Openvpn failing with a large number of clients attempting to connect

dcat127

I have a Pfsense router that has around 2000 openvpn clients that connect to it. I am using freeradius for authentication, setup with mysql. All the clients are configured to retry on failure to connect.

Whenever the router is rebooted no openvpn clients are able to log-on, and the web interface crashes. The following error shows in the system.log.

Oct 16 01:45:39 pfSense check_reload_status[409]: Could not connect to /var/run/php-fpm.socket
Oct 16 01:45:40 pfSense kernel: sonewconn: pcb 0xfffff80047bcd100: Listen queue overflow: 193 already in queue awaiting acceptance (1120 occurrences)

If I unplug the WAN, and or put a firewall rule in to block the openvpn connection on the WAN interface, and then reboot, wait about 5 minutes and then reenable, everything works as expected until the next reboot.

While the router is in the mode of not working this error appears in the system.log over and over again:

Oct 16 01:43:55 pfSense openvpn[128]: /openvpn.auth-user.php: Error during RADIUS authentication : No valid RADIUS responses received

My theory is that freeradius is started fairly late in the bootup process. And since I have so many clients attempting to connect, each connection attempt ties up php-fpm for some time while waiting for a freeradius response.

Does anyone have any idea has to fix this....or troubleshoot it further?