Hi all,
We are using pfsense with openVPN tunnels and every so often we get disconnected.....the error is
Aug 16 08:16:22 openvpn[4046]: Inactivity timeout (--ping-restart), restarting
It seems to be happening every 10 mins or so...any idea what this could be ?
Many thanks,
Shaun Okeefe
Inactivity Disconnect
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
-
Mimiko
- Forum Team
- Posts: 1564
- Joined: Wed Sep 22, 2010 3:18 am
Re: Inactivity Disconnect
Hi.
Use "keepalive| option in you OpenVPN server's config file, adjusting time as you need.
Use "keepalive| option in you OpenVPN server's config file, adjusting time as you need.
-
shaunokeefe
- OpenVpn Newbie
- Posts: 4
- Joined: Tue Aug 16, 2011 8:14 am
Re: Inactivity Disconnect
Hiya,
Does that mean I would add a line in the custom options of the OpenVPN section ? (IE I current have an ovveride for MTU (tun-mtu 1300))
Do you know what the syntax and what value it should be ?
Sorry to sound dumb !
Cheers,
Shaun
Does that mean I would add a line in the custom options of the OpenVPN section ? (IE I current have an ovveride for MTU (tun-mtu 1300))
Do you know what the syntax and what value it should be ?
Sorry to sound dumb !
Cheers,
Shaun
-
janjust
- Forum Team
- Posts: 2703
- Joined: Fri Aug 20, 2010 2:57 pm
- Location: Amsterdam
- Contact:
Re: Inactivity Disconnect
in the server configuration, add
read the OpenVPN manual page for the meaning of the values to the keepalive option.
Code: Select all
keepalive 10 60-
shaunokeefe
- OpenVpn Newbie
- Posts: 4
- Joined: Tue Aug 16, 2011 8:14 am
Re: Inactivity Disconnect
Hiya,
I've just checked the configs in the PFsense and aparantly they are all set to 10 60 already?
s
I've just checked the configs in the PFsense and aparantly they are all set to 10 60 already?
s
-
janjust
- Forum Team
- Posts: 2703
- Joined: Fri Aug 20, 2010 2:57 pm
- Location: Amsterdam
- Contact:
Re: Inactivity Disconnect
which host is reporting the
message? the openvpn client or the pfsense server?Aug 16 08:16:22 openvpn[4046]: Inactivity timeout (--ping-restart), restarting
-
shaunokeefe
- OpenVpn Newbie
- Posts: 4
- Joined: Tue Aug 16, 2011 8:14 am
Re: Inactivity Disconnect
Hiya,
It shows up in the logs of both ends,
CLIENT
Aug 17 03:31:12 openvpn[4160]: Inactivity timeout (--ping-restart), restarting
Aug 17 03:31:12 openvpn[4160]: SIGUSR1[soft,ping-restart] received, process restarting
Aug 17 03:31:14 openvpn[4160]: Re-using pre-shared static key
Server
Aug 17 03:31:13 openvpn[4046]: Inactivity timeout (--ping-restart), restarting
Aug 17 03:31:13 openvpn[4046]: SIGUSR1[soft,ping-restart] received, process restarting
Aug 17 03:31:15 openvpn[4046]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Aug 17 03:31:15 openvpn[4046]: Re-using pre-shared static key
It shows up in the logs of both ends,
CLIENT
Aug 17 03:31:12 openvpn[4160]: Inactivity timeout (--ping-restart), restarting
Aug 17 03:31:12 openvpn[4160]: SIGUSR1[soft,ping-restart] received, process restarting
Aug 17 03:31:14 openvpn[4160]: Re-using pre-shared static key
Server
Aug 17 03:31:13 openvpn[4046]: Inactivity timeout (--ping-restart), restarting
Aug 17 03:31:13 openvpn[4046]: SIGUSR1[soft,ping-restart] received, process restarting
Aug 17 03:31:15 openvpn[4046]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Aug 17 03:31:15 openvpn[4046]: Re-using pre-shared static key
-
janjust
- Forum Team
- Posts: 2703
- Joined: Fri Aug 20, 2010 2:57 pm
- Location: Amsterdam
- Contact:
Re: Inactivity Disconnect
what do your client and server configs look like? are you using preshared keys or client/server mode? if you are NOT using client/server mode, then add
to *both* sides
Code: Select all
keepalive 10 60