Project

General

Profile

Actions

Bug #11503

open

Using multiple authentication backends on an OpenVPN server fails

Added by Silvano Giacomello over 3 years ago. Updated over 3 years ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
OpenVPN
Target version:
Start date:
02/22/2021
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.5.0
Affected Architecture:

Description

We did update our pfSense Cluster to 2.5.0. On our OpenVPN connection we do have multiple backends. Our main one (RADIUS) and as backup the Local Database with a generic User for "emergency" if the RADIUS is not reachable.

After the Update to 2.5.0 we did receive always an Error => AUTH: Received control message: AUTH_FAILED

So we checked the RADIUS. Everything was fine. Also when we did a Test over "Diagnostics" > "Authentication" we were able to auth.
Still => AUTH: Received control message: AUTH_FAILED

So we did some Updates on client sites also to 2.5.0 and most of them do not have multiple backends on the OpenVPN connection.
And on those client sites the OpenVPN was working after the upgrade to 2.5.0.

So we did a test on our Site. We just selected our main backend (RADIUS) and we were able to authenticate us and connect.
As soon we selected multiple backend, we were not able to authenticate and connect.
We did also the tests if its based on the type of the backend. It was not. No matter which backend (we did with Local, RADIS and LDAP) - as soon as you have multiple selected, we were not able to connect.

Feb 22 10:27:07 PM: AUTH: Received control message: AUTH_FAILED

Last System Log on the OpenVPN when connecting with multiple backends enabled

Feb 22 20:53:15    openvpn    53311    xxx.xxx.xxx.xxx:9796 [USER] Peer Connection Initiated with [AF_INET]xxx.xxx.xxx.xxx:9796
Actions #1

Updated by Jim Pingle over 3 years ago

  • Subject changed from multiple «Backend for authentication» on an OpenVPN Server => AUTH_FAILED to Using multiple authentication backends on an OpenVPN server fails
  • Target version set to CE-Next
Actions #2

Updated by Viktor Gurov over 3 years ago

seems related to #9460

Actions

Also available in: Atom PDF