NGINX Gateway Timeout after setting up OpenVPN + FreeRADIUS2 + mOTP



  • Hi pfSense Team,

    I'm trying to setup a multi-factor authentication for an OpenVPN environment thru FreeRADIUS2 and mOTP. I was able to configure it thanks to your wonderful documentations and rich ideas from my fellow pfSense users/fans. I was also able to test the OTP of my OpenVPN test account.

    Though after rebooting my pfSense server, as part of my test, I can no longer login on pfSense Web GUI. 504 Gateway Time-out is being displayed after entering the admin credentials and I can also see the ff. error logs on nginx-error.log

    "upstream timed out (110: Connection timed out) while reading response header from upstream"

    I even tried restarting the Webconfigurator and PHP-FPM (options 11 and 16) thru console but the issue still persists.

    I was able to replicate it thru this process:

    1. Configure WAN and LAN interfaces
    2. Install FreeRADIUS2 and OpenPVN Client Export Utility packages
    3. Create CA and Server Certificates
    4. Configure FreeRADIUS2 and enable mOTP
    5. Add user to the FreeRADIUS2 database without password and enable mOTP
    6. Configure OpenVPN Server with Road warrior configuration and select FreeRADIUS2 for the user database
    7. Test mOTP + FreeRADIUS2 by going to Diagnostics > Authentication. Select FreeRADIUS2 for the Authentication Server.
    8. Once done on testing, reboot the pfsense server.
    9. Go to the web admin page and enter the admin credentials.
    10. The page will load for a long time and  504 Gateway Time-out error prompt will be displayed.

    The webconfigurator is a very important tool for the environment I'm trying to setup to easily add users and of course that it is one of the best features of pfSense.

    I hope that somebody already bumped into this problem and verify that this is not a bug?

    Thanks!



  • Issue was fixed using the older version of pFsense. I am using now pFsense 2.2.6.

    Hope this can be fixed on the next stable release.

    Thanks!



  • Can this be fixed on the next stable release?