Project

General

Profile

Bug #11104

OpenVPN won't start after addding many authentication sources

Added by Moritz Schwarz about 2 months ago. Updated about 2 months ago.

Status:
New
Priority:
Very Low
Assignee:
-
Category:
OpenVPN
Target version:
Start date:
11/25/2020
Due date:
% Done:

0%

Estimated time:
Affected Version:
2.4.5-p1
Affected Architecture:

Description

When I add several LDAP servers to an OpenVPN server it won't start anymore because the limit of more than 256 characters in one line is exceeded

Error code:

Options error: In /var/etc/openvpn/server4.conf:26: Maximum option line length (256) exceeded, line starts with plugin /usr/local/lib/openvpn/plugins/openvpn-plugin-auth-script.so /usr/local/sbin/ovpn_auth_verify_async user QklPVF9MREFQLFVOTlVfTERBUCxST0VSX0xEQVAsQlJHUl9MREFQLFNQTlVfTERBUCxNVU1FX0xEQVAsUkFSRV9MREFQLFRSVUxfTERBUCxMb2NhbCBEYXRhYmFzZQ==
 false server4 1

Is there a maximum number of LDAP servers for one VPN Server?

History

#1 Updated by Jim Pingle about 2 months ago

  • Subject changed from OpenVPN won´t start after addding multiple LDAP´s to OpenVPN won't start after addding many authentication sources
  • Priority changed from High to Very Low
  • Target version set to 2.5.next

There is no limit we are aware of specifically, the only way to find out would be to test it with one, two, three, etc.

It would likely vary based on the name since that blob there is a base64 encoded string of all the selected auth sources.

I see in your error output above you added 8 servers. I doubt that would work practically anyhow, since it would take so long to fail through all of them, the authentication would timeout in the meantime.

While we could handle this more gracefully, the underlying issue is a limitation in OpenVPN config file line lengths and not something we can solve per se.

#2 Updated by Jim Pingle about 2 months ago

  • Description updated (diff)

Also available in: Atom PDF