Project

General

Profile

Bug #11104

OpenVPN does not start with several authentication sources selected

Added by Moritz Schwarz 5 months ago. Updated 1 day ago.

Status:
Closed
Priority:
Very Low
Assignee:
Category:
OpenVPN
Target version:
Start date:
11/25/2020
Due date:
% Done:

0%

Estimated time:
Affected Version:
2.4.5-p1
Affected Architecture:
Release Notes:
Default

Description

When I add several LDAP servers to an OpenVPN server it won't start anymore because the limit of more than 256 characters in one line is exceeded

Error code:

Options error: In /var/etc/openvpn/server4.conf:26: Maximum option line length (256) exceeded, line starts with plugin /usr/local/lib/openvpn/plugins/openvpn-plugin-auth-script.so /usr/local/sbin/ovpn_auth_verify_async user QklPVF9MREFQLFVOTlVfTERBUCxST0VSX0xEQVAsQlJHUl9MREFQLFNQTlVfTERBUCxNVU1FX0xEQVAsUkFSRV9MREFQLFRSVUxfTERBUCxMb2NhbCBEYXRhYmFzZQ==
 false server4 1

Is there a maximum number of LDAP servers for one VPN Server?


Related issues

Related to Bug #11559: OpenVPN does not start with a long list of Data Encryption AlgorithmsClosed2021-02-27

Associated revisions

Revision 30064732 (diff)
Added by Viktor Gurov about 1 month ago

OpenVPN auth sources strlen validation. Issue #11104

Revision c67222fc (diff)
Added by Viktor Gurov about 1 month ago

OpenVPN auth sources strlen validation. Issue #11104

(cherry picked from commit 3006473268acfc7068ade04ad7e2befbd8af8f81)

History

#1 Updated by Jim Pingle 5 months ago

  • Subject changed from OpenVPN won´t start after addding multiple LDAP´s to OpenVPN won't start after addding many authentication sources
  • Priority changed from High to Very Low
  • Target version set to CE-Next

There is no limit we are aware of specifically, the only way to find out would be to test it with one, two, three, etc.

It would likely vary based on the name since that blob there is a base64 encoded string of all the selected auth sources.

I see in your error output above you added 8 servers. I doubt that would work practically anyhow, since it would take so long to fail through all of them, the authentication would timeout in the meantime.

While we could handle this more gracefully, the underlying issue is a limitation in OpenVPN config file line lengths and not something we can solve per se.

#2 Updated by Jim Pingle 5 months ago

  • Description updated (diff)

#3 Updated by Viktor Gurov about 2 months ago

  • Related to Bug #11559: OpenVPN does not start with a long list of Data Encryption Algorithms added

#4 Updated by Jim Pingle about 2 months ago

  • Subject changed from OpenVPN won't start after addding many authentication sources to OpenVPN won't start with several authentication sources selected

#6 Updated by Jim Pingle about 1 month ago

  • Status changed from New to Pull Request Review

#7 Updated by Jim Pingle about 1 month ago

  • Target version changed from CE-Next to 2.5.1

#8 Updated by Renato Botelho about 1 month ago

  • Status changed from Pull Request Review to Waiting on Merge
  • Assignee set to Viktor Gurov

PR has been merged. Thanks!

#9 Updated by Renato Botelho about 1 month ago

  • Status changed from Waiting on Merge to Feedback

#10 Updated by Renato Botelho about 1 month ago

Cherry-picked to RELENG_2_5_1

#11 Updated by Jim Pingle about 1 month ago

  • Subject changed from OpenVPN won't start with several authentication sources selected to OpenVPN does not start with several authentication sources selected

Updating subject for release notes.

#12 Updated by Jim Pingle 1 day ago

  • Status changed from Feedback to Closed

Also available in: Atom PDF