Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVPN 2FA disconnects

    Scheduled Pinned Locked Moved General pfSense Questions
    5 Posts 2 Posters 571 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      michmoor LAYER 8 Rebel Alliance
      last edited by

      I have a OpenVPN setup using user certificates + radius authenticaiton.
      I am testing adding 2FA into the mix so following the guide posted by netgate here - https://www.netgate.com/blog/freeradius-on-pfsense-for-2fa

      Everything works initially but after about a minute of inactivity [testing on the phone] im kicked out. I have to keep auth every few seconds/minutes.

      This is on the iOS client if it matters.

      08263872-3c21-4d53-9354-ed999fa828ef-image.png

      Firewall: NetGate,Palo Alto-VM,Juniper SRX
      Routing: Juniper, Arista, Cisco
      Switching: Juniper, Arista, Cisco
      Wireless: Unifi, Aruba IAP
      JNCIP,CCNP Enterprise

      the otherT 1 Reply Last reply Reply Quote 0
      • the otherT
        the other @michmoor
        last edited by

        @michmoor
        Hey there, just a quick guess..what are your settings under openvpn server > ping settings?

        the other

        pure amateur home user, no business or professional background
        please excuse poor english skills and typpoz :)

        M 1 Reply Last reply Reply Quote 0
        • M
          michmoor LAYER 8 Rebel Alliance @the other
          last edited by

          @the-other set to keep alive
          Interval 10
          Timeout 60

          Firewall: NetGate,Palo Alto-VM,Juniper SRX
          Routing: Juniper, Arista, Cisco
          Switching: Juniper, Arista, Cisco
          Wireless: Unifi, Aruba IAP
          JNCIP,CCNP Enterprise

          the otherT 1 Reply Last reply Reply Quote 0
          • the otherT
            the other @michmoor
            last edited by the other

            @michmoor
            and which value in the "inactive" field? I was just guessing, maybe your connection closes after just a short time period...probably false thinking on my end...
            oh, and do you have a reneg-sec 0 under openVPNserver's advanced field? AFAIK if not set to 0 it will demand a new auth every 3600 seconds...

            the other

            pure amateur home user, no business or professional background
            please excuse poor english skills and typpoz :)

            M 1 Reply Last reply Reply Quote 0
            • M
              michmoor LAYER 8 Rebel Alliance @the other
              last edited by

              @the-other

              f2b8929a-3ac9-43ba-99a2-4e7d6fd6257d-image.png

              e6e9eced-0a1c-41e8-b66e-6752a70d1860-image.png

              Firewall: NetGate,Palo Alto-VM,Juniper SRX
              Routing: Juniper, Arista, Cisco
              Switching: Juniper, Arista, Cisco
              Wireless: Unifi, Aruba IAP
              JNCIP,CCNP Enterprise

              1 Reply Last reply Reply Quote 0
              • bingo600B bingo600 referenced this topic on
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.