Tunnel is OK, but internal probing system not

[e-gaulue]

Dear community,

Looking at my logs I discovered openvpn server kept restarting every 60 sec, due to:

Code: Select all

Inactivity timeout (--ping-restart), restarting

But the tunnel is OK. I can ping both ends from both sides and when I do that, openvpn is not restarting. When I do a common ping, I observe:

Code: Select all

Mon Jan  8 13:41:43 2024 daemon.notice openvpn(server1)[3013]: TCPv4_SERVER WRITE [132] to [AF_INET]86.213.XXX.XXX:42752:  DATA len=132
Mon Jan  8 13:41:43 2024 daemon.notice openvpn(server1)[3013]: TCPv4_SERVER READ [132] from [AF_INET]86.213.XXX.XXX:42752:  DATA len=132

But if the network is not in use (inactivity), I can just see:

Code: Select all

TCPv4_SERVER WRITE [68] to [AF_INET]86.213.XXX.XXX:40696:  DATA len=68

6 times, then a restart.

Of course, I have on my server:

Code: Select all

keepalive 10 60

I though internal probes were there to keep alive the connection and avoid restarting. Is there something I'm missing?

[raaasz]

try to add

View OriginalOpenVPN

keepalive 10 60

to client configuration
i have this line in my all OpenVPN connections and it's newer disconnect (only when i disconnect manualy or lost internet connection

[e-gaulue]

I put it in the client (openwrt) despite documentation says:

This option can be used on both client and server side, but it is enough to add this on the server side as it will push appropriate --ping and --ping-restart options to the client. If used on both server and client, the values pushed from server will override the client local values.

It's getting better now. It looks like it doesn't really work like a ping. Server and clients send packets and listen to packets not really willing for the packet to be received is an answer to the packet send.