Page 1 of 1
How to have a client not exit on auth failure?
Posted: Mon Mar 30, 2015 3:14 pm
by TheAmigo
I had a case where the server was going down for maintenance (not a server I control). When that happened, my client logged:
Code: Select all
Sat Mar 28 13:53:13 2015 AUTH: Received AUTH_FAILED control message
Sat Mar 28 13:53:13 2015 /sbin/ifconfig tun0 0.0.0.0
Sat Mar 28 13:53:13 2015 SIGTERM[soft,auth-failure] received, process exiting
So when the server came back up, my client wasn't running and didn't connect. How can I change my client to not exit when that happens, but to keep trying?
Re: How to have a client not exit on auth failure?
Posted: Mon Mar 30, 2015 5:27 pm
by Traffic
You could try --ping-restart in the client but it is possible the server will over-ride your settings.
Post your client config and details of the server PUSH
Re: How to have a client not exit on auth failure?
Posted: Mon Mar 30, 2015 6:06 pm
by TheAmigo
Client config:
Code: Select all
dev tun0
persist-tun
persist-key
cipher AES-256-CBC
auth SHA1
tls-client
client
resolv-retry infinite
remote ###.###.###.### 1194 udp
lport 0
pkcs12 company.p12
tls-auth company.key 1
ns-cert-type server
auth-user-pass file.passwd
The word 'push' doesn't appear in the log when I connect (since the server is back up now). And it looks like it was a ping-restart that caused my client to attempt to reconnect when the server replied with auth-failed.
For now I have a wrapper script to the effect of:
Code: Select all
while `true`; do openvpn --config foo.ovpn; sleep 5; done
Feels a bit like duct tape. While it works, I'd still prefer a cleaner solution. Unfortunately, it's hard for me to test because the server isn't mine to bring down.