Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Excessive Freeradius page load time

    Scheduled Pinned Locked Moved General pfSense Questions
    18 Posts 2 Posters 1.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • I
      ipguy @stephenw10
      last edited by

      This post is deleted!
      1 Reply Last reply Reply Quote 0
      • stephenw10S
        stephenw10 Netgate Administrator
        last edited by

        The OpenVPN status page?

        The OpenVPN config page wouldn't have to generate a list of every user like that.

        There's always going to be some delay creating pages with thousands of lines. The length of that delay depends on how much processing is required to the data. So displaying 2000 log lines in the system logs is not recommended but acceptable on most modern hardware because there is very little to process.

        Steve

        I 1 Reply Last reply Reply Quote 0
        • I
          ipguy @stephenw10
          last edited by

          This post is deleted!
          1 Reply Last reply Reply Quote 0
          • stephenw10S
            stephenw10 Netgate Administrator
            last edited by

            Hmm, interesting. 90s is excessive either way.

            I believe we have a copy of your config in a support ticket we could test?

            What CSO values are you using? I expected you would be passing values from Radius since you're using it.

            Steve

            I 1 Reply Last reply Reply Quote 0
            • I
              ipguy @stephenw10
              last edited by

              This post is deleted!
              1 Reply Last reply Reply Quote 0
              • stephenw10S
                stephenw10 Netgate Administrator
                last edited by

                Let me see if I can test it locally...

                I 1 Reply Last reply Reply Quote 0
                • I
                  ipguy @stephenw10
                  last edited by

                  This post is deleted!
                  1 Reply Last reply Reply Quote 0
                  • stephenw10S
                    stephenw10 Netgate Administrator
                    last edited by stephenw10

                    We were able to replicate it but not, yet, improve the response. The Freeradius package in pfSense was never really intended to operate with that many users though. The load times still seem excessive to me but it will always be slow. You really should be using an external Radius server for a number if users that large.

                    Steve

                    I 1 Reply Last reply Reply Quote 0
                    • I
                      ipguy @stephenw10
                      last edited by

                      This post is deleted!
                      1 Reply Last reply Reply Quote 0
                      • stephenw10S
                        stephenw10 Netgate Administrator
                        last edited by

                        Hmm, I've never attempted that myself. Is there any reason you're trying that rather than use an external Radius server?

                        I 1 Reply Last reply Reply Quote 0
                        • I
                          ipguy @stephenw10
                          last edited by

                          This post is deleted!
                          1 Reply Last reply Reply Quote 0
                          • stephenw10S
                            stephenw10 Netgate Administrator
                            last edited by

                            Using an external Radius server is no different to using Freeradius on pfSense except the server IPs are not localhost. Relatively easy.

                            I 1 Reply Last reply Reply Quote 0
                            • I
                              ipguy @stephenw10
                              last edited by

                              This post is deleted!
                              1 Reply Last reply Reply Quote 0
                              • stephenw10S
                                stephenw10 Netgate Administrator
                                last edited by

                                Well, as I said it should be no different that using Freeradius on the firewall.

                                You mean it's authenticating users logging into the firewall itself but not OpenVPN users?

                                I 1 Reply Last reply Reply Quote 0
                                • I
                                  ipguy @stephenw10
                                  last edited by

                                  This post is deleted!
                                  1 Reply Last reply Reply Quote 0
                                  • stephenw10S
                                    stephenw10 Netgate Administrator
                                    last edited by

                                    Right obviously the package is not required and the Radius config is all on the remote and not in the firewall. But from the user auth point of view t configured in the same way. In both cases you need to add a Radius server in User Manager. The only difference there is that with Freeadius the server is specified as running at 127.0.01, because it's local. With a remote Radius server you need to configure the server IP address so pfSense knows where to find it.

                                    But the OpenVPN config is no different, the only change would be selecting the new radius server to use.

                                    Steve

                                    1 Reply Last reply Reply Quote 0
                                    • First post
                                      Last post
                                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.