Monday, October 26, 2009

OpenVPN misfire

I spent the weekend testing out OpenVPN-AS and ran into one problem.  After an hour or two the connection would die and not restart until I completely exited the software and got back in.  Once and awhile I noticed that it would lock out my account.  After some mulling around, I figured out that it had something to do with the SecurID authentication.  I moved from PAM to RADUIS authentication on Friday in hopes that our users could use their keyfobs and not have to remember a separate username/password combo.  Although I got it all working, it seems that there is some kind of reauthentication happening during the session on a frequent basis. I'm guessing there is some kind of a timing issue because everyone once and awhile the attempt fails and the session dies.  Moving back to PAM (that's basically Linux authentication against the local databasse) seems to have resolved the issue.  Time to get WireShark out and see what's happening.  Stay tuned...

No comments: