Pfsense & FreeRadius: Numerous User Reporting Random Connection Drops or Connections "Timing Out"

Hi All:

We migrated from Pfsense w/ OpenVPN > Local Authentication to Pfsense w/ OpenVPN > FreeRadius authentication. The reason for adding FreeRadius is two-fold 1) enabling 2FA and 2) Pinning an IP to VPN user.

Pros:
So far so good. We can capture the users IP and restrict movement (per se) and two-factor authentication works like a charm.

Cons (Side affects):
So the problem we are seeing now is that after a user connects to the VPN and then logs into their RDC (or another resource), they are reporting being kicked out or the session timing out. This issue seems random across users (5) with different internet hosts.

This behavior was not observed with the previous setup when FreeRadius was not involved. Any thoughts on the root cause or how I should investigate this issue.

Thanks in advance.

I think there is a bug in the 2FA that times out users. I think this is the solution, but I have not tested

https://www.reddit.com/r/PFSENSE/comments/9h1919/pfsense_openvpn_timeout_every_60_min/

Thank you. I will check this out.

Thank you @LTS_Tom for pointing me in the right direction. Per the article, I searched the logs and noticed " TLS Error: local/remote TLS keys are out of sync". A subsequent google search found articles addressing the issue head-on:
https://www.reddit.com/r/PFSENSE/comments/frsvuh/openvpn_renegsec_behavior_with_freeradius_and_otp/

Good work! Thanks again!

1 Like

Update: In pfSense 2.7.2-RELEASE (CE)
Openvpn>Client Settings > Ping settings > Inactive >0
No disconnections.
It works and is stable now.
Issue resolved.