Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    How to make OpenVPN client restart when the link goes down?

    Scheduled Pinned Locked Moved OpenVPN
    4 Posts 2 Posters 2.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      apara
      last edited by

      Quite a few times folks on my network complain that the internet is down.  When I check pfSense I see that the OpenVPN gateway is offline.  Sometimes, I go to the OpenVPN client monitor and it shows that the link is "down".  Other times, it shows that the link is "up", but the gateway is still showing offline with 100% packet loss.

      In these conditions, a simple restart of the OpenVPN client fixes the problem.  Can this be automated?  If the gateway is showing 100% packet loss or offline, or OpenVPN client is down, is there a way to automatically restart OpenVPN client?  Is this something that I always have to do manually?

      Thanks.

      1 Reply Last reply Reply Quote 0
      • DerelictD
        Derelict LAYER 8 Netgate
        last edited by

        The client should detect the loss of link and continuously retry until reconnected.

        The only situation I know of that might actually kill the client process is if it receives an authentication failure instead of some transient inability to connect. That is a hard error to OpenVPN and the process exits.

        If you do not desire this behavior try adding this to the advanced, custom options in the client:

        auth-retry nointeract;

        An alternative is leaving it as is and adding that OpenVPN client process to Services > Service Watchdog

        The OpenVPN log should contain more information about what is actually happening in your case.

        Chattanooga, Tennessee, USA
        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        1 Reply Last reply Reply Quote 0
        • A
          apara
          last edited by

          There is nothing odd in the log when this happens.  I bumped up the logging level to 4 to see if I can spot anything the next time this occurs.  I just see that always the "gateway" is offline, and the OpenVPN client is either up or down.  When it's up, it appears to be "brain dead" so no traffic is going on it.  The client is down, but the process is still running.  I know that the process is running because if I manually stop the process, the status changes to "Is the process running?".

          Most likely something funky on the VPN Provider's side.  But I am not sure how to automatically recover.  Manual restart of the client works every time.

          1 Reply Last reply Reply Quote 0
          • DerelictD
            Derelict LAYER 8 Netgate
            last edited by

            If the client is getting proper responses to the keepalive pings I am not sure what to do either, other than change providers.

            Chattanooga, Tennessee, USA
            A comprehensive network diagram is worth 10,000 words and 15 conference calls.
            DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
            Do Not Chat For Help! NO_WAN_EGRESS(TM)

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.