recvmsg: Connection timed out (when dual auth)

Nux! nux at li.nux.ro
Wed Sep 14 07:58:38 PDT 2016


Hello,

While getting PAM to talk to both Radius and Duo is still not solved, I managed to install the Duo proxy software which acts like a local RADIUS client; in the background it checks both our RADIUS server in the LAN and DUO's 2FA service.

All good and well, I can connect with my RADIUS password and the DUO application on my mobile asks for approval, but unless I'm really quick with the approval the auth fails. It must be something like 5 seconds max.
I tried specifying "auth-timeout = 30" in ocserv.conf to give me more time, but it doesn't seem to fix the issue.

Any ideas?

ocserv[7916]: radius-auth: communicating username (foobar) and password
ocserv[7922]: common.c:609: recvmsg: Connection timed out
ocserv[7922]: worker: 172.16.5.34 worker-auth.c:688: error receiving auth reply message
ocserv[7922]: worker: 172.16.5.34 worker-auth.c:1528: failed authentication for ''
ocserv[7915]: main: 172.16.5.34:64958 user disconnected (reason: unspecified, rx: 0, tx: 0)
ocserv[7916]: radius-auth: ignoring server's value 18 of type 0
ocserv[7916]: common.c:450: Broken pipe
ocserv[7916]: sec-mod: send_msg: Broken pipe
ocserv[7916]: sec-mod: could not send reply auth cmd.
ocserv[7916]: sec-mod: error processing data for 'sm: auth cont' command (-1)

/var/log/messages shows:

ocserv[7916]: sec-mod: using 'radius' authentication to authenticate user (session: +PI5jw)
ocserv[7915]: main: 172.16.5.34:64957 user disconnected (reason: unspecified, rx: 0, tx: 0)
ocserv[7922]: common.c:609: recvmsg: Connection timed out
ocserv[7922]: worker: 172.16.5.34 worker-auth.c:688: error receiving auth reply message
ocserv[7922]: worker: 172.16.5.34 worker-auth.c:1528: failed authentication for ''
ocserv[7915]: main: 172.16.5.34:64958 user disconnected (reason: unspecified, rx: 0, tx: 0)
ocserv[7916]: common.c:450: Broken pipe
ocserv[7916]: sec-mod: send_msg: Broken pipe
ocserv[7916]: sec-mod: could not send reply auth cmd.
ocserv[7916]: sec-mod: error processing data for 'sm: auth cont' command (-1)


--
Sent from the Delta quadrant using Borg technology!

Nux!
www.nux.ro



More information about the openconnect-devel mailing list