Have to reconnect after 24 hours

Business solution to host your own OpenVPN server with web management interface and bundled clients.
Post Reply
User avatar
btjanes
OpenVpn Newbie
Posts: 2
Joined: Tue Nov 20, 2012 7:09 pm

Have to reconnect after 24 hours

Post by btjanes » Wed Nov 21, 2012 1:25 pm

Hi,

I setup our AS last week and it's been working well, except that I have to reconnect after 24 hours. In the AS log, some times I get this:

Code: Select all

host.domain btjanes 11/20/12 05:11 1d 00:00 VPN X.X.X.X Y.Y.Y.Y UDP 1194 392.44 MB 540.52 MB SESSION_ID not found (may have expired)
which is from yesterday morning. At other times, there's nothing that indicates that the connection dropped off, there's only the reconnect entry:

Code: Select all

host.domain btjanes 11/21/12 05:11 00:00 VPN X.X.X.X Y.Y.Y.Y UDP 1194 3.90 KB 4.22 KB
which was from this morning. You can see that both entries occurred at 5:11 AM, PST, exactly 24 hours after each other. This has been going on since day one. Anyone have any ideas to change the behavior such that I can maintain connections beyond 24 hours? I'm running version 1.8.4 on CentOS Linux 6.2.
Brian
Top
User avatar
btjanes
OpenVpn Newbie
Posts: 2
Joined: Tue Nov 20, 2012 7:09 pm

Re: Have to reconnect after 24 hours

Post by btjanes » Wed Nov 21, 2012 8:32 pm

Answer learned from the AS IRC channel (props to novaflash):

I need to either grant the "autologin" privilege to users who want persistent connections or raise the default 24-hour timeout in the server configuration:

Code: Select all

By default, Access Server implements a 24 hour timeout for the server-locked and user-locked profiles. These are the default profile types used. This means that when a user logs in with her or her credentials, the connection can stay online for a maximum of 24 hours. The autologin profile is an exception since this does not require credentials and can stay online indefinitely. The following configuration parameter allows you to alter this timeout setting to your specifications. You can even 'disable' it by setting a ridiculously high timeout value. You will need to run these commands on the console or through an SSH session on the Access Server:
 
/usr/local/openvpn_as/scripts/sacli --key vpn.server.session_expire --value 86400 ConfigPut
/usr/local/openvpn_as/scripts/sacli start
 
This will set the timeout to 86400 seconds (24 hours). Adjust this to your liking. If you set it to something like 1000000000 you can effectively disable it so the session doesn't time out.
Brian
Top
neil.gealy
OpenVpn Newbie
Posts: 1
Joined: Fri Jun 07, 2013 3:52 pm

Re: Have to reconnect after 24 hours

Post by neil.gealy » Tue Jun 11, 2013 5:44 pm

Thanks. I was having the 24 hours disconnect problem and granting the "autologin" privilege fixed it.
Top
Post Reply

Return to “The OpenVPN Access Server”