Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Users getting Inactivity timeout (--ping-restart), restarting

    Scheduled Pinned Locked Moved OpenVPN
    5 Posts 2 Posters 5.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      Stewart
      last edited by

      The setup is that a user connects via OpenVPN and all traffic, internal and external, is then routed over the VPN. The leaves users sending their Teams and Zoom calls over the VPN which is needed because they still need access to local resources.

      One user in particular is stating that in the middle of working or Zooming (is that the conjugated verb of using Zoom?) everything stops and the OpenVPN client pops up asking him to log back in. When I checked the logs I can see
      Inactivity timeout (--ping-restart), restarting
      Although I don't know if it correlates to his issues.

      But this led me down the rabbit hole of why are we seeing this? I don't have any special timeout options configured in the client or server configs and my understanding is that OpenVPN by default has no timeout. Can someone shed some light on this?

      V 1 Reply Last reply Reply Quote 0
      • V
        viragomann @Stewart
        last edited by

        @stewart said in Users getting Inactivity timeout (--ping-restart), restarting:

        The setup is that a user connects via OpenVPN and all traffic, internal and external, is then routed over the VPN. The leaves users sending their Teams and Zoom calls over the VPN which is needed because they still need access to local resources.

        The only possible reason for routing the whole upstream traffic over the VPN is masquerading the users IP. If that is not needed in your case, remove the "redirect gateway" check and enter your local networks the users should have access to into the "Local Network/s" box.

        One user in particular is stating that in the middle of working or Zooming (is that the conjugated verb of using Zoom?) everything stops and the OpenVPN client pops up asking him to log back in. When I checked the logs I can see
        Inactivity timeout (--ping-restart), restarting

        Maybe the users internet connection went down or his WAN IP was renewing?
        You can find the clients public IP in the server log.

        If not that, the client log may be helpful.

        In the server settings, do you have Ping settings > Inactive disabled?

        S 1 Reply Last reply Reply Quote 0
        • S
          Stewart @viragomann
          last edited by

          Thanks for the reply @viragomann

          The only possible reason for routing the whole upstream traffic over the VPN is masquerading the users IP. If that is not needed in your case, remove the "redirect gateway" check and enter your local networks the users should have access to into the "Local Network/s" box.

          We route the remainder of the traffic so that when the user is connected into the corporate network the traffic is filtered and protected as if they were in the office.

          Maybe the users internet connection went down or his WAN IP was renewing?

          His IP doesn't change. All activity from that user shows the same IP. Maybe an IP renewal but it sure doesn't appear to follow that pattern. He says it happens several times a day.
          10:05 - User Authenticated
          11:05 - User Authenticated
          11:23 - Inactivity Timeout , restarting
          11:26 - User Authenticated
          12:06 - Inactivity Timeout , restarting
          12:33 - User Authenticated
          13:33 - User Authenticated
          14:33 - User Authenticated
          14:44 - Inactivity Timeout , restarting
          15:39 - User Authenticated
          16:39 - User Authenticated
          There certainly appears to be some 60 minute threshold as well as some form of Timeout. I'm not sure which is causing it to pop up and making him log in again, though.

          If not that, the client log may be helpful.

          We need to get on that machine and pull it. Haven't had a chance to yet.

          In the server settings, do you have Ping settings > Inactive disabled?

          I don't have that option from what I can see. Where would I see it?

          V 1 Reply Last reply Reply Quote 0
          • V
            viragomann @Stewart
            last edited by

            @stewart said in Users getting Inactivity timeout (--ping-restart), restarting:

            There certainly appears to be some 60 minute threshold as well as some form of Timeout. I'm not sure which is causing it to pop up and making him log in again, though.

            The 'user authenticated' once per hour is the expected TLS key renegotiation. But this works in the background and does not cause any pop up nor any user action.

            The pop up seem quite strange to me. Which client is it?
            On Windows with OpenVPN GUI, when I disconnect to network and reconnect it after 1 minute, there is nothing popping up. The OpenVPN GUI icon moves to yellow and back to green after reconnecting, but nothing else.

            In the server settings, do you have Ping settings > Inactive disabled?

            I don't have that option from what I can see. Where would I see it?

            74159369-4841-4965-83e1-da6e3d6a11c3-grafik.png

            S 1 Reply Last reply Reply Quote 0
            • S
              Stewart @viragomann
              last edited by

              @viragomann
              What you are seeing is what I would expect and seems pretty normal. What the user is experiencing is not.

              That's in OpenVPN? The only sections I have are:
              General Information
              Cryptographic Settings
              Tunnel Settings
              Client Settings
              Advanced Client Settings
              Advanced Configuration

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.