Your browser does not seem to support JavaScript. As a result, your viewing experience will be diminished, and you have been placed in read-only mode.

Please download a browser that supports JavaScript, or enable it if it's disabled (i.e. NoScript).

User 'XXX' could not authenticate every 1 hour.

12 Posts 4 Posters 5.0k Views

Log in to reply

B

bchan
last edited by

@kiokoman said in User 'XXX' could not authenticate every 1 hour.:

"reneg-sec 36000"

Thank you for your response.

When I put "reneg-sec 36000" in the custom option for OpenVPN (server), the server cannot start with this error:

Options error: Unrecognized option or missing or extra parameter(s) in /var/etc/openvpn/server2.conf:40: reneg-sec 36000 (2.4.6) ?

Furthermore, I noticed that before the "XXXX could not authenticate", there was an entry in the system log saying:
googleauth.py freeRADIUS: Google Authenticator - Authentication failed. User: XXXXX, Reason: wrong tokencode

It seems that the problem laid in the freeRADIUS as it tried to call the googleauth.py with old OTP every 3600 sec.
1 Reply Last reply
Reply Quote 0
K

kiokoman LAYER 8
last edited by kiokoman

without quotes

reference
https://forum.netgate.com/topic/113174/tls-error-local-remote-tls-keys-are-out-of-sync
https://forum.pfsense.org/index.php?topic=127601.0
̿' ̿'\̵͇̿̿\з=(◕_◕)=ε/̵͇̿̿/'̿'̿ ̿
Please do not use chat/PM to ask for help
we must focus on silencing this @guest character. we must make up lies and alter the copyrights !
Don't forget to Upvote with the 👍 button for any post you find to be helpful.
B 1 Reply Last reply
Reply Quote 0
B

bchan @kiokoman
last edited by

@kiokoman Oh my bad!
I am trying this out....
1 Reply Last reply
Reply Quote 0
B

bchan @kiokoman
last edited by

@kiokoman It works. Thanks
1 Reply Last reply
Reply Quote 0
C

callen
last edited by

@kiokoman do you know if I need to export the client again and distribute it to my users after making this change?
1 Reply Last reply
Reply Quote 0
K

kiokoman LAYER 8
last edited by

yes, or you can manually edit every client config
̿' ̿'\̵͇̿̿\з=(◕_◕)=ε/̵͇̿̿/'̿'̿ ̿
Please do not use chat/PM to ask for help
we must focus on silencing this @guest character. we must make up lies and alter the copyrights !
Don't forget to Upvote with the 👍 button for any post you find to be helpful.
1 Reply Last reply
Reply Quote 0
C

callen
last edited by

@kiokoman thanks. I assume my users on Windows can just run the installer again and OpenVPN will update?
1 Reply Last reply
Reply Quote 0
K

kiokoman LAYER 8
last edited by

yes, but there is no need actually as i said they just need to modify the configuration
̿' ̿'\̵͇̿̿\з=(◕_◕)=ε/̵͇̿̿/'̿'̿ ̿
Please do not use chat/PM to ask for help
we must focus on silencing this @guest character. we must make up lies and alter the copyrights !
Don't forget to Upvote with the 👍 button for any post you find to be helpful.
1 Reply Last reply
Reply Quote 0
P

pfsenseuser2020 @kiokoman
last edited by

@kiokoman
hi
i'm having the same problem. i didn't quite get it
i see where to config the reneg 0 unser the custom vpn settings, but where to set the 36000?
C 1 Reply Last reply
Reply Quote 0
C

callen @pfsenseuser2020
last edited by

@pfsenseuser2020 Edit your OpenVPN server and scroll down to the Advanced Configuration section. You add reneg-sec 36000 to the Custom Options field.
1 Reply Last reply
Reply Quote 0

Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.

1 / 1