Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
zarkathus
Participant

VPN Authentication using Radius Group as HA

Hey guys.

We are trying to set up high availability using Radius Group for VPN authentication. Radius NPS+Azure Extension.

A single server can validate authentication and it works perfectly. But for different reasons, we're going to need one more.

Trying to use the Radius Group feature, along with the priority, the second server takes a long time to take over, and even waiting a long time I can't authenticate.

Configurations:

Radius Group
RADIUS_1 - Priority = 1
RADIUS_2 - Priority = 2

radius_retrant_num = 5
radius_retrant_timeout = 30

If I put the servers with the same priority, will the Radius Group work as a balancer?

So far I haven't found a better way to have high availability. Is there another personal way?

Sincerely,

0 Kudos
2 Replies
the_rock
Champion
Champion

What you have definitely seems correct. I worked with customer who set it up exactly same way, but twice when main server with prioroty 1 failed, it never failed over to 2nd one, which it should have. Sadly, since it causes everyone to lose vpn access, as they cant authenticate without MFA, we never had time to troubleshoot with TAC...they would simply make other azure server as priority one, or remove the actual on prem server from the group.

I believe if they have same priority, it would work as load balancer method.

zarkathus
Participant

Hello, 

Thank you for your reply. 

I've tried set the same priority, but for some reason always forward the auth to the same one. 

So, digging in the web find some SKs about timeout. 

I'am new here on my job, so the timeouts for some reason its set to 300000 here in the configurations. 

In the sk102557, radius_connect_timeout - Timeout interval until all RADIUS servers are considered down for this authentication attempt. (in seconds) . 

So...what's the default values for this options?

Regards, 

 

 

0 Kudos