Windows Client connection timeout after internet outage

Post Reply
SP2
OpenVpn Newbie
Posts: 4
Joined: Thu May 17, 2018 11:25 am

Windows Client connection timeout after internet outage

Post by SP2 » Thu May 17, 2018 12:09 pm

Hi

OpenVPN Access Server 2.5 (Amazon AWS) trial for now.
Everything works fine, however.

We have a connection problem with clients (windows) after an internet outage on the client side.
They are all using auto-login profiles.

If the client internet connection drops for more than a min or two, the VPN connection is fully dropped and will never try to reconnect unless we manually go to the client PC and reconnect using the OpenVpn client or reboot client PC .
This is not a feasible solution for us as these are corporate clients.

I know we can create batch files that will ping servers on the OpenVPN and stop/restart the OpenVPN service if needed but this is not an option either.

I have not been able to find any settings that will force the client to keep trying to connect forever.

* Client *

Microsoft Windows [Version 10.0.17134.48]

Client

setenv FORWARD_COMPATIBLE 1
client
server-poll-timeout 4
nobind
remote x.x.x.x 1194 udp
remote x.x.x.x 1194 udp
remote x.x.x.x 443 tcp
remote x.x.x.x 1194 udp
remote x.x.x.x 1194 udp
remote x.x.x.x 1194 udp
remote x.x.x.x 1194 udp
remote x.x.x.x 1194 udp
dev tun
dev-type tun
ns-cert-type server
reneg-sec 604800
sndbuf 100000
rcvbuf 100000
comp-lzo no
verb 3
setenv PUSH_PEER_INFO
key-direction 1
# Extra user-defined configuration
cipher AES-128-CBC



* Client Log file *

Code: Select all

Thu May 17 12:17:16 2018 Thu May 17 12:17:16 2018 Connected via TUN_WIN
Thu May 17 12:17:16 2018 Thu May 17 12:17:16 2018 LZO-ASYM init swap=0 asym=0
Thu May 17 12:17:16 2018 Thu May 17 12:17:16 2018 CONNECTED : ----------- via /UDPv4 on TUN_WIN/-----/ gw=[---------/]

## Internet connection drops out at some point and following shows up in log. NOTE : I dropped it on purpose to reproduce the issue.

Session invalidated: KEEPALIVE_TIMEOUT
Client terminated, restarting in 2000 ms...
Thu May 17 12:18:26 2018 Thu May 17 12:18:26 2018 RECONNECTING
Thu May 17 12:18:26 2018 Thu May 17 12:18:26 2018 Contacting x.x.x.x:1194 via UDP
Thu May 17 12:18:26 2018 Thu May 17 12:18:26 2018 WAIT
Thu May 17 12:18:26 2018 Thu May 17 12:18:26 2018 Connecting to [x.x.x.x]:1194 (x.x.x.x) via UDPv4
Thu May 17 12:18:30 2018 Thu May 17 12:18:30 2018 Server poll timeout, trying next remote entry...
Thu May 17 12:18:30 2018 Thu May 17 12:18:30 2018 RECONNECTING
Thu May 17 12:18:30 2018 Thu May 17 12:18:30 2018 Contacting x.x.x.x:1194 via UDP
Thu May 17 12:18:30 2018 Thu May 17 12:18:30 2018 WAIT
Thu May 17 12:18:30 2018 Thu May 17 12:18:30 2018 Connecting to [x.x.x.x]:1194 (x.x.x.x) via UDPv4
Thu May 17 12:18:34 2018 Thu May 17 12:18:34 2018 Server poll timeout, trying next remote entry...
Thu May 17 12:18:34 2018 Thu May 17 12:18:34 2018 RECONNECTING
Thu May 17 12:18:34 2018 Thu May 17 12:18:34 2018 Contacting x.x.x.x:443 via TCP
Thu May 17 12:18:34 2018 Thu May 17 12:18:34 2018 WAIT
Thu May 17 12:18:38 2018 Thu May 17 12:18:38 2018 Server poll timeout, trying next remote entry...
Thu May 17 12:18:38 2018 Thu May 17 12:18:38 2018 RECONNECTING
Thu May 17 12:18:38 2018 Thu May 17 12:18:38 2018 Contacting x.x.x.x:1194 via UDP
Thu May 17 12:18:38 2018 Thu May 17 12:18:38 2018 WAIT
Thu May 17 12:18:38 2018 Thu May 17 12:18:38 2018 Connecting to [x.x.x.x]:1194 (x.x.x.x) via UDPv4
Thu May 17 12:18:42 2018 Thu May 17 12:18:42 2018 Server poll timeout, trying next remote entry...
Thu May 17 12:18:42 2018 Thu May 17 12:18:42 2018 RECONNECTING
Thu May 17 12:18:42 2018 Thu May 17 12:18:42 2018 Contacting x.x.x.x:1194 via UDP
Thu May 17 12:18:42 2018 Thu May 17 12:18:42 2018 WAIT
Thu May 17 12:18:42 2018 Thu May 17 12:18:42 2018 Connecting to [x.x.x.x]:1194 (x.x.x.x) via UDPv4
Thu May 17 12:18:46 2018 Thu May 17 12:18:46 2018 Server poll timeout, trying next remote entry...
Thu May 17 12:18:46 2018 Thu May 17 12:18:46 2018 RECONNECTING
Thu May 17 12:18:46 2018 Thu May 17 12:18:46 2018 Contacting x.x.x.x:1194 via UDP
Thu May 17 12:18:46 2018 Thu May 17 12:18:46 2018 WAIT
Thu May 17 12:18:46 2018 Thu May 17 12:18:46 2018 Connecting to [x.x.x.x]:1194 (x.x.x.x) via UDPv4
Thu May 17 12:18:50 2018 Thu May 17 12:18:50 2018 Server poll timeout, trying next remote entry...
Thu May 17 12:18:50 2018 Thu May 17 12:18:50 2018 RECONNECTING
Thu May 17 12:18:50 2018 Thu May 17 12:18:50 2018 Contacting x.x.x.x:1194 via UDP
Thu May 17 12:18:50 2018 Thu May 17 12:18:50 2018 WAIT
Thu May 17 12:18:50 2018 Thu May 17 12:18:50 2018 Connecting to [x.x.x.x]:1194 (x.x.x.x) via UDPv4
Thu May 17 12:18:54 2018 Thu May 17 12:18:54 2018 Server poll timeout, trying next remote entry...
Thu May 17 12:18:54 2018 Thu May 17 12:18:54 2018 RECONNECTING
Thu May 17 12:18:54 2018 Thu May 17 12:18:54 2018 Contacting x.x.x.x:1194 via UDP
Thu May 17 12:18:54 2018 Thu May 17 12:18:54 2018 WAIT
Thu May 17 12:18:54 2018 Thu May 17 12:18:54 2018 Connecting to [x.x.x.x]:1194 (x.x.x.x) via UDPv4
Thu May 17 12:18:58 2018 Thu May 17 12:18:58 2018 Server poll timeout, trying next remote entry...
Thu May 17 12:18:58 2018 Thu May 17 12:18:58 2018 RECONNECTING
Thu May 17 12:18:58 2018 Thu May 17 12:18:58 2018 Contacting x.x.x.x:1194 via UDP
Thu May 17 12:18:58 2018 Thu May 17 12:18:58 2018 WAIT
Thu May 17 12:18:58 2018 Thu May 17 12:18:58 2018 Connecting to [x.x.x.x]:1194 (x.x.x.x) via UDPv4
Thu May 17 12:19:02 2018 Thu May 17 12:19:02 2018 Server poll timeout, trying next remote entry...
Thu May 17 12:19:02 2018 Thu May 17 12:19:02 2018 RECONNECTING
Thu May 17 12:19:02 2018 Thu May 17 12:19:02 2018 Contacting x.x.x.x:1194 via UDP
Thu May 17 12:19:02 2018 Thu May 17 12:19:02 2018 WAIT
Thu May 17 12:19:02 2018 Thu May 17 12:19:02 2018 Connecting to [x.x.x.x]:1194 (x.x.x.x) via UDPv4
Thu May 17 12:19:06 2018 Thu May 17 12:19:06 2018 Server poll timeout, trying next remote entry...
Thu May 17 12:19:06 2018 Thu May 17 12:19:06 2018 RECONNECTING
Thu May 17 12:19:06 2018 Thu May 17 12:19:06 2018 Contacting x.x.x.x:443 via TCP
Thu May 17 12:19:06 2018 Thu May 17 12:19:06 2018 WAIT
Thu May 17 12:19:10 2018 Thu May 17 12:19:10 2018 Server poll timeout, trying next remote entry...
Thu May 17 12:19:10 2018 Thu May 17 12:19:10 2018 RECONNECTING
Thu May 17 12:19:10 2018 Thu May 17 12:19:10 2018 Contacting x.x.x.x:1194 via UDP
Thu May 17 12:19:10 2018 Thu May 17 12:19:10 2018 WAIT
Thu May 17 12:19:10 2018 Thu May 17 12:19:10 2018 Connecting to [x.x.x.x]:1194 (x.x.x.x) via UDPv4
Thu May 17 12:19:14 2018 Thu May 17 12:19:14 2018 Server poll timeout, trying next remote entry...
Thu May 17 12:19:14 2018 Thu May 17 12:19:14 2018 RECONNECTING
Thu May 17 12:19:14 2018 Thu May 17 12:19:14 2018 Contacting x.x.x.x:1194 via UDP
Thu May 17 12:19:14 2018 Thu May 17 12:19:14 2018 WAIT
Thu May 17 12:19:14 2018 Thu May 17 12:19:14 2018 Connecting to [x.x.x.x]:1194 (x.x.x.x) via UDPv4
Thu May 17 12:19:18 2018 Thu May 17 12:19:18 2018 Server poll timeout, trying next remote entry...
Thu May 17 12:19:18 2018 Thu May 17 12:19:18 2018 RECONNECTING
Thu May 17 12:19:18 2018 Thu May 17 12:19:18 2018 Contacting x.x.x.x:1194 via UDP
Thu May 17 12:19:18 2018 Thu May 17 12:19:18 2018 WAIT
Thu May 17 12:19:18 2018 Thu May 17 12:19:18 2018 Connecting to [x.x.x.x]:1194 (x.x.x.x) via UDPv4
Thu May 17 12:19:22 2018 Thu May 17 12:19:22 2018 Server poll timeout, trying next remote entry...
Thu May 17 12:19:22 2018 Thu May 17 12:19:22 2018 RECONNECTING
Thu May 17 12:19:22 2018 Thu May 17 12:19:22 2018 Contacting x.x.x.x:1194 via UDP
Thu May 17 12:19:22 2018 Thu May 17 12:19:22 2018 WAIT
Thu May 17 12:19:22 2018 Thu May 17 12:19:22 2018 Connecting to [x.x.x.x]:1194 (x.x.x.x) via UDPv4
Thu May 17 12:19:26 2018 Thu May 17 12:19:26 2018 CONNECTION_TIMEOUT [FATAL-ERR]

Connection is fully dropped at this stage.

Any ideas?

Thanks in advance,
Soeren
Last edited by SP2 on Thu May 17, 2018 2:16 pm, edited 3 times in total.

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 4641
Joined: Fri Jun 03, 2016 1:17 pm

Re: Windows Client connection timeout

Post by TinCanTech » Thu May 17, 2018 1:23 pm


SP2
OpenVpn Newbie
Posts: 4
Joined: Thu May 17, 2018 11:25 am

Re: Windows Client connection timeout after internet outage

Post by SP2 » Thu May 17, 2018 1:59 pm

Added client config

novaflash
I should be on the dev team.
Posts: 704
Joined: Fri Apr 13, 2012 8:43 pm

Re: Windows Client connection timeout after internet outage

Post by novaflash » Fri May 18, 2018 8:17 am

Server poll timeout is explained here:
https://docs.openvpn.net/troubleshootin ... _solutions

SP2
OpenVpn Newbie
Posts: 4
Joined: Thu May 17, 2018 11:25 am

Re: Windows Client connection timeout after internet outage

Post by SP2 » Fri May 18, 2018 9:17 am

novaflash wrote:
Fri May 18, 2018 8:17 am
Server poll timeout is explained here:
https://docs.openvpn.net/troubleshootin ... _solutions
Thanks for taking the time to reply.

The problem is a client side internet connectivity issue.
On occasion the internet drops out (5-10 min). The OpenVPN windows client will try to reconnect for 1-2 min then fully drop the connection.
No further attempts are then made to reconnect automatically which is not much use to us.

*1. Solution number one.*
Go to the PC in question and restart the connection manually or reboot.
- Not an option as we have no access to these PCs.

*2. Solution number two.*
Create batch file running under Admin account on a schedule which pings assets on the VPN server LAN and will stop/restart the openVPN service to force a reconnect.
- I would consider this a hack that has no place in a professional solution where we have to potentially apply this to 100s of users on many separate networks.

Which leaves me looking for config file options.
"resolv-retry infinite" - seems to be default setting but does not resolve the issue.
"keepalive n m" - does not change anything.

thanks

novaflash
I should be on the dev team.
Posts: 704
Joined: Fri Apr 13, 2012 8:43 pm

Re: Windows Client connection timeout after internet outage

Post by novaflash » Fri May 18, 2018 10:15 am

Ah I see. Yeah, I can give you some command line magic. It is currently missing from our documentation because we are in the middle of a complete rewrite of documentation. From memory:

"c:\program files (x86)\openvpn technologies\openvpn client\core\capicli.exe" -k connect_timeout -v 3600 ConfigPut

That should set the timeout for reconnecting to 1 hour. A similar program exists on mac OS as well but in a /Library/Application Support/ folder or something, I don't remember exactly.

Will probably require you to reboot. I am also reasonable sure this is an option that can be set standard for any future client installations from the Access Server itself but I would need to look further to find and make documentation for that. It's not an option that's used very often.

Anyways, this documentation will become available soon on https://docs.openvpn.net/

SP2
OpenVpn Newbie
Posts: 4
Joined: Thu May 17, 2018 11:25 am

Re: Windows Client connection timeout after internet outage

Post by SP2 » Fri May 18, 2018 12:16 pm

novaflash wrote:
Fri May 18, 2018 10:15 am
Ah I see. Yeah, I can give you some command line magic. It is currently missing from our documentation because we are in the middle of a complete rewrite of documentation. From memory:

"c:\program files (x86)\openvpn technologies\openvpn client\core\capicli.exe" -k connect_timeout -v 3600 ConfigPut

That should set the timeout for reconnecting to 1 hour. A similar program exists on mac OS as well but in a /Library/Application Support/ folder or something, I don't remember exactly.

Will probably require you to reboot. I am also reasonable sure this is an option that can be set standard for any future client installations from the Access Server itself but I would need to look further to find and make documentation for that. It's not an option that's used very often.

Anyways, this documentation will become available soon on https://docs.openvpn.net/
Was sadly not able to get this working correctly and have run out of time.
Timeout seems to be 60 sec no matter what changes I make.

Just as a trial I tried to connect without an internet connection and sure enough the client kept trying for 60 sec and then just gave up.

But thanks for your time and I'll be sure to keep an eye on any updates.

cheers,
Soeren

novaflash
I should be on the dev team.
Posts: 704
Joined: Fri Apr 13, 2012 8:43 pm

Re: Windows Client connection timeout after internet outage

Post by novaflash » Fri May 18, 2018 12:19 pm

Okay, well, this was purely from memory so I may have gotten the syntax wrong, but I'm pretty sure this works with Connect Client. When our documentation gets updated on this particular topic, this will all be retested and checked anyways.

Post Reply