Bug #11104
closedOpenVPN does not start with several authentication sources selected
0%
Description
When I add several LDAP servers to an OpenVPN server it won't start anymore because the limit of more than 256 characters in one line is exceeded
Error code:
Options error: In /var/etc/openvpn/server4.conf:26: Maximum option line length (256) exceeded, line starts with plugin /usr/local/lib/openvpn/plugins/openvpn-plugin-auth-script.so /usr/local/sbin/ovpn_auth_verify_async user QklPVF9MREFQLFVOTlVfTERBUCxST0VSX0xEQVAsQlJHUl9MREFQLFNQTlVfTERBUCxNVU1FX0xEQVAsUkFSRV9MREFQLFRSVUxfTERBUCxMb2NhbCBEYXRhYmFzZQ== false server4 1
Is there a maximum number of LDAP servers for one VPN Server?
Related issues
Updated by Jim Pingle about 4 years ago
- Subject changed from OpenVPN won´t start after addding multiple LDAP´s to OpenVPN won't start after addding many authentication sources
- Priority changed from High to Very Low
- Target version set to CE-Next
There is no limit we are aware of specifically, the only way to find out would be to test it with one, two, three, etc.
It would likely vary based on the name since that blob there is a base64 encoded string of all the selected auth sources.
I see in your error output above you added 8 servers. I doubt that would work practically anyhow, since it would take so long to fail through all of them, the authentication would timeout in the meantime.
While we could handle this more gracefully, the underlying issue is a limitation in OpenVPN config file line lengths and not something we can solve per se.
Updated by Viktor Gurov almost 4 years ago
- Related to Bug #11559: OpenVPN does not start with a long list of Data Encryption Algorithms added
Updated by Jim Pingle almost 4 years ago
- Subject changed from OpenVPN won't start after addding many authentication sources to OpenVPN won't start with several authentication sources selected
Updated by Viktor Gurov almost 4 years ago
input validation:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/170
Updated by Jim Pingle almost 4 years ago
- Status changed from New to Pull Request Review
Updated by Jim Pingle almost 4 years ago
- Target version changed from CE-Next to 2.5.1
Updated by Renato Botelho almost 4 years ago
- Status changed from Pull Request Review to Waiting on Merge
- Assignee set to Viktor Gurov
PR has been merged. Thanks!
Updated by Renato Botelho almost 4 years ago
- Status changed from Waiting on Merge to Feedback
Updated by Jim Pingle almost 4 years ago
- Subject changed from OpenVPN won't start with several authentication sources selected to OpenVPN does not start with several authentication sources selected
Updating subject for release notes.