Hi,
I've a connection between an openVPN server on the cloud and an openVPN client installed on a mobile router using a WindTre SIM.
The problem is that the windTre SIM disconnects every for hours for some second (to change IP address) and this cause openvpn to fall and the openvpn reconnection happens after 17 minutes, this is really too much, is there some option to avoid this ugly behaviour ?
these are the configuration on both sides:
Server Config
port 1194
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key # This file should be kept secret
dh dh2048.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist /var/log/openvpn/ipp.txt
push "route 172.18.0.0 255.255.0.0"
client-config-dir ccd
route 172.18.0.0 255.255.0.0
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 208.67.222.222"
push "dhcp-option DNS 208.67.220.220"
keepalive 10 120
tls-auth ta.key 0 # This file is secret
cipher AES-256-CBC
auth SHA512
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
log openvpn.log
verb 5
explicit-exit-notify 1
management localhost 7505
The problem is that the windTre SIM disconnects every for hours for some second (to change IP address) and this cause openvpn to fall and the openvpn reconnection happens after 17 minutes,
There is obviously some other problem because that is not how Openvpn behaves.
you're right, the problem is not on Openvpn, it restarts correctly after about 40 seconds, the problem is with the application software that remain freezed due to this lost of connection. I will check if it is possible to modify the software but otherwise is there some chance to hide the disconnection on openvpn? I know, it could be a workaround but if available it will solve imediately my problem.
Thanks
Antonio
it is the IP address of the client that changes,
-float seems to be associated with the client configuration
–float
Allow remote peer to change its IP address and/or port number, such as due to DHCP (this is the default if –remote is not used). –float when specified with –remote allows an OpenVPN session to initially connect to a peer at a known address, however if packets arrive from a new address and pass all authentication tests, the new address will take control of the session. This is useful when you are connecting to a peer which holds a dynamic address such as a dial-in user or DHCP client.Essentially, –float tells OpenVPN to accept authenticated packets from any address, not only the address which was specified in the –remote option.