Inactivity timeout (--ping-restart)

Post Reply
Mujhahid
OpenVpn Newbie
Posts: 2
Joined: Wed Aug 30, 2017 4:39 pm

Inactivity timeout (--ping-restart)

Post by Mujhahid » Wed Aug 30, 2017 4:44 pm

Hi

I use the openvpn with two WAN's, one as principal and another one as backup.

But when the Principal Wan fail, the VPN connection drops and I need to go and manually start again the service.

And the error on the console is:

Wed Aug 30 18:23:04 2017 VERIFY OK: depth=1, CN=OpenVPN CA
Wed Aug 30 18:23:04 2017 VERIFY OK: nsCertType=SERVER
Wed Aug 30 18:23:04 2017 VERIFY OK: depth=0, CN=OpenVPN Server
Wed Aug 30 18:23:08 2017 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Wed Aug 30 18:23:08 2017 WARNING: this cipher's block size is less than 128 bit (64 bit). Consider using a --cipher with a larger block size.
Wed Aug 30 18:23:08 2017 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Aug 30 18:23:08 2017 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Wed Aug 30 18:23:08 2017 WARNING: this cipher's block size is less than 128 bit (64 bit). Consider using a --cipher with a larger block size.
Wed Aug 30 18:23:08 2017 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Aug 30 18:23:08 2017 Control Channel: TLSv1, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 2048 bit RSA
Wed Aug 30 18:23:08 2017 [OpenVPN Server] Peer Connection Initiated with [AF_INET]160.119.112.7:1193
Wed Aug 30 18:23:10 2017 SENT CONTROL [OpenVPN Server]: 'PUSH_REQUEST' (status=1)
Wed Aug 30 18:23:11 2017 AUTH: Received control message: AUTH_FAILED,SESSION: Your session has expired, please reauthenticate
Wed Aug 30 18:23:11 2017 SIGTERM received, sending exit notification to peer
Wed Aug 30 18:23:12 2017 SIGTERM[soft,exit-with-notification] received, process exiting

It's possible that when the WAN1 fail, the VPN change automacally to the Backup Wan, and also when the Backup fail he automatically use the Principal connection

novaflash
I should be on the dev team.
Posts: 524
Joined: Fri Apr 13, 2012 8:43 pm

Re: Inactivity timeout (--ping-restart)

Post by novaflash » Wed Aug 30, 2017 4:49 pm

> Wed Aug 30 18:23:11 2017 AUTH: Received control message: AUTH_FAILED,SESSION: Your session has expired, please reauthenticate

Sessions are locked to IP. Either remove the IP lock or change the session timeouts or use autologin type profiles.
https://docs.openvpn.net/access-server/

Check the command line tools page for more details on all of that.

Mujhahid
OpenVpn Newbie
Posts: 2
Joined: Wed Aug 30, 2017 4:39 pm

Re: Inactivity timeout (--ping-restart)

Post by Mujhahid » Thu Aug 31, 2017 2:11 pm

My configuration file look like this, how can I remove the IP Lock or change the session timeouts

auth-user-pass /opt/user/login.txt
setenv FORWARD_COMPATIBLE 1
client
proto udp
nobind
remote SERVERNAME
port XXXX
dev tun
dev-type tun
ns-cert-type server
reneg-sec 604800
sndbuf 100000
rcvbuf 100000
# NOTE: LZO commands are pushed by the Access Server at connect time.
# NOTE: The below line doesn't disable LZO.
comp-lzo no
verb 3
setenv PUSH_PEER_INFO

novaflash
I should be on the dev team.
Posts: 524
Joined: Fri Apr 13, 2012 8:43 pm

Re: Inactivity timeout (--ping-restart)

Post by novaflash » Thu Aug 31, 2017 2:33 pm

In /usr/local/openvpn_as/scripts/ there are programs to manage this setting.

https://docs.openvpn.net/docs/access-se ... management

Post Reply