Lots of local users. Takes up to 3 hours to boot?



  • Hi guys, i'm currently running 2.2.5, but this issue has also happen in a 2.2.4 installation. I'm running an openvpn instance, which authenticates against a freeradius server, from where it gets some cisco avpair rules, defined per user. Initially, i've used a single local user to create the certificate, and using duplicate-cn, so i could connect with several clients (but different radius users) at once.

    Then, i had the first problem. When the first client connects, imports the specific ruleset into openvpn/generic_tunnel_user anchor, and worked like a charm, but when a second radius user tries to connect to the same tunnel, it wipes the previously imported rules.

    My scenario involves 2000+ possible radius clients (not simultaneously, those are just about 10-20), i've decided to create those same users locally, so i could create a specific cert, and then, when each one connects, imports their specific ruleset into separate anchors (openvpn/clien-a, openvpn/client-b and so forth…)

    I've searched for a massive/batch user creation method, but i've ended using macros and csv files to create my users, generate their certs and adding them to a "vpnusers" group. (BTW, i have the imacro script, for those of you who may need it.)

    Til' this point i've had no problem, but when i try to reboot the VM (is running on a vmware ESXi 5.5 host), it gets stuck in the "synchronizing user settings" stage for almost 3 hours, and then boots normally.

    The Virtual machine has this specs:
    Intel(R) Xeon(R) CPU X5650 @ 2.67GHz
    Current: 332 MHz, Max: 2660 MHz
    2 CPUs: 2 package(s) x 1 core(s)
    4Gb Ram
    and it's booting from a lun in a VNX storage (which serves a lot of servers and has no apparent performance issues).

    Does the bootup process involve some rehashing or integrity check that could take so long? The local user cert count is about 2200. If so, there is a way to improve boot times?

    Thanks in advance.
    Pablo


Log in to reply