Inactivity timeout (--ping-restart)

Post Reply
Mujhahid
OpenVpn Newbie
Posts: 2
Joined: Wed Aug 30, 2017 4:39 pm

Inactivity timeout (--ping-restart)

Post by Mujhahid » Wed Aug 30, 2017 4:44 pm

Hi

I use the openvpn with two WAN's, one as principal and another one as backup.

But when the Principal Wan fail, the VPN connection drops and I need to go and manually start again the service.

And the error on the console is:

Wed Aug 30 18:23:04 2017 VERIFY OK: depth=1, CN=OpenVPN CA
Wed Aug 30 18:23:04 2017 VERIFY OK: nsCertType=SERVER
Wed Aug 30 18:23:04 2017 VERIFY OK: depth=0, CN=OpenVPN Server
Wed Aug 30 18:23:08 2017 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Wed Aug 30 18:23:08 2017 WARNING: this cipher's block size is less than 128 bit (64 bit). Consider using a --cipher with a larger block size.
Wed Aug 30 18:23:08 2017 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Aug 30 18:23:08 2017 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Wed Aug 30 18:23:08 2017 WARNING: this cipher's block size is less than 128 bit (64 bit). Consider using a --cipher with a larger block size.
Wed Aug 30 18:23:08 2017 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Aug 30 18:23:08 2017 Control Channel: TLSv1, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 2048 bit RSA
Wed Aug 30 18:23:08 2017 [OpenVPN Server] Peer Connection Initiated with [AF_INET]160.119.112.7:1193
Wed Aug 30 18:23:10 2017 SENT CONTROL [OpenVPN Server]: 'PUSH_REQUEST' (status=1)
Wed Aug 30 18:23:11 2017 AUTH: Received control message: AUTH_FAILED,SESSION: Your session has expired, please reauthenticate
Wed Aug 30 18:23:11 2017 SIGTERM received, sending exit notification to peer
Wed Aug 30 18:23:12 2017 SIGTERM[soft,exit-with-notification] received, process exiting

It's possible that when the WAN1 fail, the VPN change automacally to the Backup Wan, and also when the Backup fail he automatically use the Principal connection

novaflash
OpenVPN Expert
Posts: 411
Joined: Fri Apr 13, 2012 8:43 pm

Re: Inactivity timeout (--ping-restart)

Post by novaflash » Wed Aug 30, 2017 4:49 pm

> Wed Aug 30 18:23:11 2017 AUTH: Received control message: AUTH_FAILED,SESSION: Your session has expired, please reauthenticate

Sessions are locked to IP. Either remove the IP lock or change the session timeouts or use autologin type profiles.
https://docs.openvpn.net/access-server/

Check the command line tools page for more details on all of that.

Mujhahid
OpenVpn Newbie
Posts: 2
Joined: Wed Aug 30, 2017 4:39 pm

Re: Inactivity timeout (--ping-restart)

Post by Mujhahid » Thu Aug 31, 2017 2:11 pm

My configuration file look like this, how can I remove the IP Lock or change the session timeouts

auth-user-pass /opt/user/login.txt
setenv FORWARD_COMPATIBLE 1
client
proto udp
nobind
remote SERVERNAME
port XXXX
dev tun
dev-type tun
ns-cert-type server
reneg-sec 604800
sndbuf 100000
rcvbuf 100000
# NOTE: LZO commands are pushed by the Access Server at connect time.
# NOTE: The below line doesn't disable LZO.
comp-lzo no
verb 3
setenv PUSH_PEER_INFO

novaflash
OpenVPN Expert
Posts: 411
Joined: Fri Apr 13, 2012 8:43 pm

Re: Inactivity timeout (--ping-restart)

Post by novaflash » Thu Aug 31, 2017 2:33 pm

In /usr/local/openvpn_as/scripts/ there are programs to manage this setting.

https://docs.openvpn.net/docs/access-se ... management

Post Reply