OpenVPN stops working after 61-63 minutes

gpaterno

Hi!
The internal OpenVPN seems hanging after 61-63 minutes, even if always "active".
I tried to avoid the internal OpenVPN and set up a centos with openvpn in DMZ, same behavior.
Both OpenVPN uses a 2factor authentication via RADIUS, using SecurePass (www.secure-pass.net), but at the end it's a RADIUS.

It's strange as it seems more related to some sort of "session endurance"… I would not even call it "session expiration" as the session is actively used.

No relevant logs.
Anything I can debug??
Thanks.

Derelict

Try adding this to your OpenVPN server:

reneg-sec 43200;

I believe I also put reneg-sec 0; in my client export so I can change it at the server and affect everyone the same.

I have reneg-sec 0; in my client specific overrides but I'm not sure it can be pushed like that.

Exchanging login credentials again is part of the renegotiation.  My Duo starts firing after an hour if I don't do this.  12 hours seems to be long enough to get me through every session.

This doesn't affect site-to-site since there's no manual 2-factor auth.