Windows Client connection timeout after internet outage

Post Reply
SP2
OpenVpn Newbie
Posts: 4
Joined: Thu May 17, 2018 11:25 am

Windows Client connection timeout after internet outage

Post by SP2 » Thu May 17, 2018 12:09 pm

Hi

OpenVPN Access Server 2.5 (Amazon AWS) trial for now.
Everything works fine, however.

We have a connection problem with clients (windows) after an internet outage on the client side.
They are all using auto-login profiles.

If the client internet connection drops for more than a min or two, the VPN connection is fully dropped and will never try to reconnect unless we manually go to the client PC and reconnect using the OpenVpn client or reboot client PC .
This is not a feasible solution for us as these are corporate clients.

I know we can create batch files that will ping servers on the OpenVPN and stop/restart the OpenVPN service if needed but this is not an option either.

I have not been able to find any settings that will force the client to keep trying to connect forever.

* Client *

Microsoft Windows [Version 10.0.17134.48]

Client

setenv FORWARD_COMPATIBLE 1
client
server-poll-timeout 4
nobind
remote x.x.x.x 1194 udp
remote x.x.x.x 1194 udp
remote x.x.x.x 443 tcp
remote x.x.x.x 1194 udp
remote x.x.x.x 1194 udp
remote x.x.x.x 1194 udp
remote x.x.x.x 1194 udp
remote x.x.x.x 1194 udp
dev tun
dev-type tun
ns-cert-type server
reneg-sec 604800
sndbuf 100000
rcvbuf 100000
comp-lzo no
verb 3
setenv PUSH_PEER_INFO
key-direction 1
# Extra user-defined configuration
cipher AES-128-CBC



* Client Log file *

Code: Select all

Thu May 17 12:17:16 2018 Thu May 17 12:17:16 2018 Connected via TUN_WIN
Thu May 17 12:17:16 2018 Thu May 17 12:17:16 2018 LZO-ASYM init swap=0 asym=0
Thu May 17 12:17:16 2018 Thu May 17 12:17:16 2018 CONNECTED : ----------- via /UDPv4 on TUN_WIN/-----/ gw=[---------/]

## Internet connection drops out at some point and following shows up in log. NOTE : I dropped it on purpose to reproduce the issue.

Session invalidated: KEEPALIVE_TIMEOUT
Client terminated, restarting in 2000 ms...
Thu May 17 12:18:26 2018 Thu May 17 12:18:26 2018 RECONNECTING
Thu May 17 12:18:26 2018 Thu May 17 12:18:26 2018 Contacting x.x.x.x:1194 via UDP
Thu May 17 12:18:26 2018 Thu May 17 12:18:26 2018 WAIT
Thu May 17 12:18:26 2018 Thu May 17 12:18:26 2018 Connecting to [x.x.x.x]:1194 (x.x.x.x) via UDPv4
Thu May 17 12:18:30 2018 Thu May 17 12:18:30 2018 Server poll timeout, trying next remote entry...
Thu May 17 12:18:30 2018 Thu May 17 12:18:30 2018 RECONNECTING
Thu May 17 12:18:30 2018 Thu May 17 12:18:30 2018 Contacting x.x.x.x:1194 via UDP
Thu May 17 12:18:30 2018 Thu May 17 12:18:30 2018 WAIT
Thu May 17 12:18:30 2018 Thu May 17 12:18:30 2018 Connecting to [x.x.x.x]:1194 (x.x.x.x) via UDPv4
Thu May 17 12:18:34 2018 Thu May 17 12:18:34 2018 Server poll timeout, trying next remote entry...
Thu May 17 12:18:34 2018 Thu May 17 12:18:34 2018 RECONNECTING
Thu May 17 12:18:34 2018 Thu May 17 12:18:34 2018 Contacting x.x.x.x:443 via TCP
Thu May 17 12:18:34 2018 Thu May 17 12:18:34 2018 WAIT
Thu May 17 12:18:38 2018 Thu May 17 12:18:38 2018 Server poll timeout, trying next remote entry...
Thu May 17 12:18:38 2018 Thu May 17 12:18:38 2018 RECONNECTING
Thu May 17 12:18:38 2018 Thu May 17 12:18:38 2018 Contacting x.x.x.x:1194 via UDP
Thu May 17 12:18:38 2018 Thu May 17 12:18:38 2018 WAIT
Thu May 17 12:18:38 2018 Thu May 17 12:18:38 2018 Connecting to [x.x.x.x]:1194 (x.x.x.x) via UDPv4
Thu May 17 12:18:42 2018 Thu May 17 12:18:42 2018 Server poll timeout, trying next remote entry...
Thu May 17 12:18:42 2018 Thu May 17 12:18:42 2018 RECONNECTING
Thu May 17 12:18:42 2018 Thu May 17 12:18:42 2018 Contacting x.x.x.x:1194 via UDP
Thu May 17 12:18:42 2018 Thu May 17 12:18:42 2018 WAIT
Thu May 17 12:18:42 2018 Thu May 17 12:18:42 2018 Connecting to [x.x.x.x]:1194 (x.x.x.x) via UDPv4
Thu May 17 12:18:46 2018 Thu May 17 12:18:46 2018 Server poll timeout, trying next remote entry...
Thu May 17 12:18:46 2018 Thu May 17 12:18:46 2018 RECONNECTING
Thu May 17 12:18:46 2018 Thu May 17 12:18:46 2018 Contacting x.x.x.x:1194 via UDP
Thu May 17 12:18:46 2018 Thu May 17 12:18:46 2018 WAIT
Thu May 17 12:18:46 2018 Thu May 17 12:18:46 2018 Connecting to [x.x.x.x]:1194 (x.x.x.x) via UDPv4
Thu May 17 12:18:50 2018 Thu May 17 12:18:50 2018 Server poll timeout, trying next remote entry...
Thu May 17 12:18:50 2018 Thu May 17 12:18:50 2018 RECONNECTING
Thu May 17 12:18:50 2018 Thu May 17 12:18:50 2018 Contacting x.x.x.x:1194 via UDP
Thu May 17 12:18:50 2018 Thu May 17 12:18:50 2018 WAIT
Thu May 17 12:18:50 2018 Thu May 17 12:18:50 2018 Connecting to [x.x.x.x]:1194 (x.x.x.x) via UDPv4
Thu May 17 12:18:54 2018 Thu May 17 12:18:54 2018 Server poll timeout, trying next remote entry...
Thu May 17 12:18:54 2018 Thu May 17 12:18:54 2018 RECONNECTING
Thu May 17 12:18:54 2018 Thu May 17 12:18:54 2018 Contacting x.x.x.x:1194 via UDP
Thu May 17 12:18:54 2018 Thu May 17 12:18:54 2018 WAIT
Thu May 17 12:18:54 2018 Thu May 17 12:18:54 2018 Connecting to [x.x.x.x]:1194 (x.x.x.x) via UDPv4
Thu May 17 12:18:58 2018 Thu May 17 12:18:58 2018 Server poll timeout, trying next remote entry...
Thu May 17 12:18:58 2018 Thu May 17 12:18:58 2018 RECONNECTING
Thu May 17 12:18:58 2018 Thu May 17 12:18:58 2018 Contacting x.x.x.x:1194 via UDP
Thu May 17 12:18:58 2018 Thu May 17 12:18:58 2018 WAIT
Thu May 17 12:18:58 2018 Thu May 17 12:18:58 2018 Connecting to [x.x.x.x]:1194 (x.x.x.x) via UDPv4
Thu May 17 12:19:02 2018 Thu May 17 12:19:02 2018 Server poll timeout, trying next remote entry...
Thu May 17 12:19:02 2018 Thu May 17 12:19:02 2018 RECONNECTING
Thu May 17 12:19:02 2018 Thu May 17 12:19:02 2018 Contacting x.x.x.x:1194 via UDP
Thu May 17 12:19:02 2018 Thu May 17 12:19:02 2018 WAIT
Thu May 17 12:19:02 2018 Thu May 17 12:19:02 2018 Connecting to [x.x.x.x]:1194 (x.x.x.x) via UDPv4
Thu May 17 12:19:06 2018 Thu May 17 12:19:06 2018 Server poll timeout, trying next remote entry...
Thu May 17 12:19:06 2018 Thu May 17 12:19:06 2018 RECONNECTING
Thu May 17 12:19:06 2018 Thu May 17 12:19:06 2018 Contacting x.x.x.x:443 via TCP
Thu May 17 12:19:06 2018 Thu May 17 12:19:06 2018 WAIT
Thu May 17 12:19:10 2018 Thu May 17 12:19:10 2018 Server poll timeout, trying next remote entry...
Thu May 17 12:19:10 2018 Thu May 17 12:19:10 2018 RECONNECTING
Thu May 17 12:19:10 2018 Thu May 17 12:19:10 2018 Contacting x.x.x.x:1194 via UDP
Thu May 17 12:19:10 2018 Thu May 17 12:19:10 2018 WAIT
Thu May 17 12:19:10 2018 Thu May 17 12:19:10 2018 Connecting to [x.x.x.x]:1194 (x.x.x.x) via UDPv4
Thu May 17 12:19:14 2018 Thu May 17 12:19:14 2018 Server poll timeout, trying next remote entry...
Thu May 17 12:19:14 2018 Thu May 17 12:19:14 2018 RECONNECTING
Thu May 17 12:19:14 2018 Thu May 17 12:19:14 2018 Contacting x.x.x.x:1194 via UDP
Thu May 17 12:19:14 2018 Thu May 17 12:19:14 2018 WAIT
Thu May 17 12:19:14 2018 Thu May 17 12:19:14 2018 Connecting to [x.x.x.x]:1194 (x.x.x.x) via UDPv4
Thu May 17 12:19:18 2018 Thu May 17 12:19:18 2018 Server poll timeout, trying next remote entry...
Thu May 17 12:19:18 2018 Thu May 17 12:19:18 2018 RECONNECTING
Thu May 17 12:19:18 2018 Thu May 17 12:19:18 2018 Contacting x.x.x.x:1194 via UDP
Thu May 17 12:19:18 2018 Thu May 17 12:19:18 2018 WAIT
Thu May 17 12:19:18 2018 Thu May 17 12:19:18 2018 Connecting to [x.x.x.x]:1194 (x.x.x.x) via UDPv4
Thu May 17 12:19:22 2018 Thu May 17 12:19:22 2018 Server poll timeout, trying next remote entry...
Thu May 17 12:19:22 2018 Thu May 17 12:19:22 2018 RECONNECTING
Thu May 17 12:19:22 2018 Thu May 17 12:19:22 2018 Contacting x.x.x.x:1194 via UDP
Thu May 17 12:19:22 2018 Thu May 17 12:19:22 2018 WAIT
Thu May 17 12:19:22 2018 Thu May 17 12:19:22 2018 Connecting to [x.x.x.x]:1194 (x.x.x.x) via UDPv4
Thu May 17 12:19:26 2018 Thu May 17 12:19:26 2018 CONNECTION_TIMEOUT [FATAL-ERR]

Connection is fully dropped at this stage.

Any ideas?

Thanks in advance,
Soeren
Last edited by SP2 on Thu May 17, 2018 2:16 pm, edited 3 times in total.

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 6008
Joined: Fri Jun 03, 2016 1:17 pm

Re: Windows Client connection timeout

Post by TinCanTech » Thu May 17, 2018 1:23 pm


SP2
OpenVpn Newbie
Posts: 4
Joined: Thu May 17, 2018 11:25 am

Re: Windows Client connection timeout after internet outage

Post by SP2 » Thu May 17, 2018 1:59 pm

Added client config

novaflash
I should be on the dev team.
Posts: 991
Joined: Fri Apr 13, 2012 8:43 pm

Re: Windows Client connection timeout after internet outage

Post by novaflash » Fri May 18, 2018 8:17 am

Server poll timeout is explained here:
https://docs.openvpn.net/troubleshootin ... _solutions

SP2
OpenVpn Newbie
Posts: 4
Joined: Thu May 17, 2018 11:25 am

Re: Windows Client connection timeout after internet outage

Post by SP2 » Fri May 18, 2018 9:17 am

novaflash wrote:
Fri May 18, 2018 8:17 am
Server poll timeout is explained here:
https://docs.openvpn.net/troubleshootin ... _solutions
Thanks for taking the time to reply.

The problem is a client side internet connectivity issue.
On occasion the internet drops out (5-10 min). The OpenVPN windows client will try to reconnect for 1-2 min then fully drop the connection.
No further attempts are then made to reconnect automatically which is not much use to us.

*1. Solution number one.*
Go to the PC in question and restart the connection manually or reboot.
- Not an option as we have no access to these PCs.

*2. Solution number two.*
Create batch file running under Admin account on a schedule which pings assets on the VPN server LAN and will stop/restart the openVPN service to force a reconnect.
- I would consider this a hack that has no place in a professional solution where we have to potentially apply this to 100s of users on many separate networks.

Which leaves me looking for config file options.
"resolv-retry infinite" - seems to be default setting but does not resolve the issue.
"keepalive n m" - does not change anything.

thanks

novaflash
I should be on the dev team.
Posts: 991
Joined: Fri Apr 13, 2012 8:43 pm

Re: Windows Client connection timeout after internet outage

Post by novaflash » Fri May 18, 2018 10:15 am

Ah I see. Yeah, I can give you some command line magic. It is currently missing from our documentation because we are in the middle of a complete rewrite of documentation. From memory:

"c:\program files (x86)\openvpn technologies\openvpn client\core\capicli.exe" -k connect_timeout -v 3600 ConfigPut

That should set the timeout for reconnecting to 1 hour. A similar program exists on mac OS as well but in a /Library/Application Support/ folder or something, I don't remember exactly.

Will probably require you to reboot. I am also reasonable sure this is an option that can be set standard for any future client installations from the Access Server itself but I would need to look further to find and make documentation for that. It's not an option that's used very often.

Anyways, this documentation will become available soon on https://docs.openvpn.net/

SP2
OpenVpn Newbie
Posts: 4
Joined: Thu May 17, 2018 11:25 am

Re: Windows Client connection timeout after internet outage

Post by SP2 » Fri May 18, 2018 12:16 pm

novaflash wrote:
Fri May 18, 2018 10:15 am
Ah I see. Yeah, I can give you some command line magic. It is currently missing from our documentation because we are in the middle of a complete rewrite of documentation. From memory:

"c:\program files (x86)\openvpn technologies\openvpn client\core\capicli.exe" -k connect_timeout -v 3600 ConfigPut

That should set the timeout for reconnecting to 1 hour. A similar program exists on mac OS as well but in a /Library/Application Support/ folder or something, I don't remember exactly.

Will probably require you to reboot. I am also reasonable sure this is an option that can be set standard for any future client installations from the Access Server itself but I would need to look further to find and make documentation for that. It's not an option that's used very often.

Anyways, this documentation will become available soon on https://docs.openvpn.net/
Was sadly not able to get this working correctly and have run out of time.
Timeout seems to be 60 sec no matter what changes I make.

Just as a trial I tried to connect without an internet connection and sure enough the client kept trying for 60 sec and then just gave up.

But thanks for your time and I'll be sure to keep an eye on any updates.

cheers,
Soeren

novaflash
I should be on the dev team.
Posts: 991
Joined: Fri Apr 13, 2012 8:43 pm

Re: Windows Client connection timeout after internet outage

Post by novaflash » Fri May 18, 2018 12:19 pm

Okay, well, this was purely from memory so I may have gotten the syntax wrong, but I'm pretty sure this works with Connect Client. When our documentation gets updated on this particular topic, this will all be retested and checked anyways.

andywright
OpenVpn Newbie
Posts: 3
Joined: Sun Apr 14, 2019 11:55 pm

Re: Windows Client connection timeout after internet outage

Post by andywright » Mon Apr 15, 2019 12:08 am

I was about to buy licenses for an access server but my testing has shown this same problem - a drop in client connectivity (eg. WiFi down for a couple of minutes) causes the ovpn client to time out and stop retrying. I find it odd that this is the default behaviour; if I have a client machine with Autoconnect I need it to *stay* connected and keep retrying indefinitely if/when the connection drops. It's a show-stopper if I can't get this working.

I can't see any options in the AS config gui, and I certainly don't want to have to manually alter every client (even if I could figure out the capicli.exe command syntax, which I can't).

A search for "timeout" in the documentation brings up an entry saying "Also, consider setting the Connection Timeout preference to "continuously retry"" - that sounds exactly what I' need - but there's no "preferences" in the AS gui.

Put simply, how do we get a client to never give up trying to (re)connect?

Thanks.

(I'm running AS version 2.7.3)

novaflash
I should be on the dev team.
Posts: 991
Joined: Fri Apr 13, 2012 8:43 pm

Re: Windows Client connection timeout after internet outage

Post by novaflash » Mon Apr 15, 2019 6:49 am

Hello Andy.

> "c:\program files (x86)\openvpn technologies\openvpn client\core\capicli.exe" -k connect_timeout -v 3600 ConfigPut

On the client.

novaflash
I should be on the dev team.
Posts: 991
Joined: Fri Apr 13, 2012 8:43 pm

Re: Windows Client connection timeout after internet outage

Post by novaflash » Mon Apr 15, 2019 6:50 am

Or something like 99999 if it should be 'indefinite'

andywright
OpenVpn Newbie
Posts: 3
Joined: Sun Apr 14, 2019 11:55 pm

Re: Windows Client connection timeout after internet outage

Post by andywright » Mon Apr 15, 2019 9:37 am

Hi Novaflash....

Thanks for the quick reply.

I've tried that but "ConfigPut" is not a recognised command, however I found that "SetPreference" seems to be what's needed.

For anyone else with the same problem, the command to run is;

"c:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\capicli.exe" -k connect_timeout -v 99999 SetPreference

I've created a group policy startup script to run that command on the clients. It really only needs to be run once rather than every time the machine starts, but there don't seem to be any adverse effects from running it at each startup.

Ideally this should be configurable from the AS manager gui; the whole reason for considering moving from the free version to the paid-for one was to simplify management - having to deploy workarounds like this is a little disappointing, and the default behaviour of "giving up" after 60 seconds strikes me as odd - an "Auto Login" client really should retry indefinitely imho.

Thanks again for your help.

novaflash
I should be on the dev team.
Posts: 991
Joined: Fri Apr 13, 2012 8:43 pm

Re: Windows Client connection timeout after internet outage

Post by novaflash » Mon Apr 15, 2019 10:26 am

Ah, you're right. Sorry about that. As I said in my previous post, it was from memory.

You're right about the rest, but that's being worked on.

andywright
OpenVpn Newbie
Posts: 3
Joined: Sun Apr 14, 2019 11:55 pm

Re: Windows Client connection timeout after internet outage

Post by andywright » Mon Apr 15, 2019 1:31 pm

No problem, and thanks again for the help - your post was enough to get me on the right track :)

Post Reply