Hi
I use the openvpn with two WAN's, one as principal and another one as backup.
But when the Principal Wan fail, the VPN connection drops and I need to go and manually start again the service.
And the error on the console is:
Wed Aug 30 18:23:04 2017 VERIFY OK: depth=1, CN=OpenVPN CA
Wed Aug 30 18:23:04 2017 VERIFY OK: nsCertType=SERVER
Wed Aug 30 18:23:04 2017 VERIFY OK: depth=0, CN=OpenVPN Server
Wed Aug 30 18:23:08 2017 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Wed Aug 30 18:23:08 2017 WARNING: this cipher's block size is less than 128 bit (64 bit). Consider using a --cipher with a larger block size.
Wed Aug 30 18:23:08 2017 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Aug 30 18:23:08 2017 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Wed Aug 30 18:23:08 2017 WARNING: this cipher's block size is less than 128 bit (64 bit). Consider using a --cipher with a larger block size.
Wed Aug 30 18:23:08 2017 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Aug 30 18:23:08 2017 Control Channel: TLSv1, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 2048 bit RSA
Wed Aug 30 18:23:08 2017 [OpenVPN Server] Peer Connection Initiated with [AF_INET]160.119.112.7:1193
Wed Aug 30 18:23:10 2017 SENT CONTROL [OpenVPN Server]: 'PUSH_REQUEST' (status=1)
Wed Aug 30 18:23:11 2017 AUTH: Received control message: AUTH_FAILED,SESSION: Your session has expired, please reauthenticate
Wed Aug 30 18:23:11 2017 SIGTERM received, sending exit notification to peer
Wed Aug 30 18:23:12 2017 SIGTERM[soft,exit-with-notification] received, process exiting
It's possible that when the WAN1 fail, the VPN change automacally to the Backup Wan, and also when the Backup fail he automatically use the Principal connection
Inactivity timeout (--ping-restart)
-
- OpenVpn Newbie
- Posts: 2
- Joined: Wed Aug 30, 2017 4:39 pm
- novaflash
- OpenVPN Inc.
- Posts: 1073
- Joined: Fri Apr 13, 2012 8:43 pm
Re: Inactivity timeout (--ping-restart)
> Wed Aug 30 18:23:11 2017 AUTH: Received control message: AUTH_FAILED,SESSION: Your session has expired, please reauthenticate
Sessions are locked to IP. Either remove the IP lock or change the session timeouts or use autologin type profiles.
https://docs.openvpn.net/access-server/
Check the command line tools page for more details on all of that.
Sessions are locked to IP. Either remove the IP lock or change the session timeouts or use autologin type profiles.
https://docs.openvpn.net/access-server/
Check the command line tools page for more details on all of that.
I'm still alive, just posting under the openvpn_inc alias now as part of a larger group.
-
- OpenVpn Newbie
- Posts: 2
- Joined: Wed Aug 30, 2017 4:39 pm
Re: Inactivity timeout (--ping-restart)
My configuration file look like this, how can I remove the IP Lock or change the session timeouts
auth-user-pass /opt/user/login.txt
setenv FORWARD_COMPATIBLE 1
client
proto udp
nobind
remote SERVERNAME
port XXXX
dev tun
dev-type tun
ns-cert-type server
reneg-sec 604800
sndbuf 100000
rcvbuf 100000
# NOTE: LZO commands are pushed by the Access Server at connect time.
# NOTE: The below line doesn't disable LZO.
comp-lzo no
verb 3
setenv PUSH_PEER_INFO
auth-user-pass /opt/user/login.txt
setenv FORWARD_COMPATIBLE 1
client
proto udp
nobind
remote SERVERNAME
port XXXX
dev tun
dev-type tun
ns-cert-type server
reneg-sec 604800
sndbuf 100000
rcvbuf 100000
# NOTE: LZO commands are pushed by the Access Server at connect time.
# NOTE: The below line doesn't disable LZO.
comp-lzo no
verb 3
setenv PUSH_PEER_INFO
- novaflash
- OpenVPN Inc.
- Posts: 1073
- Joined: Fri Apr 13, 2012 8:43 pm
Re: Inactivity timeout (--ping-restart)
In /usr/local/openvpn_as/scripts/ there are programs to manage this setting.
https://docs.openvpn.net/docs/access-se ... management
https://docs.openvpn.net/docs/access-se ... management
I'm still alive, just posting under the openvpn_inc alias now as part of a larger group.