Multiple Radius Server for OpenVPN

Started by sfty1, June 04, 2019, 04:57:53 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
June 04, 2019, 04:57:53 PM Last Edit: June 05, 2019, 10:12:22 AM by sfty1
Hi,

authentication trough radius server is working fine. I have two Microsoft NPS attached, for the case, when one goes down.

Now I tested to deactivate the first Radius server. The problem is, that OpenVPN is still waiting for the first Radius Server, forever. It's not asking the second one. Only when the first Radius Server is rejecting the access, the second one will be asked. But I like to use this in a HA Scenario.

Any clue?

config:
Code Select
auth-user-pass-verify "/usr/local/etc/inc/plugins.inc.d/openvpn/ovpn_auth_verify user 'Active Directory RADIUS DC1,Active Directory Radius DC2,Local Database' 'false' 'server1'" via-env
tls-verify "/usr/local/etc/inc/plugins.inc.d/openvpn/ovpn_auth_verify tls 'my+company+OpenVPN+Server' 1"

thanks
June 05, 2019, 07:02:03 AM #1
You could try UDP loadbalancing via nginx plugin:
https://wiki.opnsense.org/manual/how-tos/nginx_streams.html
June 11, 2019, 09:58:45 AM #2
Thank you for the idea. But UDP via nginx is failing. Any access is denied. I don't know why. Maybe nginx is not the right tool to balance the radius protocol.

Backend NPS:
Only difference in the error log is:
Security ID:         NULL SID
June 11, 2019, 10:24:28 AM #3
And did you also try relayd? Should also be capable of using UDP.
FreeRadius also has a proxy function but no idea if it's inteded to do loadbalancing/failover/HA
Print
Go Up Pages1
User actions