comicchang
commented
10 years ago Hi,
Sorry for the late reply, but I'm busy now, I'll look into it later.
Closed alexxtasi closed 10 years ago
comicchang
commented
10 years ago Hi,
Sorry for the late reply, but I'm busy now, I'll look into it later.
comicchang
commented
10 years ago Hi,
TCP/UDP: Socket bind failed on local address [AF_INET]server_ip:5001: Address already in use problem
please use lsof to verify whether the port is in use, or you can paste your .conf file so I can have a look.status=6124398 problem
I think you should run your radius server with freeradius -X switch and see whats going wrong, or use radtest, I don't think it about the plugin or compile. 
alexxtasi
commented
10 years ago now I can only paste my server.conf file :
dev ovpns1
dev-type tap
dev-node /dev/tap1
writepid /var/run/openvpn_server1.pid
#user nobody
#group nobody
script-security 3
daemon
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
proto tcp-server
cipher BF-CBC
up /usr/local/sbin/ovpn-linkup
down /usr/local/sbin/ovpn-linkdown
client-connect /usr/local/sbin/openvpn.attributes.sh
client-disconnect /usr/local/sbin/openvpn.attributes.sh
local serverIP
tls-server
mode server
client-cert-not-required
username-as-common-name
auth-user-pass-verify /var/etc/openvpn/server1.php via-env
tls-verify /var/etc/openvpn/server1.tls-verify.php
lport 5001
management /var/etc/openvpn/server1.sock unix
max-clients 60
push "dhcp-option DNS xxx.xxx.xxx.xxx"
push "dhcp-option NTP xxx.xxx.xxx.xxx"
ca /var/etc/openvpn/server1.ca
cert /var/etc/openvpn/server1.cert
key /var/etc/openvpn/server1.key
dh /etc/dh-parameters.2048
tls-auth /var/etc/openvpn/server1.tls-auth 0
comp-lzo
persist-remote-ip
float
### advanced configuration
keepalive 10 120
# verb 5
### openvpn's status file, where the radiusplugin reads the accounting information from
status /var/etc/openvpn/server1.status.log 1
### routes ...
# ifconfig-pool-persist ipp.txt
ifconfig xxx.xxx.xxx.xxx 255.255.255.0
ifconfig-pool xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx 255.255.255.0
# push "dhcp-option DNS xxx.xxx.xxx.xxx"
push "dhcp-option DOMAIN mydomain.com"
push "route-gateway 10.0.1.xxx"
push "ping 10"
push "ping-restart 60"
push "route xxx.xxx.xxx.xxx 255.255.255.0 xxx.xxx.xxx.xxx"
### authenticate to LinOTP via pam
#plugin /usr/local/lib/openvpn/plugins/openvpn-plugin-auth-pam.so openvpn-netAdmins
### RADIUS accounting
plugin /root/openvpn/radius/radiusplugin.so /root/openvpn/radius/radius-netAdmins.cnfthis is working fine when disabling radiusplugin.
The plugin .cnf is :
# The NAS identifier which is sent to the RADIUS server
NAS-Identifier=OpenVPN
# The service type which is sent to the RADIUS server
Service-Type=5
# The framed protocol which is sent to the RADIUS server
Framed-Protocol=1
# The NAS port type which is sent to the RADIUS server
NAS-Port-Type=5
# The NAS IP address which is sent to the RADIUS server
# NAS-IP-Address=127.0.0.1
NAS-IP-Address=serverIP
# Path to the OpenVPN configfile. The plugin searches there for
# client-config-dir PATH (searches for the path)
# status FILE (searches for the file, version must be 1)
# client-cert-not-required (if the option is used or not)
# username-as-common-name (if the option is used or not)
# OpenVPNConfig=/etc/openvpn/server.conf
OpenVPNConfig=/var/etc/openvpn/server1.conf
# Support for topology option in OpenVPN 2.1
# If you don't specify anything, option "net30" (default in OpenVPN) is used.
# You can only use one of the options at the same time.
# If you use topology option "subnet", fill in the right netmask, e.g. from OpenVPN option "--server NETWORK NETMASK"
#subnet=255.255.255.0
# If you use topology option "p2p", fill in the right network, e.g. from OpenVPN option "--server NETWORK NETMASK"
# p2p=10.8.0.1
# Allows the plugin to overwrite the client config in client config file directory,
# default is true
overwriteccfiles=true
# Allows the plugin to use auth control files if OpenVPN (>= 2.1 rc8) provides them.
# default is false
# useauthcontrolfile=false
# Path to a script for vendor specific attributes.
# Leave it out if you don't use an own script.
# vsascript=/root/workspace/radiusplugin_v2.0.5_beta/vsascript.pl
# Path to the pipe for communication with the vsascript.
# Leave it out if you don't use an own script.
# vsanamedpipe=/tmp/vsapipe
# A radius server definition, there could be more than one.
# The priority of the server depends on the order in this file. The first one has the highest priority.
server
{
# The UDP port for radius accounting.
acctport=1813
# The UDP port for radius authentication.
# authport=1812
# The name or ip address of the radius server.
name=radiusIP
# How many times should the plugin send the if there is no response?
retry=1
# How long should the plugin wait for a response?
wait=1
# The shared secret.
sharedsecret=pass
}I will try to use lsof and come with results... thanks for your help :-)
comicchang
commented
10 years ago auth-user-pass-verify /var/etc/openvpn/server1.php via-env# authport=1812 -- Comic Chang Sent with Airmail
在 2014年8月10日 下午10:25:24, alexxtasi (notifications@github.com) 写到:
now I can only paste my server.conf file :
dev ovpns1 dev-type tap dev-node /dev/tap1 writepid /var/run/openvpn_server1.pid
script-security 3
daemon
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
proto tcp-server
cipher BF-CBC
up /usr/local/sbin/ovpn-linkup
down /usr/local/sbin/ovpn-linkdown
client-connect /usr/local/sbin/openvpn.attributes.sh
client-disconnect /usr/local/sbin/openvpn.attributes.sh
local serverIP
tls-server
mode server
client-cert-not-required
username-as-common-name
auth-user-pass-verify /var/etc/openvpn/server1.php via-env
tls-verify /var/etc/openvpn/server1.tls-verify.php
lport 5001
management /var/etc/openvpn/server1.sock unix
max-clients 60
push "dhcp-option DNS xxx.xxx.xxx.xxx"
push "dhcp-option NTP xxx.xxx.xxx.xxx"
ca /var/etc/openvpn/server1.ca
cert /var/etc/openvpn/server1.cert
key /var/etc/openvpn/server1.key
dh /etc/dh-parameters.2048
tls-auth /var/etc/openvpn/server1.tls-auth 0
comp-lzo
persist-remote-ip
float
keepalive 10 120
status /var/etc/openvpn/server1.status.log 1
ifconfig xxx.xxx.xxx.xxx 255.255.255.0
ifconfig-pool xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx 255.255.255.0
push "dhcp-option DOMAIN mydomain.com"
push "route-gateway 10.0.1.xxx"
push "ping 10"
push "ping-restart 60"
push "route xxx.xxx.xxx.xxx 255.255.255.0 xxx.xxx.xxx.xxx"
plugin /root/openvpn/radius/radiusplugin.so /root/openvpn/radius/radius-netAdmins.cnf
this is working fine when disabling radiusplugin.
The plugin .cnf is :
NAS-Identifier=OpenVPN
Service-Type=5
Framed-Protocol=1
NAS-Port-Type=5
NAS-IP-Address=serverIP
OpenVPNConfig=/var/etc/openvpn/server1.conf
overwriteccfiles=true
server {
acctport=1813
# The UDP port for radius authentication. # The name or ip address of the radius server.
name=radiusIP
# How many times should the plugin send the if there is no response?
retry=1
# How long should the plugin wait for a response?
wait=1
# The shared secret.
sharedsecret=pass}
I will try to use lsof and come with results... thanks for your help :-)
— Reply to this email directly or view it on GitHub.
alexxtasi
commented
10 years ago well
1- this line (all conf until ### advanced configuration) is created by pfsense itself. I think the line you say is doing the user's authentication to the configured backend (in my case LDAP).
So I don't think it does the harm, but I will test with it disabled...
2- I 've done this since I am interested only in radius accounting and not authentication (this is done in LDAP) Do you think this causes trouble ?
do you find any other flows in conf ?
comicchang
commented
10 years ago Hello,
your conf file have much difference from mine, I can just see these two possible causes…
wait, you mean you just want the radius for accounting, not authentication? forget what I just said in last mail. you should try this
# Only the accouting functionality is used, if no user name to forwarded to the plugin, the common name of certificate is used
# as user name for radius accounting.
# default is false
accountingonly=truethe log says that openvpn tries to auth via radius, and comes an error.
-- Comic Chang Sent with Airmail
在 2014年8月10日 下午10:43:22, alexxtasi (notifications@github.com) 写到:
well
this line (all conf until ### advanced configuration) is created by pfsense itself. I think the line you say is doing the user's authentication to the configured backend (in my case LDAP). So I don't think it does the harm, but I will test with it disabled...
I 've done this since I am interested only in radius accounting and not authentication (this is done in LDAP) Do you think this causes trouble ? do you find any other flows in conf ?
— Reply to this email directly or view it on GitHub.
alexxtasi
commented
10 years ago So you say radiusplugin is trying also to authenticate and so the
Aug 6 15:47:07 pfsense openvpn[44340]: client_ip:1947 PLUGIN_CALL: POST /root/openvpn/radius/radiusplugin.so/PLUGIN_AUTH_USER_PASS_VERIFY status=6124398
is coming up?
Can this also cause the "hang" of the openvpn instance ?
OK I will try the accountingonly=true and report again...
alexxtasi
commented
10 years ago I set accountingonly=true and also uncomment authport=1812
it happens again... when openvpn server hangs
[2.1.4-RELEASE][root@pfsense]/root(145): lsof -U | grep openvpn
lsof: WARNING: compiled for FreeBSD release 8.3-RELEASE-p14; this is 8.3-RELEASE-p16.
openvpn 51089 root 12u unix 0xc445119c 0t0 ->(none)
openvpn 51316 root 14u unix 0xc4523000 0t0 ->(none)
openvpn 71345 root 12u unix 0xc44584d4 0t0 ->0xc43a819c
openvpn 71362 root 14u unix 0xc4381000 0t0 ->0xc4458000
openvpn 71593 root 16u unix 0xc438080c 0t0 ->0xc4381ce0
openvpn 74032 root 9u unix 0xc4452338 0t0 ->0xc445280c
openvpn 74032 root 10u unix 0xc4451670 0t0 /var/etc/openvpn/server1.sock
openvpn 74032 root 11u unix 0xc43a819c 0t0 ->0xc44584d4
openvpn 74032 root 12u unix 0xc4458000 0t0 ->0xc4381000
openvpn 74032 root 13u unix 0xc4458670 0t0 /tmp/php-fastcgi.socket-1
openvpn 74032 root 15u unix 0xc4381ce0 0t0 ->0xc438080c
openvpn 76702 root 12u unix 0xc4457338 0t0 ->(none)
openvpn 76940 root 14u unix 0xc4458b44 0t0 ->(none)
[2.1.4-RELEASE][root@pfsense]/root(146):
[2.1.4-RELEASE][root@pfsense]/root(146): ps aux | grep openvpn
root 51089 0.0 1.3 9520 6492 ?? I 10:58AM 0:00.21 /usr/local/sbin/openvpn --config /var/etc/openvpn/server1.conf
root 51316 0.0 1.1 8476 5468 ?? I 10:58AM 0:00.00 /usr/local/sbin/openvpn --config /var/etc/openvpn/server1.conf
root 71345 0.0 1.3 9500 6616 ?? I 1:26PM 0:00.11 /usr/local/sbin/openvpn --config /var/etc/openvpn/server1.conf
root 71362 0.0 1.1 8476 5572 ?? I 1:26PM 0:00.00 /usr/local/sbin/openvpn --config /var/etc/openvpn/server1.conf
root 71593 0.0 1.1 8476 5568 ?? S 1:26PM 0:00.05 /usr/local/sbin/openvpn --config /var/etc/openvpn/server1.conf
root 74032 0.0 1.3 10652 6500 ?? Is 1:26PM 0:00.21 /usr/local/sbin/openvpn --config /var/etc/openvpn/server1.conf
root 76702 0.0 1.3 9520 6700 ?? I 12:18PM 0:00.17 /usr/local/sbin/openvpn --config /var/etc/openvpn/server1.conf
root 76940 0.0 1.1 8476 5572 ?? I 12:18PM 0:00.00 /usr/local/sbin/openvpn --config /var/etc/openvpn/server1.conf
root 66790 0.0 0.3 2020 1276 0 S+ 10:59AM 0:04.44 clog -f /var/log/openvpn.log
root 59864 0.0 0.1 1792 696 1 R+ 1:35PM 0:00.00 grep openvpnI kill processes that have "->(none)" and openvpn continuous to run!!
can't really understand what's going on...
alexxtasi
commented
10 years ago silly me! :-( I found a radiusplugin package ... http://ftp-archive.freebsd.org/pub/FreeBSD/ports/i386/packages-8-stable/All/openvpn-auth-radius-2.1_1.tbz
I 'll try to install it in pfSense and see if this "openvpn hang" happens again... (if it's ok, my compile was wrong and I'll be happy to have the plugin working......)
alexxtasi
commented
10 years ago I installed radiusplugin using pkg_add. Also installed dependencies. Now there are:
I set accountingonly=true and also uncomment authport=1812. OpenVPN conf is like described before.
restarted the machine, processes was like:
ps aux | grep openvpn
root 15201 0.0 1.1 8476 5500 ?? Ss 4:06PM 0:00.03 /usr/local/sbin/openvpn --config /var/etc/openvpn/server1.conf
root 12764 0.0 1.0 8476 4900 v0- I 4:06PM 0:00.01 /usr/local/sbin/openvpn --config /var/etc/openvpn/server1.conf
root 13443 0.0 1.0 8476 5028 v0- I 4:06PM 0:00.00 /usr/local/sbin/openvpn --config /var/etc/openvpn/server1.conf
root 13643 0.0 1.0 8476 5028 v0- S 4:06PM 0:00.02 /usr/local/sbin/openvpn --config /var/etc/openvpn/server1.conf
root 47365 0.0 0.2 1792 1120 0 R+ 4:09PM 0:00.00 grep openvpn
root 32427 0.0 0.2 2020 884 1 S+ 4:09PM 0:00.02 clog -f /var/log/openvpn.log
[2.1.4-RELEASE][root@pfsense]/root(4):
[2.1.4-RELEASE][root@pfsense]/root(4): lsof -U | grep openvpn
lsof: WARNING: compiled for FreeBSD release 8.3-RELEASE-p14; this is 8.3-RELEASE-p16.
openvpn 12764 root 12u unix 0xc40b8b44 0t0 ->0xc40b8ce0
openvpn 13443 root 13u unix 0xc40b880c 0t0 ->0xc40b89a8
openvpn 13643 root 15u unix 0xc40b84d4 0t0 ->0xc40b8670
openvpn 15201 root 9u unix 0xc42a7338 0t0 ->(none)
openvpn 15201 root 10u unix 0xc42a719c 0t0 /var/etc/openvpn/server1.sock
openvpn 15201 root 11u unix 0xc40b8ce0 0t0 ->0xc40b8b44
openvpn 15201 root 12u unix 0xc40b89a8 0t0 ->0xc40b880c
openvpn 15201 root 14u unix 0xc40b8670 0t0 ->0xc40b84d4
[2.1.4-RELEASE][root@pfsense]/root(5):
[2.1.4-RELEASE][root@pfsense]/root(5): lsof -i -n -P | grep openvpn
lsof: WARNING: compiled for FreeBSD release 8.3-RELEASE-p14; this is 8.3-RELEASE-p16.
openvpn 15201 root 15u IPv4 0xc42a57e0 0t0 TCP server_ip:5001 (LISTEN)But the same "openvpn hang" happened after a user reconnection or an openvpn server restart. At this stage it was like this:
ps aux | grep openvpn
root 4564 0.0 1.3 9520 6472 ?? I 3:47PM 0:00.17 /usr/local/sbin/openvpn --config /var/etc/openvpn/server1.conf
root 4701 0.0 1.1 8476 5464 ?? I 3:47PM 0:00.00 /usr/local/sbin/openvpn --config /var/etc/openvpn/server1.conf
root 9529 0.0 0.2 1812 796 ?? IN 3:55PM 0:00.00 nc -U /var/etc/openvpn/server1.sock
root 30567 0.0 1.3 9520 6680 ?? I 3:58PM 0:00.19 /usr/local/sbin/openvpn --config /var/etc/openvpn/server1.conf
root 30711 0.0 1.1 8476 5568 ?? I 3:58PM 0:00.00 /usr/local/sbin/openvpn --config /var/etc/openvpn/server1.conf
root 30933 0.0 1.1 8476 5548 ?? S 3:58PM 0:00.02 /usr/local/sbin/openvpn --config /var/etc/openvpn/server1.conf
root 32009 0.0 1.3 10652 6576 ?? Is 3:58PM 0:00.23 /usr/local/sbin/openvpn --config /var/etc/openvpn/server1.conf
root 83380 0.0 1.3 10608 6364 ?? Is 3:54PM 0:00.48 /usr/local/sbin/openvpn --config /var/etc/openvpn/server1.conf
root 45073 0.0 0.2 2020 884 0 S+ 3:33PM 0:01.03 clog -f /var/log/openvpn.log
[2.1.4-RELEASE][root@pfsense]/root(75):
[2.1.4-RELEASE][root@pfsense]/root(75): lsof -i -n -P | grep openvpn
lsof: WARNING: compiled for FreeBSD release 8.3-RELEASE-p14; this is 8.3-RELEASE-p16.
openvpn 32009 root 16u IPv4 0xc43be000 0t0 TCP server_ip:5001 (LISTEN)
openvpn 32009 root 18u IPv4 0xc44cfd20 0t0 TCP server_ip:5001->client_ip:1653 (CLOSED)
openvpn 32009 root 20u IPv4 0xc408e6f0 0t0 UDP *:38539
openvpn 32009 root 21u IPv6 0xc408e740 0t0 UDP *:7766
openvpn 83380 root 20u IPv4 0xc408e710 0t0 UDP *:32092
openvpn 83380 root 21u IPv6 0xc408e6e0 0t0 UDP *:65059
[2.1.4-RELEASE][root@pfsense]/root(76): lsof -U | grep openvpn
lsof: WARNING: compiled for FreeBSD release 8.3-RELEASE-p14; this is 8.3-RELEASE-p16.
openvpn 4564 root 12u unix 0xc445d338 0t0 ->(none)
openvpn 4701 root 14u unix 0xc43824d4 0t0 ->(none)
openvpn 30567 root 12u unix 0xc44569a8 0t0 ->0xc445c000
openvpn 30711 root 14u unix 0xc445680c 0t0 ->0xc43ac9a8
openvpn 30933 root 16u unix 0xc43acb44 0t0 ->0xc446c4d4
openvpn 32009 root 9u unix 0xc40b99a8 0t0 ->0xc445c19c
openvpn 32009 root 10u unix 0xc445c670 0t0 /var/etc/openvpn/server1.sock
openvpn 32009 root 11u unix 0xc445c000 0t0 ->0xc44569a8
openvpn 32009 root 12u unix 0xc43ac9a8 0t0 ->0xc445680c
openvpn 32009 root 13u unix 0xc445cb44 0t0 /tmp/php-fastcgi.socket-0
openvpn 32009 root 15u unix 0xc446c4d4 0t0 ->0xc43acb44
openvpn 83380 root 9u unix 0xc445780c 0t0 ->0xc445c19c
openvpn 83380 root 10u unix 0xc43829a8 0t0 /var/etc/openvpn/server1.sock
openvpn 83380 root 12u unix 0xc445719c 0t0 ->(none)
openvpn 83380 root 13u unix 0xc445d670 0t0 /tmp/php-fastcgi.socket-1
openvpn 83380 root 15u unix 0xc445d80c 0t0 ->(none)I really got confused ... don't even know what to search for!!
comicchang
commented
10 years ago Hi,
Sorry, I only used this plugin and openvpn on my ubuntu server, never used pfSense before.
I think it may caused by mixing up LADP and radius, but I'm not sure. You can use your conf file on an linux-based server to test if that is the problem. or maybe something wrong your openvpn version.
On Tue, Aug 12, 2014 at 2:07 AM, alexxtasi notifications@github.com wrote:
I installed radiusplugin using pkg_add. Also installed dependencies. Now there are:
- gettext-0.18.3.1
- libgcrypt-1.5.3
- libgpg-error-1.12
- libiconv-1.14_1
- lzo2-2.06
- openvpn-2.3.2
- openvpn-auth-radius-2.1_1
I set accountingonly=true and also uncomment authport=1812. OpenVPN conf is like described before.
restarted the machine, processes was like:
ps aux | grep openvpn root 15201 0.0 1.1 8476 5500 ?? Ss 4:06PM 0:00.03 /usr/local/sbin/openvpn --config /var/etc/openvpn/server1.conf root 12764 0.0 1.0 8476 4900 v0- I 4:06PM 0:00.01 /usr/local/sbin/openvpn --config /var/etc/openvpn/server1.conf root 13443 0.0 1.0 8476 5028 v0- I 4:06PM 0:00.00 /usr/local/sbin/openvpn --config /var/etc/openvpn/server1.conf root 13643 0.0 1.0 8476 5028 v0- S 4:06PM 0:00.02 /usr/local/sbin/openvpn --config /var/etc/openvpn/server1.conf root 47365 0.0 0.2 1792 1120 0 R+ 4:09PM 0:00.00 grep openvpn root 32427 0.0 0.2 2020 884 1 S+ 4:09PM 0:00.02 clog -f /var/log/openvpn.log [2.1.4-RELEASE][root@pfsense]/root(4): [2.1.4-RELEASE][root@pfsense]/root(4): lsof -U | grep openvpn lsof: WARNING: compiled for FreeBSD release 8.3-RELEASE-p14; this is 8.3-RELEASE-p16. openvpn 12764 root 12u unix 0xc40b8b44 0t0 ->0xc40b8ce0 openvpn 13443 root 13u unix 0xc40b880c 0t0 ->0xc40b89a8 openvpn 13643 root 15u unix 0xc40b84d4 0t0 ->0xc40b8670 openvpn 15201 root 9u unix 0xc42a7338 0t0 ->(none) openvpn 15201 root 10u unix 0xc42a719c 0t0 /var/etc/openvpn/server1.sock openvpn 15201 root 11u unix 0xc40b8ce0 0t0 ->0xc40b8b44 openvpn 15201 root 12u unix 0xc40b89a8 0t0 ->0xc40b880c openvpn 15201 root 14u unix 0xc40b8670 0t0 ->0xc40b84d4 [2.1.4-RELEASE][root@pfsense]/root(5): [2.1.4-RELEASE][root@pfsense]/root(5): lsof -i -n -P | grep openvpn lsof: WARNING: compiled for FreeBSD release 8.3-RELEASE-p14; this is 8.3-RELEASE-p16. openvpn 15201 root 15u IPv4 0xc42a57e0 0t0 TCP server_ip:5001 (LISTEN)
But the same "openvpn hang" happened after a user reconnection or an openvpn server restart. At this stage it was like this:
ps aux | grep openvpn root 4564 0.0 1.3 9520 6472 ?? I 3:47PM 0:00.17 /usr/local/sbin/openvpn --config /var/etc/openvpn/server1.conf root 4701 0.0 1.1 8476 5464 ?? I 3:47PM 0:00.00 /usr/local/sbin/openvpn --config /var/etc/openvpn/server1.conf root 9529 0.0 0.2 1812 796 ?? IN 3:55PM 0:00.00 nc -U /var/etc/openvpn/server1.sock root 30567 0.0 1.3 9520 6680 ?? I 3:58PM 0:00.19 /usr/local/sbin/openvpn --config /var/etc/openvpn/server1.conf root 30711 0.0 1.1 8476 5568 ?? I 3:58PM 0:00.00 /usr/local/sbin/openvpn --config /var/etc/openvpn/server1.conf root 30933 0.0 1.1 8476 5548 ?? S 3:58PM 0:00.02 /usr/local/sbin/openvpn --config /var/etc/openvpn/server1.conf root 32009 0.0 1.3 10652 6576 ?? Is 3:58PM 0:00.23 /usr/local/sbin/openvpn --config /var/etc/openvpn/server1.conf root 83380 0.0 1.3 10608 6364 ?? Is 3:54PM 0:00.48 /usr/local/sbin/openvpn --config /var/etc/openvpn/server1.conf root 45073 0.0 0.2 2020 884 0 S+ 3:33PM 0:01.03 clog -f /var/log/openvpn.log [2.1.4-RELEASE][root@pfsense]/root(75): [2.1.4-RELEASE][root@pfsense]/root(75): lsof -i -n -P | grep openvpn lsof: WARNING: compiled for FreeBSD release 8.3-RELEASE-p14; this is 8.3-RELEASE-p16. openvpn 32009 root 16u IPv4 0xc43be000 0t0 TCP server_ip:5001 (LISTEN) openvpn 32009 root 18u IPv4 0xc44cfd20 0t0 TCP server_ip:5001->client_ip:1653 (CLOSED) openvpn 32009 root 20u IPv4 0xc408e6f0 0t0 UDP :38539 openvpn 32009 root 21u IPv6 0xc408e740 0t0 UDP :7766 openvpn 83380 root 20u IPv4 0xc408e710 0t0 UDP :32092 openvpn 83380 root 21u IPv6 0xc408e6e0 0t0 UDP :65059
[2.1.4-RELEASE][root@pfsense]/root(76): lsof -U | grep openvpn lsof: WARNING: compiled for FreeBSD release 8.3-RELEASE-p14; this is 8.3-RELEASE-p16. openvpn 4564 root 12u unix 0xc445d338 0t0 ->(none) openvpn 4701 root 14u unix 0xc43824d4 0t0 ->(none) openvpn 30567 root 12u unix 0xc44569a8 0t0 ->0xc445c000 openvpn 30711 root 14u unix 0xc445680c 0t0 ->0xc43ac9a8 openvpn 30933 root 16u unix 0xc43acb44 0t0 ->0xc446c4d4 openvpn 32009 root 9u unix 0xc40b99a8 0t0 ->0xc445c19c openvpn 32009 root 10u unix 0xc445c670 0t0 /var/etc/openvpn/server1.sock openvpn 32009 root 11u unix 0xc445c000 0t0 ->0xc44569a8 openvpn 32009 root 12u unix 0xc43ac9a8 0t0 ->0xc445680c openvpn 32009 root 13u unix 0xc445cb44 0t0 /tmp/php-fastcgi.socket-0 openvpn 32009 root 15u unix 0xc446c4d4 0t0 ->0xc43acb44 openvpn 83380 root 9u unix 0xc445780c 0t0 ->0xc445c19c openvpn 83380 root 10u unix 0xc43829a8 0t0 /var/etc/openvpn/server1.sock openvpn 83380 root 12u unix 0xc445719c 0t0 ->(none) openvpn 83380 root 13u unix 0xc445d670 0t0 /tmp/php-fastcgi.socket-1 openvpn 83380 root 15u unix 0xc445d80c 0t0 ->(none)
I really got confused ... don't even know what to search for!!
- Does the fact that even the installed radiusplugin package does the same, indicate that there not a plugin's issue but a pfSense one ?
- Is there any experience of using radiusplugin on FreeBSD or pfSense ?
— Reply to this email directly or view it on GitHub https://github.com/comicchang/radiusplugin/issues/2#issuecomment-51817419 .
alexxtasi
commented
10 years ago thanks comicchang for your help. Anyway I will try two things
having no time for these tests right now, I will do it in the future and report if I have results...
closing this for now...
Hi Radiusplugin works ok (traffic info send) but makes openvpn freeze.
When it is deactivated (comment), openvpn server works fine. When it is activated (uncomment) and user is reconnecting or just the openvpn server is restarting, the server hangs... When it appears (due to client's reconnection or openvpn server restart), processes are :
OpenVPN freezes (even /var/log/openvpn.log freezes) and after a reboot or killing processes the log shows:
Another issue I found last day is that the user cannot connect (though he could and traffic info was send in RADIUS) and there this line in openvpn.log:
(running
OpenVPN 2.3.2 i386-portbld-freebsd8.3onpfSense 2.1.4-RELEASEand have compiled radiusplugin on freebsd-8.3. I have also posted details in pfsense forum with no response yet)regards