Duo and OpenVPN AS Admin Login Issues

Hi,

I’ve been running Duo on OpenVPN Access Server since September of 2021 without any issues. I’m running version 2.10.1 of OPVN AS and version 2.5 of the Duo script.

I installed Duo back in September and everything worked fine. I received Duo prompts for the web interface when logging into the VPN server and when logging into the admin panel for the AS. Just this weekend I tried getting into the AS admin panel. I received the Duo prompt on my phone, approved it and then I get an error on the web page that says “ERR_Too_Many_Redirects”. I tried in a different browser and received a similar message about the page not redirecting properly. It mentions that this could be caused by disabling or refusing to accept cookies. If I delete the trailing text from the AS url I am able to get to the AS admin panel.

I also just updated the AS to the latest version. I don’t recall having this issue on the previous version of the AS, but my memory is a little foggy whether I tried logging into the AS admin panel when I updated the AS last month.

I haven’t tried uninstalling the script, but will give that a try and then reinstall the script later today if I get time and report back.

Other thing to note is that this only happens when trying to access the admin panel. Everything works as expected if I am just accessing the web server or using the VPN client. So I’m not sure if something changed with the AS and how it interacts with Duo.

Any other suggestions/feedback is welcome.

Thanks
Josh

Well I uninstalled the Duo script and the problem is still there. I’ve been able to replicate with multiple browsers. So it looks like this may be an issue with the OpenVPN AS or something isn’t working with my AS.

Thanks
Josh

Hi @Legacy777, welcome to the Duo Community! I found a discussion in the OpenVPN forum about this issue. It appears this is a known issue in OpenVPN Access Server 2.10.1, a fix for which is planned for 2.10.2.
From the post there:

For most users a downgrade to 2.10.0 is a good workaround. If necessary there are other workarounds. You can usually trim off the redirection stuff after the “/” in the URL and get connected.

This issue arises when the admin UI and the Client Web Service (CWS) are on different ports. If they are on the same port (943 being the default for both) the admin UI must have the “/admin” path appended. When on different ports, there should be no path after “hostname:port/” for either.

Hi @Amy,

Thanks for the reply I appreciate it! I actually created that post on OpenVPN’s forum but never got notified of a reply so thank you for replying and bringing that to my attention.

I will enable DUO again for OpenVPN and wait for the an update to fix this issue.

Thanks again!
Josh

1 Like

Oh, haha :smile: I didn’t even notice that that was your post! Glad I was able to help though!

2 Likes