openVPN Server --> Inactivity timeout (--ping-restart), restarting

This forum is for admins who are looking to build or expand their OpenVPN setup.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
-manuel-
OpenVpn Newbie
Posts: 1
Joined: Thu Aug 02, 2018 1:32 pm

openVPN Server --> Inactivity timeout (--ping-restart), restarting

Post by -manuel- » Thu Aug 02, 2018 1:45 pm

Hello
I have setup a openvpn server according to the opnsense "Setup SSL VPN Road Warrior" including TOTP. Login works fine but after about 15 minutes openvpn Client Login pops up and I have to login again using the token from google authenticator and my password. Renegotiate time (reneg-sec 0) is set to 0 in the openvpn server config.

I would like to be connected to the vpn server even there is no activity/traffic. How can I achieve this?

Thank you very much for your help.

Regards Manuel

Tue Jul 24 10:02:16 2018 OpenVPN 2.4.6 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Apr 26 2018
Tue Jul 24 10:02:16 2018 Windows version 6.2 (Windows 8 or greater) 64bit
Tue Jul 24 10:02:16 2018 library versions: OpenSSL 1.1.0h 27 Mar 2018, LZO 2.10
Tue Jul 24 10:02:46 2018 TCP/UDP: Preserving recently used remote address: [AF_INET]xx.xx.xx.xx:1194
Tue Jul 24 10:02:46 2018 UDP link local (bound): [AF_INET][undef]:0
Tue Jul 24 10:02:46 2018 UDP link remote: [AF_INET]xx.xx.xx.xx:1194
Tue Jul 24 10:02:47 2018 [myopenvpn Server] Peer Connection Initiated with [AF_INET]xx.xx.xx.xx:1194
Tue Jul 24 10:02:48 2018 open_tun
Tue Jul 24 10:02:48 2018 TAP-WIN32 device [Ethernet 3] opened: \\.\Global\{AB71E12E-4CCE-42DE-84BA-E28854305B69}.tap
Tue Jul 24 10:02:48 2018 Notified TAP-Windows driver to set a DHCP IP/netmask of xx.xx.xx.xx/255.255.255.xx on interface {xxxxxxxxx} [DHCP-serv: xx.xx.xx.xx, lease-time: 31536000]
Tue Jul 24 10:02:48 2018 Successful ARP Flush on interface [15] {xxxxxxxxx}
Tue Jul 24 10:02:48 2018 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Tue Jul 24 10:02:53 2018 Initialization Sequence Completed
Tue Jul 24 10:31:57 2018 [myopenvpn Server] Inactivity timeout (--ping-restart), restarting
Tue Jul 24 10:31:57 2018 SIGUSR1[soft,ping-restart] received, process restarting
Tue Jul 24 10:42:58 2018 TCP/UDP: Preserving recently used remote address: [AF_INET]xx.xx.xx.xx:1194
Tue Jul 24 10:42:58 2018 UDP link local (bound): [AF_INET][undef]:0
Tue Jul 24 10:42:58 2018 UDP link remote: [AF_INET]xx.xx.xx.xx:1194
Tue Jul 24 10:42:59 2018 [SSLVPN Server Certificate] Peer Connection Initiated with [AF_INET]xx.xx.xx.xx:1194
Tue Jul 24 10:43:00 2018 Preserving previous TUN/TAP instance: Ethernet 3
Tue Jul 24 10:43:00 2018 Initialization Sequence Completed

Server Config

dev ovpns1
verb 1
dev-type tun
dev-node /dev/tun1
writepid /var/run/openvpn_server1.pid
#user nobody
#group nobody
script-security 3
daemon
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
proto udp
cipher AES-256-CBC
auth SHA512
up /usr/local/etc/inc/plugins.inc.d/openvpn/ovpn-linkup
down /usr/local/etc/inc/plugins.inc.d/openvpn/ovpn-linkdown
client-connect /usr/local/etc/inc/plugins.inc.d/openvpn/attributes.sh
client-disconnect /usr/local/etc/inc/plugins.inc.d/openvpn/attributes.sh
local xx.xx.xx.xx
tls-server
server xx.xx.xx.xx 255.255.255.0
client-config-dir /var/etc/openvpn-csc/1
username-as-common-name
auth-user-pass-verify "/usr/local/etc/inc/plugins.inc.d/openvpn/ovpn_auth_verify user 'TOTP VPN Access Server' 'false' 'server1'" via-env
tls-verify "/usr/local/etc/inc/plugins.inc.d/openvpn/ovpn_auth_verify tls 'SSLVPN+Server+Certificate' 1"
lport 1194
management /var/etc/openvpn/server1.sock unix
push "route xx.xx.xx.xx 255.255.255.0"
ca /var/etc/openvpn/server1.ca
cert /var/etc/openvpn/server1.cert
key /var/etc/openvpn/server1.key
dh /usr/local/etc/dh-parameters.4096.sample
tls-auth /var/etc/openvpn/server1.tls-auth 0
comp-lzo adaptive
reneg-sec 0


Client config

dev tun
persist-tun
persist-key
cipher AES-256-CBC
auth SHA512
tls-client
client
reneg-sec 0
resolv-retry infinite
remote myopenvpnserver.com 1194 udp
lport 0
verify-x509-name "myopenvpn Server" name
auth-user-pass
pkcs12 Home.p12
tls-auth Home.key 1
#ns-cert-type server
remote-cert-tls server
comp-lzo adaptive
auth-nocache

PingPong
OpenVpn Newbie
Posts: 14
Joined: Sun Jul 29, 2018 2:01 pm

Re: openVPN Server --> Inactivity timeout (--ping-restart), restarting

Post by PingPong » Sat Aug 11, 2018 11:09 pm

Hi there,

I am using OpenWRT routers, Debian machines and RasPis as clients. On the RasPis I had some kind of similar.

I solved it using a script named "no-vpn-reconnect":

Code: Select all

#!/bin/bash

# -q = quiet
# -c = number of pings

ping -q -c5 10.20.30.1 > /dev/null
 
if [ $? -eq 0 ]
   then
      exit
   else
      /etc/init.d/openvpn restart
fi
This I put into the root's crontab:

Code: Select all

*/10 * * * * /etc/openvpn/no-vpn-reconnect >/dev/null 2>&1
Maybe that's a workaround for a while.

Post Reply