-
Notifications
You must be signed in to change notification settings - Fork 3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
OpenVPN server performance degrades after auth failures #446
Comments
This is a well-known issue. Auth-Plugins and any sort of script that are called from openvpn will block the main process until finished. Plugins or Scripts that are expected to take longer than "very few milliseconds" need to use async/deferred mode, which will return control to OpenVPN right away and deliver the expected results later. Since you have no information how you are contacting the Radius server (OpenVPN has no Radius support built in, but there are multiple different ways to do that) it's impossible to give more specific advice. Also, your OpenVPN version is quite old. 2.4.7 was released February 2019. Current version is 2.5.9 or 2.6.6. |
Thank you for the answer, anyways, if it is a well-known issue, upgrading OpeVPN won't help in this case. Right i will try to search for a plugin which works in async/deferred mode. Thank you for the hints! Appreciate that! |
If you tell us which plugin you use, we might be able to help... |
I'm using https://github.com/ValdikSS/openvpn-radiusplugin Upgraded my OpenVPN server to v2.6.7, but seems like this plugin stopped to work from v2.5.0, digging deeper into it |
We haven't changed anything on the plugin side between 2.5.x and 2.6.x, so it should work just fine. What do the logs say? @ValdikSS any ideas? |
Sorry, I'm no longer maintain or use the plugin. Here's why: ValdikSS/openvpn-radiusplugin#24 If we're talking about OpenVPN from the repository and not self-compiled, take a look at systemd service file: it may have forking limit, and this is exactly what radiusplugin does. Try to remove the limit and see if it helps. |
Well, actually it throws only:
If i downgrade it to v2.4.7 - it starts to work 🤷🏻 Perhaps because i dont provide any script to openvpn server config for
|
Without a log from the radius plugin it's hard for us to see what is happening - it says "failed", but that could be due to internal API changes (2.4 to 2.5 is a significant change, so it's possible the plugin needs to be updated - sorry I misunderstood the statement "stopped to work from v2.5.0" as meaning "it worked in v2.5.0"). |
No problem at all, i'm sorry English is not my native language. Okay will try to research for another plugin at the moment. |
Plugin was failing due to NerijusRazvodovskis/openvpn-radiusplugin@6a0dc18, it wasn't pushed into the master in @ValdikSS repo. Anyways the mentioned issue still exists. :( Should i specify anything at server conf for |
Describe the bug
Authentication failures (using radius) degrades OpenVPN server performance, it's being unusable at that moment.
To Reproduce
Expected behavior
The server performance shouldn't degrade in such cases.
Version information (please complete the following information):
The text was updated successfully, but these errors were encountered: