:1593,db/db:1041,orm/query:3429,orm/query:3203,orm/query:3535,orm/query:3557,orm/query:3572,orm/query:3550,orm/session:1145,orm/session:1151,orm/session:433,engine/base:2302,engine/base:2336,pool/base:364,pool/base:778,pool/base:495,pool/impl:132 (sqlalchemy.exc.TimeoutError)' [None]
I'm guessing this is caused by a sudden burst of login attempts, though a limit of 5 connections to the db seems a bit restrictive. Is it possible to increase this number, for example in as.conf?

Re: QueuePool limit of size 5 overflow 10 reached

Posted: Mon Apr 17, 2023 12:44 pm
by chort1
I submitted a ticket and learned about a config parameter to increase the db connection limit:

Code: Select all

mysql.max_overflow
which should be set higher than the

Code: Select all

auth.module.max_parallel
parameter to avoid congestions towards the db

Re: QueuePool limit of size 5 overflow 10 reached

Posted: Tue May 16, 2023 11:31 am
by openvpn_inc
Hello chort1 and future readers of this thread,

'limit of size 5 overflow 10' means a total of 15 connections. But it can still not be enough in certain cases.

It is a fairly new setting and is now in our documentation as well;
https://openvpn.net/vpn-server-resource ... epool-size

The issue is basically caused by too many authentication sessions going on at the same time, which can be exacerbated by a slow authentication process or server (for example, out-of-band MFA making the authentication session hang until the user performs an action to confirm the login). These settings allow to increase the amount of authentication threads and consequent required database connections (for looking up user specific information). This will most likely be noticed with slow authentication processes and a flood of reconnects after a restart of an actively used Access Server.

Kind regards,
Johan
All times are UTC
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/