OpenVPN dies and wont restart when my main internet temporarily goes down
-
@oldschoolrouterjockey is the service active (green) or is off (red)? because if it is red you can use the plugin service watchdog
-
Im not sure if I follow the question but here is what I have:
and in the status page its like this:
and this is working now, but if my internet were to take an outage of a few minutes, when the internet comes back everything will be fine except this openvpn connection and that green check on the bottom right wont be there and I have to click on the "play" icon that will then be there instead to make it start working again.
it just seems odd that I have to do that, with this config that I have.
-
@oldschoolrouterjockey after you lose connection what color got the status? in your screen is green
-
@fabio1999ita
I'm trying to simulate an OPenVPN failure failure w/o disrupting the rest of my network, by null routing the current VPN server IP and also by nullrouting any further DNS lookup for the service to 127.0.0.1. My current VPN server FQDN in my client config is 87-1-US.cg-dialup.net and the current connection's remote host is on 154.16.192.246 and here is the result of my blackholing attempts:[22.01-RELEASE][root@REDACTED]/root: netstat -nr | grep 154.16.192.246 154.16.192.246/32 127.0.0.1 UGSB lo0 [22.01-RELEASE][root@REDACTED]/root: host 87-1-US.cg-dialup.net 87-1-US.cg-dialup.net has address 127.0.0.1 [22.01-RELEASE][root@REDACTED]/root:However the OpenVPN status shows the connection still up:
And also my clients on the particular Wifi network that are forced to use the OpenVPN service still can access the internet and calls to ipinfo.me still shows their public IP address as 154.16.192.246.So now I am thoroughly confused, especially as I have earned my living over the past 25 years as a CCNP network engineer. This connection should NOT be up!
-
Hi,
Don't know if you've already tried this : in the client configuration, at the bottom, in the "Custom options" field, try adding :
connection retry -1;This should make OpenVPN retry indefinitely to reconnect.
-
@myster_fr said in OpenVPN dies and wont restart when my main internet temporarily goes down:
Hi,
Don't know if you've already tried this : in the client configuration, at the bottom, in the "Custom options" field, try adding :
connection retry -1;This should make OpenVPN retry indefinitely to reconnect.
I dont think that is still a valid option at least in the latest openvpn. their docs page at link text dont have that one as an option. it does have this:
--connect-retry-max n n specifies the number of times each --remote or <connection> entry is tried. Specifying n as one would try each entry exactly once. A successful connection resets the counter. (default=unlimited).which seems to indicate "unlimited" is the default. Here is my config:
[22.01-RELEASE][root@me]/root: cat /var/etc/openvpn/client2/config.ovpn dev ovpnc2 verb 3 dev-type tun dev-node /dev/tun2 writepid /var/run/openvpn_client2.pid #user nobody #group nobody script-security 3 daemon keepalive 10 30 ping-timer-rem persist-tun persist-key proto udp4 auth SHA256 up /usr/local/sbin/ovpn-linkup down /usr/local/sbin/ovpn-linkdown local <REDACTED> engine devcrypto tls-client client lport 0 management /var/etc/openvpn/client2/sock unix remote 87-1-US.cg-dialup.net 443 udp4 auth-user-pass /var/etc/openvpn/client2/up auth-retry nointeract remote-cert-tls server capath /var/etc/openvpn/client2/ca cert /var/etc/openvpn/client2/cert key /var/etc/openvpn/client2/key data-ciphers AES-256-CBC:AES-256-GCM:AES-128-GCM data-ciphers-fallback AES-128-GCM allow-compression no resolv-retry infinite route-noexec explicit-exit-notify 1 route-nopull -
I am experiencing same issue. I have to log into the client and restart it manually if the server restarts.
Did you fix your issue? What did you do?
-
@swixo
I have no idea - it seems to have gone away. Here are my current settings: (under the GUI, "ping settings" section, the "inactive" is set to 0, which isnt reflected in the file below:: cat /var/etc/openvpn/client2/config.ovpn dev ovpnc2 verb 3 dev-type tun dev-node /dev/tun2 writepid /var/run/openvpn_client2.pid #user nobody #group nobody script-security 3 daemon keepalive 10 30 ping-timer-rem persist-tun persist-key proto udp4 auth SHA256 up /usr/local/sbin/ovpn-linkup down /usr/local/sbin/ovpn-linkdown local <REDACTED> engine devcrypto tls-client client lport 0 management /var/etc/openvpn/client2/sock unix remote <REDACTED> 443 udp4 auth-user-pass /var/etc/openvpn/client2/up auth-retry nointeract remote-cert-tls server capath /var/etc/openvpn/client2/ca cert /var/etc/openvpn/client2/cert key /var/etc/openvpn/client2/key data-ciphers AES-256-CBC:AES-256-GCM:AES-128-GCM data-ciphers-fallback AES-128-GCM allow-compression no resolv-retry infinite route-noexec explicit-exit-notify 1 route-nopull : -
This post is deleted! -
I tried everything - then remembered issues with DCO in the past.
After disabling DCO - the link will reliably restore every time.
-
@swixo
I've got 22.01 which doesnt support DCO so I guess I already have it disabled "inherently" -
I'm unsure if my issue is related and so I've opened a new topic, but I have this happen when my remote (not my server) internet is unstable. In my case I think it has something to do with exceeding the maxclients value. Is your maxclients value set low, or at the default number?
This is the thread I just opened with my logs attached.
-
@jsnl said in OpenVPN dies and wont restart when my main internet temporarily goes down:
I'm unsure if my issue is related and so I've opened a new topic, but I have this happen when my remote (not my server) internet is unstable. In my case I think it has something to do with exceeding the maxclients value. Is your maxclients value set low, or at the default number?
This is the thread I just opened with my logs attached.
I dont have an option for maxclients in this config. I think because you're having problems with PFSense as an OpenVPN server and im having a problem with PFSener as an OpenVPN client
