OpenVPN Authentication Issue
- Posted by Mark Dieterich
- on March 4, 2016
09:57: We experienced some authentication issues with our VPN server. The process has been restarted and we are investigatng the root cause.
17:03: It looks like there is a libgcrypt bug that crops up when you use openVPN and authenticate against LDAP over TLS, which is exactly our setup. This bug results in open calls to /dev/urandom not cleaning up properly, which utlimately results in the system running out of file descriptors. We have implemented a workaround that is supposed to take care of this issue. It took about a week last time for authentication attemps to chew up the file descriptors, so it may be a while before we are positive the fix is working. We did have to bounce the openVPN server a few times during this fix, but clients should have just reconnected automatically.