Bug #3022
closed
OpenVPN does not failover to the 2nd configured LDAP auth.server
0%
Description
More details:
http://forum.pfsense.org/index.php/topic,62570.msg337904.html#msg337904
It might be a limitation of PHP 5.2 which does not provide LDAP_OPT_NETWORK_TIMEOUT option, so ldap_connect() tries to connect to ldap server over and over, even if there's another one configured.
Updated by Alex Kolesnik about 10 years ago
two years has passed.. any chances to have that fixed in near future?
Updated by
Updated by Sven Lennartz almost 9 years ago
Facing the same issue.
Currently we have 2 entries for 'Backend for authentication' selected (Active Directory domain controllers).
Whenever the first one goes down, OpenVPN connections get lost, new connections do not work.
Here's a snippet from the logs for one login attempt:
Jun 21 08:08:21 openvpn 21624 109.44.3.38:33876 TLS Error: TLS handshake failed
Jun 21 08:08:21 openvpn 21624 109.44.3.38:33876 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Jun 21 08:07:47 openvpn 21624 109.44.3.38:33876 TLS Error: incoming packet authentication failed from [AF_INET]109.44.3.38:33876
Jun 21 08:07:47 openvpn 21624 109.44.3.38:33876 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #7 / time = (1466489247) Tue Jun 21 08:07:27 2016 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jun 21 08:07:47 openvpn 21624 109.44.3.38:33876 TLS Error: incoming packet authentication failed from [AF_INET]109.44.3.38:33876
Jun 21 08:07:47 openvpn 21624 109.44.3.38:33876 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #7 / time = (1466489247) Tue Jun 21 08:07:27 2016 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jun 21 08:07:47 openvpn 21624 109.44.3.38:33876 TLS Error: incoming packet authentication failed from [AF_INET]109.44.3.38:33876
Jun 21 08:07:47 openvpn 21624 109.44.3.38:33876 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #7 / time = (1466489247) Tue Jun 21 08:07:27 2016 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jun 21 08:07:47 openvpn 21624 109.44.3.38:33876 TLS Error: incoming packet authentication failed from [AF_INET]109.44.3.38:33876
Jun 21 08:07:47 openvpn 21624 109.44.3.38:33876 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #7 / time = (1466489247) Tue Jun 21 08:07:27 2016 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jun 21 08:07:47 openvpn 21624 109.44.3.38:33876 TLS Error: incoming packet authentication failed from [AF_INET]109.44.3.38:33876
Jun 21 08:07:47 openvpn 21624 109.44.3.38:33876 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #7 / time = (1466489247) Tue Jun 21 08:07:27 2016 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jun 21 08:07:47 openvpn user 'svenl' authenticated
Jun 21 08:07:47 openvpn /openvpn.auth-user.php: ERROR! Could not bind to server w2003svr1.
Updated by Jim Pingle over 5 years ago
- Status changed from New to Resolved
This has been working for a while now.