How to have a client not exit on auth failure?

[TheAmigo]

I had a case where the server was going down for maintenance (not a server I control). When that happened, my client logged:

Code: Select all

Sat Mar 28 13:53:13 2015 AUTH: Received AUTH_FAILED control message
Sat Mar 28 13:53:13 2015 /sbin/ifconfig tun0 0.0.0.0
Sat Mar 28 13:53:13 2015 SIGTERM[soft,auth-failure] received, process exiting

So when the server came back up, my client wasn't running and didn't connect. How can I change my client to not exit when that happens, but to keep trying?

[Traffic]

You could try --ping-restart in the client but it is possible the server will over-ride your settings.

Post your client config and details of the server PUSH

[TheAmigo]

Client config:

Code: Select all

dev tun0
persist-tun
persist-key
cipher AES-256-CBC
auth SHA1
tls-client
client
resolv-retry infinite
remote ###.###.###.### 1194 udp
lport 0
pkcs12 company.p12
tls-auth company.key 1
ns-cert-type server
auth-user-pass file.passwd

The word 'push' doesn't appear in the log when I connect (since the server is back up now). And it looks like it was a ping-restart that caused my client to attempt to reconnect when the server replied with auth-failed.

For now I have a wrapper script to the effect of:

Code: Select all

while `true`; do openvpn --config foo.ovpn; sleep 5; done

Feels a bit like duct tape. While it works, I'd still prefer a cleaner solution. Unfortunately, it's hard for me to test because the server isn't mine to bring down.