Actions
Bug #14169
closed
OpenVPN Backend for authentication doesn't distinguish reject from timeout
Status:
Not a Bug
Priority:
Normal
Assignee:
-
Category:
OpenVPN
Target version:
-
Start date:
Due date:
% Done:
0%
Estimated time:
Plus Target Version:
Release Notes:
Default
Affected Version:
Affected Architecture:
Description
When multiple auth servers are defined in the list, the VPN doesn't respect the reject message from the first server and tries to auth against the subsequent server in the list.
Updated by Jim Pingle about 1 year ago
- Status changed from New to Not a Bug
- Target version deleted (
CE-Next) - Plus Target Version deleted (
23.05)
This is not a bug, it's intended behavior.
When an auth server is down or fails it may either timeout, reject access, etc. In any case it tries the later servers to see if the user can be authenticated by any of them.
Users may also be selecting multiple servers from different backends intentionally to allow users from either source (e.g. RADIUS or local auth).
If we failed on the first reject it may break users relying on the current (valid) behavior.
Actions