using script is always synchronous.
you can try async mode, which is available for auth plugins
http://openvpn-devel.narkive.com/z8Xmrw7H/async-openvpn-plugin-client-connect-plugin-support
2018-01-21 19:06 GMT+05:00 Mark Wiater <mark.wia...@greybeam.com>:
> Hello,
>
> I'm using OpenVPN 2.4.4 on pfSense latest version. It's configured for
> road warriors using windows, mac and mobile clients.
>
> The auth_user_pass_verify script does an LDAP authentication and works
> fine.
>
> I added additional code to that script for a second type of
> authentication, it calls the user and asks them for more information. This
> process works well, however it can take about 15 seconds before the script
> returns to the server process.
>
> Until auth_user_pass_verify returns, the OpenVPN server process passes no
> network traffic for other previously authenticated users.
>
> For example, the first user connects fine. But when the second user
> connects, the first users traffic is suspended during the time that
> auth_user_pass_verify is running for the second user, until it returns
> something on the second connection attempt. And this happens for each
> additional user that connects, the server process suspends passing traffic
> for all other users.
>
> This is a problem in my usage scenario because folks are using windows
> remote desktop, so this server behavior minimally creates pauses in typing
> for those previously connected users, but if the pause is long enough, it
> will disconnect the Remote Desktop session.
>
>
>
> dev ovpns4
> verb 1
> dev-type tun
> dev-node /dev/tun4
> writepid /var/run/openvpn_server4.pid
> script-security 3
> daemon
> keepalive 10 60
> ping-timer-rem
> persist-tun
> persist-key
> proto udp4
> cipher AES-256-CBC
> auth SHA512
> up /usr/local/sbin/ovpn-linkup
> down /usr/local/sbin/ovpn-linkdown
> client-connect /usr/local/sbin/openvpn.attributes.sh
> client-disconnect /usr/local/sbin/openvpn.attributes.sh
> local 192.168.1.1
> tls-server
> server 192.168.128.0 255.255.255.0
> client-config-dir /var/etc/openvpn-csc/server4
> verify-client-cert none
> username-as-common-name
> auth-user-pass-verify "/usr/local/sbin/ovpn_auth_verify user data false
> server4 1200" via-env
> tls-verify "/usr/local/sbin/ovpn_auth_verify tls 'vpn.example.com' 1"
> lport 1200
> management /var/etc/openvpn/server4.sock unix
> push "route 192.168.1.0 255.255.255.0"
> push "route 192.168.100.0 255.255.255.0"
> push "dhcp-option DNS 192.168.1.2"
> push "dhcp-option DNS 192.168.1.6"
> push "register-dns"
> duplicate-cn
> ca /var/etc/openvpn/server4.ca
> cert /var/etc/openvpn/server4.cert
> key /var/etc/openvpn/server4.key
> dh /etc/dh-parameters.1024
> tls-auth /var/etc/openvpn/server4.tls-auth 0
> persist-remote-ip
> float
> topology subnet
> keepalive 10 60
> reneg-sec 0
> push "reneg-sec 0"
>
> Perhaps I've missed a configuration directive that would alleviate my
> problem? Any help guidance would be greatly appreciated.
>
> Thanks
>
> Mark
>
> ------------------------------------------------------------
> ------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> _______________________________________________
> Openvpn-users mailing list
> Openvpn-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/openvpn-users
>
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
