Excessive Freeradius page load time
-
This post is deleted! -
Every tab in Freeradius or just the Users list? Since that's the default page it might just appear that way.
Any page with thousands of entries is going to load slowly in pfSense though 90s seems excessive. What hardware is that?
With that many users it might be time to consider a separate Radius server.
Steve
-
This post is deleted! -
The OpenVPN status page?
The OpenVPN config page wouldn't have to generate a list of every user like that.
There's always going to be some delay creating pages with thousands of lines. The length of that delay depends on how much processing is required to the data. So displaying 2000 log lines in the system logs is not recommended but acceptable on most modern hardware because there is very little to process.
Steve
-
This post is deleted! -
Hmm, interesting. 90s is excessive either way.
I believe we have a copy of your config in a support ticket we could test?
What CSO values are you using? I expected you would be passing values from Radius since you're using it.
Steve
-
This post is deleted! -
Let me see if I can test it locally...
-
This post is deleted! -
We were able to replicate it but not, yet, improve the response. The Freeradius package in pfSense was never really intended to operate with that many users though. The load times still seem excessive to me but it will always be slow. You really should be using an external Radius server for a number if users that large.
Steve
-
This post is deleted! -
Hmm, I've never attempted that myself. Is there any reason you're trying that rather than use an external Radius server?
-
This post is deleted! -
Using an external Radius server is no different to using Freeradius on pfSense except the server IPs are not localhost. Relatively easy.
-
This post is deleted! -
Well, as I said it should be no different that using Freeradius on the firewall.
You mean it's authenticating users logging into the firewall itself but not OpenVPN users?
-
This post is deleted! -
Right obviously the package is not required and the Radius config is all on the remote and not in the firewall. But from the user auth point of view t configured in the same way. In both cases you need to add a Radius server in User Manager. The only difference there is that with Freeadius the server is specified as running at 127.0.01, because it's local. With a remote Radius server you need to configure the server IP address so pfSense knows where to find it.
But the OpenVPN config is no different, the only change would be selecting the new radius server to use.
Steve
