Project

General

Profile

Actions

Bug #11104

closed

OpenVPN does not start with several authentication sources selected

Added by Moritz Schwarz about 4 years ago. Updated over 3 years ago.

Status:
Closed
Priority:
Very Low
Assignee:
Viktor Gurov
Category:
OpenVPN
Target version:
Start date:
11/25/2020
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Default
Affected Version:
2.4.5-p1
Affected Architecture:

Description

When I add several LDAP servers to an OpenVPN server it won't start anymore because the limit of more than 256 characters in one line is exceeded

Error code:

Options error: In /var/etc/openvpn/server4.conf:26: Maximum option line length (256) exceeded, line starts with plugin /usr/local/lib/openvpn/plugins/openvpn-plugin-auth-script.so /usr/local/sbin/ovpn_auth_verify_async user QklPVF9MREFQLFVOTlVfTERBUCxST0VSX0xEQVAsQlJHUl9MREFQLFNQTlVfTERBUCxNVU1FX0xEQVAsUkFSRV9MREFQLFRSVUxfTERBUCxMb2NhbCBEYXRhYmFzZQ==
 false server4 1

Is there a maximum number of LDAP servers for one VPN Server?


Related issues

Related to Bug #11559: OpenVPN does not start with a long list of Data Encryption AlgorithmsClosedViktor Gurov02/27/2021

Actions
Actions #1

Updated by Jim Pingle about 4 years ago

  • Subject changed from OpenVPN won´t start after addding multiple LDAP´s to OpenVPN won't start after addding many authentication sources
  • Priority changed from High to Very Low
  • Target version set to CE-Next

There is no limit we are aware of specifically, the only way to find out would be to test it with one, two, three, etc.

It would likely vary based on the name since that blob there is a base64 encoded string of all the selected auth sources.

I see in your error output above you added 8 servers. I doubt that would work practically anyhow, since it would take so long to fail through all of them, the authentication would timeout in the meantime.

While we could handle this more gracefully, the underlying issue is a limitation in OpenVPN config file line lengths and not something we can solve per se.

Actions #2

Updated by Jim Pingle about 4 years ago

  • Description updated (diff)
Actions #3

Updated by Viktor Gurov almost 4 years ago

  • Related to Bug #11559: OpenVPN does not start with a long list of Data Encryption Algorithms added
Actions #4

Updated by Jim Pingle almost 4 years ago

  • Subject changed from OpenVPN won't start after addding many authentication sources to OpenVPN won't start with several authentication sources selected
Actions #6

Updated by Jim Pingle almost 4 years ago

  • Status changed from New to Pull Request Review
Actions #7

Updated by Jim Pingle almost 4 years ago

  • Target version changed from CE-Next to 2.5.1
Actions #8

Updated by Renato Botelho almost 4 years ago

  • Status changed from Pull Request Review to Waiting on Merge
  • Assignee set to Viktor Gurov

PR has been merged. Thanks!

Actions #9

Updated by Renato Botelho almost 4 years ago

  • Status changed from Waiting on Merge to Feedback
Actions #10

Updated by Renato Botelho almost 4 years ago

Cherry-picked to RELENG_2_5_1

Actions #11

Updated by Jim Pingle almost 4 years ago

  • Subject changed from OpenVPN won't start with several authentication sources selected to OpenVPN does not start with several authentication sources selected

Updating subject for release notes.

Actions #12

Updated by Jim Pingle over 3 years ago

  • Status changed from Feedback to Closed
Actions

Also available in: Atom PDF