Bug #3022
closed
OpenVPN does not failover to the 2nd configured LDAP auth.server
0%
Description
More details:
http://forum.pfsense.org/index.php/topic,62570.msg337904.html#msg337904
It might be a limitation of PHP 5.2 which does not provide LDAP_OPT_NETWORK_TIMEOUT option, so ldap_connect() tries to connect to ldap server over and over, even if there's another one configured.
Updated by Alex Kolesnik over 9 years ago
two years has passed.. any chances to have that fixed in near future?
Updated by
Updated by Sven Lennartz over 8 years ago
Facing the same issue.
Currently we have 2 entries for 'Backend for authentication' selected (Active Directory domain controllers).
Whenever the first one goes down, OpenVPN connections get lost, new connections do not work.
Here's a snippet from the logs for one login attempt:
Jun 21 08:08:21 openvpn 21624 109.44.3.38:33876 TLS Error: TLS handshake failed
Jun 21 08:08:21 openvpn 21624 109.44.3.38:33876 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Jun 21 08:07:47 openvpn 21624 109.44.3.38:33876 TLS Error: incoming packet authentication failed from [AF_INET]109.44.3.38:33876
Jun 21 08:07:47 openvpn 21624 109.44.3.38:33876 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #7 / time = (1466489247) Tue Jun 21 08:07:27 2016 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jun 21 08:07:47 openvpn 21624 109.44.3.38:33876 TLS Error: incoming packet authentication failed from [AF_INET]109.44.3.38:33876
Jun 21 08:07:47 openvpn 21624 109.44.3.38:33876 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #7 / time = (1466489247) Tue Jun 21 08:07:27 2016 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jun 21 08:07:47 openvpn 21624 109.44.3.38:33876 TLS Error: incoming packet authentication failed from [AF_INET]109.44.3.38:33876
Jun 21 08:07:47 openvpn 21624 109.44.3.38:33876 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #7 / time = (1466489247) Tue Jun 21 08:07:27 2016 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jun 21 08:07:47 openvpn 21624 109.44.3.38:33876 TLS Error: incoming packet authentication failed from [AF_INET]109.44.3.38:33876
Jun 21 08:07:47 openvpn 21624 109.44.3.38:33876 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #7 / time = (1466489247) Tue Jun 21 08:07:27 2016 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jun 21 08:07:47 openvpn 21624 109.44.3.38:33876 TLS Error: incoming packet authentication failed from [AF_INET]109.44.3.38:33876
Jun 21 08:07:47 openvpn 21624 109.44.3.38:33876 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #7 / time = (1466489247) Tue Jun 21 08:07:27 2016 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jun 21 08:07:47 openvpn user 'svenl' authenticated
Jun 21 08:07:47 openvpn /openvpn.auth-user.php: ERROR! Could not bind to server w2003svr1.
Updated by Jim Pingle over 5 years ago
- Status changed from New to Resolved
This has been working for a while now.