Bug #2574
Failure of secondary radius server causes PPTP authentication to hang even if primary is working!
| Status: | Closed | Start date: | 08/03/2012 | |
|---|---|---|---|---|
| Priority: | Normal | Due date: | ||
| Assignee: |  Renato Botelho |
% Done: | 0% |
|
| Category: | PPTP | |||
| Target version: | 2.1 | |||
| Affected version: | 2.0.1 | Affected Architecture: | i386 |
Description
When configuring PPTP vpn to use both a radius server and a secondary radius server the authentication of the user will hang if the secondary radius server is unreachable, even if the primary radius server is available and able to authenticate the user.
Note, this problem occurs with the built-in windows client, but when connecting with the mac OSX client the authentication takes a long time but is eventually successful. If the first radius server fails but the secondary is working the windows client connects successfully, but if the secondary fails the windows client fails to connect regardless of whether the first radius server is working properly or not.
Problem: after starting authentication with the first radius server the second radius server is contacted regardless of the response of the first radius server.
Expected Behavior: pptp server should either a) only contact the first radius server, then if this server fails to authenticate contact the second radius server or b) contact both servers but abort the other connection as soon as a valid authorization is received from one server
pptp-raw.txt
- pptp raw log of windows client (fails to complete authentication)
(2.2 kB)
pptp-raw-osx.txt
- pptp raw log for osx client connection (starts near where auth thread issue begins)
(1013 Bytes)
History
#1
Updated by Renato Botelho 4 months ago
- Status changed from New to Feedback
- Assignee set to Renato Botelho
Is this issue still happening on recent snapshots? I couldn't reproduce it here, it worked fine when both radius servers are working, and when one of them (primary or secondary) are working.
#2
Updated by Chris Buechler 3 months ago
- Status changed from Feedback to Closed
problem as described doesn't actually exist. Guessing a GRE NAT issue from the description.