OpenVPN does not reliably reconnect after brief internet outage

This forum is for general conversation and user-user networking.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Post Reply
VADemon
OpenVpn Newbie
Posts: 3
Joined: Thu May 09, 2019 11:37 pm

OpenVPN does not reliably reconnect after brief internet outage

Post by VADemon » Fri May 10, 2019 12:07 am

It has occurred a couple times already that OpenVPN would not be able to reconnect back to the VPN server after an internet outage. It's unfortunate, because I often need remote access to my PC while away.

Log is flooded with:

Code: Select all

The requested name is valid, but no data of the requested type was found.
Searching this line led me to this blog entry pointing out it's a Windows network API error message about failed DNS lookup. No other relevant results at all though. Given my config, I believe this error is caused by OpenVPN client trying to resolve the server domain while using a disconnected VPN/tun adapter, so all requests are routed into a broken link.

OpenVPN client: 2.4.7/2.4.6
Windows 7 x64
My config:

Code: Select all

client
dev tun
proto udp
remote <DOMAIN> 1194
resolv-retry 300
persist-key
persist-tun
Has anyone had this problem before or knows a working solution?

If my clues are correct, there're 2 ways around:
Unsure: Make OpenVPN somehow bypass it's own routing via VPN tunnel when communicating with server, custom route for the VPN server IP like "route <server ip> 255.0.0.0 net_gateway". Since the VPN srv also has DNS srv set up and if the client's DNS is set to be this server, any DNS requests should route directly to the right IP for lookups?

My bet: Instead of connecting to VPN server through domain, write down the IP in config: "remote <IP> 1194". Alternatively, add the domain to /etc/hosts (bad when the server IP changes, but it's a personal server - all under control).

I will try the latter: add the domain to /etc/hosts and report on results months later when it happens again (or not).

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: OpenVPN does not reliably reconnect after brief internet outage

Post by TinCanTech » Fri May 10, 2019 1:05 pm

VADemon wrote:
Fri May 10, 2019 12:07 am
persist-key
persist-tun
Try removing these from the client config.

VADemon
OpenVpn Newbie
Posts: 3
Joined: Thu May 09, 2019 11:37 pm

Re: OpenVPN does not reliably reconnect after brief internet outage

Post by VADemon » Sat May 09, 2020 11:06 pm

I followed your advice and it seemed to help... or maybe my network didn't crash since.
One time though I was booting my PC (autoconnect on startup) while the internet was OFF. OpenVPN couldn't make a connection, even after minutes when the internet connection was back up.
This was 2 months ago and I put my VPN server's domain to /etc/hosts (Windows) and haven't had a problem since so far (and I didn't readd those config lines you told me to remove).

I guess it's resolved now (static DNS resolving + removal of these keys)

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: OpenVPN does not reliably reconnect after brief internet outage

Post by TinCanTech » Sun May 10, 2020 12:40 am

Who need security anyway ..

VADemon
OpenVpn Newbie
Posts: 3
Joined: Thu May 09, 2019 11:37 pm

Re: OpenVPN does not reliably reconnect after brief internet outage

Post by VADemon » Mon May 11, 2020 1:43 am

I can't correct the mistake in my reply. I actually mis-remembered it, persist-key and persist-key are enabled in the config, which narrows it down solely to a DNS issue when the DNS server is inside the VPN and unreachable due to the link going down and the lookup has expired from the system cache.
So either don't use a domain name as the VPN server target or hardcode it in /etc/hosts
TinCanTech wrote:
Sun May 10, 2020 12:40 am
Who need security anyway ..
Thank you for your time

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: OpenVPN does not reliably reconnect after brief internet outage

Post by TinCanTech » Mon May 11, 2020 2:57 am

VADemon wrote:
Mon May 11, 2020 1:43 am
I can't correct the mistake in my reply.
What mistake ?
VADemon wrote:
Mon May 11, 2020 1:43 am
I actually mis-remembered it, persist-key and persist-key are enabled in the config
Exactly as I first pointed out.
VADemon wrote:
Mon May 11, 2020 1:43 am
which narrows it down solely to a DNS issue
I do not see the logic to this conclusion.
VADemon wrote:
Mon May 11, 2020 1:43 am
when the DNS server is inside the VPN and unreachable due to the link going down and the lookup has expired from the system cache.
Openvpn does take the necessary steps to avoid this confused state.
VADemon wrote:
Mon May 11, 2020 1:43 am
So either don't use a domain name as the VPN server target or hardcode it in /etc/hosts
Or better yet .. please read this:
viewtopic.php?f=30&t=22603

Post Reply