Any help would be greatly appreciated!
The problem is that OpenVPN does not reconnects after internet main connection loss.
I use 3G/4G modem that creates PPP0 (rarely - PPP1) interface. Time to time it drops connection.
When modem reconnects it gets new IP of PPP client and new IP of PPP gateway - both straight from mobile netwok carrier.
TUN0 interface don't get dropped at all. Besides PPP0 there's only LO interface.
OpenVPN tries to reconnect but seems like it does not sees the new gateway's IP or re-created PPP interface:
Fri Jul 1 10:08:11 2016 us=522779 UDPv4 link local: [undef]
Fri Jul 1 10:08:11 2016 us=522798 UDPv4 link remote: [AF_INET]x.x.x.x:yyy
Fri Jul 1 10:09:11 2016 us=51982 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Fri Jul 1 10:09:11 2016 us=52066 TLS Error: TLS handshake failed
Fri Jul 1 10:09:11 2016 us=52195 TCP/UDP: Closing socket
Thing that helps is CLIENT's "sudo service openvpn restart".
To replicate problem I don't have to wait for a natural connection loss, I can just plug in and plug out USB modem.
I have OpenVPN installed on client from Ubuntu default repos. On server it's from EPEL repos.
Client - Ubuntu 16.04 (Desktop) - OpenVPN 2.3.10 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Feb 2 2016
CLIENT
client
remote x.x.x.x yyy
proto udp
dev tun
script-security 1
ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/client1.crt
key /etc/openvpn/keys/client1.key
dh /etc/openvpn/keys/dh2048.pem
tls-auth /etc/openvpn/keys/ta.key 1
cipher AES-256-CBC
ns-cert-type server
verb 4
mute 20
keepalive 10 120
comp-lzo
persist-key
persist-tun
resolv-retry infinite
nobind
log /var/log/o
remote x.x.x.x yyy
proto udp
dev tun
script-security 1
ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/client1.crt
key /etc/openvpn/keys/client1.key
dh /etc/openvpn/keys/dh2048.pem
tls-auth /etc/openvpn/keys/ta.key 1
cipher AES-256-CBC
ns-cert-type server
verb 4
mute 20
keepalive 10 120
comp-lzo
persist-key
persist-tun
resolv-retry infinite
nobind
log /var/log/o
SERVER
port yyy
local x.x.x.x
proto udp
dev tun
topology subnet
server 10.8.0.0 255.255.255.0
ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/server.crt
key /etc/openvpn/keys/server.key
dh /etc/openvpn/keys/dh2048.pem
tls-auth /etc/openvpn/keys/ta.key 0
client-config-dir /etc/openvpn/ccd
cipher AES-256-CBC
user nobody
group nobody
verb 3
mute 20
max-clients 30
keepalive 10 120
tls-server
comp-lzo
persist-key
persist-tun
push "redirect-gateway def1"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
push "dhcp-option DNS 156.154.70.1"
local x.x.x.x
proto udp
dev tun
topology subnet
server 10.8.0.0 255.255.255.0
ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/server.crt
key /etc/openvpn/keys/server.key
dh /etc/openvpn/keys/dh2048.pem
tls-auth /etc/openvpn/keys/ta.key 0
client-config-dir /etc/openvpn/ccd
cipher AES-256-CBC
user nobody
group nobody
verb 3
mute 20
max-clients 30
keepalive 10 120
tls-server
comp-lzo
persist-key
persist-tun
push "redirect-gateway def1"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
push "dhcp-option DNS 156.154.70.1"