Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Lots of local users. Takes up to 3 hours to boot?

    General pfSense Questions
    1
    1
    684
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • E
      elpardua
      last edited by

      Hi guys, i'm currently running 2.2.5, but this issue has also happen in a 2.2.4 installation. I'm running an openvpn instance, which authenticates against a freeradius server, from where it gets some cisco avpair rules, defined per user. Initially, i've used a single local user to create the certificate, and using duplicate-cn, so i could connect with several clients (but different radius users) at once.

      Then, i had the first problem. When the first client connects, imports the specific ruleset into openvpn/generic_tunnel_user anchor, and worked like a charm, but when a second radius user tries to connect to the same tunnel, it wipes the previously imported rules.

      My scenario involves 2000+ possible radius clients (not simultaneously, those are just about 10-20), i've decided to create those same users locally, so i could create a specific cert, and then, when each one connects, imports their specific ruleset into separate anchors (openvpn/clien-a, openvpn/client-b and so forth…)

      I've searched for a massive/batch user creation method, but i've ended using macros and csv files to create my users, generate their certs and adding them to a "vpnusers" group. (BTW, i have the imacro script, for those of you who may need it.)

      Til' this point i've had no problem, but when i try to reboot the VM (is running on a vmware ESXi 5.5 host), it gets stuck in the "synchronizing user settings" stage for almost 3 hours, and then boots normally.

      The Virtual machine has this specs:
      Intel(R) Xeon(R) CPU X5650 @ 2.67GHz
      Current: 332 MHz, Max: 2660 MHz
      2 CPUs: 2 package(s) x 1 core(s)
      4Gb Ram
      and it's booting from a lun in a VNX storage (which serves a lot of servers and has no apparent performance issues).

      Does the bootup process involve some rehashing or integrity check that could take so long? The local user cert count is about 2200. If so, there is a way to improve boot times?

      Thanks in advance.
      Pablo

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.