Multiple Radius Server for OpenVPN

[sfty1]

Hi,

authentication trough radius server is working fine. I have two Microsoft NPS attached, for the case, when one goes down.

Now I tested to deactivate the first Radius server. The problem is, that OpenVPN is still waiting for the first Radius Server, forever. It's not asking the second one. Only when the first Radius Server is rejecting the access, the second one will be asked. But I like to use this in a HA Scenario.

Any clue?

config:

Code: [Select]

auth-user-pass-verify "/usr/local/etc/inc/plugins.inc.d/openvpn/ovpn_auth_verify user 'Active Directory RADIUS DC1,Active Directory Radius DC2,Local Database' 'false' 'server1'" via-env
tls-verify "/usr/local/etc/inc/plugins.inc.d/openvpn/ovpn_auth_verify tls ‘my+company+OpenVPN+Server' 1"
thanks

[mimugmail]

You could try UDP loadbalancing via nginx plugin:
https://wiki.opnsense.org/manual/how-tos/nginx_streams.html

[sfty1]

Thank you for the idea. But UDP via nginx is failing. Any access is denied. I don't know why. Maybe nginx is not the right tool to balance the radius protocol.

Backend NPS:
Only difference in the error log is:
Security ID:         NULL SID

[mimugmail]

And did you also try relayd? Should also be capable of using UDP.
FreeRadius also has a proxy function but no idea if it's inteded to do loadbalancing/failover/HA