Issue with ping-timer-rem configuration

Need help configuring your VPN? Just post here and you'll get that help.
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
ido_vpn5
OpenVpn Newbie
Posts: 1
Joined: Thu Sep 21, 2023 3:02 pm

Issue with ping-timer-rem configuration

Post by ido_vpn5 » Thu Sep 21, 2023 3:36 pm

Issue description:
We are encountering an issue when adding the ping-timer-rem flag to the configuration.
The server seems to disconnect the client according to keepalive directive, even after the ping-timer-rem is set.

server side logs:

Code: Select all

2023-09-21 10:41:51 us=445490 [clientId]/x.x.x.x:50020 TLS: tls_pre_encrypt: key_id=0
2023-09-21 10:41:51 us=445504 [clientId]/x.x.x.x:50020 SENT PING
2023-09-21 10:41:51 us=445519 [clientId]/x.x.x.x:50020 UDPv4 WRITE [41] to [AF_INET]x.x.x.x:50020: P_DATA_V2 kid=0 DATA len=40
2023-09-21 10:41:53 us=943614 MULTI: REAP range 32 -> 48
2023-09-21 10:41:53 us=943666 GET INST BY VIRT: 100.124.9.2 -> [clientId]/x.x.x.x:50020 via 100.124.9.2
2023-09-21 10:41:53 us=943673 [clientId]/x.x.x.x:50020 TUN READ [324]
2023-09-21 10:41:53 us=943680 [clientId]/x.x.x.x:50020 TLS: tls_pre_encrypt: key_id=0
2023-09-21 10:41:53 us=943703 [clientId]/x.x.x.x:50020 UDPv4 WRITE [349] to [AF_INET]x.x.x.x:50020: P_DATA_V2 kid=0 DATA len=348
2023-09-21 10:41:55 us=36868 MULTI: REAP range 48 -> 64
2023-09-21 10:41:56 us=179127 MULTI: REAP range 64 -> 80
2023-09-21 10:41:56 us=179176 [clientId]/x.x.x.x:50020 [clientId] Inactivity timeout (--ping-restart), restarting
2023-09-21 10:41:56 us=179184 [clientId]/x.x.x.x:50020 SIGUSR1[soft,ping-restart] received, client-instance restarting
client configuration:

Code: Select all

client
dev tun 
tls-version-min 1.2
tls-cipher TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256:TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256:TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA256
auth SHA512
cipher AES-256-CBC
resolv-retry infinite
auth-retry none
nobind
persist-key
ns-cert-type server
comp-lzo
verb 7
tls-client
up-delay
connect-retry-max 3
mssfix 1350
route 0.0.0.0 0.0.0.0
remote-cert-tls server
server configuration:

Code: Select all

user nobody
group nobody
topology subnet
proto udp
data-ciphers AES-128-GCM
tls-version-min 1.2
tls-ciphersuites TLS_AES_128_GCM_SHA256
tls-cipher TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256
auth SHA512

push "redirect-gateway def1 bypass-dhcp"
keepalive 3 30
ping-timer-rem
comp-lzo
persist-key
verb 7
tls-server
script-security 2
txqueuelen 10000
sndbuf 2097152
rcvbuf 2097152
push "sndbuf 2097152"
push "rcvbuf 2097152"

status-version 2
reneg-sec 1800
tran-window 1800
# ----- generated configuration:
server '100.124.2.0' '255.255.255.0'
port 1196
dev tun_udp2
Top
Post Reply

Return to “Configuration”