Project

General

Profile

Actions

Bug #2574

closed

Failure of secondary radius server causes PPTP authentication to hang even if primary is working!

Added by Kevin Hart over 11 years ago. Updated about 11 years ago.

Status:
Closed
Priority:
Normal
Category:
PPTP
Target version:
Start date:
08/03/2012
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.0.1
Affected Architecture:
i386

Description

When configuring PPTP vpn to use both a radius server and a secondary radius server the authentication of the user will hang if the secondary radius server is unreachable, even if the primary radius server is available and able to authenticate the user.

Note, this problem occurs with the built-in windows client, but when connecting with the mac OSX client the authentication takes a long time but is eventually successful. If the first radius server fails but the secondary is working the windows client connects successfully, but if the secondary fails the windows client fails to connect regardless of whether the first radius server is working properly or not.

Problem: after starting authentication with the first radius server the second radius server is contacted regardless of the response of the first radius server.
Expected Behavior: pptp server should either a) only contact the first radius server, then if this server fails to authenticate contact the second radius server or b) contact both servers but abort the other connection as soon as a valid authorization is received from one server


Files

pptp-raw.txt (2.21 KB) pptp-raw.txt pptp raw log of windows client (fails to complete authentication) Kevin Hart, 08/03/2012 12:34 PM
pptp-raw-osx.txt (1013 Bytes) pptp-raw-osx.txt pptp raw log for osx client connection (starts near where auth thread issue begins) Kevin Hart, 08/03/2012 12:34 PM
Actions #1

Updated by Renato Botelho about 11 years ago

  • Status changed from New to Feedback
  • Assignee set to Renato Botelho

Is this issue still happening on recent snapshots? I couldn't reproduce it here, it worked fine when both radius servers are working, and when one of them (primary or secondary) are working.

Actions #2

Updated by Chris Buechler about 11 years ago

  • Status changed from Feedback to Closed

problem as described doesn't actually exist. Guessing a GRE NAT issue from the description.

Actions

Also available in: Atom PDF