Project

General

Profile

Bug #11503

Using multiple authentication backends on an OpenVPN server fails

Added by Silvano Giacomello about 2 months ago. Updated about 2 months ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
OpenVPN
Target version:
Start date:
02/22/2021
Due date:
% Done:

0%

Estimated time:
Affected Version:
2.5.0
Affected Architecture:
Release Notes:
Default

Description

We did update our pfSense Cluster to 2.5.0. On our OpenVPN connection we do have multiple backends. Our main one (RADIUS) and as backup the Local Database with a generic User for "emergency" if the RADIUS is not reachable.

After the Update to 2.5.0 we did receive always an Error => AUTH: Received control message: AUTH_FAILED

So we checked the RADIUS. Everything was fine. Also when we did a Test over "Diagnostics" > "Authentication" we were able to auth.
Still => AUTH: Received control message: AUTH_FAILED

So we did some Updates on client sites also to 2.5.0 and most of them do not have multiple backends on the OpenVPN connection.
And on those client sites the OpenVPN was working after the upgrade to 2.5.0.

So we did a test on our Site. We just selected our main backend (RADIUS) and we were able to authenticate us and connect.
As soon we selected multiple backend, we were not able to authenticate and connect.
We did also the tests if its based on the type of the backend. It was not. No matter which backend (we did with Local, RADIS and LDAP) - as soon as you have multiple selected, we were not able to connect.

Feb 22 10:27:07 PM: AUTH: Received control message: AUTH_FAILED

Last System Log on the OpenVPN when connecting with multiple backends enabled

Feb 22 20:53:15    openvpn    53311    xxx.xxx.xxx.xxx:9796 [USER] Peer Connection Initiated with [AF_INET]xxx.xxx.xxx.xxx:9796

History

#1 Updated by Jim Pingle about 2 months ago

  • Subject changed from multiple Ā«Backend for authenticationĀ» on an OpenVPN Server => AUTH_FAILED to Using multiple authentication backends on an OpenVPN server fails
  • Target version set to CE-Next

#2 Updated by Viktor Gurov about 2 months ago

seems related to #9460

Also available in: Atom PDF