Users getting Inactivity timeout (--ping-restart), restarting
-
The setup is that a user connects via OpenVPN and all traffic, internal and external, is then routed over the VPN. The leaves users sending their Teams and Zoom calls over the VPN which is needed because they still need access to local resources.
One user in particular is stating that in the middle of working or Zooming (is that the conjugated verb of using Zoom?) everything stops and the OpenVPN client pops up asking him to log back in. When I checked the logs I can see
Inactivity timeout (--ping-restart), restarting
Although I don't know if it correlates to his issues.But this led me down the rabbit hole of why are we seeing this? I don't have any special timeout options configured in the client or server configs and my understanding is that OpenVPN by default has no timeout. Can someone shed some light on this?
-
@stewart said in Users getting Inactivity timeout (--ping-restart), restarting:
The setup is that a user connects via OpenVPN and all traffic, internal and external, is then routed over the VPN. The leaves users sending their Teams and Zoom calls over the VPN which is needed because they still need access to local resources.
The only possible reason for routing the whole upstream traffic over the VPN is masquerading the users IP. If that is not needed in your case, remove the "redirect gateway" check and enter your local networks the users should have access to into the "Local Network/s" box.
One user in particular is stating that in the middle of working or Zooming (is that the conjugated verb of using Zoom?) everything stops and the OpenVPN client pops up asking him to log back in. When I checked the logs I can see
Inactivity timeout (--ping-restart), restartingMaybe the users internet connection went down or his WAN IP was renewing?
You can find the clients public IP in the server log.If not that, the client log may be helpful.
In the server settings, do you have Ping settings > Inactive disabled?
-
Thanks for the reply @viragomann
The only possible reason for routing the whole upstream traffic over the VPN is masquerading the users IP. If that is not needed in your case, remove the "redirect gateway" check and enter your local networks the users should have access to into the "Local Network/s" box.
We route the remainder of the traffic so that when the user is connected into the corporate network the traffic is filtered and protected as if they were in the office.
Maybe the users internet connection went down or his WAN IP was renewing?
His IP doesn't change. All activity from that user shows the same IP. Maybe an IP renewal but it sure doesn't appear to follow that pattern. He says it happens several times a day.
10:05 - User Authenticated
11:05 - User Authenticated
11:23 - Inactivity Timeout , restarting
11:26 - User Authenticated
12:06 - Inactivity Timeout , restarting
12:33 - User Authenticated
13:33 - User Authenticated
14:33 - User Authenticated
14:44 - Inactivity Timeout , restarting
15:39 - User Authenticated
16:39 - User Authenticated
There certainly appears to be some 60 minute threshold as well as some form of Timeout. I'm not sure which is causing it to pop up and making him log in again, though.If not that, the client log may be helpful.
We need to get on that machine and pull it. Haven't had a chance to yet.
In the server settings, do you have Ping settings > Inactive disabled?
I don't have that option from what I can see. Where would I see it?
-
@stewart said in Users getting Inactivity timeout (--ping-restart), restarting:
There certainly appears to be some 60 minute threshold as well as some form of Timeout. I'm not sure which is causing it to pop up and making him log in again, though.
The 'user authenticated' once per hour is the expected TLS key renegotiation. But this works in the background and does not cause any pop up nor any user action.
The pop up seem quite strange to me. Which client is it?
On Windows with OpenVPN GUI, when I disconnect to network and reconnect it after 1 minute, there is nothing popping up. The OpenVPN GUI icon moves to yellow and back to green after reconnecting, but nothing else.In the server settings, do you have Ping settings > Inactive disabled?
I don't have that option from what I can see. Where would I see it?
-
@viragomann
What you are seeing is what I would expect and seems pretty normal. What the user is experiencing is not.That's in OpenVPN? The only sections I have are:
General Information
Cryptographic Settings
Tunnel Settings
Client Settings
Advanced Client Settings
Advanced Configuration