Hello, I'm using OpenVPN 2.4.4 on pfSense latest version. It's configured for road warriors using windows, mac and mobile clients.
The auth_user_pass_verify script does an LDAP authentication and works fine. I added additional code to that script for a second type of authentication, it calls the user and asks them for more information. This process works well, however it can take about 15 seconds before the script returns to the server process. Until auth_user_pass_verify returns, the OpenVPN server process passes no network traffic for other previously authenticated users. For example, the first user connects fine. But when the second user connects, the first users traffic is suspended during the time that auth_user_pass_verify is running for the second user, until it returns something on the second connection attempt. And this happens for each additional user that connects, the server process suspends passing traffic for all other users. This is a problem in my usage scenario because folks are using windows remote desktop, so this server behavior minimally creates pauses in typing for those previously connected users, but if the pause is long enough, it will disconnect the Remote Desktop session. dev ovpns4 verb 1 dev-type tun dev-node /dev/tun4 writepid /var/run/openvpn_server4.pid script-security 3 daemon keepalive 10 60 ping-timer-rem persist-tun persist-key proto udp4 cipher AES-256-CBC auth SHA512 up /usr/local/sbin/ovpn-linkup down /usr/local/sbin/ovpn-linkdown client-connect /usr/local/sbin/openvpn.attributes.sh client-disconnect /usr/local/sbin/openvpn.attributes.sh local 192.168.1.1 tls-server server 192.168.128.0 255.255.255.0 client-config-dir /var/etc/openvpn-csc/server4 verify-client-cert none username-as-common-name auth-user-pass-verify "/usr/local/sbin/ovpn_auth_verify user data false server4 1200" via-env tls-verify "/usr/local/sbin/ovpn_auth_verify tls 'vpn.example.com' 1" lport 1200 management /var/etc/openvpn/server4.sock unix push "route 192.168.1.0 255.255.255.0" push "route 192.168.100.0 255.255.255.0" push "dhcp-option DNS 192.168.1.2" push "dhcp-option DNS 192.168.1.6" push "register-dns" duplicate-cn ca /var/etc/openvpn/server4.ca cert /var/etc/openvpn/server4.cert key /var/etc/openvpn/server4.key dh /etc/dh-parameters.1024 tls-auth /var/etc/openvpn/server4.tls-auth 0 persist-remote-ip float topology subnet keepalive 10 60 reneg-sec 0 push "reneg-sec 0" Perhaps I've missed a configuration directive that would alleviate my problem? Any help guidance would be greatly appreciated. Thanks Mark ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
